I am attempting to create a Bicep CosmosDb library based on the ResourceModules published my the MS Bicep team. I can successfully spin up the CosmosDb instance with Private Endpoints and on the first run the creation of the Sql container also works. On subsequent runs of the pipeline it fails on the Container with the below error message.
...{"Errors":["The input content is invalid - 'analyticalStorageTtl' is not a valid property in the current payload."]}...
I'm unsure why this is the case as I'm not passing that element to ARM and assume it's defaulted somewhere. Problem is if I do pass it with a valid value I still get the error. Anyone any idea how to get around this?
EDIT:
OK, this is a little strange and more than a little concerning. The issue I was getting on Friday has disappeared and the deployment is now working on subsequent runs. None of the Bicep files or configuration has changed. I'm a little concerned over the stability of Bicep as a direction for our infrastructure deployments now.
Json (snippet)
"cosmosDbSqlwithPrivateEndpoints":{
"value":{
"name": "cosdb-eun-h1s01-dev-iacsql123",
"resourceGroup": "rg-eun-h1s01-dev-iac",
"sqlDatabases": [
{
"name": "mySqlDb",
"throughput": 400,
"containers": [
{
"conflictResolutionPolicy": {
"conflictResolutionPath": "/myId",
"mode": "LastWriterWins"
},
"defaultTtl": 1000,
"indexingPolicy": {
"automatic": true
},
"kind": "Hash",
"name": "container-001",
"paths": [
"/myPartitionKey"
],
"throughput": 400,
"uniqueKeyPolicyKeys": [
{
"paths": [
"/firstName"
]
},
{
"paths": [
"/lastName"
]
}
]
}
]
}
],
"privateEndpoints": [
{
"name": "pep-eun-h1s01-iac-cosdb-eun-iac123-sql",
"resourceGroup": "",
"subnet": {
"name": "snet-eun-h1s01-iac-storagepep",
"virtualNetworkResourceGroupName": "rg-eun-h1s01-dev-iac",
"virtualNetworkName": "vnet-eun-h1s01-iac-storage"
},
"groupIds": ["Sql"],
"ipConfigurations": [
{
"name": "default",
"properties": {
"memberName": "cosdb-eun-h1s01-dev-iacsql123",
"groupId": "Sql",
"privateIPAddress": "10.100.1.13"
}
},
{
"name": "northeurope",
"properties": {
"memberName": "cosdb-eun-h1s01-dev-iacsql123-northeurope",
"groupId": "Sql",
"privateIPAddress": "10.100.1.14"
}
}
// ,
// {
// "name": "westeurope",
// "properties": {
// "memberName": "cosdb-eun-h1s01-dev-iacsql123-westeurope",
// "groupId": "Sql",
// "privateIPAddress": "10.100.1.15"
// }
// }
],
"privateDns":{
"name" : "privatelink.documents.azure.com",
"resourceGroupName": ""
},
"tags": {
"Application": "Infrastructure as Code",
"CompanyCode": "V025",
"Critcality": "Category 1",
"Description": "CosmosDb private endpoint for Sql",
"Environment": "DEV",
"InternalOrder_CostCenter": "90020989",
"RemedyID": "CR999999",
"Version": "v1.0"
}
}
],
"diagnosticSettings":{
"storageAccount": {
"resourceGroup": "rg-eun-h1s01-dev-iac",
"accountName": "streundeviacdiag111"
},
"logAnalyticsWorkspace": {
"resourceGroup": "rg-euw-odpdev-shared-analytics",
"accountName": "law-euw-odpdev-7b08-default"
}
},
"tags": {
"Application": "Infrastructure as Code",
"CompanyCode": "V025",
"Critcality": "Category 1",
"Description": "CosmosDb with NoSql for IaC",
"Environment": "DEV",
"InternalOrder_CostCenter": "90020989",
"RemedyID": "CR999999",
"Version": "v1.0"
}
}
},
Main.bicep (snippet)
@description('The cosmos db with sql engine configuration from the environment json parameters file')
param cosmosDbSqlwithPrivateEndpoints object
module cosmosDbSql 'br/Storage:cosmosdb:v0.1' = {
name: 'cosmosDbSql-${cosmosDbSqlwithPrivateEndpoints.name}-${uniqueString(cosmosDbSqlwithPrivateEndpoints.name)}'
scope: cosmosDbSqlwithPrivateEndpoints.resourceGroup != '' ? resourceGroup(cosmosDbSqlwithPrivateEndpoints.resourceGroup) : resourceGroup()
params: {
name: cosmosDbSqlwithPrivateEndpoints.name
defaultConsistencyLevel: contains(cosmosDbSqlwithPrivateEndpoints, 'defaultConsistencyLevel') ? cosmosDbSqlwithPrivateEndpoints.defaultConsistencyLevel : 'Session'
enableFreeTier: contains(cosmosDbSqlwithPrivateEndpoints, 'enableFreeTier') ? cosmosDbSqlwithPrivateEndpoints.enableFreeTier : false
capabilitiesToAdd:['EnableServerless']
