[AVM Module Issue]: Enhance documentation and input validation of Intune-enrollment property

[janegilring]

Check for previous/existing GitHub issues

• I have checked for previous/existing GitHub issues

Issue Type?

Bug

Module Name

avm/res/compute/virtual-machine

(Optional) Module Version

0.11.0

Description

I was assisting in a scenario where there was issues getting AVD session hosts enrolled into Intune when deploying them using Bicep.
After testing the Bicep-template being used (which leverages the res/compute/virtual-machine module), I found that the mdmId-property was not specified at the correct location - which is this:

    extensionAadJoinConfig: {
        enabled: true
        settings: {
          mdmId: '0000000a-0000-0000-c000-000000000000'
        }
      }

It was defined like this:

    extensionAadJoinConfig: {
        enabled: true
        mdmId: '0000000a-0000-0000-c000-000000000000'    
      }

The invalid syntax did not produce any errors, but the Intune-enrollment simply didn`t work.

Looking at the documentation for the module, the syntax which was being leveraged seemed correct:

Parameter	Type	Description
extensionAadJoinConfig	object	The configuration for the [AAD Join] extension. Must at least contain the ["enabled": true] property to be executed. To enroll in Intune, add the setting mdmId: "0000000a-0000-0000-c000-000000000000".

However, looking at the code for the module, I noticed that the setting needs to be defined inside of a settings-block.

Any thoughts on how we could enhance the user experience?
In addition to updating the documentation, would leveraging user defined types for input validation be an option?

(Optional) Correlation Id

No response

[avm-team-linter]

@janegilring, thanks for submitting this issue for the avm/res/compute/virtual-machine module!

Important

A member of the @Azure/avm-res-compute-virtualmachine-module-owners-bicep or @Azure/avm-res-compute-virtualmachine-module-contributors-bicep team will review it soon!

[rahalan]

@janegilring after reviewing the documentation, I can't find a flaw. It explicity states, the setting need to be in the "settings" object, see

The setting is actually not set by the module or in any test. Can you refer to a line in code, where you found that bug? Thanks.

[janegilring]

@rahalan Putting on the "end user hat" (the module consumer), go to the module documentation and search for extensionAadJoinConfig.

I get the following results:

The only way I could determine that a settings-object exists was looking at the module-code:

https://github.com/Azure/bicep-registry-modules/blob/main/avm/res/compute/virtual-machine/extension/main.bicep#L30
https://github.com/Azure/bicep-registry-modules/blob/main/avm/res/compute/virtual-machine/extension/main.bicep#L61

Maybe I am missing something?

Without knowing that the settings-object/parameter exists, I would interpret this:
"To enroll in Intune, add the setting mdmId: "0000000a-0000-0000-c000-000000000000".

As this:

    extensionAadJoinConfig: {
        enabled: true
        mdmId: '0000000a-0000-0000-c000-000000000000'    
      }

[rahalan]

@janegilring very good point. I will add a test, which will then also show up in the documentation to clarify, how it needs to be set up. Thanks!

[janegilring]

@rahalan Awesome, sounds good! 👌