I am trying to create a service bus and topic (many topics and their subscriptions) with the azure bicep.
I have main bicep like below
param topics array;
resource serviceBusNamespace 'Microsoft.ServiceBus/namespaces#2018-01-01-preview' = {
name: serviceBusNamespaceName
location: location
sku: {
name: skuName
}
}
module topicSubscription './sb_topic.bicep' = [for topic in topics: {
name: 'topicSubscription${topic}'
params: {
topic: topic
}
}]
module file looks like
resource sbTopics 'Microsoft.ServiceBus/namespaces/topics#2022-01-01-preview' = {
name: topic.name
parent: ??
properties: topic.properties
resource symbolicname 'subscriptions#2022-01-01-preview' = [for subscription in topic.subscriptions: {
name: 'string'
properties: {}
}]
}
How can pass the parent serviceBusNamespace resource as parent to the child resource inside the module?
Kindly suggest..
In the module reference the namespace with an 'existing' declaration. Something like this
param namespaceName string
resource serviceBusNamespace 'Microsoft.ServiceBus/namespaces#2018-01-01-preview' existing = {
name: namespaceName
}
resource sbTopics 'Microsoft.ServiceBus/namespaces/topics#2022-01-01-preview' = {
name: topic.name
parent: serviceBusNamespace
properties: topic.properties
resource symbolicname 'subscriptions#2022-01-01-preview' = [for subscription in topic.subscriptions: {
name: 'string'
properties: {}
}]
}
Related
I'm trying to deploy a child module in bicep but I get not found error as its parent has not been deployed yet.
This is the parent bicep code:
#description('The name of the app service. full site name will be DT-xxx-Open')
param site_name string
var full_site_name = 'DT-${site_name}-Open'
#description('Resource location')
param location string = resourceGroup().location
resource app 'Microsoft.Web/sites#2021-02-01' = {
kind: 'app'
name: full_site_name
location: location
...
}
module site_config 'modules/appservice-config.bicep' = {
name: 'site_config'
params: {
resource_name: full_site_name
resource_location: location
}
}
this is my module bicep file:
#description('Resource name')
param resource_name string
(error happens at this line) resource site_name_resource 'Microsoft.Web/sites#2021-02-01' existing = {
name: resource_name
}
resource site_name_logs 'Microsoft.Web/sites/config#2021-02-01' = {
parent: site_name_resource
name: 'logs'
...
}
But the problem is I'm getting a not found error as its parent service deployment has not been completed yet and if I retry then it will work fine!
I wonder, is there any way to run this module after completing its parent deployment?
You would need to add a dependsOn when invoking you module.
Bicep use implicit dependency So you can use the parent resource name as parameter for you module:
module site_config 'module.bicep' = {
name: 'site_config'
params: {
resource_name: app.name
...
}
}
This is equivalent to:
module site_config 'module.bicep' = {
name: 'site_config'
params: {
resource_name: full_site_name
}
dependsOn: [ app ]
}
I am new to bicep and I am trying to attach an existing UDR named "udr-test" to 2 subnets, unfortunately with no luck.
This is my template that work fine but without UDR configuration:
var addressSpace = [
'10.0.0.0/16'
]
var subnets = [
{
name: 'Subnet1'
subnetPrefix: '10.0.2.0/24'
}
{
name: 'Subnet2'
subnetPrefix: '10.0.3.0/24'
}
]
resource VNET 'Microsoft.Network/virtualNetworks#2021-02-01' existing = {
name: 'vnet-test'
}
#batchSize(1)
resource Subnets 'Microsoft.Network/virtualNetworks/subnets#2020-11-01' = [for (sn, index) in subnets: {
name: sn.name
parent: VNET
properties: {
addressPrefix: sn.subnetPrefix
}
}]
Do you know how I can modify the template to add the UDR as well?
There is routeTable property on the subnet resource (see documentation):
// reference to existing route table
resource routeTable 'Microsoft.Network/routeTables#2022-01-01' existing = {
name: 'udr-test'
}
#batchSize(1)
resource Subnets 'Microsoft.Network/virtualNetworks/subnets#2020-11-01' = [for (sn, index) in subnets: {
name: sn.name
parent: VNET
properties: {
addressPrefix: sn.subnetPrefix
routeTable:{
id: routeTable.id // assign the route table
}
}
}]
I'd like to use a shared bicep module to add several ip security restriction records to existing app services.
