osdisk.name not allowed in azure bicep

osdisk.name not allowed in azure bicep

The error "Changing property ‘osDisk.name’ is not allowed" occurs because certain properties of a VM, like osDisk.name, are immutable once the VM is created. To resolve this issue, you need to ensure that you’re not attempting to change immutable properties during your update by following PropertyChangeNotAllowed explanation as wenbo suggested. As you mentioned you only changed the NSG rules during which you got the error.

I tried the same VM deployment bicep and then changes the NSG rules later during which I took care not changing any properties related to OS-disk because of which I was able to achieve the requirement you’re looking for.

vmdep.bicep:

@minLength(1)
param vmName string

@minLength(1)
param adminUsername string

@secure()
param adminPassword string

@minLength(1)
param location string = resourceGroup().location

param nsgName string = '${vmName}-nsg'
param vnetName string = '${vmName}-vnet'
param subnetName string = 'default'
param subnetPrefix string = '10.0.0.0/24'
param addressSpace string = '10.0.0.0/16'

resource vnet 'Microsoft.Network/virtualNetworks@2020-11-01' = {
  name: vnetName
  location: location
  properties: {
    addressSpace: {
      addressPrefixes: [
        addressSpace
      ]
    }
    subnets: [
      {
        name: subnetName
        properties: {
          addressPrefix: subnetPrefix
          networkSecurityGroup: {
            id: nsg.id
          }
        }
      }
    ]
  }
}

resource nsg 'Microsoft.Network/networkSecurityGroups@2020-11-01' = {
  name: nsgName
  location: location
  properties: {
    securityRules: [
      {
        name: 'Allow-RDP'
        properties: {
          priority: 1000
          protocol: 'Tcp'
          access: 'Allow'
          direction: 'Inbound'
          sourceAddressPrefix: '*'
          sourcePortRange: '*'
          destinationAddressPrefix: '*'
          destinationPortRange: '3389'
        }
      }
    ]
  }
}

resource nic 'Microsoft.Network/networkInterfaces@2020-11-01' = {
  name: '${vmName}-nic'
  location: location
  properties: {
    ipConfigurations: [
      {
        name: 'ipconfig1'
        properties: {
          privateIPAllocationMethod: 'Dynamic'
          subnet: {
            id: vnet.properties.subnets[0].id
          }
        }
      }
    ]
  }
}

resource vm 'Microsoft.Compute/virtualMachines@2020-06-01' = {
  name: vmName
  location: location
  properties: {
    hardwareProfile: {
      vmSize: 'Standard_DS1_v2'
    }
    osProfile: {
      computerName: vmName
      adminUsername: adminUsername
      adminPassword: adminPassword
    }
    storageProfile: {
      imageReference: {
        publisher: 'MicrosoftWindowsServer'
        offer: 'WindowsServer'
        sku: '2019-Datacenter'
        version: 'latest'
      }
      osDisk: {
        createOption: 'FromImage'
        managedDisk: {
          storageAccountType: 'Standard_LRS'
        }
      }
    }
    networkProfile: {
      networkInterfaces: [
        {
          id: nic.id
        }
      ]
    }
  }
}

Now run the command

az deployment group create --resource-group vinay-rg --template-file vmdep.bicep

deployment succeeded:

Now I Tried to upgrade NSG rules alone as shown below without changing any parameters of OS-disk

nsgupgrade.bicep:

@minLength(1)
param nsgName string
@minLength(1)
param location string = resourceGroup().location

resource nsg 'Microsoft.Network/networkSecurityGroups@2020-11-01' existing = {
  name: nsgName
}

resource nsgRule 'Microsoft.Network/networkSecurityGroups/securityRules@2020-11-01' = {
  name: 'Allow-HTTP'
  parent: nsg
  properties: {
    priority: 1001
    protocol: 'Tcp'
    access: 'Allow'
    direction: 'Inbound'
    sourceAddressPrefix: '*'
    sourcePortRange: '*'
    destinationAddressPrefix: '*'
    destinationPortRange: '80'
  }
}

now run the deployment command

az deployment group create --resource-group vinay-rg --template-file nsgupdate.bicep

Deployment succeeded: