Search code examples
azure-resource-managerazure-bicepazure-app-service-envrmnt

Bicep App Service Environment deployment fails after initial deployment

I am currently using Bicep to deploy an ILB ASE v3 inside my vNet. My Bicep file is based on the latest release Bicep v0.10 release. The Network Security Group has been configured inline with the Microsoft ASE Network consideration doc

The problem I am experiencing is if I run the deployment the first time it works without issue. However, every time I redeploy it fails with a "Not Supported" error as below.

{
  "code": "BadRequest",
  "message": "An error occurred when updating the ase-eun-h1s01-dev-iac entry : {\"Message\":\"Not supported.\"}",
  "details": [
    {
      "message": "An error occurred when updating the ase-eun-h1s01-dev-iac entry : {\"Message\":\"Not supported.\"}"
    },
    {
      "code": "BadRequest"
    },
    {}
  ]
}

It gives me no further inforamtion. So, what I am left wondering is if deploying the template to update the ILB ASE or just as part of a subsequent pipeline run is supported?

Main Bicep file (snippet)

module appServiceEnvironmentv3 'br/Compute:asev3:v0.1' = {
  name: 'asev3-${appServiceEnvironment.name}-${uniqueString(appServiceEnvironment.name)}'
  scope: appServiceEnvironment.resourceGroup != '' ? resourceGroup(appServiceEnvironment.resourceGroup)  : resourceGroup()
  params: {
    name: appServiceEnvironment.name
    location: location
    subnetResourceId: resourceId(appServiceEnvironment.subnet.virtualNetworkResourceGroupName, 'Microsoft.Network/virtualNetworks/subnets', appServiceEnvironment.subnet.virtualNetworkName, appServiceEnvironment.subnet.name)
    diagnosticStorageAccountId: resourceId(appServiceEnvironment.diagnosticSettings.storageAccount.resourceGroup, 'Microsoft.Storage/storageAccounts', appServiceEnvironment.diagnosticSettings.storageAccount.accountName)
    diagnosticWorkspaceId: resourceId(appServiceEnvironment.diagnosticSettings.logAnalyticsWorkspace.resourceGroup, 'Microsoft.OperationalInsights/workspaces', appServiceEnvironment.diagnosticSettings.logAnalyticsWorkspace.accountName)      
    tags: appServiceEnvironment.tags
  }
}

App Service Environment Bicep file

@description('Required. Name of the App Service Environment.')
@minLength(1)
param name string

@description('Optional. Location for all resources.')
param location string = resourceGroup().location

@description('Required. ResourceId for the subnet.')
param subnetResourceId string

@description('Optional. Resource ID of the diagnostic storage account.')
param diagnosticStorageAccountId string = ''

@description('Optional. Resource ID of the diagnostic log analytics workspace.')
param diagnosticWorkspaceId string = ''

@description('Optional. Resource tags.')
param tags object = {}

//Default Values
var allowNewPrivateEndpointConnections = false
var clusterSettings = [
  {
    name: 'DisableTls1.0'
    value: '1'
  }
]
var dedicatedHostCount = 0
var dnsSuffix = ''
var frontEndScaleFactor = 15
var ftpEnabled = true
var internalLoadBalancingMode = 'Web, Publishing'
var inboundIpAddressOverride = ''
var ipsslAddressCount = 0
var kind = 'ASEv3'
var multiSize = ''
var remoteDebugEnabled = true
var upgradePreference = 'None'
var userWhitelistedIpRanges = []
var zoneRedundant = false

//Default Values
var diagnosticLogCategoriesToEnable = ['allLogs']
var diagnosticLogsRetentionInDays = 365
var diagnosticSettingsName = 'diag-${name}-asev3-log'
var diagnosticEventHubAuthorizationRuleId = ''
var diagnosticEventHubName = ''

var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): {
  category: category
  enabled: true
  retentionPolicy: {
    enabled: true
    days: diagnosticLogsRetentionInDays
  }
}]

var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [
  {
    categoryGroup: 'allLogs'
    enabled: true
    retentionPolicy: {
      enabled: true
      days: diagnosticLogsRetentionInDays
    }
  }
] : diagnosticsLogsSpecified

//Telemetry
var enableDefaultTelemetry = true
resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
  name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}'
  properties: {
    mode: 'Incremental'
    template: {
      '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
      contentVersion: '1.0.0.0'
      resources: []
    }
  }
}

// Create ASE v3
resource appServiceEnvironment 'Microsoft.Web/hostingEnvironments@2022-03-01' = {
  name: name
  kind: kind
  location: location
  tags: tags
  properties: {
    clusterSettings: clusterSettings
    dedicatedHostCount: dedicatedHostCount != 0 ? dedicatedHostCount : null
    dnsSuffix: dnsSuffix
    frontEndScaleFactor: frontEndScaleFactor
    internalLoadBalancingMode: internalLoadBalancingMode
    ipsslAddressCount: ipsslAddressCount != 0 ? ipsslAddressCount : null
    multiSize: !empty(multiSize) ? any(multiSize) : null
    upgradePreference: upgradePreference
    userWhitelistedIpRanges: !empty(userWhitelistedIpRanges) ? userWhitelistedIpRanges : null
    virtualNetwork: {
      id: subnetResourceId
      subnet: last(split(subnetResourceId, '/'))
    }
    zoneRedundant: zoneRedundant
  }
}

resource configuration 'Microsoft.Web/hostingEnvironments/configurations@2022-03-01' = {
  name: 'networking'
  parent: appServiceEnvironment
  properties: {
    allowNewPrivateEndpointConnections: allowNewPrivateEndpointConnections
    ftpEnabled: ftpEnabled
    inboundIpAddressOverride: inboundIpAddressOverride
    remoteDebugEnabled: remoteDebugEnabled
  }
}

resource appServiceEnvironment_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId)) {
  name: !empty(diagnosticSettingsName) ? diagnosticSettingsName : '${name}-diagnosticSettings'
  properties: {
    storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null
    workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null
    eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null
    eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null
    logs: diagnosticsLogs
  }
  scope: appServiceEnvironment
}

@description('The resource ID of the App Service Environment.')
output resourceId string = appServiceEnvironment.id

@description('The resource group the App Service Environment was deployed into.')
output resourceGroupName string = resourceGroup().name

@description('The name of the App Service Environment.')
output name string = appServiceEnvironment.name

@description('The location the resource was deployed into.')
output location string = appServiceEnvironment.location
Solution

  • This was resolved as part of this Merge

    The fix was specifically around the DNSSuffix property:

    dnsSuffix: !empty(dnsSuffix) ? dnsSuffix : null