azure / bicep-types-az Goto Github PK

Bicep version
v0.4.1124

Describe the bug
Warning in VSC:
The property "retentionDays" is not allowed on objects of type "DatabaseVulnerabilityAssessmentProperties". Permissible properties include "storageContainerSasKey". If this is an inaccuracy in the documentation, please report it to the Bicep Team.

To Reproduce
Create the following vulnerabilityAssessment object in bicep. The warning will appear.

resource vulnerabilityAssessment 'Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments@2021-05-01-preview' = if (database.advancedThreatProtection.enabled && (!empty(database.advancedThreatProtection.vulnerabilityAssessmentScans.storageAccount.name))) {
  name: '${sqlManagedInstance.name}/${databaseRes.name}/Default'
  properties: {
    recurringScans: {
      isEnabled: database.advancedThreatProtection.vulnerabilityAssessmentScans.recurringScans
      emailSubscriptionAdmins: database.advancedThreatProtection.vulnerabilityAssessmentScans.emailSubscriptionAdmins
      emails: database.advancedThreatProtection.vulnerabilityAssessmentScans.emails
    }
    storageContainerPath: !empty(database.advancedThreatProtection.vulnerabilityAssessmentScans.storageAccount.name) ? container.name : ''
    storageAccountAccessKey: !empty(database.advancedThreatProtection.vulnerabilityAssessmentScans.storageAccount.name) ? storageAccount.listKeys().keys[0].value : ''
    retentionDays: !empty(database.advancedThreatProtection.vulnerabilityAssessmentScans.storageAccount.name) ? database.advancedThreatProtection.vulnerabilityAssessmentScans.retentionDays : 0
  }
}

Additional context
Add any other context about the problem here.

This library has a lot of benefits an I can see cases were it could be used within other applications. The concern is about it been kept up to date, and new / updated Azure template items not been available via bicep on day 1 of release and until this is updated. The therefore propose the follow changes to remove this problem.

1. Within the library start up read a boolean config flag (keep updating) if the application wants to check for updates, this is to keep backwards capabilities
2. If the keep updating flag is selected to true, carry out a check to establish if Azure template updates have been published by downloading the overall file, or checking its version against the latest update held within the app.
3. If the versions are out of sync using some of the generate code, via the ARM Swagger API download the updated templates , serialise to the same format of those stored within this library and store in a local side file.
4. If the keep updating flag is set when a call is made to establish the list of items by calling GetIndexedTypes aggregate the templates held within the resource section of the library and those updated items recorded within the update local side file

Additional logic could also be added that when this library does get updated it clears down the load side file

In doing this it will keep this library and Bicep automatically up t date with rest of Azure without having to keep republishing this library.

In ManagedClusterProperties (https://github.com/Azure/bicep-types-az/blob/7f9be56113ea442a042ebd37051d3bfe928f5107/generated/containerservice/microsoft.containerservice/2021-03-01/types.md#managedclusterproperties), identityProfile appears to be defining a type of:

type incorrect = {[key: string]: { 
  error: CloudError,
}}

Whereas the correct definition (as per swagger) should be:

type correct = {[key: string]: { 
  clientId: string,
  objectId: string,
  resourceId: string,
}}

Autorest.Modelerfour appears to solve this issue (from the typescript branch): https://github.com/Azure/bicep-types-az/blob/ba2d133751311243895a68a868dac04e488bd296/generated/containerservice/microsoft.containerservice/2021-03-01/types.md#componentsqit0etschemasmanagedclusterpropertiespropertiesidentityprofileadditionalproperties

Bicep version
0.4.63

Describe the bug
Property needs to be set on 'null' instead of empty string '', otherwise the pipeline crashes with a BadRequest error. At the same time, setting it to 'null' gives a warning in Vistual Studio Code:
The property "logAnalyticsWorkspaceResourceID" expected a value of type "string" but the provided value is of type "null | string".bicep(BCP036)

Relevant code:

resource aksClusterRes 'Microsoft.ContainerService/managedClusters@2020-09-01' = {
   name: aksCluster.name
  location: resourceGroup().location
  tags: tags
  sku: {
    name: 'Basic'
    tier: aksCluster.sla
  }
  properties: {
    kubernetesVersion: aksCluster.kubernetesVersion
    addonProfiles: {
      omsAgent: {
        enabled: aksCluster.logAnalyticsWorkspace.enableContainerMonitoring
        config: {
          //needs to be set to null, not '', otherwise badRequest error:
          logAnalyticsWorkspaceResourceID: aksCluster.logAnalyticsWorkspace.enableContainerMonitoring ? logAnalyticsWorkspace.id : null
        }
      }
      ingressApplicationGateway: {
        enabled: !empty(aksCluster.network.ingressApplicationGateway.name)
        config: {
          //needs to be set to null, not '', otherwise badRequest error:
          applicationGatewayId: !empty(aksCluster.network.ingressApplicationGateway.name) ? ingressApplicationGateway.id : null
        }
      }
    }
    agentPoolProfiles: [
      agentPoolProfiles[0]
    ]
  }
}

To Reproduce
Replace both the 'null'-s in code above to '' and pipeline crashes with BadRequest error.

Additional context
Add any other context about the problem here.

