Missing type validation / inaccuracies

[anthony-c-martin]

Please submit all type inaccuracy issues to the Bicep Types Repo here: https://aka.ms/bicep-type-issues

[joshuawaddell]

From a multi-resource deployment file:

• Warning BCP038: The property "features" is not allowed on objects of type "WorkspaceProperties". Permissible properties include "provisioningState", "publicNetworkAccessForIngestion", "publicNetworkAccessForQuery", "workspaceCapping".
• Warning BCP081: Resource type "Microsoft.OperationalInsights/workspaces/providers/diagnosticSettings@2017-05-01-preview" does not have types available.
• Warning BCP073: The property "ApplicationId" is read-only. Expressions cannot be assigned to read-only properties.
• Warning BCP036: The property "Flow_Type" expected a value of type "'Bluefield'" but the provided value is of type "'Redfield'".
• Warning BCP036: The property "Request_Source" expected a value of type "'rest'" but the provided value is of type "'IbizaAIExtension'".
• Warning BCP081: Resource type "Microsoft.Web/sites/providers/diagnosticSettings@2017-05-01-preview" does not have types available.
• Warning BCP081: Resource type "Microsoft.Storage/storageAccounts/providers/eventSubscriptions@2020-04-01-preview" does not have types available.

[bmoore-msft]

The scope property on Microsoft.Authorization/roleAssignments is flagged as read-only but is available for PUT.

[sethwenzel]

Resource locks show as missing types:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources#arm-template

for a multi resource bicep file for a function app I get the following warnings when adding locks:

• Resource type "Microsoft.Storage/storageAccounts/providers/locks@2016-09-01" does not have types available.
• Resource type "Microsoft.OperationalInsights/workspaces/providers/locks@2016-09-01" does not have types available.
• Resource type "Microsoft.Insights/components/providers/locks@2016-09-01" does not have types available.
• Resource type "Microsoft.Web/serverFarms/providers/locks@2016-09-01" does not have types available.
• Resource type "Microsoft.Web/sites/providers/locks@2016-09-01" does not have types available.

[bmoore-msft]

@sethwenzel - those are all "extension resources" and we'll have a simpler way for constructing them as we did with the scope property in JSON. Anything that has "providers" in the type (diags, roles, locks) will fall into that category.

[anthony-c-martin]

I've raised MicrosoftDocs/azure-docs#65815 to update our ARM template JSON samples.

As @bmoore-msft mentioned, this should light up once we have https://github.com/Azure/bicep/blob/main/docs/spec/resource-scopes.md#resource-scope-property implemented. I've created #870 to track this independently.

[SimonWahlin]

Warning BCP081: Resource type "Microsoft.KeyVault/vaults/secrets@2019-09-01" does not have types available.
Warning BCP081: Resource type "Microsoft.Web/sites/config@2020-06-01" does not have types available.

[johndowns]

Warning BCP081: Resource type "Microsoft.Network/frontDoors/frontendEndpoints/customHttpsConfiguration@2020-07-01" does not have types available.

[johndowns]

Warning BCP081: Resource type "Microsoft.EventGrid/topics/providers/eventSubscriptions@2018-01-01" does not have types available.

[ld0614]

Resource type "Microsoft.RecoveryServices/vaults@2019-06-01" does not have types available.
Resource type "Microsoft.RecoveryServices/vaults/backupstorageconfig@2019-05-13" does not have types available.

Ideally 'Microsoft.RecoveryServices/vaults/backupPolicies@2019-06-15' property Timezone should auto complete valid timezones

Microsoft.Automation/automationAccounts@2015-10-31 is missing location as a required properties: location + Properties -> Sku -> name

[dgard1981]

Resource type "Microsoft.DocumentDB/databaseAccounts/providers/diagnosticSettings@2017-05-01-preview" does not have types available.
Resource type "Microsoft.Web/sites/providers/diagnosticSettings@2017-05-01-preview" does not have types available.
Resource type "Microsoft.Web/sites/slots/providers/diagnosticSettings@2017-05-01-preview" does not have types available.

I don't know exactly which types you'd expect to provide diagnosticSettings, but it doesn't look like any are included.

