search

Azure / deployment-stacks

Contains Deployment Stacks CLI scripts and releases
MIT License
87 stars 7 forks source link

When creating/updating deployment stacks using Azure Powershell and failure happens before the start of the deployment. Error message is too generic. #178

Closed GABRIELNGBTUC closed 1 month ago

GABRIELNGBTUC commented 1 month ago

Describe the bug

When deploying a stack with an invalid deployment, the error returned by the CLI is usually not informative regarding to the actual error. This is particularly problematic to troubleshoot deployment failures in a CI/CD pipeline.

Since the command already seem to receive the failure reason from it's validation check, it should be exposed to the end-user instead of returning generic error messages.

To Reproduce Deploy a stack with the following bicep file and pass a string to the expected parameter instead of an object

param test object

output out string = ''

The error message will simply say that validation failed without any guidance.

New-AzResourceGroupDeploymentStack: 15:29:48 - Error: Code=; Message=Long running operation failed with status 'BadRequest'.

New-AzResourceGroupDeploymentStack: Validation for deployment stack 'testing' failed.

The only way to retrieve the reason for the failure is to run the command with the -Debug switch and look at the response body from Azure:

{
  "error": {
    "code": "InvalidTemplate",
    "message": "Deployment template validation failed: 'The provided value for the template parameter 'test' is not valid. Expected a value of type 'Object', but received a value of type 'String'. Please see https://aka.ms/arm-create-parameter-file for usage details.'.",
    "additionalInfo": [
      {
        "type": "TemplateViolation",
        "info": {
          "lineNumber": 1,
          "linePosition": 169,
          "path": "properties.template.parameters.test.type"
        }
      }
    ]
  },
  "properties": {}
}

Another example is when using keyvault references in a parameter file. If the identity does not have the permissions necessary on the keyvault, the stack creation/update will simply return Bad request 400 as an error. However, the real error that should be exposed after the validation failure is that the identity does not have the permission Microsoft.KeyVault/vaults/deploy/action on the KeyVault.

This is another error message correctly reflected in New-AzResourceGroupDeployment but not through the stacks powershell commands

Expected behavior

The command returns the reason why the creation of the stacked failed.

For example, when using New-AzResourceGroupDeployment, the reason for the failure is clearly printed in the console:

New-AzResourceGroupDeployment: 15:41:40 - Error: Code=InvalidTemplate; Message=Deployment template validation failed: 'The provided value for the template parameter 'test' is not valid. Expected a value of type 'Object', but received a value of type 'String'. Please see https://aka.ms/arm-create-parameter-file for usage details.'. New-AzResourceGroupDeployment: The deployment validation failed

dantedallag commented 1 month ago

@GABRIELNGBTUC Wanted to check to make sure you were running the latest release? Your stacks cmdlets should be version 7.2.0 if you run Get-Command New-AzResourceGroupDeploymentStack. There was an issue with surfacing errors in 7.1.0, but it should be fixed with 7.2.0.

GABRIELNGBTUC commented 1 month ago

Hello.

I was on 7.1.0. After upgrading, the expected error message is indeed showcased.