Bicep version
0.4.613 (latest)

Describe the bug
When setting up a template for an existing virtualNetwork resource with subnets as a child resource and a virtualNetworkGateway, deployment wants to delete my existing subnets

• when adding subnets as a separate resource definition (not in the subnets array), it doesn't seem to recognize this and thinks I want to deploy a vnet without subnets. On deployment I get this message:

"message": "Subnet GatewaySubnet is in use by /subscriptions/XXXX/resourceGroups/XXX-TestRelease/providers/Microsoft.Network/virtualNetworkGateways/VPN-C2C-TestRelease/ipConfigurations/vnetGatewayConfig and cannot be deleted. In order to delete the subnet, delete all the resources within the subnet. See aka.ms/deletesubnet.",

• to be able to reference this subnet in the virtualnetworkgateway, without having to use the "resourceId('')" function, I see only the option to specify the resource as a separate rsource with the parent property, or am I missing an option here? I didn't find any other way.
• since this wasn't possible, I found the workaround to define the subnets in the 'subnets' property of virtualNetworks, and then using the resourceId('') function, although I kind of wished that I didn't need this one.

Template

resource vnet 'Microsoft.Network/virtualNetworks@2021-02-01' = {
  name: vnetName
  location: resourceGroup().location
  properties: {
    addressSpace: {
      addressPrefixes: [
        vnetAddressPefix
      ]
    }
    subnets:[
      {
        name: subnetName
          properties: {
            addressPrefix: vnetSubnetPrefix
            privateEndpointNetworkPolicies: 'Enabled'
            privateLinkServiceNetworkPolicies: 'Enabled'
          }
        }
    ]
    dhcpOptions: {
      dnsServers: vNetDnsServers
    }
  }
}

resource vnetGatewaysubnet  'Microsoft.Network/virtualNetworks/subnets@2021-02-01' =  {
    parent: vnet
    name: 'GatewaySubnet'
    properties: {
      addressPrefix: vnetGatewaySubnetPrefix
      privateEndpointNetworkPolicies: 'Enabled'
      privateLinkServiceNetworkPolicies: 'Enabled'
    }
}

resource virtualNetworkGateway 'Microsoft.Network/virtualNetworkGateways@2021-02-01' = {
  name: gatewayName
  location: resourceGroup().location
  properties: {
    ipConfigurations: [
      {
        name: 'vnetGatewayConfig'
        properties: {
          privateIPAllocationMethod: 'Dynamic'
          subnet: {
            id: vnetGatewaysubnet.id
          }
          publicIPAddress: {
            id: publicIP.id
          }
        }
      }
    ]
    sku: {
      name: gatewaySku
      tier: gatewaySku
    }
    vpnClientConfiguration: {
      vpnClientAddressPool: {
        addressPrefixes: [
          PointToSiteAddressSpace
        ]
      }
      vpnClientProtocols: [
        'SSTP'
      ]
    }
    gatewayType: 'Vpn'
    vpnType: 'RouteBased'
    enableBgp: false
  }
  dependsOn: [
    vnet
  ]
}

To Reproduce

Additional context

Is it possible to retain the property description from the specification when a property is marked as "any"? Right now, they get a description of "Any object" but it might be more helpful to pass on the original description. For example, the mainTemplate property on Microsoft.Resources/templateSpecs/versions would get "The main Azure Resource Manager template content."

Bicep version
0.4.1008

Describe the bug
Resource type 'Microsoft.Web/serverfarms/firstPartyApps/settings' doesn't have types available

To Reproduce
I need define Geneva configs as below, but get type unavailable. Looks like bicep has no support to Geneva configs

resource antMDSConfigXML 'Microsoft.Web/serverfarms/firstPartyApps/settings@2019-08-01' = {
  name: '${aspName}/AntMDS/MdsConfigXml'
  location: location
  properties: {
    firstPartyId: 'AntMDS'
    settingName: 'MdsConfigXml'
    settingValue: genevaConfig.configXml
  }
}

Bicep version
Bicep CLI version 0.5.6 (5f2f88f0f0)

Describe the bug
property CustomMetricsOptedInType can be set in Microsoft.Insights/components@2020-02-02 but it is not documented. Possible values for the property are 'WithDimensions' or 'NoDimensions'.

To Reproduce
Steps to reproduce the behavior:

Additional context
Add any other context about the problem here.

Bicep version
Bicep CLI version 0.4.1008 (223b8d227a)

Describe the bug
Creating a storage account file share and then setting role assignment on the file share (not the storage account) does not target correct "scope". Expected role assignment to scope to the file share

To Reproduce

Bicep file: fileshare-and-permissions.bicep

param storageAccount string
param fileshareName string
@allowed([
  'Cool'
  'Hot'
  'TransactionOptimized'
  'Premium'
])
param storageTier string
param quotaInGB int
param permissionRoleGuid string
param groupsOid array
     

resource stg 'Microsoft.Storage/storageAccounts@2021-08-01' existing = {
  name: storageAccount
}

resource fileshare 'Microsoft.Storage/storageAccounts/fileServices/shares@2021-08-01' = {
  name: '${stg.name}/default/${fileshareName}'
  properties: {
    accessTier: storageTier
    enabledProtocols:'SMB'
    shareQuota: quotaInGB
  }
}

resource roleDef 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' existing = {
  scope: subscription()
  name: permissionRoleGuid
}

resource perms 'Microsoft.Authorization/roleAssignments@2020-08-01-preview' = [for group in groupsOid: {
  name: guid(subscription().id,resourceGroup().id, stg.name, fileshareName, group)
  scope: fileshare
  properties:{
    roleDefinitionId: roleDef.id
    principalId: group
  }
}]

$Props = @{
    Name               = 'File-Share'
    ResourceGroupName  = "my-rg"
    TemplateFile       = ".\fileshare-and-permissions.bicep"
    storageAccount     = "mystorageacc"
    fileshareName      = "test"
    storageTier        = "Hot"
    quotaInGB          = 5
    permissionRoleGuid = "0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb" # SMB Contributor
    groupsOid          = ("48477e2b-7ae7-46da-97c0-6690a03c2ce4")
}
New-AzResourceGroupDeployment @Props

Verifying the role assignment in the portal does not show the just added role/assignment.