[alex-frankel]

Thanks for reporting @dgard1981 - this is a similar case to /locks above. They are both extension resources, which means they can be appended to any currently existing resource (that supports it). We have a proposal to have a new way of authoring these types of resources at which point we should be able to start validating these properly:
#870

[Philo]

Warning BCP081: Resource type "Microsoft.Storage/storageAccounts/providers/roleAssignments@2020-04-01-preview" 
does not have types available.

I would also suspect this is a similar case for other RBAC resource types.

[markgar]

Whenever I'm trying to define an Azure Spring Cloud cluster (Microsoft.AppPlatform/Spring@2020-07-01), I'm not given an enum for sku.name or sku.tier

resource mySpring 'Microsoft.AppPlatform/Spring@2020-07-01' = {
  name: 'myCluster'
  location: resourceGroup().location
  sku: {
    name: ''
    tier: ''
  } 
}

[alex-frankel]

Originally reported with #791

--

Bicep version
Bicep CLI version 0.1.223-alpha (895cac2)

Describe the bug
When defining a vnet resource, the properties attribute isn't being marked as required. Per ARM template reference, properties is required: https://docs.microsoft.com/en-us/azure/templates/microsoft.network/virtualnetworks

Furthermore, the properties.addressSpace is required in order for deployment to complete.

To Reproduce

param location string = resourceGroup().location

resource vnet 'Microsoft.Network/virtualNetworks@2020-06-01' = {
    location: location
    name: 'vnet'
}

Types with issue (not exhaustive):

• Microsoft.Network/virtualNetworks@2020-06-01
• Microsoft.ContainerService/managedClusters@2020-09-01

Additional context

Expected

1. Intellisense warning
2. Error BCP035: The specified object is missing the following required properties

[kartben]

resource type 'Microsoft.KeyVault/vaults/secrets' gets autocompleted with a wrong API version. It gets completed to Microsoft.KeyVault/vaults/secrets@2020-04-01-preview instead of Microsoft.KeyVault/vaults/secrets@2019-09-01. When using the proper (2019-09-01) version, one gets the error message below:

Resource type "Microsoft.KeyVault/vaults/secrets@2019-09-01" does not have types available.bicep(BCP081)

[smokedlinq]

Bicep version
0.2.14

Describe the bug
The resource type @ version Microsoft.Web/connections@2016-06-01 is not available (BCP081)

To Reproduce
resource connection 'Microsoft.Web/connections@2016-06-01' = { .. }

[miqm]

Bicep CLI version 0.2.46 (fa6e2c5)

Element: Microsoft.Web/certificates@2020-06-01
Message: Warning BCP035: The specified "object" declaration is missing the following required properties: "password".

Although reference (https://docs.microsoft.com/en-us/azure/templates/microsoft.web/certificates) describes password as required, in fact it isn't.

[StefanIvemo]

Bicep version
Bicep CLI version 0.2.14

Describe the bug
Defining a VPN Gateway Connection 'Microsoft.Network/connections@2020-06-01 and using the id property in the VirtualNetworkGatewayModel object and LocalNetworkGateway object to reference existing VPN Gateways and Local Network Gateways, you get a warning message.

Warning BCP035: The specified "object" declaration is missing the following required properties: "properties".

To Reproduce

resource s2sconnection 'Microsoft.Network/connections@2020-06-01' = {
  name: 'onprem-hub-cn'
  location: location
  properties: {
    connectionType: 'IPsec'
    connectionProtocol: 'IKEv2'
    virtualNetworkGateway1: {
      id: vpngwid
    }
    enableBgp: true
    sharedKey: psk
    localNetworkGateway2: {
      id: localnetworkgw.id
    }
  }
}

[jkkuhn00]

Warning BCP037: The property "publicNetworkAccess" is not allowed on objects of type "StorageAccountPropertiesCreateParametersOrStorageAccountProperties". Permissible properties include "allowSharedKeyAccess", "azureFilesIdentityBasedAuthentication", "customDomain", "isHnsEnabled", "isNfsV3Enabled", "largeFileSharesState", "routingPreference".

According to https://learn.microsoft.com/en-us/azure/templates/microsoft.storage/storageaccounts?pivots=deployment-language-bicep this is a valid property on a storage account.

[GlibMartynenko]

Warning BCP037: The property "publicNetworkAccess" is not allowed on objects of type "StorageAccountPropertiesCreateParametersOrStorageAccountProperties". Permissible properties include "allowSharedKeyAccess", "azureFilesIdentityBasedAuthentication", "customDomain", "isHnsEnabled", "isNfsV3Enabled", "largeFileSharesState", "routingPreference".

