Introduce function to check whether a resource exists
Currently, the reference() function throws an error at runtime when the resource doesn't exist. I'd like to either have this result a null object instead, or alternatively I'd like a new function such as "exists(resourceName or resourceIdentifier)" returning a boolean. The function should be useable in a "condition" statement.
I'd like to use this function to work around scenarios where some Azure resources are dependent on each other to be deployed.
Example: use an ARM template to create a Front Door with a custom domain and an Azure DNS alias record pointing to the Front Door.
Currently, this is not possible because the DNS alias record needs the FrontDoor-with-custom-domain to first exist, and vice versa.
With an exists() function, I could first conditionally deploy an initial FrontDoor without custom domain (the condition being that the Front Door doesn't already exist). Then the template would deploy the alias DNS record, and finally the template would deploy the Front Door again (in a nested deployment), but this time with the custom domain configuration included.
I suspect there are more scenarios like this, especially when alias DNS records are involved.
Thanks for bringing this to our attention. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.
Dirk Slabbert commented
Any update on this feature, greatly needed for automation? Thanks
Veerendra Kumar Balla commented
This is a great feature. It eases out a lot of pain while leveraging templates in CI/CD pipelines. We may want to create resource if not exists and then deploy. If exists just execute some changes to achieve the desired state like enabling HTTPS-only, disable sticky states for websites, and so on...
Azure team can you please prioritize or provide guidance on how to check if resources exists.
Please introduce an exists function.
Rozinov, Roman commented
I do agree that this is a must have. Not all Azure deployment steps are idempotent, so this feature would help greatly to simplify the resiliency of the IaC code bases.
Alex Batishchev (ADU) commented
This is the top 10 suggestion on the site. What else needs to happen this feature to be prioritized?
Alex Batishchev (ADU) commented
Using ARM for infrastructure-as-code is impossible without this feature
Peter Bertok commented
Similarly, it's impossible check if the Microsoft.RecoveryServices/vaults/backupstorageconfig resource has a storageTypeState of "Locked", because the condition expression for that deployment first has to check if the resource exists.
Hence, there is no way to make an ARM Template that can set crossRegionRestoreFlag to true and then be redeployed! The crossRegionRestoreFlag locks the vault, and the redeployment will fail.
If you get clever and put in a condition to check the crossRegionRestoreFlag with the "reference()" function, then the first deployment will fail.
The Microsoft-provided samples cheat: they have a manually specified parameter value that they use to toggle the storage configuration on and off.
IMHO, Azure's ARM team should have a unit test that validates that every template can be redeployed without having to change parameters or jump through hoops like this.
Aidan Finn commented
Totally needed for modular infrastructure-as-code libraries. We have resources, such as Azure (Virtual WAN) Hub that must document gateways. If the gateway does not exist, then the value must be JSON('null'). If the resource exists it should be the resource ID. This creates a chicken & egg scenario and we need intelligent decision making here.
Andreas Isnes Nilsen commented
Soo much needed because of all the workaround with the keyvaults and managed identities. In many cases you need to init a resource with a MI. Then add it to the keyvault, then patch the resource. Just to try to fully automate the process of creating a Servicebus with encryption at rest. GLHF :) However, the init phase should only create the resource with an identity, it should never run again. Therefore this function is needed!
Andreas Zeisler commented
The exists function is still available in HTTP. https://docs.microsoft.com/en-us/rest/api/resources/resources/checkexistencebyid. But it is not right interpreted in an ARM template with reference() function. That's not the behavior what is expected. The result should be null or an empty object or instead of reference, there is an exists(resourceId(..)) function.
Andreas Zeisler commented
This function is urgently needed. To proof an existing resource is optimal not to override manual configurations. E.g. manual added firewall rules in a network security group etc.
If you create the nsg, you will override all manual configurations.
Without this function, you need to read the object and add the additional properties to it. That's a poor approach for an existing resource and adding something additional without knowing the current content of the resource.
Ben Virkler commented
This is the solution that first comes to mind for resolving circular dependencies in ARM templates.
For example one template that creates a key vault and adds access policies for other services' managed identities, and other templates that create the services and reference the key vault.
David Gard commented
This is very much needed. Not being able to PATCH Key Vault Access Polices, so needing to know whether to use 'recover' or 'default' as the 'createMode' when deploying is an obvious use case (to avoid wiping manually added access policies), but I'm sure there are many others.
Jeremy WIlton commented
It's a much needed and obvious function.