Validate scope when deploying a bicep file with Azure CLI / Azure Powershell

[shenglol]

We should check if targetScope matches the deployment scope when deploying a bicep file with the Azure CLI / Azure PowerShell deployment commands.

[shenglol]

One way to achieve this is to let the Bicep CLI take a new parameter (something like --deploymentScope) and let it output error if it doesn't match targetScope. However, the parameter will be useless if people invoke the bicep build command directly, and I feel like the Bicep CLI should be deployment agnostic. An alternative approach is to read targetScope of a bicep in Azure CLI / Azure PowerShell and then do the scope validation, but since we cannot access the AST in CLI and PowerShell, this may require us to implement a new Bicep CLI command which can output the value of targetScope upon invoking. I would like to hear people's thoughts on this.

[majastrz]

Yeah given that this needs to work in Python and .net core, our options are limited. I see the following:

1. Port just enough of the parser to parse the targetScope in Python. Pull in the real parser for PowerShell as a nuget.
2. Hack "parse" it with regular expressions.
3. Implement a special command to return this information like @shenglol suggests above.

1 and 2 will likely cause maintenance issues and deviations between Bicep in the real parser vs. the ported/hacked versions. So we definitely shouldn't do those options unless we don't have a choice.

Feels like option 3 is the best option. My suggestion on this one is to name it something more generic than bicep getTargetScope. Maybe something like bicep diagnostics or bicep info? We should have a contract for the output of the command and we should make sure we keep backwards-compatibility in mind when extending it. Perhaps simply a JSON file that we add new properties to?