Closed anthony-c-martin closed 1 year ago
Missing intelisense for Microsoft.Resources/deploymentScripts@2020-10-01/identity/userAssignedIdentities
Here's an example of how this should be declared: https://github.com/Azure/bicep/blob/d17ce4b88d11688da52cc679a2974fbe6a69346e/docs/examples/101/deployment-script-with-storage/main.bicep#L24-L29
It's an odd contract, but if you look at the template docs linked above, the wording The list of user-assigned managed identities associated with the resource. Key is the Azure resource Id of the managed identity. - UserAssignedIdentities object
hints at this - it's not an object of type UserAssignedIdentities
, it's a dictionary object with keys of type string, and values of type UserAssignedIdentities
.
Missing intelisense for Microsoft.Resources/deploymentScripts@2020-10-01/identity/userAssignedIdentities
@stan-sz I think the validation is showing the right error - here's an example of how this should be declared: https://github.com/Azure/bicep/blob/d17ce4b88d11688da52cc679a2974fbe6a69346e/docs/examples/101/deployment-script-with-storage/main.bicep#L24-L29
It's an odd contract, but if you look at the template docs linked above, the wording The list of user-assigned managed identities associated with the resource. Key is the Azure resource Id of the managed identity. - UserAssignedIdentities object
hints at this - it's not an object of type UserAssignedIdentities
, it's a dictionary object with keys of type string, and values of type UserAssignedIdentities
.
The property "enablePurgeProtection" expected a value of type "bool" but the provided value is of type "bool | null".
(This follows on from https://github.com/Azure/bicep/discussions/1729#discussioncomment-430333 )
This can be seen with the following:
resource keyvaultName_resource 'Microsoft.KeyVault/vaults@2019-09-01' = {
properties:{
enablePurgeProtection: condition ? null : true
}
}
The property "enablePurgeProtection" expected a value of type "bool" but the provided value is of type "bool | null".
(This follows on from #1729 (comment) )
We have Azure/bicep#1735 & Azure/bicep#449 to track this. The current workaround is to use any()
:
resource keyvaultName_resource 'Microsoft.KeyVault/vaults@2019-09-01' = {
properties:{
enablePurgeProtection: any(condition ? null : true)
}
}
Resource type "Microsoft.DesktopVirtualization/hostpools/providers/diagnosticSettings@2017-05-01-preview" does not have types available.
No autocomplete for 'Microsoft.DesktopVirtualization/applicationGroups/desktops'
Resource type "Microsoft.DesktopVirtualization/hostpools/providers/diagnosticSettings@2017-05-01-preview" does not have types available.
Microsoft.Insights/diagnosticSettings
is an extension resource type - here's how you deploy it via Bicep:
// deploy the hostPools resource
resource hostPool 'Microsoft.DesktopVirtualization/hostPools@2020-11-02-preview' = {
name: 'myHostPool'
...
}
// deploy the diagnosticSettings resource
resource diags 'Microsoft.Insights/diagnosticSettings@2017-05-01-preview' = {
scope: hostPool
name: 'myDiags'
...
}
On Microsoft.Web/sites@2020-06-01
:
The property "functionAppScaleLimit" is not allowed on objects of type "SiteConfig". Permissible properties include "alwaysOn", "apiDefinition", "apiManagementConfig", "appCommandLine", "autoHealEnabled", "autoHealRules", "autoSwapSlotName", "connectionStrings", "defaultDocuments", "detailedErrorLoggingEnabled", "documentRoot", "experiments", "handlerMappings", "healthCheckPath", "httpLoggingEnabled", "ipSecurityRestrictions", "javaContainer", "javaContainerVersion", "javaVersion", "limits", "linuxFxVersion", "loadBalancing", "localMySqlEnabled", "logsDirectorySizeLimit", "managedPipelineMode", "managedServiceIdentityId", "netFrameworkVersion", "nodeVersion", "numberOfWorkers", "phpVersion", "powerShellVersion", "preWarmedInstanceCount", "publishingUsername", "push", "pythonVersion", "remoteDebuggingVersion", "requestTracingEnabled", "requestTracingExpirationTime", "scmIpSecurityRestrictions", "scmIpSecurityRestrictionsUseMain", "scmMinTlsVersion", "scmType", "tracingOptions", "use32BitWorkerProcess", "virtualApplications", "vnetName", "vnetPrivatePortsCount", "vnetRouteAllEnabled", "webSocketsEnabled", "windowsFxVersion", "xManagedServiceIdentityId".
