I have an ARM template for an Azure DNS zone that has many Microsoft.Network/dnszones/* resources for A, CNAME, TXT records, etc. I've been able to deploy new records and change records successfully through deployments.
I just noticed however that when I deleted resources corresponding to some DNS records in the ARM template, a deployment of that template didn't actually delete the records in the Azure DNS zone, although the deployment succeeded.
This seems like it breaks the declarative nature of ARM templates if I deleted a resource in the template and it still exists after deployment without errors.
Or am I misunderstanding something about the way the resource provider works?
There are two modes in which ARM templates can be deployed:
Incremental: In incremental mode, Resource Manager leaves unchanged resources that exist in the resource group but aren't specified in the template. Resources in the template are added to the resource group.
Complete: In complete mode, Resource Manager deletes resources that exist in the resource group but aren't specified in the template.
The default mode is incremental, which is why you're not seeing the deleted resources being removed.
To set the deployment mode to Complete explicitly when deploying with PowerShell, use the Mode parameter as:
New-AzResourceGroupDeployment `
-Mode Complete `
-Name ExampleDeployment `
-ResourceGroupName ExampleResourceGroup `
-TemplateFile c:\MyTemplates\storage.json
Tip: Always use the what-if operation before deploying a template in complete mode. What-if shows you which resources will be created, deleted, or modified. Use what-if to avoid unintentionally deleting resources.