According to https://learn.microsoft.com/en-us/azure/templates/microsoft.storage/storageaccounts?pivots=deployment-language-bicep this is a valid property on a storage account.

Double-check which API version you use. I had the same problem for different resource but then I've found I'm using old API version.

[Jeroen-VdB]

Microsoft.Web/sites@2022-03-01 > properties > siteConfig:

• ipSecurityRestrictionsDefaultAction
• scmIpSecurityRestrictionsDefaultAction

The property "ipSecurityRestrictionsDefaultAction" is not allowed on objects of type "SiteConfig"
The property "scmIpSecurityRestrictionsDefaultAction" is not allowed on objects of type "SiteConfig"

It's not included in the ARM definition but works when I deploy my template with these two properties.
I found these properties using the portal while inspecting the update request.
Values can be: 'Allow' or 'Deny'

[rogue5469]

/cluster-stamp.bicep(379,5) : Warning BCP037: The property "eTag" is not allowed on objects of type "SavedSearchProperties". Permissible properties include "functionAlias", "functionParameters", "tags".

[askew]

In Microsoft.App/containerApps@2022-06-01-preview the properties.template.containers.resources.cpu parameter which should be a number but is defined as int.

The help text in the VS Code intelisense even states cpu: int "Required CPU in cores, e.g. 0.5"

There are very specific values that are allowed here as listed in the error message:
"Total CPU and memory for all containers defined in a Container App must add up to one of the following CPU - Memory combinations: [cpu: 0.25, memory: 0.5Gi]; [cpu: 0.5, memory: 1.0Gi]; [cpu: 0.75, memory: 1.5Gi]; [cpu: 1.0, memory: 2.0Gi]; [cpu: 1.25, memory: 2.5Gi]; [cpu: 1.5, memory: 3.0Gi]; [cpu: 1.75, memory: 3.5Gi]; [cpu: 2.0, memory: 4.0Gi]"

[spencerwhyte]

Bicep Template:

resource hostingEnvironment 'Microsoft.Web/HostingEnvironments@2022-03-01' = {
  kind: 'ASEV3'
  location: 'canadacentral'
  name: 'someName'
  properties: {
    dedicatedHostCount: 0
    zoneRedundant: false
    internalLoadBalancingMode: 3
    virtualNetwork: {
      id: subnetId
    } 
  }
}

Bicep Warning:

The property "internalLoadBalancingMode" expected a value of type "'None' | 'Publishing' | 'Web' | 'Web, Publishing' | null | string" but the provided value is of type "3"

If I try and use something like 'Web', the deployment will fail with error:

InternalLoadBalancingMode is invalid. Allowed values: 0,3

[Markz878]

Azure SQL Server serverless database allows Min vCores to be 0.5, but Bicep says 'The property "minCapacity" expected a value of type "int | null" but the provided value is of type "'0.5'".'

resource sqlserver'Microsoft.Sql/servers/databases@2022-05-01-preview' = {
  sku: {
    name: 'GP_S_Gen5'
    tier: 'GeneralPurpose'
    family: 'Gen5'
    capacity: 1
  }
  properties: {
    minCapacity: '0.5'
  }
}

[dnovvak]

Azure Data Factory Linked Service:

@description('SFTP password')
@secure()
param sftpPassword string

resource sftpServerLinkedService 'Microsoft.DataFactory/factories/linkedservices@2018-06-01' = {
  name: '${dataFactory.name}/sftp-server'
  properties: {
    type: 'Sftp'
    typeProperties: {
      authenticationType: 'Basic'
      host: sftpHost
      password: sftpPassword
      port: sftpPort
      userName: sftpUserName
    }
  }
}

Warning:

The property "password" expected a value of type "SecretBase | null" but the provided value is of type "string". If this is an inaccuracy in the documentation, please report it to the Bicep Team.

Note that there is no SecretBase type in bicep:

@description('SFTP password')
@secure()
param sftpPassword SecretBase

The name "SecretBase" is not a valid type. Please specify one of the following types: "array", "bool", "int", "object", "string".