See also: https://github.com/Azure/azure-functions-host/issues/6718
Also got bit by the above mentioned issue for "password" on Microsoft.Web/certificates
tracked here and noted here. Interestingly, with "password" as a required entry in "properties", if NO properties key is provided (contrast with one is provided but no properties are set), bicep will produce no warnings/errors.
Edit: Round 2
Resource Microsoft.Consumption/budgets@2019-10-01
has some data validation issues.
filter.dimensions.name
-- this is clearly an enum although I can't find a comprehensive list of the possible values.filter.dimensions.operator
-- this should be an enum, and apparently the only valid value is 'In'
.category
-- this should also be an enum. Apparently the only valid values are 'Cost'
and 'Usage'
. (rest api doc says this can only be 'Cost' but arm template doc says it could be 'Cost' or 'Usage' although doesn't explain the difference)notifications.*.contactEmails
is listed as required, but this is not true. The REST API doc clarifies:Email addresses to send the budget notification to when the threshold is exceeded. Must have at least one contact email or contact group specified at the Subscription or Resource Group scopes. All other scopes must have at least one contact email specified.
The actual error you get though if it's empty though is "Notification cannot have all of Contact Emails, Contact Roles and Contact Groups empty." so I suspect that's wrong too.
Unable to create Key Vault Access policies per https://docs.microsoft.com/en-us/azure/templates/microsoft.keyvault/vaults/accesspolicies?tabs=json
resource akvAccessForDataFactory 'Microsoft.KeyVault/vaults/accessPolicies@2020-04-01-preview' = {
name: '${akvName}/add'
properties: {
accessPolicies: [
{
tenantId: subscription().tenantId
objectId: adf.outputs.identityPrincipalId
permissions: {
secrets: [
'get'
'list'
]
}
}
]
}
}
Error
Error BCP036: The property "name" expected a value of type "'add' | 'remove' | 'replace'" but the provided value is of type "string".
Example using ARM template: https://github.com/Azure/azure-quickstart-templates/blob/master/101-keyvault-add-access-policy/azuredeploy.json
@SenthuranSivananthan - KV access polices as resources are tricky, you can use them only if you do not deploy KV in this same template. If you deploy a KV, it requires providing accessPolicies parameter.
Moreover, if you try to use this resource type multiple times (for granting access to different objects) in same module, the deployment will fail, as you cannot deploy a resource with this same name (add
) multiple times.
This particular API is mostly dedicated for CLI or portal interaction. I encourage you to not use it in ARM/bicep.
@SenthuranSivananthan - KV access polices as resources are tricky, you can use them only if you do not deploy KV in this same template. If you deploy a KV, it requires providing accessPolicies parameter.
Moreover, if you try to use this resource type multiple times (for granting access to different objects) in same module, the deployment will fail, as you cannot deploy a resource with this same name (
add
) multiple times.This particular API is mostly dedicated for CLI or portal interaction. I encourage you to not use it in ARM/bicep.
Thanks for the advice. I switched to using RBAC instead of access policies and that seems to work better for my use case.
properties.roleName
in Microsoft.Authorization/roleDefinitions@2018-01-01-preview
should be Required.
'Microsoft.Portal/dashboards@2015-08-01-preview' has little or no intellisense available
'Microsoft.OperationalInsights/workspaces@2020-10-01' properties.provisioningState should not autocomplete.