sqlDatabases: cosmosDbSqlwithPrivateEndpoints.sqlDatabases
privateEndpoints: cosmosDbSqlwithPrivateEndpoints.privateEndpoints
diagnosticStorageAccountId: resourceId(cosmosDbSqlwithPrivateEndpoints.diagnosticSettings.storageAccount.resourceGroup, 'Microsoft.Storage/storageAccounts', cosmosDbSqlwithPrivateEndpoints.diagnosticSettings.storageAccount.accountName)
diagnosticWorkspaceId: resourceId(cosmosDbSqlwithPrivateEndpoints.diagnosticSettings.logAnalyticsWorkspace.resourceGroup, 'Microsoft.OperationalInsights/workspaces', cosmosDbSqlwithPrivateEndpoints.diagnosticSettings.logAnalyticsWorkspace.accountName)
tags: cosmosDbSqlwithPrivateEndpoints.tags
}
}
CosmosDb.bicep
@description('Required. Name of the Database Account.')
param name string
@description('Optional. Location for all resources.')
param location string = resourceGroup().location
@description('Required. An array of private endpoints objects')
param privateEndpoints array
@allowed([
'Eventual'
'ConsistentPrefix'
'Session'
'BoundedStaleness'
'Strong'
])
@description('Optional. The default consistency level of the Cosmos DB account.')
param defaultConsistencyLevel string = 'Session'
@description('Optional. Flag to indicate whether Free Tier is enabled.')
param enableFreeTier bool = false
@description('Optional. SQL Databases configurations.')
param sqlDatabases array = []
@description('Optional. MongoDB Databases configurations.')
param mongodbDatabases array = []
@description('Optional. Gremlin Databases configurations.')
param gremlinDatabases array = []
@allowed([
'EnableCassandra'
'EnableTable'
'EnableGremlin'
'EnableMongo'
'DisableRateLimitingResponses'
'EnableServerless'
])
@description('Optional. List of Cosmos DB capabilities for the account.')
param capabilitiesToAdd array = []
@description('Optional. Resource ID of the diagnostic storage account.')
param diagnosticStorageAccountId string = ''
@description('Optional. Resource ID of the log analytics workspace.')
param diagnosticWorkspaceId string = ''
@description('Optional. Tags of the Database Account resource.')
param tags object = {}
//Default Values
var backupIntervalInMinutes = 240
var backupPolicyType = 'Continuous'
var backupPolicyContinuousTier = 'Continuous30Days'
var backupRetentionIntervalInHours = 8
var backupStorageRedundancy = 'Local'
var databaseAccountOfferType = 'Standard'
var automaticFailover = true
var maxIntervalInSeconds = 300
var maxStalenessPrefix = 100000
var serverVersion = '4.2'
var systemAssignedIdentity = true
var userAssignedIdentities = {}
var locations = contains(capabilitiesToAdd, 'EnableServerless') ? [
{
failoverPriority: 0
locationName: 'North Europe'
isZoneRedundant: false
}
] : [
{
failoverPriority: 0
locationName: 'North Europe'
isZoneRedundant: false
}
{
failoverPriority: 1
locationName: 'West Europe'
isZoneRedundant: false
}
]
//Build diagnostics objects
var diagnosticLogsRetentionInDays = 365
var diagnosticLogCategoriesToEnable = ['allLogs']
var diagnosticMetricsToEnable = ['Requests']
var diagnosticSettingsName = 'diag-${name}-cosmos-log'
var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): {
category: category
enabled: true
retentionPolicy: {
enabled: true
days: diagnosticLogsRetentionInDays
}
}]
var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [
{
categoryGroup: 'allLogs'
enabled: true
retentionPolicy: {
enabled: true
days: diagnosticLogsRetentionInDays
}
}
] : diagnosticsLogsSpecified
var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: {
category: metric
timeGrain: null
enabled: true
retentionPolicy: {
enabled: true
days: diagnosticLogsRetentionInDays
}
}]
var identityType = systemAssignedIdentity ? (!empty(userAssignedIdentities) ? 'SystemAssigned, UserAssigned' : 'SystemAssigned') : (!empty(userAssignedIdentities) ? 'UserAssigned' : 'None')
var identity = identityType != 'None' ? {
type: identityType
userAssignedIdentities: !empty(userAssignedIdentities) ? userAssignedIdentities : null
} : null
var consistencyPolicy = {
Eventual: {
defaultConsistencyLevel: 'Eventual'
}
ConsistentPrefix: {
defaultConsistencyLevel: 'ConsistentPrefix'
}
Session: {
defaultConsistencyLevel: 'Session'
}
