Comments (20)
workaround works for me but i had to specify the api version of 2021-01-14-preview
. Any other api version seemed to fail.
output token string = reference(hPool.id, '2021-01-14-preview').registrationInfo.token
from bicep-types-az.
this did it once for me:
https://github.com/bfrankMS/AVD-PoC-InfraAsCode/blob/hostpoolnew/pipelines/hostpool/modules/hostpool.bicep
https://github.com/bfrankMS/AVD-PoC-InfraAsCode/blob/hostpoolnew/pipelines/hostpool/avdcomplete.bicep
from bicep-types-az.
from bicep-types-az.
Hi guys,
It seems to be atm so that NO possibility to get the token with BICEP and get sessionhost attached to the hostpool?
At least I am not able to get this to be working.
If you have solution, please share, appriciate it!
Me
from bicep-types-az.
A couple of things going on here, I'm guessing because the value of token
is a secret.
- Because
token
has a value of null, but the output type isstring
, you get a type mismatch and the deployment fails. I'm not sure I know a way around this, other than to emit the entire parent object (output registrationInfo object = hPool.properties
). If this token is a secret, we'd recommend the property be marked as write-only in the RP API spec and the property should not be returned in the response at all. The current behavior may be an ARM RPC violation. - If token is a secret, it should be exposed with a
list*
post API. Something likelistToken
, which would be a safe way to retrieve the secret (including with bicep where you could dohPool.listToken()
).
I can pass this along to the relevant RP team, but I would also recommend opening a support case for this issue and for it to be routed to the team that manages this resource type.
from bicep-types-az.
from bicep-types-az.
Feel free to recommend to them they get in touch with me at [email protected] if they need more context. It is not possible for this to be fixed at the bicep level. It is entirely an issue with the resource provider.
from bicep-types-az.
Did you get any response about this? This used to work like a charm but is now broken unfortunately..
from bicep-types-az.
This was working for me too for a long time (months) - last success was as recent as 2nd Nov 22 - but has stopped working really recently, as when i ran this on 8th Nov and today 10th Nov it now returns:
registrationinfo:null
I cant see any changes to the docs to indicate this has been removed from the resource response.
How should I go about raising a ticket for this. Who's the responsible team/owners. Thanks.
from bicep-types-az.
The responsible team is the DesktopVirtualization/hostPools
resource provider team. You should be able to provide that detail in the support case and support should then be able to route it to the right spot.
from bicep-types-az.
The responsible team is the
DesktopVirtualization/hostPools
resource provider team. You should be able to provide that detail in the support case and support should then be able to route it to the right spot.
Alex appreciate this - thanks for the speedy response. I have forwarded details in our support ticket.
As a workaround - I have added a bicep template module that queries the hostpool registration key, using powershell (Get-AzWvdHostPoolRegistrationToken) in a Microsoft.Resources/deploymentScripts, which it returns as an output.
Ref:
https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/deployment-script-bicep
from bicep-types-az.
Thanks for this thread and information on workaround, saved me a lot of time.
Any chance you could post a sample of the deploymentscript you ran? A bit new to this and struggling to get the correct configuration.
from bicep-types-az.
Hi - I was using:
Microsoft.DesktopVirtualization/hostPools@2021-07-12
And this was working fine - From before June - until end of November, but now no longer works.
Ms support suggested using the older Microsoft.DesktopVirtualization/hostPools@2021-01-14-preview as their validation tests shows this as working.
I'm not sure why a newer "non-preview" version of the API would stop working - or if it is advisable to change to an older API version, and/or use a preview version, but this older preview version does still work.
@bendiksygnestveit try this first too.
from bicep-types-az.
...and the support ticket eventually got transferred to our team 😅. I ran a quick test with Azure REST API browser. It turns out that the RP's PUT response schema doesn't match their GET response schema. In the PUT response, registrationInfo
is always an object, while in the GET response, it is null.