Connection KeyVault to a log analytics workspace
Warning BCP081: Resource type "Microsoft.KeyVault/vaults/providers/diagnosticSettings@2017-05-01-preview" does not have types available
Connection KeyVault to a log analytics workspace
Warning BCP081: Resource type "Microsoft.KeyVault/vaults/providers/diagnosticSettings@2017-05-01-preview" does not have types available
You can use the scope
property to set the parent resource scope to your keyvault reference, and declare the Microsoft.Insights/diagnosticSettings
resource similar to this example. This will give you proper type validation:
Some more information on this here: https://github.com/Azure/bicep/blob/main/docs/spec/resource-scopes.md#resource-scope-property
Hopefully this helps anyone seeing the BCP081 Resource type does not have types available error on deployment. I have had this issue but I was able to deploy the template using the same resource with a different Api.
Also I was able to deploy the template using Azure CLI without issue.
@anthony-c-martin
@kris-turk - we are tracking the issue here: https://github.com/Azure/azure-powershell/issues/14651
Hopefully will have a fix out soon. cc @BethanyZhou
Warning BCP081: Resource type "Microsoft.Storage/storageAccounts/managementPolicies@2021-01-01" does not have types available. Warning BCP081: Resource type "Microsoft.Storage/storageAccounts/tableServices@2021-01-01" does not have types available. Warning BCP081: Resource type "Microsoft.Storage/storageAccounts/tableServices/tables@2021-01-01" does not have types available.
resource storageAcct 'Microsoft.Storage/storageAccounts@2019-06-01' = {
name: 'teststorage2803'
location: resourceGroup().location
sku: {
name:'Standard_LRS'
tier:'Standard'
}
tags: union(resourceGroup().tags, {
itemPurpose: 'general blob and table storage'
})
kind: 'StorageV2'
properties: {
supportsHttpsTrafficOnly: true
encryption: {
services: {
file: {
keyType: 'Account'
enabled: true
}
blob: {
keyType: 'Account'
enabled: true
}
}
keySource: 'Microsoft.Storage'
}
accessTier: 'Hot'
allowBlobPublicAccess: false
}
}
resource blobServices 'Microsoft.Storage/storageAccounts/blobServices@2019-06-01' = {
name: '${storageAcct.name}/default'
properties: {
cors: {
corsRules: []
}
deleteRetentionPolicy: {
enabled: true
days: 7
}
}
}
resource nodeRedContainer 'Microsoft.Storage/storageAccounts/blobServices/containers@2019-06-01' = {
name: '${blobServices.name}/nodered'
properties: {
publicAccess:'None'
defaultEncryptionScope: '$account-encryption-key'
denyEncryptionScopeOverride: false
}
}
resource lifecyclePolicy 'Microsoft.Storage/storageAccounts/managementPolicies@2021-01-01' = {
name: '${storageAcct.name}/Default'
properties: {
policy: {
rules:[
{
enabled: true
name: 'retire-at-90-days'
type: 'Lifecycle'
definition:{
filters: {
blobTypes: [
'blockBlob'
]
prefixMatch: [
'${nodeRedContainer.name}'
]
}
actions: {
version: {
delete: {
daysAfterCreationGreaterThan: 90
}
}
baseBlob:{
delete:{
daysAfterModificationGreaterThan: 90
}
}
}
}
}
]
}
}
}
resource tableStorage 'Microsoft.Storage/storageAccounts/tableServices@2021-01-01' = {
name: '${storageAcct.name}/default'
}
resource linksTable 'Microsoft.Storage/storageAccounts/tableServices/tables@2021-01-01' = {
name: '${tableStorage.name}/links'
}
Warning BCP081: Resource type "Microsoft.Storage/storageAccounts/managementPolicies@2021-01-01" does not have types available. Warning BCP081: Resource type "Microsoft.Storage/storageAccounts/tableServices@2021-01-01" does not have types available. Warning BCP081: Resource type "Microsoft.Storage/storageAccounts/tableServices/tables@2021-01-01" does not have types available.
@MarcJenningsUK which version of Bicep are you using here? I'm unable to repro this with 0.3.126
. Note that at present, type definitions are bundled with the build, so to get the latest types, you will need to upgrade your Bicep install.