[jayachithra]

• Resource type "Microsoft.DBforPostgreSQL/flexibleServers@2022-12-01" does not have types available.
• Resource type "Microsoft.DBforPostgreSQL/flexibleServers/databases@2022-12-01" does not have types available.

[your-azure-coach]

• The property "ipSecurityRestrictionsDefaultAction" is not allowed on objects of type "SiteConfig" - Microsoft.Web/sites/config@2022-03-01

[Taha-cmd]

API Version: 2022-07-01

Warning BCP037: The property "enableCustomCATrust" is not allowed on objects of type "ManagedClusterAgentPoolProfile". Permissible properties include "availabilityZones", "creationData", "enableFIPS", "gpuInstanceProfile", "hostGroupID", "kubeletConfig", "kubeletDiskType", "linuxOSConfig", "maxCount", "maxPods", "minCount", "nodeLabels", "nodePublicIPPrefixID", "nodeTaints", "orchestratorVersion", "osDiskSizeGB", "osDiskType", "osSKU", "podSubnetID", "powerState", "proximityPlacementGroupID", "scaleDownMode", "scaleSetEvictionPolicy", "scaleSetPriority", "spotMaxPrice", "type", "upgradeSettings", "workloadRuntime"

[mattmazzola]

When attempting to get Bicep file for existing APIM resource. (Get apim-arm.json -> Decompile -> apim.bicep)

apim-arm.bicep(1016,19) : Warning BCP036: The property "percentage" expected a value of type "int | null" but the provided value is of type "'100'". If this is an inaccuracy in the documentation, please report it to the Bicep Team. [https://aka.ms/bicep-type-issues]

The issue seems to be with the decompiler and not the bicep expected types for the resource.
The type expects an int for the percentage of traffic to sample; however, the decompiler sets the value as a string

sampling: {
  percentage: '100'
  samplingType: 'fixed'
}

sampling: {
  percentage: 100
  samplingType: 'fixed'
}

[dciborow]

'Microsoft.Solutions/applications@2017-09-01' causes twoone false positive warnings.

The property "jitAccessPolicy" is not allowed on objects of type "ApplicationProperties". Permissible properties include "applicationDefinitionId", "uiDefinitionUri". If this is an inaccuracy in the documentation, please report it to the Bicep Team.
Without the jitAccessPolicy property deploying the template fails. Fixed with @2021-07-01

If property "managedResourceGroupId" represents a resource ID, it must use a symbolic resource reference, be a parameter or start with one of these functions: extensionResourceId, guid, if, reference, resourceId, subscription, subscriptionResourceId, tenantResourceId. Found nonconforming expression at managedResourceGroupId -> managedResourceGroupId'
Below is an example of how to properly construct a managedResourceGroupId.

var managedResourceGroupId = '${subscription().id}/resourceGroups/${resourceGroupName}-${managedResourceGroupName}-${replace(publishers[publisher].version,'.','-')}'

resource hordeStorage 'Microsoft.Solutions/applications@2017-09-01' = {
  location: location
  kind: 'MarketPlace'
  name: appName
  plan: publishers[publisher]
  properties: {
    managedResourceGroupId: managedResourceGroupId
    parameters: {...}
    jitAccessPolicy: null
  }
}

[mheidl-meta]

Warning BCP037: The property "certificateSource" is not allowed on objects of type "HostnameConfiguration". Permissible properties include "certificatePassword", "encodedCertificate", "identityClientId", "keyVaultId". If this is an inaccuracy in the documentation, please report it to the Bicep Team. [https://aka.ms/bicep-type-issues]

  {
    type: 'Proxy'
    hostName: '${apimName}.azure-api.net'
    negotiateClientCertificate: false
    defaultSslBinding: false
    certificateSource: 'BuildIn'
  }

[KuSh]

Every time I play my bicep on Cosmos DB it indicates removing those properties which aren't available in schema :

  ~ Microsoft.DocumentDB/databaseAccounts/my-db [2022-08-15]
    - properties.configurationOverrides:

        EnableBsonSchema: "True"

    - properties.sqlEndpoint:                   "https://my-db.documents.azure.com:443/"

I'm not sure if it should be configurable but in this case it should at least be ignored.

[jcnouwens]

On the documentation page:
https://learn.microsoft.com/en-us/azure/templates/microsoft.web/connections?pivots=deployment-language-bicep
The attribute "kind" is missing. The default seems to be "V1" while connections deployed from the portal have kind "V2".
For me the following bicep syntax works:

resource connection 'Microsoft.Web/connections@2016-06-01' = {
  name: connectionName
  location: settings.location
  tags: tags
  kind: 'V2'
  properties: {
    api: {
      displayName: 'Office 365 Outlook'
      id: '/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxxxxxxxx/providers/Microsoft.Web/locations/westeurope/managedApis/${connectionName}'
      name: connectionName
      type: 'Microsoft.Web/locations/managedApis'
    }
    displayName: '[email protected]'
  }
}

Can anyone tell me why the id field is mandatory while it references to the resource itself?

[C0smin]

Hi, I'm getting this false positive flagged as warning, don't know if this is the correct place to mention it but here it is:

Flags variable as wrong but it's actually ok.
Also repro code:

param kSku string= 'Standard'
var sku = toLower(kSku)

resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = {
  name: 'myKeyVault01'
  location: location
  properties: {
    sku: {
      family: 'A'
      name: sku
    }
    tenantId: '1234'
  }
}

[ndamulelonemakh]

Warning BCP081: Resource type "Microsoft.MachineLearning/workspaces@2022-10-01" does not have types available

[Kaloszer]

parameterValueType missing on 'Microsoft.Web/connections@2016-06-01'

[Tianyang-Yang]

I am given warning that redisVersion is read-only which sounds incorrect to me

resource redisCacheDev 'Microsoft.Cache/Redis@2020-06-01' = {
  name: redisCacheName
  location: location
  properties: {
    enableNonSslPort: enableNonSslPort
    minimumTlsVersion: '1.2'
    sku: {
      capacity: redisCacheCapacity
      family: redisCacheFamily
      name: redisCacheSKU
    }
    
    redisVersion: '6.0'
  }
}

warning message

warning BCP073: The property "redisVersion" is read-only. Expressions cannot be assigned to read-only properties. If this is an inaccuracy in the documentation, please report it to the Bicep Team. [https://aka.ms/bicep-type-issues]

[alk-automize]

Got this warning on Service Bus namespaces

Resource type "Microsoft.ServiceBus/namespaces@2022-10-01-preview" does not have types available. bicep(BCP081)

resource serviceBusResource 'Microsoft.ServiceBus/namespaces@2022-10-01-preview' = {
...
}

[andresvaldor]

For 'Microsoft.DataFactory/factories/triggers@2018-06-01':

Warning BCP037: The property "pipelines" is not allowed on objects of type "ScheduleTrigger'

For 'Microsoft.DataFactory/factories/pipelines@2018-06-01':

Warning BCP037: The property "policy" is not allowed on objects of type "Lookup"
Warning BCP037: The property "policy" is not allowed on objects of type "Copy"
Warning BCP037: The property "policy" is not allowed on objects of type "SqlServerStoredProcedure"
Warning BCP037: The property "linkedServiceName" is not allowed on objects of type "SqlServerStoredProcedure"
Warning BCP037: The property "queryTimeout" is not allowed on objects of type "AzureSqlSource"

[3ddc]

.\main.bicep(101,17) : Warning BCP036: The property "maxPrice" expected a value of type "int | null" but the provided value is of type "'0.0x'". If this is an inaccuracy in the documentation, please report it to the Bicep Team. [https://aka.ms/bicep-type-issues]

[Viking1978]

For 'Microsoft.Web/sites/basicPublishingCredentialsPolicies@2022-03-01'
The parameter location is required for succesful deployment, but its not included in the documentation (gives a yellow squiggly when added, but is allowed and will make the deployment work).

[NaridaL]

Not sure if this is the place for documentation issues, but https://learn.microsoft.com/en-us/azure/templates/microsoft.servicefabric/managedclusters/nodetypes?pivots=deployment-language-bicep doesn't provide anything more appropriate. In any case:

for Microsoft.ServiceFabric/managedClusters/nodeTypes

name: limited to 9 chars, but this isn't documented.
properties.useDefaultPublicLoadBalancer: must be true for primary node type, but this isn't explicitly documented.

[stephaniezyen]

We will be moving all azure type inaccuracy issues to this repo: https://github.com/Azure/bicep-types-az

You can submit/document an issue with this form here: https://aka.ms/bicep-type-issues