search

Azure / bicep

Bicep is a declarative language for describing and deploying Azure resources
MIT License
3.25k stars 754 forks source link

Bug: Scripted export doesn't deploy - bicep doesn't notice double definition of same properties #6706

Open tyeth opened 2 years ago

tyeth commented 2 years ago

Bicep version 0.5.6

Describe the bug Exported SQL server + db which came with RBAC for one user admin, system managed identities. I've genericised it, but the advisors and other bits fail to get created which fails the deployment. It also doesn't notice the administrative users are defined inside server resource properties (along with azureADOnlyAuthentication) and additionally as separate resource definitions of type image

Also Bicep attempts to script things that arm template shouldn't support (SQL ADVISORS) https://github.com/MicrosoftDocs/azure-docs/issues/29684#issuecomment-484838633

Lost a lot of time to stupid arm deployment incompatibilities after exporting templates from existing resources. Makes me think terraform is a better-supported option as it's their primary business focus, but I'm trying to resist as bicep is fairly comfortable to work with for a newcomer to IaC, and works smoothly with github/azure-devops/local.

I know a lot of the problems can be worked around easily enough, do things in separate stages/files, or use post-process commands, but I'd rather the process of writing bicep files was smoother (better linting + snippets).

Expected Outcome I expect the bicep plugin for vscode to detect double definitions of the same effective property. I also dream that it would tell you what cannot be set (it does some) and eventually offer snippets of best practises #4402

alex-frankel commented 2 years ago

The "Export Template" and "Insert resource" features are best effort processes and is really meant as a way to get you 80% of the way there.

It is not guaranteed that what is exported will deploy since this is machine generated code. It depends on the relevant resource providers building their APIs in the way export expects them to, and if they don't (like in this case), you can get bad export results.

tyeth commented 2 years ago

I appreciate they won't deploy immediately, or even be 100% valid, but definitions of the same resource as a nested and separate scoped child resource could be easily detected by Linting, as could certain properties which in are effect replicated as resource definitions like the SQL server administrative administrators definition provided in my example. I do accept the DB indexers failing deployments are the fault of the ARM template people not bicep, but it just erodes user confidence in the tooling.