This is autogenerated. Please review and update as needed.
Describe the bug
Command Name
az deployment group create
Errors:
{"status":"Failed","error":{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"NotFound","message":"{\r\n \"error\": {\r\n \"code\": \"ResourceNotFound\",\r\n \"message\": \"The Resource 'Microsoft.Web/sites/func-dev-we-test' under resource group 'rg-dev-we' was not found. For more details please go to https://aka.ms/ARMResourceNotFoundFix\"\r\n }\r\n}"}]}}
To Reproduce:
Steps to reproduce the behavior. Note that argument values have been redacted, as they may contain sensitive information.
- Put any pre-requisite steps here...
az deployment group create -g {} --template-file {}- template:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"functions": [],
"variables": {
"location": "[resourceGroup().location]",
"func_name": "func-dev-we-test"
},
"resources": [
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2021-04-01",
"name": "functionapp_deploy",
"properties": {
"mode": "Incremental",
"templateLink": {
"id": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, 'rg-dev-templateSpecs-we'), 'Microsoft.Resources/templateSpecs/versions', 'ts-dev-functionApp', '1.0')]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"functionAppName": {
"value": "[variables('func_name')]"
},
"storageAccountName": {
"value": "stdevwefuntest"
},
"storageAccountType": {
"value": "Standard_LRS"
},
"location": {
"value": "[variables('location')]"
},
"appInsightsInstrumentationKey": {
"value": ""
},
"hostingPlanName": {
"value": "plan-dev-we-func-test"
},
"runtime": {
"value": "dotnet"
},
"keyvaultName": {
"value": ""
}
}
}
},
{
"type": "Microsoft.Web/sites/config",
"apiVersion": "2021-02-01",
"name": "[format('{0}/{1}', variables('func_name'), 'appsettings')]",
"properties": {
"AppSettingsOne": "Foo_Bar"
},
"dependsOn": [
"[resourceId('Microsoft.Resources/deployments', 'functionapp_deploy')]"
]
},
{
"type": "Microsoft.Authorization/roleAssignments",
"apiVersion": "2020-08-01-preview",
"name": "[guid(variables('func_name'), '4633458b-17de-408a-b874-0445c86b69e6')]",
"properties": {
"principalId": "[reference(resourceId('Microsoft.Web/sites', variables('func_name')), '2021-02-01', 'full').identity.principalId]",
"roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', '4633458b-17de-408a-b874-0445c86b69e6')]"
},
"dependsOn": [
"[resourceId('Microsoft.Resources/deployments', 'functionapp_deploy')]"
]
}
]
}Expected Behavior
Function app deployment successfully completes before role assignment starts.
Environment Summary
macOS-11.6-x86_64-i386-64bit, Darwin 20.6.0
Python 3.9.7
Installer: HOMEBREW
azure-cli 2.29.1
Extensions:
azure-devops 0.20.0
Additional Context
When doing this with appsettings or when adding a secret to a keyvault with this kind of setup, Azure Resource Manager respects the dependency. When trying this for role assignments, the ARM immediately tries to assign the role, while the resource deployment is still busy.
The template spec outputs the object ID of the function app, if we change the template to use this output variable in properties.principalId:
{
"type": "Microsoft.Authorization/roleAssignments",
"apiVersion": "2020-08-01-preview",
"name": "[guid(variables('func_name'), '4633458b-17de-408a-b874-0445c86b69e6')]",
"properties": {
"principalId": "[reference(resourceId('Microsoft.Web/sites', variables('func_name')), '2021-02-01', 'full').identity.principalId]",
"roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', '4633458b-17de-408a-b874-0445c86b69e6')]"
},
"dependsOn": [
"[resourceId('Microsoft.Resources/deployments', 'functionapp_deploy')]"
]
}becomes:
{
"type": "Microsoft.Authorization/roleAssignments",
"apiVersion": "2020-08-01-preview",
"name": "[guid(variables('func_name'), '4633458b-17de-408a-b874-0445c86b69e6')]",
"properties": {
"principalId": "[reference(resourceId('Microsoft.Resources/deployments', 'functionapp_deploy')).outputs.objectId.value]",
"roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', '4633458b-17de-408a-b874-0445c86b69e6')]"
},
"dependsOn": [
"[resourceId('Microsoft.Resources/deployments', 'functionapp_deploy')]"
]
}The Azure Resource Manager respects the dependency.