BoundedStaleness: {
defaultConsistencyLevel: 'BoundedStaleness'
maxStalenessPrefix: maxStalenessPrefix
maxIntervalInSeconds: maxIntervalInSeconds
}
Strong: {
defaultConsistencyLevel: 'Strong'
}
}
var databaseAccount_locations = [for location in locations: {
failoverPriority: location.failoverPriority
isZoneRedundant: location.isZoneRedundant
locationName: location.locationName
}]
var kind = !empty(sqlDatabases) || !empty(gremlinDatabases) ? 'GlobalDocumentDB' : (!empty(mongodbDatabases) ? 'MongoDB' : 'Parse')
var capabilities = [for capability in capabilitiesToAdd: {
name: capability
}]
var backupPolicy = backupPolicyType == 'Continuous' ? {
type: backupPolicyType
continuousModeProperties: {
tier: backupPolicyContinuousTier
}
} : {
type: backupPolicyType
periodicModeProperties: {
backupIntervalInMinutes: backupIntervalInMinutes
backupRetentionIntervalInHours: backupRetentionIntervalInHours
backupStorageRedundancy: backupStorageRedundancy
}
}
var databaseAccount_properties = union(
{databaseAccountOfferType: databaseAccountOfferType },
{networkAclBypass: 'AzureServices'},
{publicNetworkAccess: 'Disabled'},
((!empty(sqlDatabases) || !empty(mongodbDatabases) || !empty(gremlinDatabases)) ? {
// Common properties
consistencyPolicy: consistencyPolicy[defaultConsistencyLevel]
locations: databaseAccount_locations
capabilities: capabilities
enableFreeTier: enableFreeTier
backupPolicy: backupPolicy
} : {}),
(!empty(sqlDatabases) ? {
// SQLDB properties
enableAutomaticFailover: automaticFailover
} : {}),
(!empty(mongodbDatabases) ? {
// MongoDb properties
apiProperties: {
serverVersion: serverVersion
}
} : {})
)
var enableDefaultTelemetry = true
resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}'
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: []
}
}
}
resource databaseAccount 'Microsoft.DocumentDB/databaseAccounts@2022-08-15' = {
name: name
location: location
tags: tags
identity: identity
kind: kind
properties: databaseAccount_properties
}
resource databaseAccount_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId))) {
name: !empty(diagnosticSettingsName) ? diagnosticSettingsName : '${name}-diagnosticSettings'
properties: {
storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null
workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null
metrics: diagnosticsMetrics
logs: diagnosticsLogs
}
scope: databaseAccount
}
module databaseAccount_sqlDatabases 'br/Storage:cosmosdb/sql:v0.1' = [for sqlDatabase in sqlDatabases: {
name: '${uniqueString(deployment().name, location)}-sqldb-${sqlDatabase.name}'
params: {
databaseAccountName: databaseAccount.name
name: sqlDatabase.name
containers: contains(sqlDatabase, 'containers') ? sqlDatabase.containers : []
throughput: contains(sqlDatabase, 'throughput') ? sqlDatabase.throughput : 400
autoscaleSettingsMaxThroughput: contains(sqlDatabase, 'autoscaleSettingsMaxThroughput') ? sqlDatabase.autoscaleSettingsMaxThroughput : -1
}
}]
module databaseAccount_mongodbDatabases 'br/Storage:cosmosdb/mongo:v0.1' = [for mongodbDatabase in mongodbDatabases: {
name: '${uniqueString(deployment().name, location)}-mongodb-${mongodbDatabase.name}'
params: {
databaseAccountName: databaseAccount.name
name: mongodbDatabase.name
collections: contains(mongodbDatabase, 'collections') ? mongodbDatabase.collections : []
}
}]
module databaseAccount_gremlinDatabases 'br/Storage:cosmosdb/gremlin:v0.1' = [for gremlinDatabase in gremlinDatabases: {
name: '${uniqueString(deployment().name, location)}-gremlin-${gremlinDatabase.name}'
params: {
databaseAccountName: databaseAccount.name
name: gremlinDatabase.name
graphs: contains(gremlinDatabase, 'graphs') ? gremlinDatabase.graphs : []
}
}]
////////////////////////////////////////////////////////////////////
//Assign Private Endpoint to the Storage account sub resource type//
////////////////////////////////////////////////////////////////////
module privateEndpointsModule 'br/Network:privateendpoint:v0.1' = [for endpoint in privateEndpoints: {
name: 'pep-${endpoint.name}-${uniqueString(endpoint.name, location)}'
scope: endpoint.resourceGroup != '' ? resourceGroup(endpoint.resourceGroup) : resourceGroup()