The reason why the output stopped working in early November is because we changed the emitter to always add API versions to resource references, so that each reference uses the response from a GET call instead of PUT request.
The RP will have to fix their service so that GET response schema is consistent with PUT response schema. I'll transfer the support ticket back the RP.
from bicep-types-az.
Had an offline discussion with the RP and learned that the registrationToken
property is a secret, which means it should not be accessed directly anyway. The recommended way to access a secret property is to use the list* function. The RP does expose a POST method retrieveRegistrationToken
for getting registrationToken
, but since the method name doesn't start with list
, it won't work with Bicep / ARM templates. To fix the issue the RP will need to:
- Mark the
registrationToken
as secret in Swagger to block direct access to theregistrationToken
property - Expose a new
listRegistrationToken
API so that we can callhostpools.listRegistrationToken()
in Bicep to access the property.
from bicep-types-az.
Having the token accessed via list* would be great. I originally had a template to build the host pool, workspace, application group etc. - but wasn't comfortable passing the token out as an output as this is "more" visible in the Azure UI - I ended up moving the host pool resources backup to the parent template to avoid this, where I could pass to a VM template as a secret.
What sort of release timespan would we expect for this change, understanding this is with RP, but is security related?
from bicep-types-az.
The DesktopVirtualization team will need to comment on timelines for the list*
API. In the meantime, you should be able to do a non-idiomatic (and not advised) reference()
call in bicep like so:
resource hPool 'Microsoft.DesktopVirtualization/hostPools@2021-07-12' existing = {
name: hostPoolName
}
output token string = reference(hPool.id).registrationInfo.token
from bicep-types-az.
+1 for the list* function
thanks for the workaround - it worked for me.
from bicep-types-az.
@bfrankMS
I got it work but do not understand what doing wrong. I will do some investigations comparing your code to mine!
Thanks Frank for sharing to me your solution!
from bicep-types-az.
For some reason, moving the parameter from protectedSettings to settings worked!
(as @bfrankMS did, plus using version 2021-02-01-preview )
from bicep-types-az.
Related Issues (20)
- Microsoft.Web/sites: Does not recognize property 'autoGeneratedDomainNameLabelScope'
- Unable to rerun code for Microsoft.Network/networkVirtualAppliances and a firewall is connected HOT 1
- Notification Hub Namespace update failed with BadArgument Exception HOT 3
- AKS Spot Nodepool error HOT 5
- Resource type "Microsoft.VirtualMachineImages/imageTemplates@2024-02-01" does not have types available
- Apim Api Revision fails when parent Api has no Description HOT 1
- Microsoft.Portal/dashboards: The property "type" expected a value of type "'Extension/HubsExtension/PartType/MarkdownPart'" but the provided value is of type "'Extension/HubsExtension/PartType/MonitorChartPart'"
- [Microsoft.KeyVault/vaults/accessPolicies]: does not have types available
- [Microsoft.App/containerApps]: ContainerResources example uses unsupported units for Memory property; Mb instead of Gi.
- [Microsoft.Web/sites]: missing functionAppConfig
- Microsoft.DataProtection/backupVaults not able to set SystemAssigned Identity HOT 1
- Error while deploying Azure Container App with bicep: ContainerAppInvalidResourceTotal HOT 1
- add tags to new subscription bicep not allowed
- MySQL Flexible deployment fails when properties.maintenanceWindow is set HOT 2
- Microsoft.Web/connections@2018-07-01-preview and Microsoft.Web/connections/accessPolicies@2018-07-01-preview
- Azure Container Apps - KEDA scale (managed identity) HOT 5
- Microsoft.Web/sites@2021-03-01 ipSecurityRestrictionsDefaultAction
- deployment ignores condition and is validating module
- [Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers]: compositeIndexes type issue
- [Microsoft.PowerPlatform/enterprisePolicies]: Virtual Networks Object structure is incorrect
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bicep-types-az.