Running pwsh:

Get-AzRoleAssignment | select displayname, scope | sort scope

Gives this scope:

Where the green /fileshares/fxprofiles (created by another ARM template) works as expected.
And the red /shares/test are created by the above bicep template and does not work.

From this comment: #146 (comment)

Now that we're onboarded to the latest autorest, we have the ability to distinguish between 'closed' & 'open' enums. We should consider supporting this in our type system.

Bicep version
Bicep CLI version 0.4.1124 (66c84c8ee5)

Describe the bug
The schema to save a kusto query as a function can not work. A working payload would look like this:
/sub/123/rg/abc/providers/Microsoft.Insights/components/insights_name/analyticsItems/item

{
    "Name": "query",
    "Content": "dependencies",
    "Properties": {
        "functionAlias": "query_alias"
    },
    "Scope": "Shared",
    "Type": "Function"
}

Issue 1: "item" is the hardcoded required name. This prevents it from working in a loop in bicep, because the name property MUST reference the copyIndex() loop. )

Issue 2
The Type and Name properties conflict with name and type. Bicep will request Name to be of correct length: "name/subname", but that is not applicable for "Name"; only for "name".
"Type" is impossible to pass as well; it does not match any schema, etc. When I omit "Type" property, the request fails as well:

The request content was invalid and could not be deserialized: 'Could not find member 'Content' on object of type 'TemplateResource'. Path 'properties.template.resources[0].Content

To Reproduce

resource appInsights 'Microsoft.Insights/components@2020-02-02' = {
  name: 'app_insights_for_app'
  location: resourceGroup().location
  kind: 'web'
  properties: {
    Application_Type: 'web'
    publicNetworkAccessForIngestion: 'Enabled'
    publicNetworkAccessForQuery: 'Enabled'
    IngestionMode: 'LogAnalytics'
    RetentionInDays: 90
    Flow_Type: 'Bluefield'
    WorkspaceResourceId: '/subscriptions/123/resourcegroups/123/providers/microsoft.operationalinsights/workspaces/log_analytics_workspace_name'
  }

  resource insights_query_function 'analyticsItems@2015-05-01' = {
    name: 'item' // hardcoded, must be "item"; this is the ARM resource name
    Name: 'important_function' // This is the user-defined name of the item;
      // Intellisense error after bicep build: a member with the name "Name" already exists;
      // Additionally: I got error with Name property because "Name" needs equal parts to the type, as in: name/subname.
    Content: 'dependencies' // For some reason "Content" also yields intellisense errors after build.
      // Template validation failed: Could not find member 'Content' on object of type 'TemplateResource'. Path 'resources[0].Content', line 17, position 16.arm-template (validation)
      // This is strange because Content is explicitly mentioned as required in the schema for both arm and bicep: https://docs.microsoft.com/en-us/azure/templates/microsoft.insights/components/analyticsitems?tabs=json
    Scope: 'shared'
    Properties: {
      functionAlias: 'important_function'
    }
  }
}
// {
//   "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
//   "contentVersion": "1.0.0.0",
//   "metadata": {
//     "_generator": {
//       "name": "bicep",
//       "version": "0.4.1124.51302",
//       "templateHash": "6262658167201736790"
//     }
//   },
//   "resources": [
//     {
//       "type": "microsoft.insights/components/analyticsItems",
//       "apiVersion": "2015-05-01",
//       "name": "[format('{0}/{1}', 'app_insights_for_app', 'item')]",
//       "Name": "important_function",
//       "Content": "dependencies",
//       "Scope": "shared",
//       "Properties": {
//         "functionAlias": "important_function"
//       },
//       "dependsOn": [
//         "[resourceId('Microsoft.Insights/components', 'app_insights_for_app')]"
//       ]
//     },
//     {
//       "type": "Microsoft.Insights/components",
//       "apiVersion": "2020-02-02",
//       "name": "app_insights_for_app",
//       "location": "[resourceGroup().location]",
//       "kind": "web",
//       "properties": {
//         "Application_Type": "web",
//         "publicNetworkAccessForIngestion": "Enabled",
//         "publicNetworkAccessForQuery": "Enabled",
//         "IngestionMode": "LogAnalytics",
//         "RetentionInDays": 90,
//         "Flow_Type": "Bluefield",
//         "WorkspaceResourceId": "/subscriptions/123/resourcegroups/123/providers/microsoft.operationalinsights/workspaces/log_analytics_workspace_name"
//       }
//     }
//   ]
// }

Additional context
Add any other context about the problem here.

See https://github.com/Azure/bicep-types-az/blob/main/generated/authorization/microsoft.authorization/2021-03-01-preview/types.md

I would love the ability to consume resource types that are in private preview. This would help test this experience before types move to public preview.

https://github.com/Azure/bicep-types-az/blob/main/generated/web/log.out

WARNING: Skipping path '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{name}/host/default/{keyType}/{keyName}': Parameter reference {keyType} is not defined as an enum
WARNING: Skipping path '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{name}/migrate': Found mismatch betwen type segments (2) and name segments (1)
WARNING: Skipping path '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{name}/slots/{slot}/host/default/{keyType}/{keyName}': Parameter reference {keyType} is not defined as an enum
WARNING: Skipping resource type Microsoft.Web/sites/basicPublishingCredentialsPolicies under path '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{name}/basicPublishingCredentialsPolicies/ftp': Found multiple definitions for the same type
WARNING: Skipping resource type Microsoft.Web/sites/config under path '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{name}/config/appsettings': Found multiple definitions for the same type
WARNING: Skipping resource type Microsoft.Web/sites/siteextensions under path '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{name}/siteextensions/{siteExtensionId}': No resource body defined
WARNING: Skipping resource type Microsoft.Web/sites/slots/config under path '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{name}/slots/{slot}/config/appsettings': Found multiple definitions for the same type
WARNING: Skipping resource type Microsoft.Web/sites/slots/siteextensions under path '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{name}/slots/{slot}/siteextensions/{siteExtensionId}': No resource body defined
WARNING: Skipping resource type Microsoft.Web/staticSites/customDomains under path '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/staticSites/{name}/customDomains/{domainName}': No resource body defined

I was going through the types for an unrelated reason and noticed that some of the types are sometimes duplicated even though the summary is identical.