@MarcJenningsUK which version of Bicep are you using here? I'm unable to repro this with
0.3.126
. Note that at present, type definitions are bundled with the build, so to get the latest types, you will need to upgrade your Bicep install.
Um. Turns out this machine still had 0.3.1 installed. Upgraded to 0.3.126 and it was fine. My bad.
Resource type "Microsoft.Web/sites/config@2020-09-01" does not have types available.
Resource type "Microsoft.Web/sites/config@2020-09-01" does not have types available.
This has been fixed in the nightly build, and will be included in the next release (ETA some time this week).
Resource type "Microsoft.Web/sites/config@2020-09-01" does not have types available.
This has been fixed in the nightly build, and will be included in the next release (ETA some time this week).
Thanks... Lightning Response :)
Bicep version 0.2.14
Describe the bug The resource type @ version
Microsoft.Web/connections@2016-06-01
is not available (BCP081)To Reproduce
resource connection 'Microsoft.Web/connections@2016-06-01' = { .. }
This one is holding me up.
Still active as of bicep version 0.3.126.
Please include it.
This one is holding me up.
Still active as of bicep version 0.3.126.
Please include it.
@johnmeilleur thanks for raising this. I've created https://github.com/Azure/azure-rest-api-specs/issues/13844 to track the configuration fix needed to unblock type generation.
Missing types for Microsoft.Sql version 2020-11-01-preview (originally raised under Azure/bicep#2187). I've raised https://github.com/Azure/azure-rest-api-specs/issues/13845 to track the configuration fix.
I am attempting to use the ZipDeploy
extension for websites. This works with ARM but not Bicep.
resource website 'Microsoft.Web/sites@2020-09-01' = {
name: 'ExplorePackages-${stackName}'
location: resourceGroup().location
identity: {
type: 'SystemAssigned'
}
properties: {
serverFarmId: websitePlanId
}
resource deploy 'extensions' = {
name: 'ZipDeploy'
properties: {
packageUri: websiteZipUrl
}
}
}
VS Code error (which matches the command line error with bicep build
)
{
"resource": "/c:/z/Git/joelverhagen/ExplorePackages/deploy/main.bicep",
"owner": "_generated_diagnostic_collection_name_#0",
"code": "BCP088",
"severity": 8,
"message": "The property \"name\" expected a value of type \"'MSDeploy'\" but the provided value is of type \"'ZipDeploy'\". Did you mean \"'MSDeploy'\"?",
"source": "bicep",
"startLineNumber": 135,
"startColumn": 11,
"endLineNumber": 135,
"endColumn": 22
}
PS /home/joel/ExplorePackages> bicep --version
Bicep CLI version 0.3.258 (187d4d2047)
This can be worked around by doing "MSDeploy" in the bicep file then string replace "MSDeploy" with "ZipDeploy" on the JSON ARM file.
Docs: https://github.com/projectkudu/kudu/wiki/MSDeploy-VS.-ZipDeploy
@joelverhagen you can try use any
function in the name to avoid the error message. (https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/template-functions-any)
Warning BCP081: Resource type
"Microsoft.Network/networkInterfaces@2020-11-01" does not have types available
Warning BCP081: Resource type
"Microsoft.Network/privateEndpoints@2020-11-01" does not have types available.
I was able to roll back to 2020-08-01 version to make it work.
Warning BCP081: Resource type "Microsoft.Network/networkInterfaces@2020-11-01" does not have types available Warning BCP081: Resource type "Microsoft.Network/privateEndpoints@2020-11-01" does not have types available.
@napope - those should be fixed with v0.3.255
microsoft.insights/diagnosticSettings@2020-01-01-preview is not allowing me to set the scope
property, but the 2017-05-01-preview API version does.
If I try to use 2020-01-01-preview I get these errors from Bicep:
C:\temp\storage.bicep(21,3) : Error BCP038: The property "scope" is not allowed on objects of type "microsoft.insights/diagnosticSettings". Permissible properties include "dependsOn", "location".
