What-If for ARM Template deployments is now Generally Available
TL;DR – What-if is now Generally Available. We have closed over 90 customer-reported issues, improved the depth of the policy-aware capabilities, and made it easier for resource providers to fix their own what-if noise issues. While you might still encounter noise, these can now be resolved by the owning resource provider team, so issues should be resolved faster.
Why do I need what-if?
Deploying an ARM template can be a time-consuming process, which is why it is particularly frustrating if your deployment does not execute as expected. This creates a challenging and long dev/test loop, which can get frustrating very quickly! To help with this problem, we have introduced a new capability for ARM templates called What-if, which allows you to preview the effects of a template deployment before it is executed, allowing you to validate that the changes are expected before starting the deployment process. In this example, I am updating a Linux VM by upgrading the VM size. Before deploying, I can see that it is the only expected change and I can deploy with confidence.
What-if has been in a public preview for the last few months, and as part of our GA release, we are introducing the following improvements:
- Major noise-reduction and other enhancements to what-if quality. We have closed ~90 publicly reported issues from the what-if noise github repo. In addition, we have set up an internal pipeline to allow each resource provider to resolve their own what-if noise related to ARM API compliance, which is often the root cause of the issue. As a result, we expect to see a rapid, continual improvement of what-if quality going forward.
- What-if is now “policy aware” for the modify effect. This means if a property will be modified by policy, it will be captured in the what-if response. For example, if a tag is going to be added by a modify policy, this will be reflected in the what-if output for the relevant resources. What-if is already policy-aware for the deny effect, so deployments that will fail due to policy will be caught quickly with what-if. We plan to also support the audit effect as part of our post-GA improvements.
How do I get started with what-if?
What-if is available as part of the deployment cmdlets in the PowerShell Az module and the deployment commands in Az CLI. If you have a recent release of either of these tools, you likely already have them available. You will need version 4.2 or later of PowerShell Az and version 2.5 or later for Az CLI.
The easiest way to run what-if is simply by appending either -Confirm in Az PowerShell or --confirm-with-what-if or -c in Az CLI to the commands you are already using:
Az PowerShell:
New-AzResourceGroupDeployment -TemplateFile ./azureDeploy.json -ResourceGroupName my-rg -Confirm
Az CLI:
az deployment group create -f ./azureDepoy.json -g my-rg --confirm-with-what-if
This will emit a user-friendly formatted text output to the console like the screenshot above and ask you if you’d like to proceed with the deployment, but you can also return the results as JSON so you can interrogate the results programmatically. You can also run what-if without the confirm behavior if you’d like to use what-if for a CI/CD approval workflow.
For a full walkthrough, you can use the what-if How To guide.
Some notes on what-if noise
During the public preview, our primary goal was to reduce the amount of noise you would see in the what-if response. These were cases where what-if told you, incorrectly, that a change was going to take place even though no change would occur. You all in the Azure community have done a great job opening issues in the what-if repo and exposing us to the noise you encountered. All told, we have closed ~90 noise issues so far and will continue to burn down the list.
At the same time, we have instituted more quality gates for resource provider teams to ensure their resources are modelled correctly. This quality check will ensure what-if works as expected with no noise in the response. As a result of this, what-if quality should continue to get improve at a quicker pace.
While the quality of what-if has increased dramatically, it is still possible to find what-if noise depending on the resource types you deploy in your templates. If you encounter noise, you should still open an issue in the what-if repo and we can get it routed to the right team to get it fixed quickly.
As always, if you have any questions or problems with deployment scripts, don’t hesitate to reach out at alfran@microsoft.com, on twitter or on GitHub.