ResourceModules
ResourceModules copied to clipboard
[Bug Report]: Configuration of CustomScriptExtension (Virtual Machines) is faulty
Describe the bug
According to the CustomScriptExtension docs, the property "fileUri" should be set in "protectedSettings" under certain conditions, but it can be specified in public settings too. It has to be set in either of those, otherwise there will be an error.
Now this is the bug: the current "CustomScriptExtension" code hardcodes the "fileUri" property to the public settings, meaning you can't set it in the protected settings.
Apart from this issue, the current code is IMHO much too restricting in how you can use this extension. The code should not be too restricting in how you can use the extension, because this keeps users from deploying useful and valid configurations. Please see the "Code snippet" box for the code I am referring to (file is: .../Microsoft.Compute/virtualMachines/deploy.bicep). In my opinion, the code should be just like the one from the preceding "DesiredStateConfiguration" Extension - here, the settings are handled this way:
// ...
settings: contains(extensionDSCConfig, 'settings') ? extensionDSCConfig.settings : {}
protectedSettings: contains(extensionDSCConfig, 'protectedSettings') ? extensionDSCConfig.protectedSettings : {}
// ...
So I believe the best implementation for the "CustomScriptExtension" would just be:
// ...
settings: contains(extensionCustomScriptConfig, 'settings') ? extensionCustomScriptConfig.settings : {}
protectedSettings: contains(extensionCustomScriptConfig, 'protectedSettings') ? extensionCustomScriptConfig.protectedSettings : {}
// ...
BTW: why does the extension depend on the "DesiredStateConfiguration" extension? there is a "depends_on". you may want to check this too, while you are at it! ;)
To reproduce
Just see current code: v0.10.0
Code snippet
module vm_customScriptExtension 'extensions/deploy.bicep' = if (extensionCustomScriptConfig.enabled) {
name: '${uniqueString(deployment().name, location)}-VM-CustomScriptExtension'
params: {
virtualMachineName: vm.name
name: 'CustomScriptExtension'
// ...
settings: {
fileUris: [for fileData in extensionCustomScriptConfig.fileData: contains(fileData, 'storageAccountId') ? '${fileData.uri}?${listAccountSas(fileData.storageAccountId, '2019-04-01', accountSasProperties).accountSasToken}' : fileData.uri]
}
protectedSettings: extensionCustomScriptProtectedSetting
// ...
}
dependsOn: [
vm_desiredStateConfigurationExtension
]
}
Relevant log output
No response