C:\temp\storage.bicep(21,10) : Error BCP135: Scope "resource" is not valid for this resource type. Permitted scopes: "managementGroup".
microsoft.insights/diagnosticSettings@2020-01-01-preview is not allowing me to set the
scope
property, but the 2017-05-01-preview API version does.
Thanks for bringing this up. Looks like the swagger specs for 2020-01-01-preview
indeed only list management group as a valid scope: https://github.com/Azure/azure-rest-api-specs/tree/master/specification/monitor/resource-manager/Microsoft.Insights/preview/2020-01-01-preview
I've raised Azure/bicep#2327 to cover the lack of discoverability in the VSCode extension.
@johndowns Even for me shows the same message.... i guess the latest api version is not available it seems.
Bicep CLI version 0.3.255 (589f0375df)
Warning BCP081: Resource type "Microsoft.Network/frontdoors/frontendEndpoints/customHttpsConfiguration@2020-07-01" does not have types available.
@jamalikake - do you have any docs/reference about that resource type? Or possibly this type being used in an ARM Template? I am not able to find anything
@alex-frankel @jamalikake It's used in this sample. I also use it frequently. I haven't found any specific docs about it. I know the right person in the product group to raise this with - want me to check if they can add it to the swagger specs?
I know the right person in the product group to raise this with - want me to check if they can add it to the swagger specs?
That would be great!
@alex-frankel @johndowns thank you guys, i see the warning is only while converting the ARM in to Bicep... but when i tried to deploy the bicep it works perfectly........ so please ignore my comments........
When trying to create a Microsoft.KeyVault/vaults@2019-09-01
resource, the Visual Studio Code extension version 0.3.255
doesn't complain about a missing accessPolicies
property. For example the following resource is considered to be okay.
resource kv 'Microsoft.KeyVault/vaults@2019-09-01' = {
location: 'westeurope'
name: 'kv-somevault-poc1'
properties: {
sku: {
name: 'standard'
family: 'A'
}
tenantId: subscription().tenantId
}
}
This seems to be inline with the documentation, which says an accessPolicy
property is not required. However, when trying to deploy this template it will fail with the following
Deployment failed. Correlation ID: 02c3be09-xxxx-48cf-8df9-xxxxxx. {
"error": {
"code": "BadRequest",
"message": "The parameter accessPolicies is not specified."
}
}
@matthiasguentert since that API version in KeyVault you can use enableRbacAuthorization
property which disables Access Policies. Therefore accessPolicies
property cannot be marked as required anymore.
I think API-Specs is unable to define xor-required properties and therefore bicep is unable to detect it on compile time...
I'm trying to perform a nested deployment (peering a vnet in a different resource group) & am receiving the error below (az CLI Bicep version 0.3.255 (589f0375df)).
Error BCP038: The property "resourceGroup" is not allowed on objects of type "Microsoft.Resources/deployments@2021-01-01". Permissible properties include "dependsOn", "eTag", "extendedLocation", "identity", "kind", "managedBy", "managedByExtended", "plan", "scale", "scope", "sku", "tags", "zones".
resource vnetPeeringDeployment 'Microsoft.Resources/deployments@2021-01-01' = {
location: resourceGroup().location
resourceGroup: remoteVnetResourceGroup
name: 'nestedDeployment'
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: [
{
name: 'peering'
type: 'Microsoft.Network/virtualNetworks/virtualNetworkPeerings'
apiVersion: '2020-08-01'
properties: {
allowForwardedTraffic: true
allowGatewayTransit: true
allowVirtualNetworkAccess: true
useRemoteGateways: false
remoteVirtualNetwork: {
id: remoteVnetId
}
}
}
]
}
}
}
@cbellee - can you check the version of the Bicep VS Code extension? I am not able to repro this. That being said, we'd recommend handling this with modules instead of a nested deployment. I think you may also have an issue with the current name of the peering resource since it does not include the parent name. Here's how I would try to handle this:
main.bicep
module vnetPeer 'vnetPeer.bicep' = {
name: 'vnetPeerDeploy'
scope: resourceGroup(remoteVnetResourceGroup)
params: {
remoteVnetName: remoteVnetName
}
}
vnetPeer.bicep:
param parentVnetName string
param remoteVnetId string
resource parentVnet 'Microsoft.Network/virtualNetworks@2020-08-01' existing = {
name: parentVnetName
}
resource vnetPeer 'Microsoft.Network/virtualNetworks/virtualNetworkPeerings@2020-08-01' = {
parent: remoteVnet
name: 'peering'
properties: {
allowForwardedTraffic: true
allowGatewayTransit: true
allowVirtualNetworkAccess: true
useRemoteGateways: false
remoteVirtualNetwork: {
id: remoteVnetId
}
}
}
Notice I got a reference to the parent vnet with the existing keyword.
