bicep icon indicating copy to clipboard operation
bicep copied to clipboard
verified publisher icon Azure

@onlyIfNotExists() should support a definable clause

Open kmongwa opened this issue 2 months ago • 1 comments

Issue:

@onlyIfNotExists() is good, but it appears to validate the resource existence only on the resource name (or Id). There are some cases where the uniqueness of the resource is not in its name/Id but in another property of the resource.

For instance, a private DNS zone supports only one vnet link to any given vnet. That uniqueness is not in the resource Name or Id, but rather in VirtualNetworkId property. @onlyIfNotExists() does not help when there is already a vnet link which was created using a name other than the one you are attempting to check before creating.

@onlyIfNotExists() resource virtualNetworkLink 'Microsoft.Network/privateDnsZones/virtualNetworkLinks@2020-06-01' = { parent: privateDnsZone name: vnetName location: 'global' properties: { registrationEnabled: false virtualNetwork: { id: vnetId } } }

Desired behavior:

@onlyIfNotExists() should support specifying a property of the resource to check for existence, or any other valid bicep operation which returns a true/false. E.g. @onlyIfNotExists('VirtualNetworkId'=='<some_vnetId>')

kmongwa avatar Oct 30 '25 17:10 kmongwa

Great call out.

The same scenario is seen with role assignments where the existence depends on two properties: principalId and roleDefinitionId

This issue tracks the request made in this comment: https://github.com/Azure/bicep/issues/18226#issuecomment-3422621779

acortelyou avatar Oct 31 '25 16:10 acortelyou