We are trying to create Azure alerts through bicep and KQL queries and using for loop to create multiple alerts. Unfortunately we are getting the errors while executing the code
alerts.bicep
// Parameters
@description('Log alerts parameter from j son')
param logAlertParam object
@description('Location of Resource group ')
param location string
@description('Id of the action group')
param actiongroups_rcp_externalid string
@description('Id of the log analtyics workspace')
param workspaceResourceId string
resource logAlertQuerySymbolicname 'Microsoft.Insights/scheduledQueryRules@2022-06-15'
= [ for component in logAlertParam.infraComponents: {
name: component.alertRuleName
location: location
kind: 'LogAlert'
properties: {
actions: {
actionGroups: [
actiongroups_rcp_externalid
]
customProperties: {}
}
autoMitigate: false
checkWorkspaceAlertsStorageConfigured: false
criteria: {
allOf: [
{
query: component.queryParam
timeAggregation: component.timeaggregation
dimensions: []
operator: component.operator
threshold: 1
failingPeriods: {
numberOfEvaluationPeriods: 1
minFailingPeriodsToAlert: 1
}
}
]
}
displayName: component.alertRuleName
enabled: true
evaluationFrequency: component.evaluationFrequency
scopes: [
workspaceResourceId
]
severity: component.severity
skipQueryValidation: false
targetResourceTypes: component.targetResourceType
windowSize: component.windowsize
}
}]
parameters.json
{
"logAlertParam": {
"infraComponents": [
{
"alertRuleName": "AKS-Cluster-Deletion",
"queryParam": "AzureActivity\n| where ResourceProviderValue
contains \"MICROSOFT.CONTAINERSERVICE\" and
OperationNameValue contains
\"MICROSOFT.CONTAINERSERVICE/MANAGEDCLUSTERS/DELETE\"\n|
where ActivityStatusValue contains \"Success\"\n| project
TimeGenerated, _ResourceId, Caller, ActivityStatusValue,
CallerIpAddress\n",
"timeaggregation": "Count",
"operator": "GreaterThanOrEqual",
"evaluationFrequency": "P1D",
"severity": 0,
"ResourceType":
"Microsoft.ContainerService/managedClusters",
"windowSize": "P1D",
"threshold": 1
}
]
}
}
While running with this configuration we are getting following error.
2023-02-20T14:59:20.6470013Z ERROR: {"status":"Failed","error":
{"code":"DeploymentFailed","message":"At least one resource deployment
operation failed. Please list deployment operations for details. Please see
https://aka.ms/arm-deployment-operations for usage details.","details":
[{"code":"Conflict","message":"{\r\n \"status\": \"Failed\",\r\n \"error\":
{\r\n \"code\": \"ResourceDeploymentFailure\",\r\n \"message\": \"The
'AzureAsyncOperationWaiting' resource operation completed with terminal
provisioning state 'Failed'.\",\r\n \"details\": [\r\n {\r\n
\"code\": \"DeploymentFailed\",\r\n \"message\": \"At least one resource
deployment operation failed. Please list deployment operations for details.
Please see https://aka.ms/arm-deployment-operations for usage details.\",\r\n
\"details\": [\r\n {\r\n \"code\": \"BadRequest\",\r\n
\"message\": \"{\\r\\n \\\"error\\\": {\\r\\n \\\"code\\\":
\\\"BadRequest\\\",\\r\\n \\\"message\\\": \\\"{\\\\r\\\\n
\\\\\\\"error\\\\\\\": {\\\\r\\\\n \\\\\\\"code\\\\\\\":
\\\\\\\"InvalidRequestContent\\\\\\\",\\\\r\\\\n \\\\\\\"message\\\\\\\":
\\\\\\\"The request content was invalid and could not be deserialized: 'Error
converting value
**\\\\\\\\\\\\\\\"Microsoft.ContainerService/managedClusters\\\\\\\\\\\\\\\" to
type 'System.Collections.Generic.List`1[System.String]'. Path
'properties.targetResourceTypes', line 1, position 1185.'**\\\\\\\"\\\\r\\\\n
}\\\\r\\\\n}\\\"\\r\\n }\\r\\n}\"\r\n }\r\n ]\r\n }\r\n
]\r\n }\r\n}"}]}}
Query is providing the output as expected on log analytics workspace, however when we passing the same query to bicep file its giving the above error. What is going wrong the the config?
Correcting targetResourceTypes as below resolved the issue:
targetResourceTypes: [
component.targetResourceType
]