Problem
Along with the API Management deployment, I want to add DNS A records for my internal API Management instance in a private DNS zone called azure-api.net:
var privateDnsZoneName = 'azure-api.net'
resource privateDnsZone 'Microsoft.Network/privateDnsZones@2020-06-01' = {
name: privateDnsZoneName
location: 'Global'
}
resource privateDnsZoneEntry 'Microsoft.Network/privateDnsZones/A@2020-06-01' = {
name: apim.name
parent: privateDnsZone
properties: {
aRecords: [for addr in apim.properties.privateIPAddresses: {
ipv4Address: addr
}]
ttl: 3600
}
}
However, when you try to deploy it, you get the following error:
Line |
57 | New-AzResourceGroupDeployment -ResourceGroupName $ResourceGroupName `
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| 17:12:13 - Error: Code=InvalidTemplate; Message=Deployment template validation failed: 'The template resource
| '[format('{0}/{1}', variables('privateDnsZoneName'), parameters('apimName'))]' at line '221' and column '9' is not
| valid: The template function 'reference' is not expected at this location. Please see
| https://aka.ms/arm-template-expressions for usage details.. Please see https://aka.ms/arm-template-expressions for
| usage details.'.
The reference() function does not appear to be supported at this location (in ARM):
{
"type": "Microsoft.Network/privateDnsZones/A",
"apiVersion": "2020-06-01",
"name": "[format('{0}/{1}', variables('privateDnsZoneName'), parameters('apimName'))]",
"properties": {
"copy": [
{
"name": "aRecords",
"count": "[length(reference(resourceId('Microsoft.ApiManagement/service', parameters('apimName'))).privateIPAddresses)]",
"input": {
"ipv4Address": "[reference(resourceId('Microsoft.ApiManagement/service', parameters('apimName'))).privateIPAddresses[copyIndex('aRecords')]]"
}
}
],
"ttl": 3600
},
"dependsOn": [
"[resourceId('Microsoft.ApiManagement/service', parameters('apimName'))]",
"[resourceId('Microsoft.Network/privateDnsZones', variables('privateDnsZoneName'))]"
]
}
Trying with a variable in between produces the same error, as the ARM JSON created is very identical.
var privateDnsZoneName = 'azure-api.net'
resource privateDnsZone 'Microsoft.Network/privateDnsZones@2020-06-01' = {
name: privateDnsZoneName
location: 'Global'
}
var apimPrivateIPAddresses = apim.properties.privateIPAddresses
resource privateDnsZoneEntry 'Microsoft.Network/privateDnsZones/A@2020-06-01' = {
name: apim.name
parent: privateDnsZone
properties: {
aRecords: [for addr in apimPrivateIPAddresses: {
ipv4Address: addr
}]
ttl: 3600
}
}
Asked by Kai Walter
Solution #1
I found no other way than to split private DNS zone + record creation into a Bicep module and with that getting rid of the reference() function:
param privateDnsZoneName string = 'azure-api.net'
param privateDnsARecordName string
param privateDnsARecordAddresses array
resource privateDnsZone 'Microsoft.Network/privateDnsZones@2020-06-01' = {
name: privateDnsZoneName
location: 'Global'
}
resource privateDnsZoneEntry 'Microsoft.Network/privateDnsZones/A@2020-06-01' = {
name: privateDnsARecordName
parent: privateDnsZone
properties: {
aRecords: [for addr in privateDnsARecordAddresses: {
ipv4Address: addr
}]
ttl: 3600
}
}
and invoking the module with the privateIPAddresses array
module privateDnsEntry './private-dns.bicep' = {
name: 'apim-private-dns'
params: {
privateDnsZoneName: 'azure-api.net'
privateDnsARecordName: apim.name
privateDnsARecordAddresses: apim.properties.privateIPAddresses
}
}
Answered by Kai Walter
Post is based on https://stackoverflow.com/questions/67255232/the-template-function-reference-is-not-expected-when-feeding-api-management-pr