Include an object from another file into main bicep template - azure-bicep

Trying to do something, I don't know if it's possible, and if it is, I am asking for some help on how to do it.
I have a file "test.bicep" that has an object:
{
name: 'testRafaelRule'
priority: 1001
ruleCollectionType: 'FirewallPolicyFilterRuleCollection'
action: {
type: 'Allow'
}
rules: [
{
name: 'deleteme-1'
ipProtocols: [
'Any'
]
destinationPorts: [
'*'
]
sourceAddresses: [
'192.168.0.0/16'
]
sourceIpGroups: []
destinationIpGroups: []
destinationAddresses: [
'AzureCloud.EastUS'
]
ruleType: 'NetworkRule'
destinationFqdns: []
}
]
}
and I have another file, in which I am trying to somehow input the object in test.bicep into a specific property called "ruleCollections":
resource fwll 'Microsoft.Network/firewallPolicies/ruleCollectionGroups#2020-11-01' = {
name: 'netrules'
properties: {
priority: 200
ruleCollections: [
**ADD_OBJECT_FROM_TEST.BICEP_HERE_HOW?**
]
}
}
any suggestions or links to useful documentation would be helpful.
I have looked at outputs and parameters, but I am trying to add just an object into an existing property, I am not adding an entire resource on its own, otherwise, I would output the resouce and consume it with the "module" keyword.

It's not possible straightforward, but you can leverage variables or module's output.
var RULE = {
name: 'testRafaelRule'
priority: 1001
(...)
}
resource fwll 'Microsoft.Network/firewallPolicies/ruleCollectionGroups#2020-11-01' = {
name 'netrules'
properties: {
ruleCollections: [
RULE
]
}
}
or
rule.bicep
output rule object = {
name: 'testRafaelRule'
priority: 1001
(...)
}
main.bicep
module fwrule 'rule.bicep' = {
name: 'fwrule'
}
resource fwll 'Microsoft.Network/firewallPolicies/ruleCollectionGroups#2020-11-01' = {
name 'netrules'
properties: {
ruleCollections: [
fwrule.outputs.rule
]
}
}

Related

Arm template for Azure data factory with diagnostics settings in bicep

I have the following bicep to create ADF resource:
resource dataFactory 'Microsoft.DataFactory/factories#2018-06-01' = {
name: name
identity: {
type: 'SystemAssigned'
}
properties: {
globalParameters: {
environment: {
type: 'String'
value: environmentAbbreviation
}
}
}
location: location
}
I need to add a diagnostic setting to ADF resource as follows:
How do I update the bicep?
I tried to create diagnostic settings in ADF using Bicep. Below is the code.
Bicep code for creating data factory
This code is for creating data factory. It is same as the code in question.
param settingName string='XXXXX'
param factoryName string='XXXXX'
resource datafactory 'Microsoft.DataFactory/factories#2018-06-01' = {
name: factoryName
location: resourceGroup().location
identity: {
type: 'SystemAssigned'
}
properties: {
}
}
Bicep code for adding diagnostic setting
In order to add diagnostic setting to data factory, below code is added along with the code to create data factory.
resource factoryName_microsoft_insights_settingName 'Microsoft.DataFactory/factories/providers/diagnosticSettings#2017-05-01-preview' = {
name: '${factoryName}/microsoft.insights/${settingName}'
location: resourceGroup().location
properties: {
workspaceId: 'XXXX'
logAnalyticsDestinationType: 'Dedicated'
logs: [
{
category: 'PipelineRuns'
enabled: true
retentionPolicy: {
enabled: false
days: 0
}
}
{
category: 'TriggerRuns'
enabled: true
retentionPolicy: {
enabled: false
days: 0
}
}
{
category: 'ActivityRuns'
enabled: true
retentionPolicy: {
enabled: false
days: 0
}
}
]
metrics: [
{
category: 'AllMetrics'
timeGrain: 'PT1M'
enabled: true
retentionPolicy: {
enabled: false
days: 0
}
}
]
}
dependsOn: [
datafactory
]
}
When the above both codes are combined and run, resources got deployed successfully.
The above code will enable the categories - Pipeline runs log,Trigger runs log, Pipeline activity runs log. Change the code as per the requirement.
Reference: Microsoft.Insights/diagnosticSettings - Bicep, ARM template & Terraform AzAPI reference | Microsoft Learn