@alex-frankel - thanks for replying so quickly to this issue! I used the module approach you suggested, but still received the errors until I manually upgraded Bicep to the latest version, rather than using the az cli bundled/managed version (VSCode extension was using the latest version). So it's all working now - thanks again!
The Microsoft.DesktopVirtualization/hostpools/providers/diagnosticSettings@2017-05-01-preview is not allowing me to set the scope property: Warning BCP174: Type validation is not available for resource types declared containing a "/providers/" segment. Please instead use the "scope" property
The Microsoft.DesktopVirtualization/hostpools/providers/diagnosticSettings@2017-05-01-preview is not allowing me to set the scope property:
@TomHickling here's a concrete example of how to use scope
to deploy diagnosticSettings for a hostpools resource. hostPool
here is the identifier for the hostpools resource:
I've exported ARM templates for a couple of Application Insights resources through the portal, and received errors when decompiling to bicep
Warning BCP036: The property "Flow_Type" expected a value of type "'Bluefield'" but the provided value is of type "'Redfield'". Warning BCP036: The property "Request_Source" expected a value of type "'rest'" but the provided value is of type "'IbizaAIExtension'".
For reference, here is relevant section of the exported ARM template
{
"type": "microsoft.insights/components",
"apiVersion": "2020-02-02-preview",
"name": "Foo",
"location": "westeurope",
"kind": "web",
"properties": {
"Application_Type": "web",
"Flow_Type": "Redfield",
"Request_Source": "IbizaAIExtension",
"IngestionMode": "ApplicationInsights",
"publicNetworkAccessForIngestion": "Enabled",
"publicNetworkAccessForQuery": "Enabled"
}
},
Microsoft.SignalRService/WebPubSub
is not supported.
Warning BCP081: Resource type "Microsoft.SignalRService/WebPubSub@2021-04-01-preview" does not have types available.
I was able to deploy the template below.
resource name_resource 'Microsoft.SignalRService/WebPubSub@2021-04-01-preview' = {
name: name
location: location
properties: {}
sku: {
name: skuName
tier: tier
capacity: capacity
}
tags: tags
}
rest-api-specs exists.
https://github.com/Azure/azure-rest-api-specs/tree/master/specification/webpubsub
complete code https://github.com/takekazuomi/bicep-random-note/blob/main/src/0501/main.bicep
The quota that you can set on Application Insights component does not seem to be recognized. Repro:
Referring to https://github.com/Azure/bicep/issues/2458
pfxBlob when using Microsoft.Web/certificates@2016-03-01 should probably use a string instead of array since it it expects a base64string of the certificates content. Passing the value as a base64string using any() works as suggested by @alex-frankel in Azure/bicep#2458.
For Microsoft.Subscription/aliases
with API version 2020-09-01, the docs include a property called managementGroupId
but this doesn't appear in the Bicep tooling.
Missing Hyperscale API:
Resource type "Microsoft.DBforPostgreSQL/serverGroupsv2@2020-10-05-privatepreview" does not have types available.bicep(BCP081)
Please submit all type inaccuracy issues to the Bicep Types Repo here: https://aka.ms/bicep-type-issues