diff --git a/.github/workflows/bicep-build-to-validate.yml b/.github/workflows/bicep-build-to-validate.yml index 070b74105..2d9b84002 100644 --- a/.github/workflows/bicep-build-to-validate.yml +++ b/.github/workflows/bicep-build-to-validate.yml @@ -8,6 +8,7 @@ on: - "**.bicep" - "ps-rule.yaml" - ".ps-rule/*" + - "**/bicepconfig.json" workflow_dispatch: {} jobs: @@ -21,20 +22,52 @@ jobs: with: fetch-depth: 0 + - name: List Currently Installed Bicep Version + shell: pwsh + run: | + $bicepVersion = bicep --version + Write-Information "=====> Currently installed Bicep version is: $bicepVersion <=====" -InformationAction Continue + + - name: Install latest version of Bicep + shell: sh + run: | + # From https://docs.microsoft.com/en-us/azure/azure-resource-manager/bicep/install#linux + # Fetch the latest Bicep CLI binary + curl -Lo bicep https://github.com/Azure/bicep/releases/latest/download/bicep-linux-x64 + # Mark it as executable + chmod +x ./bicep + # Add bicep to your PATH (requires admin) + sudo mv ./bicep /usr/local/bin/bicep + # Verify you can now access the 'bicep' command + bicep --help + # Done! + + - name: List Now Installed Bicep Version + shell: pwsh + run: | + $bicepVersion = bicep --version + Write-Information "=====> Now installed Bicep version is: $bicepVersion <=====" -InformationAction Continue + - name: Bicep Build & Lint All Modules shell: pwsh run: | + $output = @() Get-ChildItem -Recurse -Filter '*.bicep' -Exclude 'callModuleFromACR.example.bicep','orchHubSpoke.bicep' | ForEach-Object { Write-Information "==> Attempting Bicep Build For File: $_" -InformationAction Continue - $output = bicep build $_.FullName 2>&1 + $bicepOutput = bicep build $_.FullName 2>&1 if ($LastExitCode -ne 0) { - throw $output + foreach ($item in $bicepOutput) { + $output += "$($item) `r`n" + } } Else { - echo $output - } + echo "Bicep Build Successful for File: $_" + } + } + if ($output.length -gt 0) { + throw $output } - name: List Azure Resource Types diff --git a/docs/wiki/Contributing.md b/docs/wiki/Contributing.md index 5104a00a0..a8062d75b 100644 --- a/docs/wiki/Contributing.md +++ b/docs/wiki/Contributing.md @@ -13,6 +13,7 @@ - [Bicep Best Practices](#bicep-best-practices) - [Bicep Code Styling](#bicep-code-styling) - [Bicep Elements Naming Standards](#bicep-elements-naming-standards) + - [Bicep Common Parameters Naming Standards](#bicep-common-parameters-naming-standards) - [Bicep File Structure](#bicep-file-structure) - [Bicep File Structure Example](#bicep-file-structure-example) - [Constructing a Bicep Module](#constructing-a-bicep-module) @@ -230,6 +231,30 @@ To author Bicep modules that are in-line with the requirements for this project, }, "max-variables": { "level": "error" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } } diff --git a/infra-as-code/bicep/CRML/containerRegistry/bicepconfig.json b/infra-as-code/bicep/CRML/containerRegistry/bicepconfig.json index 2c0ef2c34..8c7c1e3c3 100644 --- a/infra-as-code/bicep/CRML/containerRegistry/bicepconfig.json +++ b/infra-as-code/bicep/CRML/containerRegistry/bicepconfig.json @@ -57,6 +57,30 @@ }, "max-variables": { "level": "error" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } } diff --git a/infra-as-code/bicep/CRML/containerRegistry/containerRegistry.bicep b/infra-as-code/bicep/CRML/containerRegistry/containerRegistry.bicep index d257380af..64112b8e9 100644 --- a/infra-as-code/bicep/CRML/containerRegistry/containerRegistry.bicep +++ b/infra-as-code/bicep/CRML/containerRegistry/containerRegistry.bicep @@ -23,7 +23,7 @@ param parAcrSku string = 'Basic' @description('Tags to be applied to resource when deployed. Default: None') param parTags object ={} -resource resAzureContainerRegistry 'Microsoft.ContainerRegistry/registries@2021-06-01-preview' = { +resource resAzureContainerRegistry 'Microsoft.ContainerRegistry/registries@2022-02-01-preview' = { name: parAcrName tags: parTags location: parLocation diff --git a/infra-as-code/bicep/CRML/customerUsageAttribution/bicepconfig.json