Bicep variable creation from module output

I-m trying to create multiple app services with bicep using a for loop on a module.
The module has the following output:
output id string = appServiceAppResource.id
output name string = appServiceAppResource.name
output vnetIntegrationOn bool = allowVnetIntegration[appServicePlan.sku.name]
output principalId string = appServiceAppResource.identity.principalId // <-- important
After this, i want to create a key vault, and provide "get" access to all the app services previously created using an access policy:
...
param appServices object
...
module appServicePlanModules 'modules/appServicePlan.bicep' = [for appServicesConfig in appServicePlans.appServicesConfig: {
name: '${appServicesConfig.name}-appserviceplan-module'
params: {
location: location
name: appServicesConfig.name
sku: appServicesConfig.sku
}
}]
...
var accessPolicy = [ for i in range(0, appServices.instanceCount) : {
objectId: appServiceModule[i].outputs.principalId
permissions: {
secrets: ['get']
}
tenantId: subscription().tenantId
}]
module keyValutModule 'modules/keyvault.bicep' = {
name: 'key-valut-module'
dependsOn: [appServiceModule]
params: {
location: location
accessPolicies: accessPolicy
publicNetworkAccess: keyvault.publicNetworkAccess
keyVaultName: keyvault.name
}
}
The problem is that when i try to create that access policy, it fails
What puzzles me is that, this is working:
var accessPolicy = [{
objectId: appServiceModule[0].outputs.principalId
permissions: {
secrets: ['get']
}
tenantId: subscription().tenantId
}
{
objectId: appServiceModule[1].outputs.principalId
permissions: {
secrets: ['get']
}
tenantId: subscription().tenantId
}]
And also this:
var accessPolicies = [ for i in range(0,1):{
objectId: '52xxxxxx-25xx-4xxf-axxx-xxdxx3axxdff'
permissions: {
secrets: ['get']
}
tenantId: subscription().tenantId
}]
Since I want to use this template for multiple env, I want it to be more generic (so that i can have 1 or 5 service apps), so that for loop wold be very useful for me.
I'm not sure why, if I use a for loop in combination of a module output this is not working.
Do you have any idea why, or of there is a workaround on this.
Thank you!
Best regards,
Dorin

