Reputation: 894
Bicep deployment failing template validation for single environment
I have a bicep template which references a set of modules to ultimately deploy Azure Front Door with custom domains, a set of DNS Zones and then create the TXT record for the custom domain validation. In other environments this has worked perfectly fine, but when deploying to production the deployment fails for the following reason:
{
"code": "DeploymentFailed",
"target": "/subscriptions/[subscription id]/resourceGroups/[resource group]/providers/Microsoft.Resources/deployments/myCustomDomain",
"message": "At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details.",
"details": [
{
"code": "InvalidTemplate",
"message": "Deployment template validation failed: 'The value for the template parameter 'validationToken' at line '1' and column '737' is not provided. Please see https://aka.ms/arm-create-parameter-file for usage details.'.",
"additionalInfo": [
{
"type": "TemplateViolation",
"info": {
"lineNumber": 1,
"linePosition": 737,
"path": "properties.template.parameters.validationToken"
}
}
]
}
]
}
The verification process is referenced via a module and has a validationToken parameter, so the error suggests that the validation token is not being supplied, but the validation token is supplied via myCustomDomain.properties.validationProperties.validationToken from a Microsoft.Cdn/profiles/customDomains resource:
resource customDomain 'Microsoft.Cdn/profiles/customDomains@2022-11-01-preview' = {
name: domainResourceName
parent: frontDoor
properties: {
hostName: domain.name
azureDnsZone: {
id: dns.id
}
tlsSettings: {
certificateType: 'CustomerCertificate'
minimumTlsVersion: 'TLS12'
secret: {
id: frontDoorSecret.id
}
}
}
}
module verification 'myverificationmodule.bicep' = {
name: 'verification-${domainResourceName}'
scope: resourceGroup(domain.subscriptionId, domain.resourceGroup)
params: {
customDomainStatus: customDomain.properties.domainValidationState
dnsZone: domain.name
validationToken: customDomain.properties.validationProperties.validationToken
}
}
Is there a race condition or some other reason why this would fail only in a single environment?
Upvotes: 0
Views: 368
Answers (1)
Reputation: 894
Upon investigation, it would appear that the validationToken is null if the domain has previously been deleted after validation and then re-created. In my case, I had deployed the Azure Front Door resource and all the required domains. I then deleted the resource until a later date, which is when I encountered this issue. I have now applied logic around the domain validation state to determine if the verification module should be used or not
Upvotes: 0
Related Questions
- Bicep Error: The resource is not defined in the template
- Azure BICEP storage blob child resource failing deployment
- Error when creating a New Resource Group in Bicep using a Module
- Update budget amount on existing budget by bicep file
- Bicep modules and loop
- Can we get the connection string for an Application Insights in an Azure Resource Group Template?
- In Azure can you create a remdiation policy to enable logging in diagnostic settings in a storage account?
- ARM template validation failed due deployment slot type