CODEWITHSUNDEEP
azureazure-devopsazure-resource-managerinfrastructure-as-codeazure-bicep
sub
sub

Reputation: 679

How to access/cast the module output to specific object in bicep?

I am having below bicep which is returning keyvault. I like to access the properties/functions in keyvault in parent bicep. But not sure how to achieve when using it as a module.

  1. I have keyvault.bicep
    resource kv 'Microsoft.KeyVault/vaults@2019-09-01' existing = {
         name: kvName
         scope: resourceGroup(subscriptionId, kvResourceGroup )
       }
       output kv1 object=kv
  1. I have parent.bicep (where keyvault.bicep is included as module)
   module kv './keyvault.bicep' = {
     name: 'get Secrets'
     params: {
       subscriptionId: subscriptionId
       kvResourceGroup: resourceGroupName
       kvName: keyVaultName
     }
   }
   var pwd= kv.outputs.kv1.getSecret('key')
  1. but getSecret method is unknown in parent bicep

Kindly suggest how to proceed?

Upvotes: 6

Views: 3076

Answers (1)

Thomas
Thomas

Reputation: 29736

The short answer is that is not supported.

In your parent.bicep file, kv is a module reference, not a resource. In order to correctly understand the parent-child resource hierarchy, Bicep requires a resource reference of the correct parent type in the parent property value.

Tho there is a proposal to simplify resource referencing:

Let say you have keyvault.bicep module that creates a key vault

resource kv 'Microsoft.KeyVault/vaults@2019-09-01' = {
  name: kvName
  ...
}

output name string = kv.name

In the parent.bicep, you could get a reference to key vault like that:

module kvModule './keyvault.bicep' = {
  name: 'key-vault-${keyVaultName}'
  params: {
    kvName: keyVaultName
    ...
  }
}

resource kv 'Microsoft.KeyVault/vaults@2019-09-01' existing = {
  name: kvModule.outputs.name
}

In you example, there are few things:

  • The key vault module just gets a reference to key vault so you don't really need a module, you could just reference the key vault directly in the parent.bicep file.
  • The getSecret function is a really specific function, you can only use it to pass secure parameter to another module:

    Returns a secret from an Azure Key Vault. The getSecret function can only be called on a Microsoft.KeyVault/vaults resource. Use this function to pass a secret to a secure string parameter of a Bicep module. The function can be used only with a parameter that has the @secure() decorator.

Upvotes: 4

Related Questions