b/infra-as-code/bicep/CRML/customerUsageAttribution/bicepconfig.json index 2c0ef2c34..8c7c1e3c3 100644 --- a/infra-as-code/bicep/CRML/customerUsageAttribution/bicepconfig.json +++ b/infra-as-code/bicep/CRML/customerUsageAttribution/bicepconfig.json @@ -57,6 +57,30 @@ }, "max-variables": { "level": "error" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } } diff --git a/infra-as-code/bicep/CRML/subscriptionAlias/bicepconfig.json b/infra-as-code/bicep/CRML/subscriptionAlias/bicepconfig.json index 2c0ef2c34..8c7c1e3c3 100644 --- a/infra-as-code/bicep/CRML/subscriptionAlias/bicepconfig.json +++ b/infra-as-code/bicep/CRML/subscriptionAlias/bicepconfig.json @@ -57,6 +57,30 @@ }, "max-variables": { "level": "error" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } } diff --git a/infra-as-code/bicep/modules/customRoleDefinitions/bicepconfig.json b/infra-as-code/bicep/modules/customRoleDefinitions/bicepconfig.json index 2c0ef2c34..8c7c1e3c3 100644 --- a/infra-as-code/bicep/modules/customRoleDefinitions/bicepconfig.json +++ b/infra-as-code/bicep/modules/customRoleDefinitions/bicepconfig.json @@ -57,6 +57,30 @@ }, "max-variables": { "level": "error" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } } diff --git a/infra-as-code/bicep/modules/customRoleDefinitions/definitions/cafApplicationOwnerRole.bicep b/infra-as-code/bicep/modules/customRoleDefinitions/definitions/cafApplicationOwnerRole.bicep index f6f92e7de..9b59d4279 100644 --- a/infra-as-code/bicep/modules/customRoleDefinitions/definitions/cafApplicationOwnerRole.bicep +++ b/infra-as-code/bicep/modules/customRoleDefinitions/definitions/cafApplicationOwnerRole.bicep @@ -8,7 +8,7 @@ var varRole = { description: 'Contributor role granted for application/operations team at resource group level' } -resource resRoleDefinition 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' = { +resource resRoleDefinition 'Microsoft.Authorization/roleDefinitions@2022-04-01' = { name: guid(varRole.name) properties: { roleName: varRole.name diff --git a/infra-as-code/bicep/modules/customRoleDefinitions/definitions/cafNetworkManagementRole.bicep b/infra-as-code/bicep/modules/customRoleDefinitions/definitions/cafNetworkManagementRole.bicep index dc308145e..8c57805d9 100644 --- a/infra-as-code/bicep/modules/customRoleDefinitions/definitions/cafNetworkManagementRole.bicep +++ b/infra-as-code/bicep/modules/customRoleDefinitions/definitions/cafNetworkManagementRole.bicep @@ -8,7 +8,7 @@ var varRole = { description: 'Platform-wide global connectivity management: Virtual networks, UDRs, NSGs, NVAs, VPN, Azure ExpressRoute, and others' } -resource resRoleDefinition 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' = { +resource resRoleDefinition 'Microsoft.Authorization/roleDefinitions@2022-04-01' = { name: guid(varRole.name) properties: { roleName: varRole.name diff --git a/infra-as-code/bicep/modules/customRoleDefinitions/definitions/cafSecurityOperationsRole.bicep b/infra-as-code/bicep/modules/customRoleDefinitions/definitions/cafSecurityOperationsRole.bicep index d316107fd..fb7268896 100644 --- a/infra-as-code/bicep/modules/customRoleDefinitions/definitions/cafSecurityOperationsRole.bicep +++ b/infra-as-code/bicep/modules/customRoleDefinitions/definitions/cafSecurityOperationsRole.bicep @@ -8,7 +8,7 @@ var varRole = { description: 'Security administrator role with a horizontal view across the entire Azure estate and the Azure Key Vault purge policy' } -resource resRoleDefinition 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' = { +resource resRoleDefinition 'Microsoft.Authorization/roleDefinitions@2022-04-01' = { name: guid(varRole.name) properties: { roleName: varRole.name diff --git a/infra-as-code/bicep/modules/customRoleDefinitions/definitions/cafSubscriptionOwnerRole.bicep b/infra-as-code/bicep/modules/customRoleDefinitions/definitions/cafSubscriptionOwnerRole.bicep index 9c2ab55f8..1cb1ca330 100644 --- a/infra-as-code/bicep/modules/customRoleDefinitions/definitions/cafSubscriptionOwnerRole.bicep +++ b/infra-as-code/bicep/modules/customRoleDefinitions/definitions/cafSubscriptionOwnerRole.bicep @@ -8,7 +8,7 @@ var varRole = { description: 'Delegated role for subscription owner derived from subscription Owner role' } -resource resRoleDefinition 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' = { +resource resRoleDefinition 'Microsoft.Authorization/roleDefinitions@2022-04-01' = { name: guid(varRole.name) properties: { roleName: varRole.name diff --git a/infra-as-code/bicep/modules/customRoleDefinitions/definitions/china/mc-cafNetworkManagementRole.bicep b/infra-as-code/bicep/modules/customRoleDefinitions/definitions/china/mc-cafNetworkManagementRole.bicep index 8110a529a..0be84fb36 100644 --- a/infra-as-code/bicep/modules/customRoleDefinitions/definitions/china/mc-cafNetworkManagementRole.bicep +++ b/infra-as-code/bicep/modules/customRoleDefinitions/definitions/china/mc-cafNetworkManagementRole.bicep @@ -8,7 +8,7 @@ var varRole = { description: 'Platform-wide global connectivity management: Virtual networks, UDRs, NSGs, NVAs, VPN, Azure ExpressRoute, and others' } -resource resRoleDefinition 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' = { +resource resRoleDefinition 'Microsoft.Authorization/roleDefinitions@2022-04-01' = { name: guid(varRole.name) properties: { roleName: varRole.name diff --git a/infra-as-code/bicep/modules/customRoleDefinitions/definitions/china/mc-cafSecurityOperationsRole.bicep b/infra-as-code/bicep/modules/customRoleDefinitions/definitions/china/mc-cafSecurityOperationsRole.bicep index b828903ed..41a89468a 100644 --- a/infra-as-code/bicep/modules/customRoleDefinitions/definitions/china/mc-cafSecurityOperationsRole.bicep +++ b/infra-as-code/bicep/modules/customRoleDefinitions/definitions/china/mc-cafSecurityOperationsRole.bicep @@ -8,7 +8,7 @@ var varRole = { description: 'Security administrator role with a horizontal view across the entire Azure estate and the Azure Key Vault purge policy' } -resource resRoleDefinition 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' = { +resource resRoleDefinition 'Microsoft.Authorization/roleDefinitions@2022-04-01' = { name: guid(varRole.name) properties: { roleName: varRole.name diff --git a/infra-as-code/bicep/modules/hubNetworking/bicepconfig.json b/infra-as-code/bicep/modules/hubNetworking/bicepconfig.json index a33498c39..2200cb038 100644 --- a/infra-as-code/bicep/modules/hubNetworking/bicepconfig.json +++ b/infra-as-code/bicep/modules/hubNetworking/bicepconfig.json @@ -83,6 +83,30 @@ }, "max-variables": { "level": "error" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } } diff --git a/infra-as-code/bicep/modules/logging/bicepconfig.json b/infra-as-code/bicep/modules/logging/bicepconfig.json index 2c0ef2c34..8c7c1e3c3 100644 --- a/infra-as-code/bicep/modules/logging/bicepconfig.json +++ b/infra-as-code/bicep/modules/logging/bicepconfig.json @@ -57,6 +57,30 @@ }, "max-variables": { "level": "error" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } } diff --git a/infra-as-code/bicep/modules/managementGroups/bicepconfig.json b/infra-as-code/bicep/modules/managementGroups/bicepconfig.json index 2c0ef2c34..8c7c1e3c3 100644 --- a/infra-as-code/bicep/modules/managementGroups/bicepconfig.json +++ b/infra-as-code/bicep/modules/managementGroups/bicepconfig.json @@ -57,6 +57,30 @@ }, "max-variables": { "level": "error" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } } diff --git a/infra-as-code/bicep/modules/managementGroups/managementGroups.bicep b/infra-as-code/bicep/modules/managementGroups/managementGroups.bicep index 67f9019f6..dfdef2e14 100644 --- a/infra-as-code/bicep/modules/managementGroups/managementGroups.bicep +++ b/infra-as-code/bicep/modules/managementGroups/managementGroups.bicep @@ -97,7 +97,7 @@ resource resTopLevelMg 'Microsoft.Management/managementGroups@2021-04-01' = { displayName: parTopLevelManagementGroupDisplayName details: { parent: { - id: (empty(parTopLevelManagementGroupParentId) ? '/providers/Microsoft.Management/managementGroups/${tenant().tenantId}' : parTopLevelManagementGroupParentId) + id: empty(parTopLevelManagementGroupParentId) ? '/providers/Microsoft.Management/managementGroups/${tenant().tenantId}' : parTopLevelManagementGroupParentId } } } diff --git a/infra-as-code/bicep/modules/policy/assignments/alzDefaults/bicepconfig.json b/infra-as-code/bicep/modules/policy/assignments/alzDefaults/bicepconfig.json index 2c0ef2c34..8c7c1e3c3 100644 --- a/infra-as-code/bicep/modules/policy/assignments/alzDefaults/bicepconfig.json +++ b/infra-as-code/bicep/modules/policy/assignments/alzDefaults/bicepconfig.json @@ -57,6 +57,30 @@ }, "max-variables": { "level": "error" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } } diff --git a/infra-as-code/bicep/modules/policy/assignments/bicepconfig.json b/infra-as-code/bicep/modules/policy/assignments/bicepconfig.json index 2c0ef2c34..8c7c1e3c3 100644 --- a/infra-as-code/bicep/modules/policy/assignments/bicepconfig.json +++ b/infra-as-code/bicep/modules/policy/assignments/bicepconfig.json @@ -57,6 +57,30 @@ }, "max-variables": { "level": "error" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } } diff --git a/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep b/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep index ed9753f36..227bba935 100644 --- a/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep +++ b/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep @@ -61,7 +61,7 @@ var varPolicyAssignmentIdentityRoleAssignmentsMgsConverged = parPolicyAssignment // Customer Usage Attribution Id var varCuaid = '78001e36-9738-429c-a343-45cc84e8a527' -resource resPolicyAssignment 'Microsoft.Authorization/policyAssignments@2020-09-01' = { +resource resPolicyAssignment 'Microsoft.Authorization/policyAssignments@2021-06-01' = { name: parPolicyAssignmentName properties: { displayName: parPolicyAssignmentDisplayName diff --git a/infra-as-code/bicep/modules/policy/definitions/bicepconfig.json b/infra-as-code/bicep/modules/policy/definitions/bicepconfig.json index 2c0ef2c34..8c7c1e3c3 100644 --- a/infra-as-code/bicep/modules/policy/definitions/bicepconfig.json +++ b/infra-as-code/bicep/modules/policy/definitions/bicepconfig.json @@ -57,6 +57,30 @@ }, "max-variables": { "level": "error" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } } diff --git a/infra-as-code/bicep/modules/policy/definitions/customPolicyDefinitions.bicep b/infra-as-code/bicep/modules/policy/definitions/customPolicyDefinitions.bicep index 72a0e241e..b6d43f1cb 100644 --- a/infra-as-code/bicep/modules/policy/definitions/customPolicyDefinitions.bicep +++ b/infra-as-code/bicep/modules/policy/definitions/customPolicyDefinitions.bicep @@ -1236,7 +1236,7 @@ var varPolicySetDefinitionEsEnforceEncrypttransitParameters = loadJsonContent('l // Customer Usage Attribution Id var varCuaid = '2b136786-9881-412e-84ba-f4c2822e1ac9' -resource resPolicyDefinitions 'Microsoft.Authorization/policyDefinitions@2020-09-01' = [for policy in varCustomPolicyDefinitionsArray: { +resource resPolicyDefinitions 'Microsoft.Authorization/policyDefinitions@2021-06-01' = [for policy in varCustomPolicyDefinitionsArray: { name: policy.libDefinition.name properties: { description: policy.libDefinition.properties.description @@ -1249,7 +1249,7 @@ resource resPolicyDefinitions 'Microsoft.Authorization/policyDefinitions@2020-09 } }] -resource resPolicySetDefinitions 'Microsoft.Authorization/policySetDefinitions@2020-09-01' = [for policySet in varCustomPolicySetDefinitionsArray: { +resource resPolicySetDefinitions 'Microsoft.Authorization/policySetDefinitions@2021-06-01' = [for policySet in varCustomPolicySetDefinitionsArray: { dependsOn: [ resPolicyDefinitions // Must wait for policy definitons to be deployed before starting the creation of Policy Set/Initiative Defininitions ] diff --git a/infra-as-code/bicep/modules/policy/definitions/mc-customPolicyDefinitions.bicep b/infra-as-code/bicep/modules/policy/definitions/mc-customPolicyDefinitions.bicep