For example in the file https://github.com/Azure/bicep-types-az/blob/235fdc3343b678a8f2b1d9da60ea7af16c8f2f41/generated/web/microsoft.web/2015-08-01-preview/types.md, you can see the Dictionary<string, String> type several times in the summary:

Bicep version
Bicep CLI version 0.3.255

Describe the bug

I'm trying to create an automation account + runbook + schedules + link runbook and schedules. Every thing goes well but when I add automationAccounts/jobSchedules resource, I get a 404 error:

Here is the bicep file, that works perfect except when I add the jobSchedules resource:

https://raw.githubusercontent.com/joanteixi/az-bicep/master/start-stop-vm/automation.bicep

Thanks!

There are a few swagger resources with no body defined - for example:

We should generate Bicep types for these resources with just id, name, type& apiVersion defined, and continue to raise a warning.

Type generation for models under the web path has failed for a couple months:

The error message indicates that multiple operations accept both form-encoded and JSON requests, which autorest/modelerfour considers incompatible as of Azure/autorest#4405.

The Microsoft.KeyVault/vaults/keys resource type has a property called "data" within the "release_policy" object. In the swagger, it's defined as a string. But, it gets generated as "any".

https://github.com/Azure/bicep-types-az/runs/2587399850?check_suite_focus=true

Error message:

Error [ERR_REQUIRE_ESM]: Must use import to load ES Module: /home/runner/work/bicep-types-az/bicep-types-az/src/generator/node_modules/strip-ansi/index.js
require() of ES modules is not supported.
require() of /home/runner/work/bicep-types-az/bicep-types-az/src/generator/node_modules/strip-ansi/index.js from /home/runner/work/bicep-types-az/bicep-types-az/src/generator/cmd/generate.ts is an ES module file as it is a .js file whose nearest parent package.json contains "type": "module" which defines all .js files in that package scope as ES modules.
Instead rename index.js to end in .cjs, change the requiring code to use import(), or remove "type": "module" from /home/runner/work/bicep-types-az/bicep-types-az/src/generator/node_modules/strip-ansi/package.json.

    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1080:13)
    at Module.load (internal/modules/cjs/loader.js:928:32)
    at Function.Module._load (internal/modules/cjs/loader.js:769:14)
    at Module.require (internal/modules/cjs/loader.js:952:19)
    at require (internal/modules/cjs/helpers.js:88:18)
    at Object.<anonymous> (/home/runner/work/bicep-types-az/bicep-types-az/src/generator/cmd/generate.ts:8:1)
    at Module._compile (internal/modules/cjs/loader.js:1063:30)
    at Module.m._compile (/home/runner/work/bicep-types-az/bicep-types-az/src/generator/node_modules/ts-node/src/index.ts:1056:23)
    at Module._extensions..js (internal/modules/cjs/loader.js:1092:10)
    at Object.require.extensions.<computed> [as .ts] (/home/runner/work/bicep-types-az/bicep-types-az/src/generator/node_modules/ts-node/src/index.ts:1059:12)

It would be nice to ensure that a given type change won't regress diagnostics - to be able to take a snapshot of diagnostics using the quickstarts repo comparing the 'existing' and 'new' behavior on any PR which changes the generated types.

There's no straightforward way to review the logs written during type generation, because versioning and timing is logged, causing a diff in every file (example screenshot below).

We should write the logs in a structured manner - to display the following, so that the PR can be assessed for impact:

• Added/updated/removed resource types
• Differences in warnings/errors

We should then be able to generate a summary description for each PR.

x-ms-identifiers
Indicates the identifying property for objects in arrays

• Options
  • Can provide multiple identifiers in the array to form composite identifier
  • Can use JSON pointer to point to identifier that is inner property, e.g., /properties/subnet/id
• Example

"myArrayProperty": { 
 "type":"array", 
  "items": { 
    "$ref":"#/definitions/Example" 
  }, 
  "x-ms-identifiers": ["itemName"] 
 }

Bicep version
Bicep CLI version 0.4.1318 (ee0d808f35)

Describe the bug
The API is not idempotent. You can create the resource the first time but when trying to reapply you get:

Status Message: Etag value required for update operation of report: test1.Please get the latest to avoid overwrite. (Request ID: 37dfcd1f-b755-45a0-bcd4-80eb27347b73) (Code:400)

if you try to add

etag: '*'

at the same level as name you will get error:

• Error: Code=InvalidRequestContent; Message=The request content was invalid and could not be deserialized: 'Could not find member 'eTag' on object of type 'TemplateResource'. Path 'properties.template.resources[0].eTag', line 19, position 17.'.

To Reproduce
Steps to reproduce the behavior:

targetScope = 'subscription'

resource export 'Microsoft.CostManagement/exports@2021-10-01' = {
  name: 'test1'
  properties: {
    format: 'Csv'
    partitionData: false
    definition: {
      type: 'Usage'
      timeframe: 'TheLastBillingMonth'
      dataSet: {
        granularity: 'Daily'
        configuration: null
      }
      timePeriod: null
    }
    deliveryInfo: {
      destination: {
        resourceId: '/subscriptions/<sub id>/resourceGroups/<rg name>/providers/Microsoft.Storage/storageAccounts/<str account name>'
        container: 'test'
        rootFolderPath: 'test2'
        sasToken: null
        storageAccount: null
      }
    }
    schedule: {
      status: 'Active'
      recurrence: 'Monthly'
      recurrencePeriod: {
        from: '2022-04-06T00:00:00Z'
        to: '2022-05-01T00:00:00Z'
      }
    }
  }
}

Additional context
Add any other context about the problem here.