params: {
name: endpoint.name
location: location
serviceResourceId: databaseAccount.id
subnetResourceId: resourceId(endpoint.subnet.virtualNetworkResourceGroupName, 'Microsoft.Network/virtualNetworks/subnets', endpoint.subnet.virtualNetworkName, endpoint.subnet.name)
ipConfigurations: endpoint.ipConfigurations
groupIds: endpoint.groupIds
privateDnsZoneGroup: {
name: endpoint.privateDns.name
privateDNSResourceIds: [resourceId(endpoint.privateDns.resourceGroupName != '' ? endpoint.privateDns.resourceGroupName : resourceGroup().name, 'Microsoft.Network/privateDnsZones/', endpoint.privateDns.name)]
}
tags: endpoint.tags
}
}]
@description('The name of the database account.')
output name string = databaseAccount.name
@description('The resource ID of the database account.')
output id string = databaseAccount.id
@description('The name of the resource group the database account was created in.')
output resourceGroupName string = resourceGroup().name
@description('The principal ID of the system assigned identity.')
output systemAssignedPrincipalId string = systemAssignedIdentity && contains(databaseAccount.identity, 'principalId') ? databaseAccount.identity.principalId : ''
@description('The location the resource was deployed into.')
output location string = databaseAccount.location
CosmosSql.bicep
@description('Conditional. The name of the parent Database Account. Required if the template is used in a standalone deployment.')
param databaseAccountName string
@description('Required. Name of the SQL database .')
param name string
@description('Optional. Array of containers to deploy in the SQL database.')
param containers array = []
@description('Optional. Request units per second. Will be set to null if autoscaleSettingsMaxThroughput is used.')
param throughput int = 400
@description('Optional. Specifies the Autoscale settings and represents maximum throughput, the resource can scale up to. The autoscale throughput should have valid throughput values between 1000 and 1000000 inclusive in increments of 1000. If value is set to -1, then the property will be set to null and autoscale will be disabled.')
param autoscaleSettingsMaxThroughput int = -1
@description('Optional. Tags of the SQL database resource.')
param tags object = {}
@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
var enableDefaultTelemetry = true
resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}'
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: []
}
}
}
resource databaseAccount 'Microsoft.DocumentDB/databaseAccounts@2022-08-15' existing = {
name: databaseAccountName
}
resource sqlDatabase 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases@2022-08-15' = {
name: name
parent: databaseAccount
tags: tags
properties: {
resource: {
id: name
}
options: contains(databaseAccount.properties.capabilities, { name: 'EnableServerless' }) ? null : {
throughput: autoscaleSettingsMaxThroughput == -1 ? throughput : null
autoscaleSettings: autoscaleSettingsMaxThroughput != -1 ? {
maxThroughput: autoscaleSettingsMaxThroughput
} : null
}
}
}
module container 'br/Storage:cosmosdb/sql/containers:v0.1' = [for container in containers: {
name: '${uniqueString(deployment().name, sqlDatabase.name)}-sqldb-${container.name}'
params: {
databaseAccountName: databaseAccountName
sqlDatabaseName: name
name: container.name
autoscaleSettingsMaxThroughput: contains(container, 'autoscaleSettingsMaxThroughput') ? container.autoscaleSettingsMaxThroughput : -1
conflictResolutionPolicy: contains(container, 'conflictResolutionPolicy') ? container.conflictResolutionPolicy : {}
defaultTtl: contains(container, 'defaultTtl') ? container.defaultTtl : -1
indexingPolicy: contains(container, 'indexingPolicy') ? container.indexingPolicy : {}
kind: contains(container, 'kind') ? container.kind : 'Hash'
paths: contains(container, 'paths') ? container.paths : []
throughput: contains(container, 'throughput') ? container.throughput : 400
uniqueKeyPolicyKeys: contains(container, 'uniqueKeyPolicyKeys') ? container.uniqueKeyPolicyKeys : []
}
}]
@description('The name of the SQL database.')
