Lets say a user makes the following deployment with Az CLI:
az deployment group create \
--template-file 'main.bicep'
--parameters 'params.bicepparam' \
--parameters foo='inline'
using './main.bicep'
param foo = 'test'
param bar = 0
param foo string
param bar int
In order to validate the type of the override value for parameter foo
, we need to pass it down to the Bicep CLI while ensuring that no secrects get leaked in the shell history. For this, Az CLI would set a environment variable BICEP_PARAMETERS_OVERRIDES
with following value as a JSON string:
{
"foo" : "inline"
}
Then BICEP CLI would read this value and validate value for parameter foo
.
Based on whether the value for --template
is given or using
delcaratoin is specified in the .bicepparam
file, we can run following four secnarios:
Template JSON produced from using
Prameters in .bicepparam
file already validated
Overrides validate against path from using
Template JSON produced from using
Prameters in .bicepparam
file already validated
Overrides validate against path from using
Template JSON produced from --template
should the prameters in .bicepparam
file already validated?
Overrides validate against path from --template
Throw error since deployment/validation not possible
Two low level design questions that need to be answered:
Update the syntax tree and let the Bicep compiler determine which value is incorrect (could lead to confusion with line numbers: inline values don't have line number but compiler would think they do or updating the syntax tree)
Compile .bicepparam
and throw errors
if none exits then call a different function to validate params (this produces errors without line numbers)
Then update the file after every value is validated
Note: Question 2 can be answered later (when using
is being made optional)
This can potentialy create line number issues
One strategy is to not edit the syntax tree at all just have two functions that would validate values in .bicepparam
and inline values then combine them? (somewhat similar to solution 2 for question 1)
A cleaner solution for line number issue in question 1 is to use "external" location for inline param errors (described here)