Bicep version
0.4.1

Describe the bug
The property "metadata" is not allowed on objects of type "SiteConfig".

To Reproduce

resource site 'Microsoft.Web/sites@2021-01-01' = {
  name: 'site'
  location: 'west europe'
  kind: 'app'
  properties: {
    enabled: true
    siteConfig: {
      metadata: [
        {
          name: 'CURRENT_STACK'
          value: 'dotnetcore'
        }
      ]
    }
  }
}

It compiles and works but it does give a warning: Warning BCP037

Message when deploying to Azure: "Parameter publicCertificateEnv is null or empty."

When adding property to resource in Bicep file I get the following error: "The property "publicCertificateEnv" is not allowed on objects of type "Microsoft.Web/sites/publicCertificates"

Bicep version
Bicep CLI version 0.4.1124 (66c84c8ee5)

Describe the bug
I'm creating log analytics schedulded query rules (Log Alerts V2) in a for loop. I've made a template for this and are providing the necessary parameters through a json datafile. All query rules are defined there. There are 72 items in there. When I run the for loop, nothing happens. No deployment starts in Azure, I only get there errors:

• Error: Code=; Message=The request was canceled due to the configured HttpClient.Timeout of 100 seconds elapsing.
• Error: Code=; Message=A task was canceled.
• Error: Code=; Message=A task was canceled
  -The deployment validation failed
  However when I remove items untill I have 66 or less remaining the deployment succeeds. I have tried deploying with 66, then replace one item with a non deployed one, and the deployment succeeds aswell. Which leads me to believe this error has to do with the a for loop limit. However, i'm nowhere near 800 iterations with 72 items.

To Reproduce
Create 'Microsoft.Insights/scheduledQueryRules@2021-08-01' in a loop with more then 66 items and the deployment will fail.
There no parent loops or anything like that, this code is only being run ONCE.

Additional context

Log Alert V2 definition:

resource logAlerts 'Microsoft.Insights/scheduledQueryRules@2021-08-01' = [for logAlert in logAlertsArray: {
  name: logAlert.alertName
  location: resourceGroup().location
  kind: 'LogAlert'
  properties:{
    displayName: logAlert.alertName
    description: logAlert.alertDescription
    severity: logAlert.alertSeverity
    enabled: logAlert.isEnabled
    evaluationFrequency: logAlert.frequencyInMinutes
    windowSize: logAlert.timeWindowInMinutes
    autoMitigate: logAlert.autoMitigate
    criteria:{
      allOf:[
        {
          metricName: logAlert.alertName
          operator: logAlert.operator
          threshold: logAlert.threshold
          timeAggregation: logAlert.timeAggregation
          metricMeasureColumn: logAlert.metricMeasureColumn
          dimensions: [
            {
              name: logAlert.dimensionsName
              operator: logAlert.dimensionsOperator
              values: logAlert.dimensionsValues
          }
          ]
          query: logAlert.query
          failingPeriods:{
            numberOfEvaluationPeriods: logAlert.numberOfEvaluationPeriods
            minFailingPeriodsToAlert: logAlert.minFailingPeriodsToAlert
          }
        }
      ]
    }
    scopes:[
      loganalyticsworkspace.id
    ]
    actions:{
      actionGroups:[
        actiongroup.id
      ]
    }
  }
}]

One of my data items (of which I have 72)

        {
            "alertName": "IIS_Server_Services",
            "alertDescription": "IIS_Server_Service_Stopped",
            "query": "let Windows_Service_Names = dynamic(['IISADMIN','W3svc']); ConfigurationData | where SvcName in (Windows_Service_Names) and SvcState == \"Stopped\" and SvcStartupType  == \"Auto\"",
            "frequencyInMinutes": "PT5M",
            "timeWindowInMinutes": "PT5M",
            "operator": "GreaterThan",
            "threshold": 0,
            "alertSeverity": 2,
            "autoMitigate": true,
            "numberOfEvaluationPeriods": 1,
            "minFailingPeriodsToAlert": 1,
            "timeAggregation": "Count",
            "metricMeasureColumn": "",                    
            "dimensionsName": "Computer",
            "dimensionsOperator": "Include",
            "dimensionsValues" : ["*"],
            "isEnabled": false
        },

Created from comment on #436.

Bicep version
v0.4.1124

Describe the bug
Warning in VSC:
The property "retentionDays" is not allowed on objects of type "ManagedInstanceVulnerabilityAssessmentProperties". Permissible properties include "storageContainerSasKey". If this is an inaccuracy in the documentation, please report it to the Bicep Team.

To Reproduce
Create the following vulnerabilityAssessment object in bicep. The warning will appear.