This is autogenerated. Please review and update as needed.
Describe the bug
Command Name
az deployment group createErrors:
To Reproduce:
Steps to reproduce the behavior. Note that argument values have been redacted, as they may contain sensitive information.
az deployment group create -g {} --template-file {}{ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "functions": [], "variables": { "location": "[resourceGroup().location]", "func_name": "func-dev-we-test" }, "resources": [ { "type": "Microsoft.Resources/deployments", "apiVersion": "2021-04-01", "name": "functionapp_deploy", "properties": { "mode": "Incremental", "templateLink": { "id": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, 'rg-dev-templateSpecs-we'), 'Microsoft.Resources/templateSpecs/versions', 'ts-dev-functionApp', '1.0')]", "contentVersion": "1.0.0.0" }, "parameters": { "functionAppName": { "value": "[variables('func_name')]" }, "storageAccountName": { "value": "stdevwefuntest" }, "storageAccountType": { "value": "Standard_LRS" }, "location": { "value": "[variables('location')]" }, "appInsightsInstrumentationKey": { "value": "" }, "hostingPlanName": { "value": "plan-dev-we-func-test" }, "runtime": { "value": "dotnet" }, "keyvaultName": { "value": "" } } } }, { "type": "Microsoft.Web/sites/config", "apiVersion": "2021-02-01", "name": "[format('{0}/{1}', variables('func_name'), 'appsettings')]", "properties": { "AppSettingsOne": "Foo_Bar" }, "dependsOn": [ "[resourceId('Microsoft.Resources/deployments', 'functionapp_deploy')]" ] }, { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2020-08-01-preview", "name": "[guid(variables('func_name'), '4633458b-17de-408a-b874-0445c86b69e6')]", "properties": { "principalId": "[reference(resourceId('Microsoft.Web/sites', variables('func_name')), '2021-02-01', 'full').identity.principalId]", "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', '4633458b-17de-408a-b874-0445c86b69e6')]" }, "dependsOn": [ "[resourceId('Microsoft.Resources/deployments', 'functionapp_deploy')]" ] } ] }Expected Behavior
Function app deployment successfully completes before role assignment starts.
Environment Summary
Additional Context
When doing this with appsettings or when adding a secret to a keyvault with this kind of setup, Azure Resource Manager respects the dependency. When trying this for role assignments, the ARM immediately tries to assign the role, while the resource deployment is still busy.
The template spec outputs the object ID of the function app, if we change the template to use this output variable in
properties.principalId:{ "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2020-08-01-preview", "name": "[guid(variables('func_name'), '4633458b-17de-408a-b874-0445c86b69e6')]", "properties": { "principalId": "[reference(resourceId('Microsoft.Web/sites', variables('func_name')), '2021-02-01', 'full').identity.principalId]", "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', '4633458b-17de-408a-b874-0445c86b69e6')]" }, "dependsOn": [ "[resourceId('Microsoft.Resources/deployments', 'functionapp_deploy')]" ] }becomes:
{ "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2020-08-01-preview", "name": "[guid(variables('func_name'), '4633458b-17de-408a-b874-0445c86b69e6')]", "properties": { "principalId": "[reference(resourceId('Microsoft.Resources/deployments', 'functionapp_deploy')).outputs.objectId.value]", "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', '4633458b-17de-408a-b874-0445c86b69e6')]" }, "dependsOn": [ "[resourceId('Microsoft.Resources/deployments', 'functionapp_deploy')]" ] }The Azure Resource Manager respects the dependency.