Support syncRemoteAddressSpace for virtual network peerings #2621
Description
Context
When managing Azure Virtual Network Peerings with Bicep, updating a VNet’s addressSpace often leaves the peering in an “Out of Sync” state in the Azure Portal. The official guidance says:
“When you update the address space for a virtual network, you need to sync the virtual network peer for each remote peered virtual network.”
Currently, re‑deploying the peering resource via Bicep (or ARM) does not trigger this sync. The Portal still shows Remote not in sync until an explicit sync action is performed.
Current Limitation
- The sync operation is exposed as an action, not a property.
- The REST API supports
?syncRemoteAddressSpace=trueas a query parameter on the PUT request. - Bicep/ARM templates only control the request body, so there is no way to declaratively include this query parameter.
- Properties like
remoteVirtualNetworkAddressSpaceandpeerCompleteVnetsare read‑only and cannot be set in Bicep.
Impact
- Infrastructure‑as‑Code workflows cannot fully reconcile peering state after address space changes without adding imperative steps (CLI, PowerShell, or deployment scripts).
- This breaks the declarative model and complicates automation for production environments.
Feature Request
Add a mechanism in Bicep (and ARM) to declaratively trigger the sync operation during peering updates. Possible approaches:
- Support a boolean property (e.g.,
syncRemoteAddressSpace: true) that maps internally to the query parameter. - Support a boolean decorator (e.g.
@syncRemoteAddressSpace(true) or @queryParameter({syncRemoteAddressSpace: true})that maps to the query parameter - Or introduce an ARM/Bicep extension for resource actions so that
synccan be expressed in the template.
Why It Matters
- Keeps network peering management fully declarative.
- Eliminates the need for imperative deployment scripts.
- Aligns with the principle of idempotent infrastructure deployments.