Two mutually-exclusive conditional resources with the same type and name will throw name validation error #1410
Comments
ghost
added
the
|
Ugh, I wrote that when if's weren't yet implemented... Question is now how to mitigate it. My proposal is to warn (or even just notify?) and not throw error when resource have this same name and a condition is applied on the resource. |
|
Warning is probably the right answer as long as we only do that when a condition is present and still throw an error when there are no conditions. |
|
ok, I'll handle this shortly, assign this to me please. |
|
At some point in the future, perhaps when we've got more advanced constant folding support, it would be awesome to be able to perform some flow analysis - in the above case, it should be possible to understand programatically that blocks A & B are mutually exclusive. I think we're a long way off from this currently however, and the current proposal sounds great! |
|
On the other hand, supporting if...elseif...elseif....elseif..........else would allow the user to express their intent regardless of us detecting the expressions are mutually exclusive. |
switch perhaps? |
|
yup! |
|
Hmm, we've a problem... it failed with error: Seems that conditions are evaluated at deployment stage, while the name checking is on validation stage. I recently had similar issue that validation was not passing because of missing property value - but I wanted exclude deployment entire resource if property was not set - so I needed to add in the property some dummy value for the case when condition was not met. It seems like here would be similar case. Either way - it's not a bug. Or more precisely - won't fix (unfortunately). |
|
ah, of course. The deployments engine (quite frustratingly) evaluates the resource even if the condition for deployment is false. We have a work item to stop this from happening. So technically, this was not a bug -- it correctly validated. We will need to revisit this once we have done our side of the work in the Deployments Service. Thanks for doing the investigation and sorry about the goose chase. |
anthony-c-martin
added
the
intermediate language
|
For the record, implementation of warning on conditional is on my fork: https://github.com/miqm/bicep/tree/bugfix/duplicate-names-with-conditions-1410 for future pickup. |
|
@alex-frankel - do you have some ETA on the Deployments Service to improve conditionals on ARM side? basically whenever I want to have several resources behind same conditional (i.e. featureEnabled) and they use each other, in each property usage I need to add conditional (even when entire resource have |
|
The PR is out, but we have some prerequisite work that still needs to be completed. I'd guess ~3 months. |
|
seems like an old thread, however ... just fyi, since I don't think it was mentioned above, current workaround is giving them conditional names of the resources, so they are unique, however when it gets deployed, either way it has the name that you wanted. resource LBalancerSS 'Microsoft.Network/loadBalancers@2020-07-01' = if ((length(NATRules) != 0)) {
name: '${Deployment}${((length(NATRules) != 0) ? '-lb' : 'na')}${LB.LBName}'resource LBalancer 'Microsoft.Network/loadBalancers@2020-07-01' = if (length(NATRules) == 0) {
name: '${Deployment}${((length(NATRules) == 0) ? '-lb' : 'na')}${LB.LBName}' |
|
Checking in on this one too. As I understand, the conditional statements are ignored until deployment. This make it not possible to use conditional logic to deploy X or Y when X and Y have common elements since both blocks of code are evaluated as if the conditional doesn't exist at all, correct? I'm running into this with where I want to deploy a series of subnets with optional additional elements based on Booleans. For example: will be evaluated as if the conditionals weren't there, BUT if it were to get to deployment then those same conditionals would do their job, correct? I know there are different ways to achieve this, but I need this to be able to deal with a variable length array of elements. Basically, trying to use logic to deploy subnets differently depending on if a route table needs to be associated. Any updates on when this might be addressed? The workaround will force me to break up my array. |
|
Take a look at this. https://github.com/brwilkinson/AzureDeploymentFramework/blob/main/ADF/bicep/VNET.bicep This is the input (subnets): |
|
Thanks for the example, very useful. However, I'm running into an issue because I'd like to have a route table for each subnet. Your example has one global route table that is assigned as needed. The line:
I need to find a way to make 'RouteTableGobal' variable based on the subnet. Since the actual variable you define: is in a dictionary, I don't know how I'd make that variable. Really appreciate any thoughts you may have, I'll keep on with it. |
|
yes, that makes sense. In the same file. I do that for the NSG's. https://github.com/brwilkinson/AzureDeploymentFramework/blob/main/ADF/bicep/VNET.bicep#L102 Here is the separate NSG template: https://github.com/brwilkinson/AzureDeploymentFramework/blob/main/ADF/bicep/NSG.bicep |
|
Very helpful! WiFi High Five :) Bicep is a funky beast, interesting how you had to deal with the NSG logic. |
|
Right, 😊 did you mean this part? In this part i always have a 1 to 1 map between NSG and subnet, so loop over the same object array, then just attach it by the id, I use a comment to allow multiline, just for formatting. "SubnetInfo": [
{
"name": "snMT01",
"prefix": "0/27",
"NSG": 1,I like to be able to enable/disable attaching the NSG via the true/false or 0/1 above on each subnet. networkSecurityGroup: ! (contains(sn, 'NSG') && bool(sn.NSG)) ? null : /*
*/ {
id: NSG[index].id
}or this part? In this part I merge user rules with default rules.. :) var subnetInfo = contains(DeploymentInfo, 'subnetInfo') ? DeploymentInfo.subnetInfo : []
var NSGInfo = [for (subnet, index) in subnetInfo: {
match: ((Global.CN == '.') || contains(Global.CN, subnet.name))
subnetNSGParam: contains(subnet, 'securityRules') ? subnet.securityRules : []
subnetNSGDefault: contains(NSGDefault, subnet.name) ? NSGDefault[subnet.name] : []
}]
var NSGDefault = {
AzureBastionSubnet: [
... |
|
The first part, however VS Code gave me a hard time on the comment line splitting. I found it interesting that you used the bang (!) to negate the logic so you could place the null in front. Fun code gymnastics to make formatting work. A lot of what you have working has to do with how you are presenting the variables. I'm finding that I need to spend a lot more time thinking about that with Bicep. I use Terraform and Python a lot and I'm used to that flexibility. If the API could just be updated to allow additive subnets |
|
@farroar oh yeah, agree on all of those ✅ |
|
any updates on this ? 'The resource 'Microsoft.KeyVault/vaults/energy-billing-dev-kv' at line '1' and column '36421' is defined multiple times in a template |
|
Stumbled across this while looking into a linked issue. The ARM engine has been updated to support mutually exclusive resource declarations (the "The resource 'X' ... is defined multiple times in a template" validation error will only be returned if multiple resource declarations with a Retagging for triage. |
|
Related to #3750 |
Bicep version
v0.2.348-g3c12faa1d2
Describe the bug
Right now, if I have two resources that are conditionally deployed such that they will never be deployed at the same time, they will validate as if they would be deployed together. So if if these two resources have the same type and name, the name duplication validation kicks in and throws an error.
Repro:
I'm not sure if this is really a bug, or more a reflection of a gap in bicep. If we had if/else (#1171), I don't think this would be an issue and actually a good thing as it would drive you towards a pit of success.
cc @miqm
The text was updated successfully, but these errors were encountered: