chore: bicepconfig.json linter update (#318)

* doc: PE and wiki, linter

* fix: updated workflow for b.json

* chore: update linter rules to latest available

* add bicep installed version output

* helps if you get the bicep version

* add step to install latest bicep

* update step name

* fix: updated API to latest preview

* fix: throw exception after processing all files

* fix: declare $output outside of foreach loop

* fix: added bicep path for get-childitem

* revert: removed -Path parameter

* fix: customRoles API version

* fix: typo, missing $

* fix: Adjusting output if no error

* fix: linter findings - resolved

Co-authored-by: Jack Tracey <41163455+jtracey93@users.noreply.github.com>

.github/workflows/bicep-build-to-validate.yml

@@ -8,6 +8,7 @@ on:
       - "**.bicep"
       - "ps-rule.yaml"
       - ".ps-rule/*"
+      - "**/bicepconfig.json"
   workflow_dispatch: {}
 
 jobs:
@@ -21,20 +22,52 @@ jobs:
         with:
           fetch-depth: 0
 
+      - name: List Currently Installed Bicep Version
+        shell: pwsh
+        run: |
+          $bicepVersion = bicep --version
+          Write-Information "=====> Currently installed Bicep version is: $bicepVersion <=====" -InformationAction Continue
+          
+      - name: Install latest version of Bicep
+        shell: sh
+        run: |
+          # From https://docs.microsoft.com/en-us/azure/azure-resource-manager/bicep/install#linux 
+          # Fetch the latest Bicep CLI binary
+          curl -Lo bicep https://github.com/Azure/bicep/releases/latest/download/bicep-linux-x64
+          # Mark it as executable
+          chmod +x ./bicep
+          # Add bicep to your PATH (requires admin)
+          sudo mv ./bicep /usr/local/bin/bicep
+          # Verify you can now access the 'bicep' command
+          bicep --help
+          # Done!
+          
+      - name: List Now Installed Bicep Version
+        shell: pwsh
+        run: |
+          $bicepVersion = bicep --version
+          Write-Information "=====> Now installed Bicep version is: $bicepVersion <=====" -InformationAction Continue
+          
       - name: Bicep Build & Lint All Modules
         shell: pwsh
         run: |
+          $output = @()
           Get-ChildItem -Recurse -Filter '*.bicep' -Exclude 'callModuleFromACR.example.bicep','orchHubSpoke.bicep' | ForEach-Object {
               Write-Information "==> Attempting Bicep Build For File: $_" -InformationAction Continue
-              $output = bicep build $_.FullName 2>&1
+              $bicepOutput = bicep build $_.FullName 2>&1
               if ($LastExitCode -ne 0)
               {
-                throw $output
+                foreach ($item in $bicepOutput) {
+                  $output += "$($item) `r`n"
+                }
               }
               Else
               {
-                echo $output
-              }   
+                echo "Bicep Build Successful for File: $_"
+              }
+          }
+          if ($output.length -gt 0) {
+            throw $output
           }
 
       - name: List Azure Resource Types

docs/wiki/Contributing.md

@@ -13,6 +13,7 @@
   - [Bicep Best Practices](#bicep-best-practices)
   - [Bicep Code Styling](#bicep-code-styling)
   - [Bicep Elements Naming Standards](#bicep-elements-naming-standards)
+  - [Bicep Common Parameters Naming Standards](#bicep-common-parameters-naming-standards)
   - [Bicep File Structure](#bicep-file-structure)
   - [Bicep File Structure Example](#bicep-file-structure-example)
 - [Constructing a Bicep Module](#constructing-a-bicep-module)
@@ -230,6 +231,30 @@ To author Bicep modules that are in-line with the requirements for this project,
                     },
                     "max-variables": {
                       "level": "error"
+                    },
+                    "artifacts-parameters":{
+                      "level": "error"
+                    },
+                    "no-unused-existing-resources":{
+                      "level": "error"
+                    },
+                    "prefer-unquoted-property-names":{
+                      "level": "error"
+                    },
+                    "secure-params-in-nested-deploy":{
+                      "level": "error"
+                    },
+                    "secure-secrets-in-params":{
+                      "level": "error"
+                    },
+                    "use-recent-api-versions":{
+                      "level": "error"
+                    },
+                    "use-resource-id-functions":{
+                      "level": "error"
+                    },
+                    "use-stable-resource-identifiers":{
+                      "level": "error"
                     }
                   }
                 }

infra-as-code/bicep/CRML/containerRegistry/bicepconfig.json

@@ -57,6 +57,30 @@
         },
         "max-variables": {
           "level": "error"
+        },
+        "artifacts-parameters":{
+          "level": "error"
+        },
+        "no-unused-existing-resources":{
+          "level": "error"
+        },
+        "prefer-unquoted-property-names":{
+          "level": "error"
+        },
+        "secure-params-in-nested-deploy":{
+          "level": "error"
+        },
+        "secure-secrets-in-params":{
+          "level": "error"
+        },
+        "use-recent-api-versions":{
+          "level": "error"
+        },
+        "use-resource-id-functions":{
+          "level": "error"
+        },
+        "use-stable-resource-identifiers":{
+          "level": "error"
         }
       }
     }

infra-as-code/bicep/CRML/containerRegistry/containerRegistry.bicep

@@ -23,7 +23,7 @@ param parAcrSku string = 'Basic'
 @description('Tags to be applied to resource when deployed.  Default: None')
 param parTags object ={}
 
