Allow cross-subscription deployments #1165
Conversation
| @@ -117,6 +117,7 @@ public void InvalidBicep_TemplateEmiterShouldNotProduceAnyTemplate(DataSet dataS | |||
| [DataRow("managementGroup", "managementGroup()", "managementGroup", ExpectedMgSchema, "[reference(format('Microsoft.Resources/deployments/{0}', 'myMod'), '2019-10-01').outputs.hello.value]", "[format('Microsoft.Resources/deployments/{0}', 'myMod')]")] | |||
| [DataRow("managementGroup", "subscription('abc')", "subscription", ExpectedMgSchema, "[reference(subscriptionResourceId('abc', 'Microsoft.Resources/deployments', 'myMod'), '2019-10-01').outputs.hello.value]", "[subscriptionResourceId('abc', 'Microsoft.Resources/deployments', 'myMod')]")] | |||
| [DataRow("subscription", "subscription()", "subscription", ExpectedSubSchema, "[reference(subscriptionResourceId('Microsoft.Resources/deployments', 'myMod'), '2019-10-01').outputs.hello.value]", "[subscriptionResourceId('Microsoft.Resources/deployments', 'myMod')]")] | |||
| [DataRow("subscription", "subscription('abc')", "subscription", ExpectedSubSchema, "[reference(subscriptionResourceId('abc', 'Microsoft.Resources/deployments', 'myMod'), '2019-10-01').outputs.hello.value]", "[subscriptionResourceId('abc', 'Microsoft.Resources/deployments', 'myMod')]")] | |||
There was a problem hiding this comment.
Does this also add support for deploying to an RG in a different sub?
scope: resourceGroup('otherSub', 'otherRg')
There was a problem hiding this comment.
No - our docs don't call this out as an option, and when I last tested it, it was not supported by the engine. Has this been implemented?
There was a problem hiding this comment.
Sub->sub didn't work until very recently, but rg in a different sub has been around for a while I think
@tfitzmac to confirm
There was a problem hiding this comment.
Sub->sub didn't work until very recently, but rg in a different sub has been around for a while I think
- Deploying to RG in a different sub works if you're in a RG-scoped template
- Deploying to RG in the same sub works if you're in a subscription-scoped template
- Deploying to RG in a different sub doesn't work if you're in a subscription-scoped template
At least that was my experience. I can't see any examples of (3) in the docs link you shared.
There was a problem hiding this comment.
Merging this PR, but I'll create a new PR to add support for (3) if we find it's supported in ARM
There was a problem hiding this comment.
Yes, I agree with @anthony-c-martin. I could only get RG in different sub to work when deploying to RG.
There was a problem hiding this comment.
Ah gotcha. So we support 1 in bicep today?
There was a problem hiding this comment.
Ah gotcha. So we support 1 in bicep today?
We support 1 in Bicep, and as of this PR, also support 2.
There was a problem hiding this comment.
Merging this PR, but I'll create a new PR to add support for (3) if we find it's supported in ARM
This is supported: https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/deploy-to-subscription?tabs=azure-cli#scope-to-other-subscription
To deploy resources to a subscription that is different than the subscription from the operation, add a nested deployment. Set the subscriptionId property to the ID of the subscription you want to deploy to. Set the location property for the nested deployment.
and it is the first example in the #1046. I've tested it and it works.
There was a problem hiding this comment.
@stan-sz - with (3), I was referring specifically to:
- Parent template is a subscription-scoped template targeting subscription A.
- Nested template is a resourcegroup-scoped template targeting resource group X in subscription B.
Where A != B
I can't find any examples of this in our documentation, and found that it was unsupported when testing with a hand-written template.
anthony-c-martin
force-pushed
the
antmarti/allow_cross_sub
branch
from
269439b to
c9204cf
Compare
Closes #1046