Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Microsoft.App RP has huge problem with using reference() and conditions (?) #15694

Open
slavizh opened this issue Nov 28, 2024 · 4 comments
Open

Microsoft.App RP has huge problem with using reference() and conditions (?) #15694

slavizh opened this issue Nov 28, 2024 · 4 comments
Assignees
@stephaniezyen
Milestone
v0.33

Comments

@slavizh
Copy link
Contributor

slavizh commented Nov 28, 2024
edited
Loading

Bicep version
Bicep CLI version 0.31.92 (b065093)

Describe the bug
I am constantly hit with issues using Microsoft.App when using conditions and references. The error that I get is the following:

New-AzResourceGroupDeployment: 12:03:24 - Error: Code=InvalidTemplateDeployment; Message=The template deployment 'deploy2' is not valid according to the validation procedure. The tracking id is '94c4d55a-f9f4-46a9-81ae-2c50ecade6ad'. See inner errors for details.
New-AzResourceGroupDeployment: 12:03:24 - Error: Code=ValidationForResourceFailed; Message=Validation failed for a resource. Check 'Error.Details[0]' for more information.
New-AzResourceGroupDeployment: 12:03:24 - Error: Code=ManagedEnvironmentInvalidSchema; Message=Invalid request body for environment. Path: $. Does not conform to Managed Environment schema, please visit for more information https://docs.microsoft.com/azure/container-apps/azure-resource-manager-api-spec?tabs=arm-template#container-apps-environment
New-AzResourceGroupDeployment: The deployment validation failed

Deployment does not even starts, it just gives this error on staring the deployment, What if is not able to generate any data.

To Reproduce
Steps to reproduce the behavior:

To reproduce here is where code works:

param managedEnvName string
param logAnalyticsSubscriptionId string = subscription().subscriptionId
param logAnalyticsResourceGroup string 
param logAnalyticsWorkspaceName string 

resource logAnalytics 'Microsoft.OperationalInsights/workspaces@2023-09-01' existing = {
  name: logAnalyticsWorkspaceName
  scope: resourceGroup(logAnalyticsSubscriptionId, logAnalyticsResourceGroup)
}

resource managedEnv 'Microsoft.App/managedEnvironments@2024-08-02-preview' = {
  name: managedEnvName
  location: resourceGroup().location
  properties: {
    appLogsConfiguration: {
      destination: 'log-analytics'
      logAnalyticsConfiguration: {
        customerId: logAnalytics.properties.customerId
        sharedKey: logAnalytics.listKeys().primarySharedKey
      }
    }
  }
}

However as soon as you add some conditions you get the error above. Here is example where error is generated.

param managedEnvName string 
param logAnalyticsSubscriptionId string = subscription().subscriptionId
param logAnalyticsResourceGroup string 
param logAnalyticsWorkspaceName string 

resource logAnalytics 'Microsoft.OperationalInsights/workspaces@2023-09-01' existing = {
  name: logAnalyticsWorkspaceName
  scope: resourceGroup(logAnalyticsSubscriptionId, logAnalyticsResourceGroup)
}

resource managedEnv 'Microsoft.App/managedEnvironments@2024-08-02-preview' = {
  name: managedEnvName
  location: resourceGroup().location
  properties: {
    appLogsConfiguration: {
      destination: !empty(logAnalyticsWorkspaceName) ? 'log-analytics' : 'azure-monitor'
      logAnalyticsConfiguration: !empty(logAnalyticsWorkspaceName) ? {
        customerId: logAnalytics.properties.customerId
        sharedKey: logAnalytics.listKeys().primarySharedKey
      } : null
    }
  }
}

The workaround to use conditions and references which is not pleasant is to get customerId and primarySharedKey before starting the deployment of the template and pass them as parameters.

The same behavior can be seen if you try to configure properties.customDomainConfiguration.certificateKeyVaultProperties.keyVaultUrl and have condition on certificateKeyVaultProperties. Usually you would use reference to secretUri of the secret but in order to overcome it you need to use concatination to build the URI.

Same issue is present with Microsoft.App/managedEnvironments/certificates@2024-08-02-preview and properties.certificateKeyVaultProperties.keyVaultUrl when having condition on certificateKeyVaultProperties,

In Microsoft.App/containerApps@2024-08-02-preview properties.secrets same issue occurs.

It seems that the whole RP is build in some weird way that it has this bug.

Additional context
Add any other context about the problem here.
@github-project-automation github-project-automation bot moved this to Todo in Bicep Nov 28, 2024
@slavizh
Copy link
Contributor Author

slavizh commented Nov 29, 2024

same issue with appInsightsConfiguration.connectionString if you put condition on appInsightsConfiguration

@slavizh
Copy link
Contributor Author

slavizh commented Nov 29, 2024

btw when you implement any of the workarounds where you pass values via module parameters what-if also stops working which is additional downside of using these workarounds.

@monikanagy
Copy link

Welcome to the club suffering with this. See also: Azure/bicep-types-az#1407

@anthony-c-martin
Copy link
Member

@alex-frankel @stephaniezyen - this seems likely to be a resource provider preflight implementation issue - we may need to follow up with the owners of the service.

@stephaniezyen stephaniezyen self-assigned this Dec 4, 2024
@stephaniezyen stephaniezyen added this to the v0.32 milestone Dec 4, 2024
@stephaniezyen stephaniezyen modified the milestones: v0.32, v0.33 Dec 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@stephaniezyen stephaniezyen

Labels
None yet
Projects
Bicep
Status: Todo
Milestone
v0.33
Development

No branches or pull requests
4 participants
@slavizh @anthony-c-martin @stephaniezyen @monikanagy