// Vulnerability Assessments at SQL Server Level
resource vulnerabilityAssessment 'Microsoft.Sql/managedInstances/vulnerabilityAssessments@2021-05-01-preview' = if (sqlManagedInstance.advancedThreatProtection.enabled && (!empty(sqlManagedInstance.advancedThreatProtection.vulnerabilityAssessmentScans.storageAccount.name))) {
  name: '${sqlManagedInstanceRes.name}/Default'
  properties: {
    recurringScans: {
      isEnabled: sqlManagedInstance.advancedThreatProtection.vulnerabilityAssessmentScans.recurringScans
      emailSubscriptionAdmins: sqlManagedInstance.advancedThreatProtection.vulnerabilityAssessmentScans.emailSubscriptionAdmins
      emails: sqlManagedInstance.advancedThreatProtection.vulnerabilityAssessmentScans.emails
    }
    storageContainerPath: !empty(sqlManagedInstance.advancedThreatProtection.vulnerabilityAssessmentScans.storageAccount.name) ? container.name : ''
    storageAccountAccessKey: !empty(sqlManagedInstance.advancedThreatProtection.vulnerabilityAssessmentScans.storageAccount.name) ? storageAccount.listKeys().keys[0].value : ''
    retentionDays: !empty(sqlManagedInstance.advancedThreatProtection.vulnerabilityAssessmentScans.storageAccount.name) ? sqlManagedInstance.advancedThreatProtection.vulnerabilityAssessmentScans.retentionDays : 0
  }
}

Additional context
N/A

No idea and bit of a shot in the dark but was working on a PR for bicep examples referencing a quickstart web app loganalytics and am getting errors on missing types. Specifically Microsoft.Web/sites/config@2020-06-01 and Microsoft.Web/sites/siteextensions@2020-06-01. See the errors when compiling on bicep but noticed it is pulling the module definitions from this repo so not sure if this is the right spot or not.

Reported under Azure/bicep#784 (comment)

Bicep Code

resource hPool 'Microsoft.DesktopVirtualization/hostPools@2021-07-12' existing = {
  name: hostPoolName
}

output token string = hPool.properties.registrationInfo.token

Affected Resource
Microsoft.DesktopVirtualization/hostPools@2021-07-12

Expected Behaviour
The value of hPool.properties.registrationinfo.token should be a valid registration token.

Actual Behaviour
New-AzResourceGroupDeployment : 1:00:13 PM - The deployment 'test' failed with error(s). Showing 1 out of 1 error(s).
Status Message: The template output 'token' is not valid: The language expression property 'token' can't be evaluated..
(Code:DeploymentOutputEvaluationFailed)
CorrelationId: 458cdda3-72f6-4200-8023-ddf21a786c4b
At line:1 char:1

• New-AzResourceGroupDeployment -ResourceGroupName vmrg -TemplateFile . ...

•   + CategoryInfo          : NotSpecified: (:) [New-AzResourceGroupDeployment], Exception
    + FullyQualifiedErrorId : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.NewAzureResourceGroupDeploymentCmdlet
  
  

Steps to reproduce
New-AzResourceGroupDeployment -ResourceGroupName <> -TemplateFile main.bicep
The token is no longer accessible. Without the token, we can't add hosts to the host pool.

I'm just looking at the ObjectPropertyFlags on various types and I feel like most of them are relatively self-explanatory (although if you've got time I'd love a description of all of them), but I'm curious about DeployTimeConstant -- what does that signify?

For reference I'm talking about this enum:

Bicep version
Bicep CLI version 0.4.1008 (223b8d227a)

Describe the bug
Portal uses PATCH https://management.azure.com/subscriptions/xxx/resourceGroups/xxx/providers/Microsoft.RecoveryServices/vaults/xxx/monitoringConfigurations/notificationConfiguration?api-version=2017-07-01-preview to update Azure backup notification settings. That type is missing from Bicep resources, API documentation, and even on azure-rest-api-specs

To Reproduce

1. Create notification setting on Azure portal to see an endpoints
2. Replicate with Bicep => no type available

Here we have some descriptions with value set to "" (empty string), meaning Bicep displays them as empty lines. We should normalize these to null so that Bicep does not display them:

https://github.com/Azure/bicep-types-az/blob/9db80f44909805c0498e3fb0137fb47f307959f3/generated/containerservice/microsoft.containerservice/2020-09-01/types.md#schemas30_autoscalerprofile

From Azure/bicep#1936 (comment)

Something strange has happened during type generation for this property - I'll need to look into that in more detail:

Microsoft.ContainerService/managedClusters@2021-02-01 -> properties -> identityProfile -> dictionary of this strangely-named type

Seems like object types are somehow getting mixed up during generation

Some examples of types we're missing as they are non-PUTable:

• Microsoft.Resources/deploymentScripts/logs
• Microsoft.ManagedIdentity/identities

I want to be able to export a dashboard from the azure portal, run bicep decompile on it.

Right now decompile doesn't map the lenses array to proper bicep:

Input:

"resources": [
        {
            "properties": {
                "lenses": {
                    "0": {
                        "order": 0,
                        "parts": {
                            "0": {
                                "position": {
                                    "x": 0,
                                    "y": 0,
                                    "rowSpan": 2,
                                    "colSpan": 3
                                },
                                "metadata": {
                                    "inputs": [],
                                    "type": "Extension[azure]/HubsExtension/PartType/MarkdownPart",
                                    "settings": {
                                        "content": {
                                            "settings": {
                                                "content": "## Azure Virtual Machines Overview\r\nNew team members should watch this video to get familiar with Azure Virtual Machines.",
                                                "title": "",
                                                "subtitle": ""
                                            }
                                        }
                                    }
                                }
                            },

Output

properties: {
    lenses: {
      '0': {
        order: 0
        parts: {
          '0': {
            position: {
              x: 0
              y: 0
              rowSpan: 2
              colSpan: 3
            }
            metadata: {
              inputs: []
              type: 'Extension[azure]/HubsExtension/PartType/MarkdownPart'
              settings: {
                content: {
                  settings: {
                    content: '## Azure Virtual Machines Overview\r\nNew team members should watch this video to get familiar with Azure Virtual Machines.'
                    title: ''
                    subtitle: ''
                  }
                }
              }
            }
          }
          '1': {

Which isnt valid bicep.