This is the module I've come up with:
param appSvcName string
resource appSvc 'Microsoft.Web/sites#2021-02-01' existing = {
name: appSvcName
}
var proxyIpAddresses = ['xxx.xxx.xxx.250/32','xxx.xxx.xxx.245/32']
resource sitesConfig 'Microsoft.Web/sites/config#2021-02-01' = {
name: 'web'
parent: appSvc
properties: {
ipSecurityRestrictions: [for (ip,i) in proxyIpAddresses: {
ipAddress: ip
action: 'Allow'
tag: 'Default'
priority: 900 + i
name: 'ProxyIp_${i}'
description: 'Allow request from proxy ${i}'
}]
}
}
I call this from the main bicep as follows:
module ipRestrictions 'common.appSvc.ipSecurityRestrictions.bicep' = {
scope: resourceGroup(utrnRg)
name: 'ipRestrictionsDeploy'
params: {
appSvcName: functionAppName
}
dependsOn: [
functionAppDeploy
]
}
Prior to this, there's a call to a specific Azure Function module the provisions the function app and ip restrictions that are specific to that function app (typically subnets that it should allow traffic from)
The behaviour I see is that the function app gets created with its specific ip restrictions, but these get deleted and replaced with the two rules from the shared module.
Is there a way I can make the module add to existing ip restrictions rather than replacing them?
In you module, you would need to have a new parameter for the existings ip restrictions then you can add the new restirctions to it:
// common.appSvc.ipSecurityRestrictions.bicep
param appSvcName string
param existingIpSecurityRestrictions array = []
resource appSvc 'Microsoft.Web/sites#2021-02-01' existing = {
name: appSvcName
}
var proxyIpAddresses = ['xxx.xxx.xxx.250/32','xxx.xxx.xxx.245/32']
var additionalIpSecurityRestrictions = [for (ip,i) in proxyIpAddresses: {
ipAddress: ip
action: 'Allow'
tag: 'Default'
priority: 900 + i
name: 'ProxyIp_${i}'
description: 'Allow request from proxy ${i}'
}]
resource sitesConfig 'Microsoft.Web/sites/config#2021-02-01' = {
name: 'web'
parent: appSvc
properties: {
ipSecurityRestrictions: concat(existingIpSecurityRestrictions, additionalIpSecurityRestrictions)
}
}
Then invoke the module with the existing restrictions:
// main.bicep
param functionAppName string
module ipRestrictions 'common.appSvc.ipSecurityRestrictions.bicep' = {
scope: resourceGroup(utrnRg)
name: 'ipRestrictionsDeploy'
params: {
appSvcName: functionAppName
existingIpSecurityRestrictions: reference(resourceId('Microsoft.Web/sites/config', functionAppName, 'web'), '2021-02-01').ipSecurityRestrictions
}
dependsOn: [
functionAppDeploy
]
}
I am want to deploy an Azure Automation Account runbook with Bicep with below code:
resource automationAccount 'Microsoft.Automation/automationAccounts#2019-06-01' = {
name: 'name'
}
resource automationRunbook 'Microsoft.Automation/automationAccounts/runbooks#2019-06-01' = {
parent: automationAccount
name: 'name'
location: 'westeurope'
properties: {
logVerbose: true
logProgress: true
runbookType: 'Script'
publishContentLink: {
uri: 'uri'
version: '1.0.0.0'
}
description: 'description'
}
}
I want to use a runbook which is on my Azure Repos. Can I use a relative path such as ../scripts/runbook.ps1 as I do in Powershell? I see that there isn't any property for that but I am asking if I miss anything.
As explained here, you may leverage 'uri' property.
To use a relative path, you may leverage parameter section and variable section. Something like:
param runbooksUri string = 'https://xxxxxxxxxxxxxxxx/xxxxx/xxxxx/'
var testScripts = {
testrunbooks: [
{
name: 'XXXXXXX'
url: uri(runbooksUri, 'xxxxxxx.ps1')
}
{
name: 'YYYYYYY'
url: uri(runbooksUri, 'yyyyyyy.ps1')
}
]
}
resource automationRunbook 'Microsoft.Automation/automationAccounts/runbooks#2019-06-01' = [for i in range(0, length(testScripts.testrunbooks)): {
xxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxx
properties: {
publishContentLink: {
uri: testScripts.testrunbooks[i].url
xxxxxxxxxxxxxxxxxxxxxxxxx
}
}
xxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxx
}]
How to select and add multiple subnets of a VNet in the networking section of an azure eventHub resource using azure bicep.
// Create an event hub namespace
var eventHubNamespaceName = 'evhns-demo1436'
resource eventHubNamespace 'Microsoft.EventHub/namespaces#2021-01-01-preview' = {
name: eventHubNamespaceName
location: resourceGroup().location
sku: {
name: 'Standard'
tier: 'Standard'
capacity: 1
}
properties: {
zoneRedundant: true
}
}
// Create an event hub inside the namespace
var eventHubName = 'evh-demo1436'
resource eventHubNamespaceName_eventHubName 'Microsoft.EventHub/namespaces/eventhubs#2021-01-01-preview' = {
parent: eventHubNamespace
name: eventHubName
properties: {
messageRetentionInDays: 7
partitionCount: 1
}
}
// Grant Listen and Send on our event hub
resource eventHubNamespaceName_eventHubName_ListenSend 'Microsoft.EventHub/namespaces/eventhubs/authorizationRules#2021-01-01-preview' = {
parent: eventHubNamespaceName_eventHubName
name: 'ListenSend'
properties: {
rights: [
'Listen'
'Send'
]
}
dependsOn: [
eventHubNamespace
]
}
resource testVnet 'Microsoft.Network/virtualNetworks#2021-03-01' existing = {
name: 'testvnet'
}
resource testsubnet 'Microsoft.Network/virtualNetworks/subnets#2021-03-01' existing = {
parent: testVnet
name: 'testsubnet'
}
resource enHubVnetRule 'Microsoft.EventHub/namespaces/virtualnetworkrules#2018-01-01-preview' = {
name: 'vnetName'
parent: eventHubNamespace
properties: {
virtualNetworkSubnetId: testsubnet.id
}
}
With above code I can only add one particular subnet of a VNet to the VNet entry of azure EventHub resource in networking section using azure bicep.
How do I fetch all subnets of a VNet and add/select them all to the VNet entry of azure EventHub resource in networking section using azure bicep.
You have to use for loop for the subnet block and virtual-network rule block like below:
// Create an event hub namespace
param eventHubNamespaceName string = 'evhns-demo1436'
resource eventHubNamespace 'Microsoft.EventHub/namespaces#2021-01-01-preview' = {
name: eventHubNamespaceName
location: resourceGroup().location
sku: {
name: 'Standard'
tier: 'Standard'
capacity: 1
}
properties: {
zoneRedundant: true
}
}
// Create an event hub inside the namespace
param eventHubName string = 'evh-demo1436'
resource eventHubNamespaceName_eventHubName 'Microsoft.EventHub/namespaces/eventhubs#2021-01-01-preview' = {
parent: eventHubNamespace
name: eventHubName
properties: {
messageRetentionInDays: 7
partitionCount: 1
}
}
// Grant Listen and Send on our event hub
resource eventHubNamespaceName_eventHubName_ListenSend 'Microsoft.EventHub/namespaces/eventhubs/authorizationRules#2021-01-01-preview' = {
parent: eventHubNamespaceName_eventHubName
name: 'ListenSend'
properties: {
rights: [
'Listen'
'Send'
]
}
dependsOn: [
eventHubNamespace
]
}
param subnets array =[
'test'
'mysubnet'
]
param vnetname string = 'test-ansuman'
resource testVnet 'Microsoft.Network/virtualNetworks#2021-03-01' existing = {
name: vnetname
}
resource testsubnet 'Microsoft.Network/virtualNetworks/subnets#2021-03-01' existing =[for subnet in subnets : {
parent: testVnet
name: subnet
}]
resource enHubVnetRule 'Microsoft.EventHub/namespaces/virtualnetworkrules#2018-01-01-preview' = [for (subnet,i) in subnets :{
name: '${vnetname}-${subnet}'
parent: eventHubNamespace
properties: {
virtualNetworkSubnetId:testsubnet[i].id
}
}]
Output: