Root Resource / Top-Level Resource
: A resource with only a single level of nested types (i.e. there's just a single type after the RP namespace). Microsoft.Network/networkSecurityGroups
is a top-level resource, whereas Microsoft.Network/networkSecurityGroups/securityRules
is not.Child Resource / Nested Resource
: A resource with two or more levels of nested types.Parent Resource
: The parent to a child resource, identified by removing a level of nesting from the resource type. Microsoft.Network/networkSecurityGroups
is the parent to Microsoft.Network/networkSecurityGroups/securityRules
.Every resource ID begins with a root scope. There are a few different types of root scopes:
/
, then followed with /providers/Microsoft.Foo/bar/{name}
/subscriptions/{subscriptionId}
, then followed with /providers/Microsoft.Foo/bar/{name}
/subscriptions/{subscriptionId}/resourceGroups/{groupName}
, then followed with /providers/Microsoft.Foo/bar/{name}
{resourceID}
, then followed with /providers/Microsoft.Foo/bar/{name}
/providers/Microsoft.Management/managementGroups/{managementGroupName}/
, then followed with /providers/Microsoft.Foo/bar/{name}
azapi
provider build resource ID from type
, parent_id
and name
Let's assume that these values are valid, all the cases including edge cases can be divided into 2 scenarios:
type
is a top level resource, then resource_id
= {parent_id}/providers/{type}/{name}
Microsoft.Resources/resourceGroups
.type
is a child resource, then resource_id
= {parent_id}/{last nesting type}/{name}
Then we need to add some validations before building the resourceId.
parent_id
must match with correct scope. There're cases that a resource supports both
Tenant
and Subscription
scopes, the parent_id
must match any of them.parent_id
's type must match with its parent resource's type.bicep-types-az
, validations will be skipped.