Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Private Endpoint IPv6 settings not configurable via bicep #2343

Open
jesselve opened this issue Nov 4, 2024 · 4 comments
Open

Private Endpoint IPv6 settings not configurable via bicep #2343

jesselve opened this issue Nov 4, 2024 · 4 comments
Labels
Needs: Triage 🔍

Comments

@jesselve
Copy link

jesselve commented Nov 4, 2024
edited
Loading

Description

Private Endpoint IPv6 settings (isIPv6EnabledPrivateEndpoint) cannot be configured through Bicep, but consistently show up as differences in what-if analysis. This leads to perpetual "changes needed" in our IaC pipelines even though the setting is not configurable through Bicep or even direct REST API calls.

Repro steps

  1. Deploy private endpoints through Bicep:

    resource privateEndpoint 'Microsoft.Network/privateEndpoints@2024-01-01' = {
  name: name
  location: location
  properties: {
    privateLinkServiceConnections: [...]
    subnet: [...]
  }
}

  2. Run what-if analysis (az deployment group what-if)

  3. Observe these perpetual differences:

    ~ Microsoft.Network/privateEndpoints/acme-privlink-acme-keyvault-prod [2024-01-01]
  - properties.isIPv6EnabledPrivateEndpoint: false

  4. Attempted workarounds that didn't resolve the issue:

    • Direct REST API updates to the property
    • Different API versions
    • Explicitly setting the property in Bicep (not allowed by schema)

Expected behavior

One of these solutions:

  1. Allow configuration of IPv6 settings through Bicep
  2. Don't show IPv6 settings as differences in what-if when they can't be configured
  3. Document that these differences should be ignored

Environment

  • Bicep version: latest
  • Resource type: Microsoft.Network/privateEndpoints
  • API version: 2024-01-01
  • Azure subscription type: Production

Additional context

  • The property exists in Azure's backend state but isn't configurable through any IaC method we've found
  • This affects CI/CD pipelines that rely on what-if analysis for change detection
  • The differences appear benign but create noise in our deployment validation
@trylvis
Copy link

trylvis commented Nov 5, 2024

Experiencing the exact same issue.

@stephaniezyen
Copy link
Contributor

Unfortunately this is a Microsoft.Network issue. Please open a support ticket with the Network RP on this to get it fixed as soon as possible.

@stephaniezyen stephaniezyen transferred this issue from Azure/bicep Nov 6, 2024
@jesselve
Copy link
Author

jesselve commented Nov 7, 2024

@stephaniezyen - How do I open a support ticket with the "Network RP"? Can you please help or provide a link?

@linkhuo-fha
Copy link

same issue here. the property shows in the resource json, but not configurable in bicep in different api versions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Needs: Triage 🔍
Projects
Bicep
Status: Todo
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jesselve @trylvis @stephaniezyen @linkhuo-fha