Bicep version
Bicep CLI version 0.4.613 (d826ce8411)

Describe the bug
After running the command "az bicep decompile" I am running into this issue for the Microsoft.Web/serverfarms

To Reproduce
Here is the section of ARM template that fails (Gives a warning).

    {
      "type": "Microsoft.Web/serverfarms/firstPartyApps/settings",
      "name": "[concat(parameters('appServicePlanName'), 'blah')]",
      "apiVersion": "2020-12-01",
      "location": "[variables('siteLocation')]",
      "dependsOn": [
        "[resourceId('Microsoft.Web/serverfarms', parameters('appServicePlanName'))]"
      ]
    }

Type generation has failed for models under the securityinsights path for the past several months:

Generation fails with the error, TypeError: Cannot set properties of undefined (setting 'indicator'). Debugging indicates that this error is thrown from https://github.com/Azure/bicep-types-az/blob/main/src/autorest.bicep/src/type-generator.ts#L410 when processing the ThreatIntelligenceInformation shape.

Bicep version
Bicep CLI version 0.5.6 (5f2f88f0f0)

Describe the bug
The property IgnoreHttpsStatusCode documented here https://docs.microsoft.com/en-us/azure/templates/microsoft.insights/2018-05-01-preview/webtests?tabs=bicep has typo. The actual property is IgnoreHttpStatusCode instead of IgnoreHttpsStatusCode. There is extra character s after Http. So when you use it in Bicep template the actual property value will not be applied as such property does not exists and you have to add the property as IgnoreHttpStatusCode in order to apply it.

This might be a duplicate of #203.

I am noticing that any properties marked as WriteOnly are missing the description. You can notice it in Machine Learning Services.

Bicep version
v0.4.1008

Describe the bug
When using the etag property in a savedSearch Bicep Template, the following message appears:

The property "etag" is not allowed on objects of type "SavedSearchProperties". 
Permissible properties include "functionAlias", "functionParameters", "tags", "version". 
If this is an inaccuracy in the documentation, please report it to the Bicep Team.

The etag property shouldn't produce this response when used under properties of a savedSearch Bicep Template.

To Reproduce
Steps to reproduce the behavior:

Attempt to use the etag property in a savedSearch Bicep Template (in Visual Studio Code) as shown in the example below:

/*

Template: logAnalyticsSavedSearches.bicep

*/

// Standard Parameters.
param logSavedSearchName string
param logWorkspaceName string
param logSavedSearchCategory string
param logSavedSearchDisplayName string
param logSavedSearchQuery string

// Log Analytics Saved Search Template.
resource logAnalyticsSavedSearch 'Microsoft.OperationalInsights/workspaces/savedSearches@2020-08-01' = {
  name: '${logWorkspaceName}/${logSavedSearchName}'
  properties: {
    etag: '*'
    category: logSavedSearchCategory
    displayName: logSavedSearchDisplayName
    query: logSavedSearchQuery
  }
}

Additional context
The Template will deploy successfully, but will return the following warning:

Warning BCP037: The property "etag" is not allowed on objects of type "SavedSearchProperties". 
Permissible properties include "functionAlias", "functionParameters", "tags", "version". 

Additionally, the Official Documentation in the link below reflects incorrectly the location of where to use the etag property. It has it shown in use in the root of the resource instead of under properties.

Microsoft.OperationalInsights workspaces/savedSearches

Bicep version
Bicep CLI version 0.4.613 (d826ce8411)

Describe the bug

My project is having below structure.
Modules/
publicipPrefix.bicep
publicip.bicep
aks.bicep
Main.bicep

All the modules returns the resourceId

In the Main.bicep file, I use publicipPrefix Module to create a publicipPrefix.
Then From the main.bicep file, Module aks is invoked with publicipPrefix as one parameter.

Then in the AKS Module, PublicIp.bicep module is invoked by passing the publicipPrefix as the parameter again. The publicip Module returns the Id of the created PublicIp

Then when the Output of this publicip Module is used in aks resource( as the Outbound IP) deploy Fails with a Bad Request from the Azure API.

To Reproduce
Steps to reproduce the behavior:

publicipPrefix.bicep
resource pipPrefix 'Microsoft.Network/publicIPPrefixes@2021-02-01' = {
  ..
  ..
  ..
}
output id string = pipPrefix.id

publicp.bicep
param pipPrefixId string
resource pip 'Microsoft.Network/publicIPAddresses@2021-02-01' = {
 ..
  properties:{
    publicIPPrefix:{
      id: pipPrefixId
    }
    ..
  }
}
output id string = pip.id

AKS.bicep
param pipPrefixId string
..
// Call pip Module to create PIP
module publicIp 'pip.bicep' ={
  ..
  params: {
    ..
    pipPrefixId: pipPrefixId
    ..
  }
}
resource aksCluster 'Microsoft.ContainerService/managedClusters@2021-03-01' = {
      ..
      ..
      ..
      ..
    networkProfile:{
      networkPlugin: 'azure'
      networkPolicy: 'calico'
      loadBalancerProfile:{
        idleTimeoutInMinutes: 5
        outboundIPs:{
          publicIPs:[
            {
              id: publicIp.outputs.id
            }
          ]
        }
        effectiveOutboundIPs:[
          {
            id: publicIp.outputs.id
          }
        ]
     ..
     ..
     ..
     ..
}


Main.bicep
module pipPrefix 'modules/pipPrefix.bicep' = {
  ..
  ..
  ..
  ..
}

module aks 'modules/akscluster.bicep' = {
  scope: rg
  name: clusterName
  params: {
    ..
    pipPrefixId: pipPrefix.outputs.id
    ..
  }
 ..
}

If we deploy the main.bicep, Works without any error. But the following error occurs.

