Resource type in resource definition should accept parameter or variable

[sjuratov]

Is your feature request related to a problem? Please describe.
When I define new resource I must use static string for resource type. E.g.

resource storageAccount 'Microsoft.Storage/storageAccounts@2019-06-01' existing = {
  name: resourceName
}

Describe the solution you'd like
Instead I'd like to do something like this

resource storageAccount storageType existing = {
  name: resourceName
}

where storageType is parameter or variable.

[anthony-c-martin]

@sjuratov - mind sharing the use case you have in mind for this? Some notes to be aware of: #1002 (comment)

We could certainly support referencing a constant string with something like:

var storageType = 'Microsoft.Storage/storageAccounts@2019-06-01'

// storageType is known at build time, so we can definitively understand what type of resource we're working with
// and provide editor/compile-time validation
resource storageAccount storageType existing = {
  name: resourceName
}

Referencing a runtime variable or parameter is more problematic, as it removes the ability for Bicep to do any validation on the type of resource that is being deployed.

[sjuratov]

Hi @anthony-c-martin , here is what I have in mind.

I would like to create set of Bicep files/modules that will build into an ARM template to allow following:

1. Apply RBAC at subscription scope
2. Apply RBAC at RG scope
3. Apply RBAC at resource scope

For all three there would be parameter (yes/no) if RBAC should be applied at specific scope. I would also be able to say what security principals (SP) would be given specific RBAC at specific scope.

E.g.

1. Subscription scope - YES apply RBAC

• SP1 as Reader

2. RG scope - DON'T apply RBAC
3. Resource scope - YES apply RBAC

• SP1 as a Contributor on storage account XYZ

So it would be "one stop" ARM template, that is flexible enough to add RBACs on any scope for any existing resource.

What I'd like to have:

1. For Type Providers #3 (resource scope), I want to also pass on parameters about resource type and name (e.g. it could be Key Vaul, storage account, VM etc)
2. I haven't tried, but can I pass on multiple SPs instead of just a single one?

[alex-frankel]

Just an update. @anthony-c-martin has a proposal on #2245 that would allow you to set a resource type as an input parameter:

param genericResource resource
...

I think it might solve some of your use cases, but am not sure if it covers everything above. It'd be great if you could take a look.

[matsest]

@sjuratov Got into a similar case today and despite not being exactly the same, this is a limited workaround for the multi-scope support in one template: https://github.com/matsest/az-bicep-roleassignment-multi-scope

Blocked by #2245 to be Bicep only (one instance of an ARM template to parametrize a resource type-agnostic input for the scope function).