output name string = sqlDatabase.name
@description('The resource ID of the SQL database.')
output resourceId string = sqlDatabase.id
@description('The name of the resource group the SQL database was created in.')
output resourceGroupName string = resourceGroup().name
CosmosSqlDbContainer.bicep
@description('Required. The name of the parent Database Account. Required if the template is used in a standalone deployment.')
param databaseAccountName string
@description('Required. The name of the parent SQL Database. Required if the template is used in a standalone deployment.')
param sqlDatabaseName string
@description('Required. Name of the container.')
param name string
@description('Optional. The conflict resolution policy for the container. Conflicts and conflict resolution policies are applicable if the Azure Cosmos DB account is configured with multiple write regions.')
param conflictResolutionPolicy object = {}
@maxValue(2147483647)
@minValue(-1)
@description('Optional. Default time to live (in seconds). With Time to Live or TTL, Azure Cosmos DB provides the ability to delete items automatically from a container after a certain time period. If the value is set to "-1", it is equal to infinity, and items dont expire by default.')
param defaultTtl int = -1
@description('Optional. Request Units per second. Will be set to null if autoscaleSettingsMaxThroughput is used.')
param throughput int = 400
@maxValue(1000000)
@description('Optional. Specifies the Autoscale settings and represents maximum throughput, the resource can scale up to. The autoscale throughput should have valid throughput values between 1000 and 1000000 inclusive in increments of 1000. If value is set to -1, then the property will be set to null and autoscale will be disabled.')
param autoscaleSettingsMaxThroughput int = -1
@description('Optional. Tags of the SQL Database resource.')
param tags object = {}
@description('Optional. List of paths using which data within the container can be partitioned.')
param paths array = []
@description('Optional. Indexing policy of the container.')
param indexingPolicy object = {}
@description('Optional. The unique key policy configuration containing a list of unique keys that enforces uniqueness constraint on documents in the collection in the Azure Cosmos DB service.')
param uniqueKeyPolicyKeys array = []
@description('Optional. Indicates the kind of algorithm used for partitioning.')
@allowed([
'Hash'
'MultiHash'
'Range'
])
param kind string = 'Hash'
var enableDefaultTelemetry = true
resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}'
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: []
}
}
}
resource databaseAccount 'Microsoft.DocumentDB/databaseAccounts@2022-08-15' existing = {
name: databaseAccountName
resource sqlDatabase 'sqlDatabases@2021-07-01-preview' existing = {
name: sqlDatabaseName
}
}
resource container 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers@2022-08-15' = {
name: name
parent: databaseAccount::sqlDatabase
tags: tags
properties: {
resource: {
conflictResolutionPolicy: conflictResolutionPolicy
defaultTtl: defaultTtl
id: name
indexingPolicy: !empty(indexingPolicy) ? indexingPolicy : null
partitionKey: {
paths: paths
kind: kind
}
uniqueKeyPolicy: !empty(uniqueKeyPolicyKeys) ? {
uniqueKeys: uniqueKeyPolicyKeys
} : null
}
options: contains(databaseAccount.properties.capabilities, { name: 'EnableServerless' }) ? null : {
throughput: autoscaleSettingsMaxThroughput == -1 ? throughput : null
autoscaleSettings: autoscaleSettingsMaxThroughput != -1 ? {
maxThroughput: autoscaleSettingsMaxThroughput
} : null
}
}
}
@description('The name of the container.')
output name string = container.name
@description('The resource ID of the container.')
output resourceId string = container.id
@description('The name of the resource group the container was created in.')
output resourceGroupName string = resourceGroup().name
It's actually collection of Microsoft Employees that predominantly contribute to the modules referenced, not the Microsoft Bicep team.
I'd suggest raising an issue on the repository for that team to advise. https://github.com/Azure/ResourceModules/issues
The error you're receiving analyticalStorageTtl is not a valid property is likely because the underlying resource provider has changed and a bug has crept into the modules. Even though you're not using it, those modules generally take an approach of capturing every possible property option and then relaying to the underlying resource declaration. This approach does give flexibility, but also creates a larger error surface area - something that generally should be factored in when designing modules.
The project generally advises you use modules from a release, rather than the main branch... Perhaps this might also help you?
Default path: To avoid disruptions, use distinct versions available through releases.