diff --git a/docs/wiki/FAQ.md b/docs/wiki/FAQ.md index 4b3013136..0d0eed557 100644 --- a/docs/wiki/FAQ.md +++ b/docs/wiki/FAQ.md @@ -10,8 +10,16 @@ Some FAQ questions that relate more to the architecture are based over in the CA ## List of Frequently Asked Questions -- TBC +- [Why are some linter rules disabled via the `#disable-next-line` Bicep function?](#why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function) --- -## Questions & Answers \ No newline at end of file +## Questions & Answers + +## Why are some linter rules disabled via the `#disable-next-line` Bicep function? + +In some of the ALZ-Bicep modules some of linter rules are disabled using the `#disable-next-line` Bicep feature. Today, this is primarily for disabling the [no-loc-expr-outside-params linter rule](https://docs.microsoft.com/azure/azure-resource-manager/bicep/linter-rule-no-loc-expr-outside-params) for the, optional, telemetry module as we want to ensure this telemetry deployment is stored in the same location as specified by the `location` input when deploying the Bicep module, instead of in the same location as specified by `parRegion` or `parLocation` as this may be different from the region targeted by the deployment to ARM. + +You may also see it in some location for resources that do not require a region for deployment, like Azure Policies, so instead of making users input an additional parameter for the region, we just use the one that was targeted by the deployment to ARM when the module was deployed. + +It is not recommended to disable linter rules when it can be resolved by making changes to the Bicep code. However, in some scenarios, like above, this is necessary. \ No newline at end of file diff --git a/infra-as-code/bicep/modules/customRoleDefinitions/customRoleDefinitions.bicep b/infra-as-code/bicep/modules/customRoleDefinitions/customRoleDefinitions.bicep index 70a20e820..8d4f0628e 100644 --- a/infra-as-code/bicep/modules/customRoleDefinitions/customRoleDefinitions.bicep +++ b/infra-as-code/bicep/modules/customRoleDefinitions/customRoleDefinitions.bicep @@ -55,7 +55,7 @@ module modRolesSecurityOperationsRole 'definitions/caf-security-operations-role. // Optional Deployment for Customer Usage Attribution module modCustomerUsageAttribution '../../CRML/customerUsageAttribution/cuaIdManagementGroup.bicep' = if (!parTelemetryOptOut) { - #disable-next-line no-loc-expr-outside-params + #disable-next-line no-loc-expr-outside-params //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ#why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information name: 'pid-${varCuaid}-${uniqueString(deployment().location)}' params: {} } diff --git a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep index b98e8c32d..099955560 100644 --- a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep +++ b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep @@ -466,7 +466,7 @@ resource resVirtualNetworkLink 'Microsoft.Network/privateDnsZones/virtualNetwork // Optional Deployment for Customer Usage Attribution module modCustomerUsageAttribution '../../CRML/customerUsageAttribution/cuaIdResourceGroup.bicep' = if (!parTelemetryOptOut) { - #disable-next-line no-loc-expr-outside-params + #disable-next-line no-loc-expr-outside-params //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ#why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information name: 'pid-${varCuaid}-${uniqueString(resourceGroup().location)}' params: {} } diff --git a/infra-as-code/bicep/modules/logging/logging.bicep b/infra-as-code/bicep/modules/logging/logging.bicep index 280a166a1..b66d6113c 100644 --- a/infra-as-code/bicep/modules/logging/logging.bicep +++ b/infra-as-code/bicep/modules/logging/logging.bicep @@ -118,7 +118,7 @@ resource resLogAnalyticsLinkedServiceForAutomationAccount 'Microsoft.Operational // Optional Deployment for Customer Usage Attribution module modCustomerUsageAttribution '../../CRML/customerUsageAttribution/cuaIdResourceGroup.bicep' = if (!parTelemetryOptOut) { - #disable-next-line no-loc-expr-outside-params + #disable-next-line no-loc-expr-outside-params //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ#why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information name: 'pid-${varCuaid}-${uniqueString(resourceGroup().location)}' params: {} } diff --git a/infra-as-code/bicep/modules/managementGroups/managementGroups.bicep b/infra-as-code/bicep/modules/managementGroups/managementGroups.bicep index f5ba5dcb2..48c1d4622 100644 --- a/infra-as-code/bicep/modules/managementGroups/managementGroups.bicep +++ b/infra-as-code/bicep/modules/managementGroups/managementGroups.bicep @@ -203,12 +203,11 @@ resource resLandingZonesOnlineMG 'Microsoft.Management/managementGroups@2021-04- // Optional Deployment for Customer Usage Attribution module modCustomerUsageAttribution '../../CRML/customerUsageAttribution/cuaIdTenant.bicep' = if (!parTelemetryOptOut) { - #disable-next-line no-loc-expr-outside-params + #disable-next-line no-loc-expr-outside-params //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ#why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ#why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information name: 'pid-${varCuaid}-${uniqueString(deployment().location)}' params: {} } - // Output Management Group IDs output outTopLevelMGId string = resTopLevelMG.id diff --git a/infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep b/infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep index 7215eea5e..340589f03 100644 --- a/infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep +++ b/infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep @@ -47,7 +47,7 @@ var varCuaid = '98cef979-5a6b-403b-83c7-10c8f04ac9a2' // Orchestration Module Variables var varDeploymentNameWrappers = { basePrefix: 'ALZBicep' - #disable-next-line no-loc-expr-outside-params + #disable-next-line no-loc-expr-outside-params //Policies resources are not deployed to a region, like other resources, but the metadata is stored in a region hence requiring this to keep input parameters reduced. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ#why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information baseSuffixTenantAndManagementGroup: '${deployment().location}-${uniqueString(deployment().location, parTopLevelManagementGroupPrefix)}' } @@ -226,7 +226,7 @@ targetScope = 'managementGroup' // Optional Deployment for Customer Usage Attribution module modCustomerUsageAttribution '../../../../CRML/customerUsageAttribution/cuaIdManagementGroup.bicep' = if (!parTelemetryOptOut) { - #disable-next-line no-loc-expr-outside-params + #disable-next-line no-loc-expr-outside-params //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ#why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information name: 'pid-${varCuaid}-${uniqueString(deployment().location)}' params: {} } diff --git a/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep b/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep index 2f3835463..b9daed490 100644 --- a/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep +++ b/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep @@ -82,7 +82,7 @@ resource resPolicyAssignment 'Microsoft.Authorization/policyAssignments@2020-09- identity: { type: varPolicyIdentity } - #disable-next-line no-loc-expr-outside-params + #disable-next-line no-loc-expr-outside-params //Policies resources are not deployed to a region, like other resources, but the metadata is stored in a region hence requiring this to keep input parameters reduced. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ#why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information location: deployment().location } @@ -110,7 +110,7 @@ module modPolicyIdentityRoleAssignmentSubsMany '../../roleAssignments/roleAssign // Optional Deployment for Customer Usage Attribution module modCustomerUsageAttribution '../../../CRML/customerUsageAttribution/cuaIdManagementGroup.bicep' = if (!parTelemetryOptOut) { - #disable-next-line no-loc-expr-outside-params + #disable-next-line no-loc-expr-outside-params //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ#why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information name: 'pid-${varCuaid}-${uniqueString(deployment().location, parPolicyAssignmentName)}' params: {} } diff --git a/infra-as-code/bicep/modules/policy/definitions/custom-policy-definitions.bicep b/infra-as-code/bicep/modules/policy/definitions/custom-policy-definitions.bicep index 9b302d85e..373bb39ab 100644 --- a/infra-as-code/bicep/modules/policy/definitions/custom-policy-definitions.bicep +++ b/infra-as-code/bicep/modules/policy/definitions/custom-policy-definitions.bicep @@ -1240,7 +1240,7 @@ resource resPolicySetDefinitions 'Microsoft.Authorization/policySetDefinitions@2 // Optional Deployment for Customer Usage Attribution module modCustomerUsageAttribution '../../../CRML/customerUsageAttribution/cuaIdManagementGroup.bicep' = if (!parTelemetryOptOut) { - #disable-next-line no-loc-expr-outside-params + #disable-next-line no-loc-expr-outside-params //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ#why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information name: 'pid-${varCuaid}-${uniqueString(deployment().location)}' params: {} } diff --git a/infra-as-code/bicep/modules/publicIp/publicIp.bicep b/infra-as-code/bicep/modules/publicIp/publicIp.bicep index bdd3241fd..15029c4c7 100644 --- a/infra-as-code/bicep/modules/publicIp/publicIp.bicep +++ b/infra-as-code/bicep/modules/publicIp/publicIp.bicep @@ -37,7 +37,7 @@ resource resPublicIP 'Microsoft.Network/publicIPAddresses@2021-02-01' ={ // Optional Deployment for Customer Usage Attribution module modCustomerUsageAttribution '../../CRML/customerUsageAttribution/cuaIdResourceGroup.bicep' = if (!parTelemetryOptOut) { - #disable-next-line no-loc-expr-outside-params + #disable-next-line no-loc-expr-outside-params //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ#why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information name: 'pid-${varCuaid}-${uniqueString(resourceGroup().location, parPublicIPName)}' params: {} } diff --git a/infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroup.bicep b/infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroup.bicep index 41aac20d7..fe1da9a0e 100644 --- a/infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroup.bicep +++ b/infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroup.bicep @@ -45,7 +45,7 @@ resource resRoleAssignment 'Microsoft.Authorization/roleAssignments@2020-08-01-p // Optional Deployment for Customer Usage Attribution module modCustomerUsageAttribution '../../CRML/customerUsageAttribution/cuaIdManagementGroup.bicep' = if (!parTelemetryOptOut) { - #disable-next-line no-loc-expr-outside-params + #disable-next-line no-loc-expr-outside-params //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ#why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information name: 'pid-${varCuaid}-${uniqueString(deployment().location, parRoleAssignmentNameGuid)}' params: {} } diff --git a/infra-as-code/bicep/modules/subscriptionPlacement/subscriptionPlacement.bicep b/infra-as-code/bicep/modules/subscriptionPlacement/subscriptionPlacement.bicep index f69d701bd..2d5d06b03 100644 --- a/infra-as-code/bicep/modules/subscriptionPlacement/subscriptionPlacement.bicep +++ b/infra-as-code/bicep/modules/subscriptionPlacement/subscriptionPlacement.bicep @@ -29,7 +29,7 @@ resource resSubscriptionPlacement 'Microsoft.Management/managementGroups/subscri // Optional Deployment for Customer Usage Attribution module modCustomerUsageAttribution '../../CRML/customerUsageAttribution/cuaIdManagementGroup.bicep' = if (!parTelemetryOptOut) { - #disable-next-line no-loc-expr-outside-params + #disable-next-line no-loc-expr-outside-params //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ#why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information name: 'pid-${varCuaid}-${uniqueString(deployment().location)}' params: {} } diff --git a/infra-as-code/bicep/modules/virtualNetworkPeer/virtualNetworkPeer.bicep b/infra-as-code/bicep/modules/virtualNetworkPeer/virtualNetworkPeer.bicep index 77c274626..208f7cc24 100644 --- a/infra-as-code/bicep/modules/virtualNetworkPeer/virtualNetworkPeer.bicep +++ b/infra-as-code/bicep/modules/virtualNetworkPeer/virtualNetworkPeer.bicep @@ -45,7 +45,7 @@ resource resVirtualNetworkPeer 'Microsoft.Network/virtualNetworks/virtualNetwork // Optional Deployment for Customer Usage Attribution module modCustomerUsageAttribution '../../CRML/customerUsageAttribution/cuaIdResourceGroup.bicep' = if (!parTelemetryOptOut) { - #disable-next-line no-loc-expr-outside-params + #disable-next-line no-loc-expr-outside-params //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ#why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information name: 'pid-${varCuaid}-${uniqueString(resourceGroup().location)}' params: {} }