Bicep Community Call 7/15

[stephaniezyen]

We are hosting our first Bicep community call on Thursday, 7/15 at 9am PST! Please use this Issue to address topics you would like to discuss, questions you have for our team, further demos you would like to see, and any high or low points you would like to share. This is an open space for our users to discuss what they would like to discuss.

Please List Topics of Discussion in this Thread

Agenda:

1. Team introductions
2. Quick Announcements (recent developments, current projects, future plans)
3. Topics listed here!
4. Final Questions or comments

To sign up for the call, please fill out this form for an invite!

We will review the list of topics prior to the call and prioritize discussing those with the most thumbs-up emoji reactions if we don't have time to go through them all.

[alex-frankel]

I'll go first :)

Topic: How we can expand the group of "core" maintainers that can help us keep up to date with Issues, Discussions, and PRs. We are looking to give appropriate permissions to 2-3 community members as an initial experiment. If anyone has been a part of open source projects that have expanded in this way, it would be great to get some insights in how it went.

[glennvanrymenant-tc]

I'm trying to convert Sentinel Analytic Rules from an ARM format to a Bicep format but the decompile on the Bicep playground fails (https://bicepdemo.z22.web.core.windows.net/) and I couldn't find any documentation on this. Would it be possible to add a template to the Bicep playground?

[thesushil]

I needed to make a service principal the admin on the sql server and also make it contributor on a storage account. I need to pass object id, app id, as well as the name of the service principal to do that. It would be easier if we can lookup the object id and app id by the name of the service principal like how 'existing' works for other resources. Is there a way to get service principal also in the same way using 'existing' ?

[alex-frankel]

@glennvanrymenant-tc -- can you open a separate Discussion topic for this question? FWIW, I don't think the feedback decompiling on the playground is as rich as you would get if you ran az bicep decompile -f myfile.json

It would be easier if we can lookup the object id and app id by the name of the service principal

@thesushil - we have an issue tracking this one, but we can discuss the complexities of the work on the call.

[miqm]

Prioritise #622

[simonvane]

We are using Logic Apps in our applications. The development lifecycle with infrastructure as code is already quite tricky. How do you see bicep fitting into that?

Thanks.

P.S. One thing that could really help with this problem and bicep usage, in general, is if the "Export template" facility in the Azure portal supported exporting directly as bicep (for all resources).

[nshenoy]

What's the roadmap for #399 ? A bicep friendly parameters file format would be handy. ;)

[slapointe]

I'd like the team to discuss what is the plan for a few things:

scope functions like managementGroup(), subscription() and resourceGroup() that cannot be used at certain places #2535 & #947. deployment() that do not expose certain members if deployment is not at RG level.

I deal a lot with policies and role assignments and they often need to reference built-in things at the tenant level (policy def, role definitions, etc.). It is a bit tricky at the moment. It should work with the existing keyword but we end up building a string in a variable instead. See #2741

I know a lot of problems are in ARM and not necessarily in Bicep but they make governance as code a bit more difficult.

Lastly, I'd probably need to create an issue for this but I'd like to have the ability to "inject" reusable code blocks like resources/functions and other logic in Bicep (not as a nested deployment) so that I could reuse code in projects while minimizing the amount of nested deployments at runtime, thus minimizing deployments time.

[JeroenvdBurg]

It would be great if the team could discuss some of the following topics:

1. With bicep the use of modules is highly recommended and commonly advertised. However the ARM what-if functionality is almost useless when modules/nested deployments are used. See issue: Resources in nested template not shown if reference is used in the parameter values arm-template-whatif#157

2. There are a lot of swagger inaccuracies on the api's, preventing the use of some properties which are available. For example the managed identity on logic apps. Logic Apps with managed identities not supported #949
   Really interested how we could fix this or override this in bicep.

3. The conditional functionality is great, however when a module is not deployed due to an condition (for example check on empty value). The underlying logic is still parsed and evaluated by ARM leading into all kind of errors. The workaround is to use ternary expressions on the properties but this could definitely get some improvement.

looking forward to next week.

[slapointe]

+100 for this 👇 Thanks @JeroenvdBurg for reminding me

1. With bicep the use of modules is highly recommended and commonly advertised. However the ARM what-if functionality is almost useless when modules/nested deployments are used. See issue: Resources in nested template not shown if reference is used in the parameter values arm-template-whatif#157

[henriksen]

How's the road map on getting Bicep to do other things than just ARM? Specifically MS Graph/AzureAD? In a larger deployment, these things are interconnected and dependent and right now it's just a big mix of Bicep and scripting, with a non-trivial amount of work to make scripts idempotent.

If for instance app registrations, roles, assignments and so on was exposed as language features, that would help immensely.

[alex-frankel]

How's the road map on getting Bicep to do other things than just ARM? Specifically MS Graph/AzureAD?

We can discuss the plans on the call, but we are expecting to introduce a preview of bicep extensibility with support for MSGraph and k8s in our 1.0 release, which will follow our 0.5 release.