-resource resAzureContainerRegistry 'Microsoft.ContainerRegistry/registries@2021-06-01-preview' = {
+resource resAzureContainerRegistry 'Microsoft.ContainerRegistry/registries@2022-02-01-preview' = {
   name: parAcrName
   tags: parTags
   location: parLocation

infra-as-code/bicep/CRML/customerUsageAttribution/bicepconfig.json

@@ -57,6 +57,30 @@
         },
         "max-variables": {
           "level": "error"
+        },
+        "artifacts-parameters":{
+          "level": "error"
+        },
+        "no-unused-existing-resources":{
+          "level": "error"
+        },
+        "prefer-unquoted-property-names":{
+          "level": "error"
+        },
+        "secure-params-in-nested-deploy":{
+          "level": "error"
+        },
+        "secure-secrets-in-params":{
+          "level": "error"
+        },
+        "use-recent-api-versions":{
+          "level": "error"
+        },
+        "use-resource-id-functions":{
+          "level": "error"
+        },
+        "use-stable-resource-identifiers":{
+          "level": "error"
         }
       }
     }

infra-as-code/bicep/CRML/subscriptionAlias/bicepconfig.json

@@ -57,6 +57,30 @@
         },
         "max-variables": {
           "level": "error"
+        },
+        "artifacts-parameters":{
+          "level": "error"
+        },
+        "no-unused-existing-resources":{
+          "level": "error"
+        },
+        "prefer-unquoted-property-names":{
+          "level": "error"
+        },
+        "secure-params-in-nested-deploy":{
+          "level": "error"
+        },
+        "secure-secrets-in-params":{
+          "level": "error"
+        },
+        "use-recent-api-versions":{
+          "level": "error"
+        },
+        "use-resource-id-functions":{
+          "level": "error"
+        },
+        "use-stable-resource-identifiers":{
+          "level": "error"
         }
       }
     }

infra-as-code/bicep/modules/customRoleDefinitions/bicepconfig.json

@@ -57,6 +57,30 @@
         },
         "max-variables": {
           "level": "error"
+        },
+        "artifacts-parameters":{
+          "level": "error"
+        },
+        "no-unused-existing-resources":{
+          "level": "error"
+        },
+        "prefer-unquoted-property-names":{
+          "level": "error"
+        },
+        "secure-params-in-nested-deploy":{
+          "level": "error"
+        },
+        "secure-secrets-in-params":{
+          "level": "error"
+        },
+        "use-recent-api-versions":{
+          "level": "error"
+        },
+        "use-resource-id-functions":{
+          "level": "error"
+        },
+        "use-stable-resource-identifiers":{
+          "level": "error"
         }
       }
     }

infra-as-code/bicep/modules/customRoleDefinitions/definitions/cafApplicationOwnerRole.bicep

@@ -8,7 +8,7 @@ var varRole = {
   description: 'Contributor role granted for application/operations team at resource group level'
 }
 
-resource resRoleDefinition 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' = {
+resource resRoleDefinition 'Microsoft.Authorization/roleDefinitions@2022-04-01' = {
   name: guid(varRole.name)
   properties: {
     roleName: varRole.name

infra-as-code/bicep/modules/customRoleDefinitions/definitions/cafNetworkManagementRole.bicep

@@ -8,7 +8,7 @@ var varRole = {
   description: 'Platform-wide global connectivity management: Virtual networks, UDRs, NSGs, NVAs, VPN, Azure ExpressRoute, and others'
 }
 
-resource resRoleDefinition 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' = {
+resource resRoleDefinition 'Microsoft.Authorization/roleDefinitions@2022-04-01' = {
   name: guid(varRole.name)
   properties: {
     roleName: varRole.name

infra-as-code/bicep/modules/customRoleDefinitions/definitions/cafSecurityOperationsRole.bicep

@@ -8,7 +8,7 @@ var varRole = {
   description: 'Security administrator role with a horizontal view across the entire Azure estate and the Azure Key Vault purge policy'
 }
 
