Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

What-If does not report the expected preview for Key-Vault name change with 'Complete' mode #237

Closed
ruma-paul-maersk opened this issue Nov 11, 2021 · 3 comments
Closed

What-If does not report the expected preview for Key-Vault name change with 'Complete' mode #237

ruma-paul-maersk opened this issue Nov 11, 2021 · 3 comments

Comments

@ruma-paul-maersk
Copy link

In our bicep script we are creating 3 key-vaults and 1 application-insights resources in a resource-group. We run what-if command (as shown below) with "Complete" mode as a parameter before deploying the script.

az deployment group what-if --resource-group --mode Complete --template-file ${{ inputs.bicepTemplateFilePath }} --parameters $parameters

If we rename a key-vault (needed in some cases), "what-if" command does not mention (as expected with "Complete" mode) that the old key-vault will be deleted, and a new key-vault will be created. Rather, it only mentions that the old key-vault will be ignored, and does not mention about any new key-vault creation.

  + Create
  ~ Modify
  = Nochange
  * Ignore
  x Noeffect

The deployment will update the following scope:

Scope: /subscriptions/<subscription>/resourceGroups/<resource-group-name>

  ~ Microsoft.Insights/components/<appinsights-name> [2020-02-02]
    + properties.Flow_Type:      "Bluefield"
    + properties.Request_Source: "rest"

  = Microsoft.ManagedIdentity/userAssignedIdentities/<ID> [2018-11-30]
  = Microsoft.OperationalInsights/workspaces/<log> [2021-06-01]
    x properties.features:

        disableLocalAuth:                            false
        enableDataExport:                            true
        enableLogAccessUsingOnlyResourcePermissions: true
        immediatePurgeDataOn30Days:                  false


  * Microsoft.KeyVault/vaults/<old-key-vault-name>
  * Microsoft.KeyVault/vaults/<another-key-vault-with-no-change>
  * Microsoft.KeyVault/vaults/<another-key-vault-with-no-change>

Resource changes: 1 to modify, 2 no change, 4 to ignore.

After running the "Create" command with "Complete" mode we find as expected that the key-vault with old name has been deleted and a key-vault with new name has been created (the deletion of the old key-vault has been verified as trying to create a key-vault with the same name threw error "the key-vault is in soft-deleted state").

az deployment group create --resource-group --mode Complete --template-file ${{ inputs.bicepTemplateFilePath }} --parameters $parameters

TBN, we have experimented by removing the mode parameter, so by default it is "Incremental" mode and received same output for What-if as with "Complete" mode

Is this expected behaviour of What-If for key-vault with "Complete" mode deployment?
@ghost ghost added the Needs Triage 🔍 label Nov 11, 2021
@ruma-paul-maersk
Copy link
Author

The behaviour is the same for ApplicationInsights resource as well, the only difference was: what-if mentioned that a new ApplicatioInsights resource will be created, even though it did not mention that the old one will be deleted.

@stefan-stanescu-maersk
Copy link

Could be related to #157

@stephaniezyen
Copy link
Collaborator

Duplicate of #253

@stephaniezyen stephaniezyen marked this as a duplicate of #253 May 12, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@stephaniezyen @stefan-stanescu-maersk @ruma-paul-maersk