Azure bicep Storage account sku is read-only

I am trying to deploy a storage account using azure bicep.
In my code:
resource storageAccounts_storageacntin_name_default 'Microsoft.Storage/storageAccounts/blobServices#2021-04-01' = {
parent: storageAccounts_storageacntin_name_resource
name: 'default'
sku: {
name: 'Standard_RAGRS'
tier: 'Standard'
}
properties: {
changeFeed: {
enabled: false
}
restorePolicy: {
enabled: false
}
containerDeleteRetentionPolicy: {
enabled: true
days: 7
}
cors: {
corsRules: []
}
deleteRetentionPolicy: {
enabled: true
days: 30
}
isVersioningEnabled: true
}
}
I get an error in the SKU. The error is the following.
The property "sku" is read-only. Expressions cannot be assigned to read-only properties.bicep(BCP073)
I don't fully understand why is this error showing up, I am still new to azure bicep and trying to move slowly from terraform deployments to azure bicep.
Please can anyone explain me why is this error is coming up and how to solve it?
Thank you so much
UPDATE CODE:
this is the error I am getting when I removed the sku
param storageAccounts array = [
'storage1'
]
resource storage_Accounts 'Microsoft.Storage/storageAccounts#2021-04-01' = [ for storageName in storageAccounts :{
name: [storageName]
location: 'westeurope'
sku: {
name: 'Standard_RAGRS'
tier: 'Standard'
}
kind: 'StorageV2'
properties: {
allowCrossTenantReplication: true
minimumTlsVersion: 'TLS1_2'
allowBlobPublicAccess: false
allowSharedKeyAccess: true
networkAcls: {
bypass: 'AzureServices'
virtualNetworkRules: []
ipRules: []
defaultAction: 'Allow'
}
supportsHttpsTrafficOnly: true
encryption: {
services: {
file: {
keyType: 'Account'
enabled: true
}
blob: {
keyType: 'Account'
enabled: true
}
}
keySource: 'Microsoft.Storage'
}
accessTier: 'Hot'
}
}]
resource storageAccounts_hamzaelaouane1_name_default 'Microsoft.Storage/storageAccounts/blobServices#2021-04-01' = [ for storageName in storageAccounts: {
parent: [storage_Accounts]
name: storageName
properties: {
changeFeed: {
enabled: false
}
restorePolicy: {
enabled: false
}
containerDeleteRetentionPolicy: {
enabled: true
days: 7
}
cors: {
corsRules: []
}
deleteRetentionPolicy: {
enabled: true
days: 30
}
isVersioningEnabled: true
}
}
]
the error is at the last 2 lines. It says that is expecting } and ] at that point. Checking line by line, I couldn't see any error on syntax
The sku field is read-only for services that are under a storage account like blobServices and fileServices.
You can (only) set the SKU on Storage Account level (Microsoft.Storage/storageAccounts#2021-04-01).
To be complete; the tier field is also read-only on the storage account, since it's based on the SKU name. Remove these fields and you should be good to go.

How to edit a pulumi resource after it's been declared

I've declared a kubernetes deployment like:
const ledgerDeployment = new k8s.extensions.v1beta1.Deployment("ledger", {
spec: {
template: {
metadata: {
labels: {name: "ledger"},
name: "ledger",
// namespace: namespace,
},
spec: {
containers: [
...
],
volumes: [
{
emptyDir: {},
name: "gunicorn-socket-dir"
}
]
}
}
}
});
Later on in my index.ts I want to conditionally modify the volumes of the deployment. I think this is a quirk of pulumi I haven't wrapped my head around but here's my current attempt:
if(myCondition) {
ledgerDeployment.spec.template.spec.volumes.apply(volumes =>
volumes.push(
{
name: "certificates",
secret: {
items: [
{key: "tls.key", path: "proxykey"},
{key: "tls.crt", path: "proxycert"}],
secretName: "star.builds.qwil.co"
}
})
)
)
When I do this I get the following error: Property 'mode' is missing in type '{ key: string; path: string; }' but required in type 'KeyToPath'
I suspect I'm using apply incorrectly. When I try to directly modify ledgerDeployment.spec.template.spec.volumes.push() I get an error Property 'push' does not exist on type 'Output<Volume[]>'.
What is the pattern for modifying resources in Pulumi? How can I add a new volume to my deployment?
It's not possible to modify the resource inputs after you created the resource. Instead, you should place all the logic that defines the shape of inputs before you call the constructor.
In your example, this could be:
let volumes = [
{
emptyDir: {},
name: "gunicorn-socket-dir"
}
]
if (myCondition) {
volumes.push({...});
}
const ledgerDeployment = new k8s.extensions.v1beta1.Deployment("ledger", {
// <-- use `volumes` here
});

How to fix unexpected node type with ksonnet?

When I try to set a parameter with ksonnet I get an error
ks param set --env=prow workflows name some-name
ERROR Invalid params schema -- did not expect node type: *ast.ApplyBrace
My parameters file looks like
local params = import "../../components/params.libsonnet";
params {
components+: {
// Insert component parameter overrides here. Ex:
// guestbook +: {
// name: "guestbook-dev",
// replicas: params.global.replicas,
// },
workflows +: {
name: "some-name",
},
},
}
Adding a plus to params fixed it.
local params = import "../../components/params.libsonnet";
params +{
components+: {
// Insert component parameter overrides here. Ex:
// guestbook +: {
// name: "guestbook-dev",
// replicas: params.global.replicas,
// },
workflows +: {
name: "some-name",
},
},
}