Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Example/conditions #14

Merged
merged 3 commits into from
Jan 17, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
81 changes: 81 additions & 0 deletions bicep-examples/conditions/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
# Azure Bicep - Conditions

## Introduction

This example will showcase conditional resource deployments with Azure Bicep. There are two examples presented, the first being 'if' expression and then an if/else condition. You can read more from the Microsoft docs [here](https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/conditional-resource-deployment).

## 📃 Benefits of using conditions in Azure Bicep

1. ✅ Dynamic resource deployment. Allows to set boolean values to true/false to determine if a resource should be deployed or not depending on requirements.

2. ✅ Environment conditions. We can specific different Azure SKU tiers depending on the environment selected.

3. ✅ Flexible Bicep template. By adding conditions we're able to increase the reusability and flexibility of a Bicep template based on specific constraints.

> [!WARNING]
> There are some limitations with (if) conditions, these are highlighted in the Microsoft documentation linked above.

## ⚗️ Examples

### If condition

Taking a snippet from the `main.bicep` file, notice the `deployResource` parameter which is set as a boolean value to be evaluated. In the file, it's set to `true` which means the Key Vault will be deployed. If set to `false` the module block for the Key Vault will determine it does not need to be deployed.

The `= if (deployResource)` is the Bicep code added to determine this in the module code block. It is calling the boolean parameter and evaluating it's true/false state.

```javascript
@description('Deploy Azure Key Vault true/false.')
param deployResource bool = false

module KeyVault 'br/public:security/keyvault:1.0.2' = if (deployResource) {
name: '${uniqueString(deployment().name, location)}-${kvName}'
params: {
name: kvName
location: location
skuName: kvSku
enableSoftDelete: true
}
}
````

### If/else condition

Using an if/else condition can be useful to determine if we need to deploy to a different SKU tier depending on requirements, such as production vs dev. However, it is not limited to this scenario. It can be used for any values that fit your deployment constraints.

By specifying a variable called `kvSku` we're able to evaluate the parameter `kvEnv` to check if this contains `prod` then set the Key Vault SKU to `premium` else, set to `standard`. Later in the Key Vault module block the `skuName: kvSku` is how this is assigned within the module.

```javascript
@description('Azure Key Vault organisation environment.')
@allowed([
'prod'
'preprod'
'dev'
])
param kvEnv string = 'prod'

// Environment variable for Key Vault SKU else if
var kvSku = kvEnv == 'prod' ? 'premium' : 'standard'
```

## 🚀 Deployment

> [!NOTE]
> You need to have a resource group deployed before trying this out.

In VisualStudio Code open a terminal and run:

CLI

```bash
az login
az account set --subscription 'subscription name or id'
az deployment group create -g 'your-rg' --confirm-with-what-if -f '.\main.bicep'
```

or PowerShell

```powershell
Connect-AzAccount
Set-AzContext -Subscription "subscription name or id"
New-AzResourceGroupDeployment -Confirm -ResourceGroup "your-rg -TemplateFile "main.bicep"
```
38 changes: 38 additions & 0 deletions bicep-examples/conditions/main.bicep
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
targetScope = 'resourceGroup'

metadata name = 'Key Vault creation Bicep module'
metadata description = 'Showcasing Azure Bicep if conditions'
metadata owner = '[email protected]'

@description('Azure region for deployments chosen from the resource group.')
param location string = resourceGroup().location

@description('Azure Key Vault resource names that will be created. Must be globally unique.')
param kvName string = 'kv-uks-bicepify-prod-001'

@description('Deploy Azure Key Vault true/false.')
param deployResource bool = false

@description('Azure Key Vault organisation enviornment.')
@allowed([
'prod'
'preprod'
'dev'
])
param kvEnv string = 'prod'

// Environment variable for Key Vault SKU else if
var kvSku = kvEnv == 'prod' ? 'premium' : 'standard'

module KeyVault 'br/public:security/keyvault:1.0.2' = if (deployResource) {
name: '${uniqueString(deployment().name, location)}-${kvName}'
params: {
name: kvName
location: location
skuName: kvSku
enableSoftDelete: true
}
}

// Output Key Vault name
output kvUri string = KeyVault.outputs.name