Azure Bicep Nested Loops

Raymondo
March 10, 2023
205 views
0 votes
2 Answers

I’m trying to create an Azure Event Hub using json config and Bicep.

The Event Hub namespace deploys fine, but when I try to extend the code to namespaces/eventhubs and namespaces/eventhubs/authorizationRules then I encounter an issue as I have nested loops which from the looks of the error are not possible:

A nested resource cannot appear inside of a resource with a for-expression.bicep(BCP160)

My code:

    param eventHubs array
    
    resource eventHubNS 'Microsoft.EventHub/namespaces/eventhubs@2022-01-01-preview' = [for ns in eventHubs: {
  parent: eventHub
  name: ns.name
  properties: {
    messageRetentionInDays: ns.properties.messageRetentionInDays
    partitionCount: ns.properties.partitionCount
    status: ns.properties.status
  }
  resource eventHubAuthRules 'authorizationRules@2022-01-01-preview' = [for ar in ns.authorizationRulesRights: {
    name: ar.name
    properties: {
      rights: ar.rights
      }
    }]
}]

And the Json:

{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "eventHubNameSpace": {
            "value": [{
                    "resourceGroup": "my-rg",
                    "name": "my-evhns",
                    "location": "uksouth",
                    "sku": {
                        "capacity": 1,
                        "name": "standard",
                        "tier": "standard"
                    },
                    "properties": {
                        "minimumTlsVersion": "1.2",
                        "publicNetworkAccess": "Enabled",
                        "disableLocalAuth": false,
                        "zoneRedundant": true,
                        "isAutoInflateEnabled": false,
                        "maximumThroughputUnits": 1,
                        "kafkaEnabled": true
                    },
                    "eventHubs": [
                        {
                            "name": "my-evh",
                            "properties": {
                                "messageRetentionInDays": 1,
                                "partitionCount": 1,
                                "status": "Active"
                            },
                            "authorizationRulesRights": [
                                {
                                    "name": "Rule1",
                                    "rights": ["Listen"]
                                },
                                {
                                    "name": "Rule2",
                                    "rights": ["Listen"]
                                }                               
                            ]
                        }
                    ]
                }
            ]
        }
    }
}

Answers

Chosen as BEST ANSWER

Main Module that calls a sub module. Note the the last module loops around each Event Hub and calls a sub module passing in an array:

resource eventHubNS 'Microsoft.EventHub/namespaces@2022-01-01-preview' = {
  name: name
  location: location
  tags: tags
  sku: sku
  properties: {
    disableLocalAuth: disableLocalAuth
    isAutoInflateEnabled: isAutoInflateEnabled
    maximumThroughputUnits: (isAutoInflateEnabled == true) ? maximumThroughputUnits : null
    minimumTlsVersion: minimumTlsVersion
    publicNetworkAccess: publicNetworkAccess
    zoneRedundant: zoneRedundant
    kafkaEnabled: kafkaEnabled
  }
}

module eventHub 'eventHub.bicep' = [for ns in eventHubs: {
  dependsOn: [eventHubNS]
  name: ns.name
  params: {
    eventHubNamespace: name
    name: ns.name
    messageRetentionInDays: ns.properties.messageRetentionInDays
    partitionCount: ns.properties.partitionCount
    status: ns.properties.status
    authorizationRulesRights: ns.authorizationRulesRights
  }
}]

And then the sub module file:

param eventHubNamespace string
param name string
param messageRetentionInDays int
param partitionCount int
param status string
param authorizationRulesRights array

resource eventHubExists 'Microsoft.EventHub/namespaces@2022-01-01-preview' existing = {
  name: eventHubNamespace
}

resource eventHubNS 'Microsoft.EventHub/namespaces/eventhubs@2022-01-01-preview' =  {
  parent: eventHubExists
  name: name
  properties: {
    messageRetentionInDays: messageRetentionInDays
    partitionCount: partitionCount
    status: status
  }
  resource eventHubAuthRules 'authorizationRules@2022-01-01-preview' = [for ar in authorizationRulesRights: {
   name: ar.name
   properties: {
     rights: ar.rights
     }
   }]
}

(Edit)

You could always create a module to create the authorization rules:

// authorizationRules.bicep

param eventHubNSName string
param authorizationRulesRights array

resource eventHubNS 'Microsoft.EventHub/namespaces/eventhubs@2022-01-01-preview' existing = {
  name: eventHubNSName
}

resource eventHubAuthRules 'Microsoft.EventHub/namespaces/eventhubs/authorizationRules@2022-01-01-preview' = [for ar in authorizationRulesRights: {
  parent: eventHubNS
  name: ar.name
  properties: {
    rights: ar.rights
  }
}]

And invoke it like that:

...
param eventHubs array

resource eventHubNS 'Microsoft.EventHub/namespaces/eventhubs@2022-01-01-preview' = [for ns in eventHubs: {
  parent: eventHub
  name: ns.name
  properties: {
    messageRetentionInDays: ns.properties.messageRetentionInDays
    partitionCount: ns.properties.partitionCount
    status: ns.properties.status
  }  
}]

module eventHubAuthRules 'authorizationRules.bicep' = [for (ns, i) in eventHubs: {
  name: 'authorizationRules-${ns.name}'
  params: {
    eventHubNSName: eventHubNS[i].name
    authorizationRulesRights: ns.authorizationRulesRights    
  }
}]

Please signup or login to give your own answer.

Click here to cancel reply.