Search code examples
azure-resource-managerazure-deploymentazure-bicep

Can I customize the depth of ARM/BICEP Deployment Script Outputs?

I have a deployment script in my bicep template that outputs a complex object. When I run the script, it works fine but I receive a warning about the output depth.

Resulting JSON is truncated as serialization has exceeded the set depth of 2.

As a result, the output for the script ends up improperly serialized

[{"objectId":"<OBJECT-ID>","tenantId":"<MY-TENANT-ID>","permissions":"System.Collections.Generic.Dictionary`2[System.String,System.Collections.Generic.List`1[System.String]]"}]

Is there a way to customize the serialization depth for the deployment script output? For reference, here is the script. It gets a list of access policies for an existing keyvault and tries to save it as a script output.

resource getAccessPolicies 'Microsoft.Resources/deploymentScripts@2020-10-01' =  {
  name: '${keyvaultName}_Get_AccessPolicies_Script'
  location: locationName
  identity: {
    type: 'UserAssigned'
    userAssignedIdentities: {
      '${userAssignedIdentityResourceId}': {}
    }
  }
  kind: 'AzurePowerShell'
  properties: {
    arguments: '-keyVaultName ${keyvaultName} -keyvaultResourceGroupName ${resourceGroup().name} -subscriptionId ${subscription().subscriptionId}'
    azPowerShellVersion: '7.2'
    retentionInterval: 'P1D'
    cleanupPreference: 'OnSuccess'
    timeout: 'PT15M'

    scriptContent: '''
      param([string] $keyVaultName, [string] $keyvaultResourceGroupName, [string] $subscriptionId)
      $DeploymentScriptOutputs = @{}
      $DeploymentScriptOutputs['AccessPolicies'] = @()
      $keyVault = Get-AzKeyVault -VaultName $keyVaultName -ResourceGroupName $keyvaultResourceGroupName -SubscriptionId $subscriptionId
      if ($keyVault -eq $null)
      {
        return
      }

      foreach ($policy in $keyVault.AccessPolicies)
      {
        $accessPolicy = @{
          objectId = $policy.ObjectId
          tenantId = $policy.TenantId
          permissions = new-object 'System.Collections.Generic.Dictionary[System.String,System.Collections.Generic.List[System.String]]'
        }
    
        $accessPolicy.permissions["certificates"] = $policy.PermissionsToCertificates.Split(" ")
        $accessPolicy.permissions["keys"] = $policy.PermissionsToKeys.Split(" ")
        $accessPolicy.permissions["secrets"] = $policy.PermissionsToSecrets.Split(" ")
    
        $DeploymentScriptOutputs['AccessPolicies'] += $accessPolicy
      }
      '''
  }
}
Solution

  • Depth is not customizable, for a generic solution just use a string instead of a hash table, see:

    https://github.com/Azure/bicep/issues/6438