2

We are in the process of upgrading our ARM Templates to Bicep, one of which is for storage. In the initially ported Bicep file, everything worked fine and then as part of my PR, it was highlighted that I'd left out isHnsEnabled.

I then adjusted my bicep script to include that property setting with a parameter as we are creating module libraries:

param saName string
param storageSku string
param tags object
param isHnsEnabled bool

resource storageaccount 'Microsoft.Storage/storageAccounts@2021-04-01' = {
  name: saName
  location: resourceGroup().location
  tags: tags
  sku: {
    name: storageSku
  }
  kind: 'StorageV2'
  identity: {
    type: 'SystemAssigned'
  }
  properties: {
    minimumTlsVersion: 'TLS1_2'
    allowBlobPublicAccess: false
    allowCrossTenantReplication: false  
    allowSharedKeyAccess: true
    isHnsEnabled: isHnsEnabled
    networkAcls: {
      virtualNetworkRules: []
      defaultAction: 'Deny'
      }
      encryption: {
        keySource: 'Microsoft.Storage'
        services: {
          file: {
            keyType: 'Account'
            enabled: true 
          }
        }
      }
        }
}

output name string = storageaccount.name
output id string = storageaccount.id
output identity string = storageaccount.identity.principalId

This yields the following error:

The property 'isHnsEnabled' was specified in the input, but it cannot be updated as it is read-only

I'm not sure if I need to set other properties in combination with this one, but nothing in the Microsoft Docs suggest that.I would have assumed if the resource was already created and the properties matched that Bicep would not try to change the resource via CICD.

Any suggestions would be much appreciated.

Thomas
  • 24,234
  • 6
  • 81
  • 125
Raymondo
  • 483
  • 2
  • 6
  • 20

1 Answers1

1

The isHnsEnabled property (to enable hierarchical namespace) can only be set when creating new resource.

You can check this article to know when to enable this feature: Deciding whether to enable a hierarchical namespace.

To upgrade your storage, you can follow this article: Upgrade Azure Blob Storage with Azure Data Lake Storage Gen2 capabilities.

Otherwise you could delete and recreate the storage account.

Thomas
  • 24,234
  • 6
  • 81
  • 125
  • Many thanks Thomas. Yes you are correct, but the problem is when the same boolean value is supplied e.g hns = false on resource and in Bicep, the error still occurs. So in that instance we could only ever run our deployment once and adding new containers would have to be done manually rather than CICD. I did delete the resource on our development server and first time it worked, the 2nd attempt the release failed. That is the baffling part – Raymondo Feb 15 '22 at 11:49
  • 1
    There is a request here: https://feedback.azure.com/d365community/idea/ada85cb0-40ac-ec11-a81c-0022484ee92d – Crimson Mar 25 '22 at 13:39
  • 1
    This only seems to fail with isHnsEnabled: false. When setting isHnsEnabled: true, I seem to be able to redeploy without issues. I reported this to the API team here: https://github.com/Azure/azure-rest-api-specs/issues/18441 – Kenneth Benjamin Mar 28 '22 at 21:15