-resource resRoleDefinition 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' = {
+resource resRoleDefinition 'Microsoft.Authorization/roleDefinitions@2022-04-01' = {
   name: guid(varRole.name)
   properties: {
     roleName: varRole.name

infra-as-code/bicep/modules/customRoleDefinitions/definitions/cafSubscriptionOwnerRole.bicep

@@ -8,7 +8,7 @@ var varRole = {
   description: 'Delegated role for subscription owner derived from subscription Owner role'
 }
 
-resource resRoleDefinition 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' = {
+resource resRoleDefinition 'Microsoft.Authorization/roleDefinitions@2022-04-01' = {
   name: guid(varRole.name)
   properties: {
     roleName: varRole.name

infra-as-code/bicep/modules/customRoleDefinitions/definitions/china/mc-cafNetworkManagementRole.bicep

@@ -8,7 +8,7 @@ var varRole = {
   description: 'Platform-wide global connectivity management: Virtual networks, UDRs, NSGs, NVAs, VPN, Azure ExpressRoute, and others'
 }
 
-resource resRoleDefinition 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' = {
+resource resRoleDefinition 'Microsoft.Authorization/roleDefinitions@2022-04-01' = {
   name: guid(varRole.name)
   properties: {
     roleName: varRole.name

infra-as-code/bicep/modules/customRoleDefinitions/definitions/china/mc-cafSecurityOperationsRole.bicep

@@ -8,7 +8,7 @@ var varRole = {
   description: 'Security administrator role with a horizontal view across the entire Azure estate and the Azure Key Vault purge policy'
 }
 
-resource resRoleDefinition 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' = {
+resource resRoleDefinition 'Microsoft.Authorization/roleDefinitions@2022-04-01' = {
   name: guid(varRole.name)
   properties: {
     roleName: varRole.name

infra-as-code/bicep/modules/hubNetworking/bicepconfig.json

@@ -83,6 +83,30 @@
         },
         "max-variables": {
           "level": "error"
+        },
+        "artifacts-parameters":{
+          "level": "error"
+        },
+        "no-unused-existing-resources":{
+          "level": "error"
+        },
+        "prefer-unquoted-property-names":{
+          "level": "error"
+        },
+        "secure-params-in-nested-deploy":{
+          "level": "error"
+        },
+        "secure-secrets-in-params":{
+          "level": "error"
+        },
+        "use-recent-api-versions":{
+          "level": "error"
+        },
+        "use-resource-id-functions":{
+          "level": "error"
+        },
+        "use-stable-resource-identifiers":{
+          "level": "error"
         }
       }
     }

infra-as-code/bicep/modules/logging/bicepconfig.json

@@ -57,6 +57,30 @@
         },
         "max-variables": {
           "level": "error"
+        },
+        "artifacts-parameters":{
+          "level": "error"
+        },
+        "no-unused-existing-resources":{
+          "level": "error"
+        },
+        "prefer-unquoted-property-names":{
+          "level": "error"
+        },
+        "secure-params-in-nested-deploy":{
+          "level": "error"
+        },
+        "secure-secrets-in-params":{
+          "level": "error"
+        },
+        "use-recent-api-versions":{
+          "level": "error"
+        },
+        "use-resource-id-functions":{
+          "level": "error"
+        },
+        "use-stable-resource-identifiers":{
+          "level": "error"
         }
       }
     }

infra-as-code/bicep/modules/managementGroups/bicepconfig.json

@@ -57,6 +57,30 @@
         },
         "max-variables": {
           "level": "error"
+        },
+        "artifacts-parameters":{
+          "level": "error"
+        },
+        "no-unused-existing-resources":{
+          "level": "error"
+        },
+        "prefer-unquoted-property-names":{
+          "level": "error"
+        },
+        "secure-params-in-nested-deploy":{
+          "level": "error"
+        },
+        "secure-secrets-in-params":{
+          "level": "error"
+        },
+        "use-recent-api-versions":{
+          "level": "error"
+        },
+        "use-resource-id-functions":{
+          "level": "error"
+        },
+        "use-stable-resource-identifiers":{
+          "level": "error"
         }
       }
     }

infra-as-code/bicep/modules/managementGroups/managementGroups.bicep

@@ -97,7 +97,7 @@ resource resTopLevelMg 'Microsoft.Management/managementGroups@2021-04-01' = {
     displayName: parTopLevelManagementGroupDisplayName
     details: {
       parent: {
-        id: (empty(parTopLevelManagementGroupParentId) ? '/providers/Microsoft.Management/managementGroups/${tenant().tenantId}' : parTopLevelManagementGroupParentId)
+        id: empty(parTopLevelManagementGroupParentId) ? '/providers/Microsoft.Management/managementGroups/${tenant().tenantId}' : parTopLevelManagementGroupParentId
       }
     }
   }