index d9601f9c5..25adee4a7 100644 --- a/infra-as-code/bicep/modules/policy/definitions/mc-customPolicyDefinitions.bicep +++ b/infra-as-code/bicep/modules/policy/definitions/mc-customPolicyDefinitions.bicep @@ -1153,7 +1153,7 @@ var varPolicySetDefinitionEsMcEnforceEncrypttransitParameters = loadJsonContent( // Customer Usage Attribution Id var varCuaid = '2b136786-9881-412e-84ba-f4c2822e1ac9' -resource resPolicyDefinitions 'Microsoft.Authorization/policyDefinitions@2020-09-01' = [for policy in varCustomPolicyDefinitionsArray: { +resource resPolicyDefinitions 'Microsoft.Authorization/policyDefinitions@2021-06-01' = [for policy in varCustomPolicyDefinitionsArray: { name: policy.libDefinition.name properties: { description: policy.libDefinition.properties.description @@ -1166,7 +1166,7 @@ resource resPolicyDefinitions 'Microsoft.Authorization/policyDefinitions@2020-09 } }] -resource resPolicySetDefinitions 'Microsoft.Authorization/policySetDefinitions@2020-09-01' = [for policySet in varCustomPolicySetDefinitionsArray: { +resource resPolicySetDefinitions 'Microsoft.Authorization/policySetDefinitions@2021-06-01' = [for policySet in varCustomPolicySetDefinitionsArray: { dependsOn: [ resPolicyDefinitions // Must wait for policy definitons to be deployed before starting the creation of Policy Set/Initiative Defininitions ] diff --git a/infra-as-code/bicep/modules/privateDnsZones/bicepconfig.json b/infra-as-code/bicep/modules/privateDnsZones/bicepconfig.json index a33498c39..2200cb038 100644 --- a/infra-as-code/bicep/modules/privateDnsZones/bicepconfig.json +++ b/infra-as-code/bicep/modules/privateDnsZones/bicepconfig.json @@ -83,6 +83,30 @@ }, "max-variables": { "level": "error" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } } diff --git a/infra-as-code/bicep/modules/publicIp/bicepconfig.json b/infra-as-code/bicep/modules/publicIp/bicepconfig.json index 2c0ef2c34..8c7c1e3c3 100644 --- a/infra-as-code/bicep/modules/publicIp/bicepconfig.json +++ b/infra-as-code/bicep/modules/publicIp/bicepconfig.json @@ -57,6 +57,30 @@ }, "max-variables": { "level": "error" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } } diff --git a/infra-as-code/bicep/modules/resourceGroup/bicepconfig.json b/infra-as-code/bicep/modules/resourceGroup/bicepconfig.json index 2c0ef2c34..8c7c1e3c3 100644 --- a/infra-as-code/bicep/modules/resourceGroup/bicepconfig.json +++ b/infra-as-code/bicep/modules/resourceGroup/bicepconfig.json @@ -57,6 +57,30 @@ }, "max-variables": { "level": "error" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } } diff --git a/infra-as-code/bicep/modules/roleAssignments/bicepconfig.json b/infra-as-code/bicep/modules/roleAssignments/bicepconfig.json index 2c0ef2c34..8c7c1e3c3 100644 --- a/infra-as-code/bicep/modules/roleAssignments/bicepconfig.json +++ b/infra-as-code/bicep/modules/roleAssignments/bicepconfig.json @@ -57,6 +57,30 @@ }, "max-variables": { "level": "error" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } } diff --git a/infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroup.bicep b/infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroup.bicep index 6bfa483b8..9f8994a3d 100644 --- a/infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroup.bicep +++ b/infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroup.bicep @@ -22,7 +22,7 @@ param parTelemetryOptOut bool = false // Customer Usage Attribution Id var varCuaid = '59c2ac61-cd36-413b-b999-86a3e0d958fb' -resource resRoleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = { +resource resRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = { name: parRoleAssignmentNameGuid properties: { roleDefinitionId: tenantResourceId('Microsoft.Authorization/roleDefinitions', parRoleDefinitionId) diff --git a/infra-as-code/bicep/modules/roleAssignments/roleAssignmentSubscription.bicep b/infra-as-code/bicep/modules/roleAssignments/roleAssignmentSubscription.bicep index c27bdab09..9c72089b5 100644 --- a/infra-as-code/bicep/modules/roleAssignments/roleAssignmentSubscription.bicep +++ b/infra-as-code/bicep/modules/roleAssignments/roleAssignmentSubscription.bicep @@ -22,7 +22,7 @@ param parTelemetryOptOut bool = false // Customer Usage Attribution Id var varCuaid = '59c2ac61-cd36-413b-b999-86a3e0d958fb' -resource resRoleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = { +resource resRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = { name: parRoleAssignmentNameGuid properties: { roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', parRoleDefinitionId) diff --git a/infra-as-code/bicep/modules/spokeNetworking/bicepconfig.json b/infra-as-code/bicep/modules/spokeNetworking/bicepconfig.json index 2c0ef2c34..8c7c1e3c3 100644 --- a/infra-as-code/bicep/modules/spokeNetworking/bicepconfig.json +++ b/infra-as-code/bicep/modules/spokeNetworking/bicepconfig.json @@ -57,6 +57,30 @@ }, "max-variables": { "level": "error" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } } diff --git a/infra-as-code/bicep/modules/subscriptionPlacement/bicepconfig.json b/infra-as-code/bicep/modules/subscriptionPlacement/bicepconfig.json index 2c0ef2c34..8c7c1e3c3 100644 --- a/infra-as-code/bicep/modules/subscriptionPlacement/bicepconfig.json +++ b/infra-as-code/bicep/modules/subscriptionPlacement/bicepconfig.json @@ -57,6 +57,30 @@ }, "max-variables": { "level": "error" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } } diff --git a/infra-as-code/bicep/modules/unstable/orchestration/hubSpoke/bicepconfig.json b/infra-as-code/bicep/modules/unstable/orchestration/hubSpoke/bicepconfig.json index a1d8d4751..4a5463bb4 100644 --- a/infra-as-code/bicep/modules/unstable/orchestration/hubSpoke/bicepconfig.json +++ b/infra-as-code/bicep/modules/unstable/orchestration/hubSpoke/bicepconfig.json @@ -62,6 +62,30 @@ }, "use-stable-vm-image": { "level": "off" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } } diff --git a/infra-as-code/bicep/modules/vnetPeering/bicepconfig.json b/infra-as-code/bicep/modules/vnetPeering/bicepconfig.json index 2c0ef2c34..8c7c1e3c3 100644 --- a/infra-as-code/bicep/modules/vnetPeering/bicepconfig.json +++ b/infra-as-code/bicep/modules/vnetPeering/bicepconfig.json @@ -57,6 +57,30 @@ }, "max-variables": { "level": "error" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } } diff --git a/infra-as-code/bicep/modules/vnetPeeringVwan/bicepconfig.json b/infra-as-code/bicep/modules/vnetPeeringVwan/bicepconfig.json index 2c0ef2c34..8c7c1e3c3 100644 --- a/infra-as-code/bicep/modules/vnetPeeringVwan/bicepconfig.json +++ b/infra-as-code/bicep/modules/vnetPeeringVwan/bicepconfig.json @@ -57,6 +57,30 @@ }, "max-variables": { "level": "error" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } } diff --git a/infra-as-code/bicep/modules/vwanConnectivity/bicepconfig.json b/infra-as-code/bicep/modules/vwanConnectivity/bicepconfig.json index a33498c39..2200cb038 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/bicepconfig.json +++ b/infra-as-code/bicep/modules/vwanConnectivity/bicepconfig.json @@ -83,6 +83,30 @@ }, "max-variables": { "level": "error" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } } diff --git a/infra-as-code/bicep/orchestration/hubPeeredSpoke/bicepconfig.json b/infra-as-code/bicep/orchestration/hubPeeredSpoke/bicepconfig.json index 2c0ef2c34..8c7c1e3c3 100644 --- a/infra-as-code/bicep/orchestration/hubPeeredSpoke/bicepconfig.json +++ b/infra-as-code/bicep/orchestration/hubPeeredSpoke/bicepconfig.json @@ -57,6 +57,30 @@ }, "max-variables": { "level": "error" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } } diff --git a/infra-as-code/bicep/orchestration/subPlacementAll/bicepconfig.json b/infra-as-code/bicep/orchestration/subPlacementAll/bicepconfig.json index 2c0ef2c34..8c7c1e3c3 100644 --- a/infra-as-code/bicep/orchestration/subPlacementAll/bicepconfig.json +++ b/infra-as-code/bicep/orchestration/subPlacementAll/bicepconfig.json @@ -57,6 +57,30 @@ }, "max-variables": { "level": "error" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } }