Open tsujp opened 3 years ago
@alex-frankel I really, really like that the milestone is called Not as fast as you would like
I'm definitely yoinking that :laughing:
Coming from the perspective of a longtime AWS CloudFormation and Terraform author now starting to use bicep - this type of password complexity validation can be achieved with a regular expression, as I've seen it done in these other tools.
So, what I think is really missing - like a SERIOUS design omission - is to have a regular expression based validation for parameters. This should have full support for all regex features, including backwards and forward references. It should support the PCRE2 standard as can be validated here: https://regex101.com
I noticed another another open issue to validate IP addresses and CIDRs, while looking to see if regex validation was an existing open issue. This is also something that can be done easily using regular expressions.
Given that this feature has been in CloudFormation templates, first JSON, then YAML, for at least 5 years that I'm personally aware of, it's sort of incredible - a glaring omission which surprised me - that this basic feature is not yet in bicep and arm. Please consider adding it, as it's incredibly useful in both preventing use of incorrect values, but also in precisely describing what values are allowed in a way beyond what's often possible to easily describe in words.
For example, I want to have a startDate parameter with the value entered as 'YYYY-MM-DD' - the fact I can't validate this simple pattern with a message to the user if they don't enter it correctly, is really surprising for a mature IaC template tool.
Is your feature request related to a problem? Please describe.
Current decorators provide basic restriction over parameters but more advanced decorators are required to prevent separation of concerns over resource requirements. Example:
adminPassword
on Microsoft.Compute/VirtualMachines has the following requirements:The only thing you can currently do in a Bicep template is verify the minimum and maximum length with
@minLength()
and@maxLength()
.If more default decorators existed to verify regex or custom decorators were possible then checks could be made pre-deployment on the requirements of the password in this case.
Describe the solution you'd like
User defined functions accessible as decorators might be the sole solution, relevant issues: