Forum Discussion
Solved
Bicep & Pipeline - Deployment using old results/code
I have a rather complex set of Bicep templates including modules ~3 levels deep that I'm running from an Azure DevOps pipeline.
The summary of the issue is that the deployment, as seen in Azure Portal, appears to be somehow pulling code/results from a previous deployment.
For example, deployment 20220712195754 is run in at 19:57:54 and fails with the following vague error:
{
"code": "DeploymentFailed",
"message": "At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.",
"details": [
{
"code": "Conflict",
"message": {
"status": "Failed",
"error": {
"code": "ResourceDeploymentFailure",
"message": "The resource operation completed with terminal provisioning state 'Failed'."
}
}
}
]
}
Drilling down into the failure in the portal, the failed event (related to a module) has a timestamp of 12/07/2022, 19:29:42 and all of the results (including the failure) are identical to a deployment I ran at that time which I know failed.
I've tried deleting all of the deployments from the portal but the exact same thing happens again.
Has anyone else seen this behaviour?
Is this a documented side-effect of having complex Bicep templates calling modules within modules?
Through trial & error, I've found the problem.
I have the following 2 modules which only run when a variable from a loaded JSON file is set to True:
module app_mod 'modules/app.bicep' = if (shr_var.env.deployApp == 'True') { scope: appGroup_res name: 'app_mod' params: { app_par: shr_var.app env_par: shr_var.env eventHubAuthId_par: logEndpoints_mod.outputs.eventHubAuthId eventHubName_par: logEndpoints_mod.outputs.eventHubName location_par: location_par resourceTags_par: resourceTags_var vaultAdminId_par: adminGroupId_par } } module gateway_mod 'modules/gateway.bicep' = if (shr_var.env.deployGateway == 'True') { scope: gatewayGroup_res name: 'gateway_mod' dependsOn:[ app_mod ] params: { env_par: shr_var.env eventHubAuthId_par: logEndpoints_mod.outputs.eventHubAuthId eventHubName_par: logEndpoints_mod.outputs.eventHubName gateway_par: shr_var.gateway location_par: location_par resourceTags_par: resourceTags_var } }Running the pipeline with no variables successfully skips the modules.
I then added this peering module which is conditional in the same way as the above modules but also has parameters that uses outputs from them:
module peerGwApp_mod 'modules/modular/vnetPeering.bicep' = if (shr_var.env.deployPeering == 'True') { scope: gatewayGroup_res name: 'peerGwApp_mod' params: { localVnetName_par: gateway_mod.outputs.vnetName remoteVnetId_par: app_mod.outputs.vnetId peeringName_par: 'peer-gw-app' } }Which causes all hell to break loose despite validation having no problems.
Regardless of what's in the module (all resource elements have been commented out), apparently conditionally declaring a module which has parameters that use outputs from other conditional modules (that don't run) makes the deployment absolutely foul itself in a spectacular way.
At the very least, validation or the deployment itself should return an error for unsupported implicit dependencies rather than the deployment showing previous results.
Where would the best place be for me to raise this bug?
1 Reply
Through trial & error, I've found the problem.
I have the following 2 modules which only run when a variable from a loaded JSON file is set to True:
module app_mod 'modules/app.bicep' = if (shr_var.env.deployApp == 'True') { scope: appGroup_res name: 'app_mod' params: { app_par: shr_var.app env_par: shr_var.env eventHubAuthId_par: logEndpoints_mod.outputs.eventHubAuthId eventHubName_par: logEndpoints_mod.outputs.eventHubName location_par: location_par resourceTags_par: resourceTags_var vaultAdminId_par: adminGroupId_par } } module gateway_mod 'modules/gateway.bicep' = if (shr_var.env.deployGateway == 'True') { scope: gatewayGroup_res name: 'gateway_mod' dependsOn:[ app_mod ] params: { env_par: shr_var.env eventHubAuthId_par: logEndpoints_mod.outputs.eventHubAuthId eventHubName_par: logEndpoints_mod.outputs.eventHubName gateway_par: shr_var.gateway location_par: location_par resourceTags_par: resourceTags_var } }Running the pipeline with no variables successfully skips the modules.
I then added this peering module which is conditional in the same way as the above modules but also has parameters that uses outputs from them:
module peerGwApp_mod 'modules/modular/vnetPeering.bicep' = if (shr_var.env.deployPeering == 'True') { scope: gatewayGroup_res name: 'peerGwApp_mod' params: { localVnetName_par: gateway_mod.outputs.vnetName remoteVnetId_par: app_mod.outputs.vnetId peeringName_par: 'peer-gw-app' } }Which causes all hell to break loose despite validation having no problems.
Regardless of what's in the module (all resource elements have been commented out), apparently conditionally declaring a module which has parameters that use outputs from other conditional modules (that don't run) makes the deployment absolutely foul itself in a spectacular way.
At the very least, validation or the deployment itself should return an error for unsupported implicit dependencies rather than the deployment showing previous results.
Where would the best place be for me to raise this bug?