{"status":"Failed","error":{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"BadRequest","message":"{\r\n \"error\": {\r\n \"code\": \"InvalidTemplateDeployment\",\r\n \"message\": \"The template deployment 'midhun-dev-aks' is not valid according to the validation procedure. The tracking id is '7e29d41f-8596-44a0-bfbe-83f790082850'. See inner errors for details.\",\r\n \"details\": [\r\n {\r\n \"code\": \"IPParseError\",\r\n \"message\": \"Provisioning of resource(s) for container service midhun-dev-aks in resource group midhun-m-dev-rg failed. Message: {\\n \\\"code\\\": \\\"IPParseError\\\",\\n \\\"message\\\": \\\"Error parsing provided IP of [reference(resourceId('Microsoft.Resources/deployments', format('{0}-pip', parameters('name'))), '2019-10-01').outputs.id.value]. Error parsing failed for [reference(resourceId('Microsoft.Resources/deployments', format('{0}-pip', parameters('name'))), '2019-10-01').outputs.id.value]. Invalid resource Id format\\\",\\n \\\"target\\\": \\\"networkProfile.loadBalancerProfile.outboundIPs\\\"\\n }. Details: \"\r\n }\r\n ]\r\n }\r\n}"}]}}

Ran bicep build on the Main file.
The problematic part looks as below in the JSON.

"loadBalancerProfile": {
  "idleTimeoutInMinutes": 5,
  "outboundIPs": {
    "publicIPs": [
      {
        "id": "[reference(resourceId('Microsoft.Resources/deployments', format('{0}-pip', parameters('name'))), '2019-10-01').outputs.id.value]"
      }
    ]
  }
},

Additional context

Tried Hardcoding the resourceId of publicIp in aks outboundips.publicips section and that worked perfectly.

I have created Migration Project and Migration ServiceTask through bicep and i am able to see the Migration Project in Azure portal after creation but not able to see Migration ServiceTask after creation, but data migration is taking place for MySQL, so is there any way to see the created Migration ServiceTask in Azure Portal?

I'm trying to create a resource of type Microsoft.Web/sites/config@2021-02-01
with the name 'appsettings'
The problem is that for properties i need to send them with the type StringDictionaryProperties.
How can i build a variable using that type? I cannot find that documentation anywhere.

Copying text from Azure/bicep#784 (comment).

in resource 'Microsoft.DataFactory/factories/pipelines@2018-06-01', when making an activity, Bicep doesn't recognize type: 'DatabricksSparkJar'.

Thanks for reporting! I think this is an issue with the type generation.

Some notes for myself for later:
The DatabricksSparkJar swagger definition has two base classes, Execution -> Activity. Bicep's type system has no way of representing this, so we'd need to copy the properties from Execution onto the DatabricksSparkJar definition when generating types. This happens here in the code (can stick a breakpoint on combinedSubType.discriminatorValue == 'DatabricksSparkJar'.

Bicep version
Bicep CLI version 0.4.1124 (66c84c8ee5)

Describe the bug
According to https://docs.microsoft.com/en-us/azure/logic-apps/create-managed-service-identity?tabs=consumption#arm-template-for-managed-connections-and-managed-identities-consumption, I should be able to set parameterValueType to Alternative. So IMO following code should work:

param api_connection_sql_name string = 'sql'
param api_connection_sql_name_suffix string = '1'
param azure_sql_database string = 'cost-management'
param azure_subscription string = 'xxxxx-xxxx-xxxx-xxxx-xxxx'
param azure_region string = 'westeurope'

resource ApiConnectionSQL 'Microsoft.Web/connections@2016-06-01' = {
  name: '${api_connection_sql_name}-${api_connection_sql_name_suffix}'
  location: resourceGroup().location
  properties: {
    displayName: '${azure_sql_database}-${api_connection_sql_name}-db'
    api: {
      name: api_connection_sql_name
      displayName: 'SQL Server'
      iconUri: 'https://connectoricons-prod.azureedge.net/laborbol/patches/1520/${api_connection_sql_name}-mi/1.0.1520.2572/${api_connection_sql_name}/icon.png'
      brandColor: '#ba141a'
      id: '/subscriptions/${azure_subscription}/providers/Microsoft.Web/locations/${azure_region}/managedApis/${api_connection_sql_name}'
      type: 'Microsoft.Web/locations/managedApis'
    }
    **parameterValueType: 'Alternative'**
    customParameterValues: {}
  }
}

However, Intellisense (in VS Code) shows yellow squiggly and if I try to deploy template, I get following:

C:\repos\ApiConnectionSQL.bicep(20,5) : Warning BCP037: The property "parameterValueType" is not allowed on objects of type "ApiConnectionDefinitionProperties". Permissible properties include "changedTime", "createdTime", "nonSecretParameterValues", "parameterValues", "statuses", "testLinks". If this is an inaccuracy in the documentation, please report it to the Bicep Team. [https://aka.ms/bicep-type-issues]      

{"status":"Failed","error":{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"BadRequest","message":"{\r\n  \"error\": {\r\n    \"code\": \"InvalidApiConnectionAlternativeParameters\",\r\n    \"message\": \"The API connection 'sql-4' has invalid inputs. Parameter value type cannot be set to 
'Alternative' because managed identity is not supported in the API definition's connection parameters.\"\r\n  }\r\n}"}]}}

Warning implies that parameterValueType is not allowed property (contradicting URL from above). Interesting enough error msg implies that parameterValueType should work BUT can't be set to Alternative.

Looking at https://docs.microsoft.com/en-us/azure/templates/microsoft.web/connections?tabs=bicep, parameterValueType is not listed.

Note that if I create this manually (through Logic App), I can use managed identity and all is good. Now I am trying to build this same logic to Bicep template.

So I am a bit confused, where is the problem and how do I fix it?

To Reproduce
See above

Additional context
Add any other context about the problem here.