search

microsoftgraph / msgraph-bicep-types

Repo contains Microsoft Graph resource types to integrate with bicep templates.
MIT License
46 stars 7 forks source link

Referencing Container App System Assigned Managed Identity fails validation #183

Open DavidMrLane opened 1 month ago

DavidMrLane commented 1 month ago

Bicep version 0.30.23

Resource and API version Microsoft.Graph/groups@v1.0

Auth flow Same errors on pipeline and when run manually

Deployment details Fails at validation, before deployment

Describe the bug Having app.identity.principalId as a group member, produced the error:

Deployment template validation failed: 'The resource 'Microsoft.App/containerApps/providedAppName' is not defined in the template

When app.identity.principalId is removed/commented the template deploys, even though there are references to app.name

To Reproduce This is my template:

extension microsoftGraph

param appName string param appNameInitMiName string

resource app 'Microsoft.App/containerApps@2024-02-02-preview' existing = { name: appName } resource appInitMi 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' existing = { name: appNameInitMiName }

resource schemaDataOperator 'Microsoft.Graph/groups@v1.0' = { displayName: 'Azure-${app.name}-dataOperator' mailEnabled: false mailNickname: guid('Azure-${app.name}-dataOperator') securityEnabled: true uniqueName: 'Azure-${app.name}-dataOperator' members: [ appInitMi.properties.principalId app.identity.principalId ] } resource schemaDdlAdmin 'Microsoft.Graph/groups@v1.0' = { displayName: 'Azure-${app.name}-ddlAdmin' mailEnabled: false mailNickname: guid('Azure-${app.name}-ddlAdmin') securityEnabled: true uniqueName: 'Azure-${app.name}-ddlAdmin' members: [ appInitMi.properties.principalId ] }

dkershaw10 commented 1 month ago

@DavidMrLane this seems the same as #178

DavidMrLane commented 1 month ago

yes you're correct. Adding an output statement allowed it to deploy, and removing it causes the validation to fail again.

dkershaw10 commented 1 month ago

Very weird.

shenglol commented 1 month ago

This is odd, but it might be a bug in the deployment engine. I'll investigate this.

shenglol commented 1 month ago

Confirmed it's a bug. Working on a fix now.

dkershaw10 commented 1 month ago

Thanks for confirming @shenglol. And @DavidMrLane - thank you for finding and reporting this.

dkershaw10 commented 3 weeks ago

@shenglol any updates on this issue?