From f2ad1c93841e81b551c63e84436e535f468f830a Mon Sep 17 00:00:00 2001 From: Robert Lightner Date: Tue, 13 Sep 2022 10:01:22 -0700 Subject: [PATCH 01/16] doc: PE and wiki, linter --- docs/wiki/Contributing.md | 25 +++++++++++++++++++ .../modules/privateDnsZones/bicepconfig.json | 24 ++++++++++++++++++ 2 files changed, 49 insertions(+) diff --git a/docs/wiki/Contributing.md b/docs/wiki/Contributing.md index 5104a00a0..a8062d75b 100644 --- a/docs/wiki/Contributing.md +++ b/docs/wiki/Contributing.md @@ -13,6 +13,7 @@ - [Bicep Best Practices](#bicep-best-practices) - [Bicep Code Styling](#bicep-code-styling) - [Bicep Elements Naming Standards](#bicep-elements-naming-standards) + - [Bicep Common Parameters Naming Standards](#bicep-common-parameters-naming-standards) - [Bicep File Structure](#bicep-file-structure) - [Bicep File Structure Example](#bicep-file-structure-example) - [Constructing a Bicep Module](#constructing-a-bicep-module) @@ -230,6 +231,30 @@ To author Bicep modules that are in-line with the requirements for this project, }, "max-variables": { "level": "error" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } } diff --git a/infra-as-code/bicep/modules/privateDnsZones/bicepconfig.json b/infra-as-code/bicep/modules/privateDnsZones/bicepconfig.json index a33498c39..2200cb038 100644 --- a/infra-as-code/bicep/modules/privateDnsZones/bicepconfig.json +++ b/infra-as-code/bicep/modules/privateDnsZones/bicepconfig.json @@ -83,6 +83,30 @@ }, "max-variables": { "level": "error" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } } From 5bb85a462603f8777e3e577f22c8a7e84ce5affd Mon Sep 17 00:00:00 2001 From: Robert Lightner Date: Tue, 13 Sep 2022 10:15:44 -0700 Subject: [PATCH 02/16] fix: updated workflow for b.json --- .github/workflows/bicep-build-to-validate.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/bicep-build-to-validate.yml b/.github/workflows/bicep-build-to-validate.yml index 070b74105..cefa8b66f 100644 --- a/.github/workflows/bicep-build-to-validate.yml +++ b/.github/workflows/bicep-build-to-validate.yml @@ -8,6 +8,7 @@ on: - "**.bicep" - "ps-rule.yaml" - ".ps-rule/*" + - "**/bicepconfig.json" workflow_dispatch: {} jobs: From cb840fd8f59c60203527e3a3577365edc4d0be82 Mon Sep 17 00:00:00 2001 From: Robert Lightner Date: Tue, 13 Sep 2022 14:54:08 -0700 Subject: [PATCH 03/16] chore: update linter rules to latest available --- .../CRML/containerRegistry/bicepconfig.json | 24 +++++++++++++++++++ .../customerUsageAttribution/bicepconfig.json | 24 +++++++++++++++++++ .../CRML/subscriptionAlias/bicepconfig.json | 24 +++++++++++++++++++ .../customRoleDefinitions/bicepconfig.json | 24 +++++++++++++++++++ .../modules/hubNetworking/bicepconfig.json | 24 +++++++++++++++++++ .../bicep/modules/logging/bicepconfig.json | 24 +++++++++++++++++++ .../modules/managementGroups/bicepconfig.json | 24 +++++++++++++++++++ .../assignments/alzDefaults/bicepconfig.json | 24 +++++++++++++++++++ .../policy/assignments/bicepconfig.json | 24 +++++++++++++++++++ .../policy/definitions/bicepconfig.json | 24 +++++++++++++++++++ .../bicep/modules/publicIp/bicepconfig.json | 24 +++++++++++++++++++ .../modules/resourceGroup/bicepconfig.json | 24 +++++++++++++++++++ .../modules/roleAssignments/bicepconfig.json | 24 +++++++++++++++++++ .../modules/spokeNetworking/bicepconfig.json | 24 +++++++++++++++++++ .../subscriptionPlacement/bicepconfig.json | 24 +++++++++++++++++++ .../orchestration/hubSpoke/bicepconfig.json | 24 +++++++++++++++++++ .../modules/vnetPeering/bicepconfig.json | 24 +++++++++++++++++++ .../modules/vnetPeeringVwan/bicepconfig.json | 24 +++++++++++++++++++ .../modules/vwanConnectivity/bicepconfig.json | 24 +++++++++++++++++++ .../hubPeeredSpoke/bicepconfig.json | 24 +++++++++++++++++++ .../subPlacementAll/bicepconfig.json | 24 +++++++++++++++++++ 21 files changed, 504 insertions(+) diff --git a/infra-as-code/bicep/CRML/containerRegistry/bicepconfig.json b/infra-as-code/bicep/CRML/containerRegistry/bicepconfig.json index 2c0ef2c34..8c7c1e3c3 100644 --- a/infra-as-code/bicep/CRML/containerRegistry/bicepconfig.json +++ b/infra-as-code/bicep/CRML/containerRegistry/bicepconfig.json @@ -57,6 +57,30 @@ }, "max-variables": { "level": "error" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } } diff --git a/infra-as-code/bicep/CRML/customerUsageAttribution/bicepconfig.json b/infra-as-code/bicep/CRML/customerUsageAttribution/bicepconfig.json index 2c0ef2c34..8c7c1e3c3 100644 --- a/infra-as-code/bicep/CRML/customerUsageAttribution/bicepconfig.json +++ b/infra-as-code/bicep/CRML/customerUsageAttribution/bicepconfig.json @@ -57,6 +57,30 @@ }, "max-variables": { "level": "error" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } } diff --git a/infra-as-code/bicep/CRML/subscriptionAlias/bicepconfig.json b/infra-as-code/bicep/CRML/subscriptionAlias/bicepconfig.json index 2c0ef2c34..8c7c1e3c3 100644 --- a/infra-as-code/bicep/CRML/subscriptionAlias/bicepconfig.json +++ b/infra-as-code/bicep/CRML/subscriptionAlias/bicepconfig.json @@ -57,6 +57,30 @@ }, "max-variables": { "level": "error" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } } diff --git a/infra-as-code/bicep/modules/customRoleDefinitions/bicepconfig.json b/infra-as-code/bicep/modules/customRoleDefinitions/bicepconfig.json index 2c0ef2c34..8c7c1e3c3 100644 --- a/infra-as-code/bicep/modules/customRoleDefinitions/bicepconfig.json +++ b/infra-as-code/bicep/modules/customRoleDefinitions/bicepconfig.json @@ -57,6 +57,30 @@ }, "max-variables": { "level": "error" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } } diff --git a/infra-as-code/bicep/modules/hubNetworking/bicepconfig.json b/infra-as-code/bicep/modules/hubNetworking/bicepconfig.json index a33498c39..2200cb038 100644 --- a/infra-as-code/bicep/modules/hubNetworking/bicepconfig.json +++ b/infra-as-code/bicep/modules/hubNetworking/bicepconfig.json @@ -83,6 +83,30 @@ }, "max-variables": { "level": "error" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } } diff --git a/infra-as-code/bicep/modules/logging/bicepconfig.json b/infra-as-code/bicep/modules/logging/bicepconfig.json index 2c0ef2c34..8c7c1e3c3 100644 --- a/infra-as-code/bicep/modules/logging/bicepconfig.json +++ b/infra-as-code/bicep/modules/logging/bicepconfig.json @@ -57,6 +57,30 @@ }, "max-variables": { "level": "error" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } } diff --git a/infra-as-code/bicep/modules/managementGroups/bicepconfig.json b/infra-as-code/bicep/modules/managementGroups/bicepconfig.json index 2c0ef2c34..8c7c1e3c3 100644 --- a/infra-as-code/bicep/modules/managementGroups/bicepconfig.json +++ b/infra-as-code/bicep/modules/managementGroups/bicepconfig.json @@ -57,6 +57,30 @@ }, "max-variables": { "level": "error" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } } diff --git a/infra-as-code/bicep/modules/policy/assignments/alzDefaults/bicepconfig.json b/infra-as-code/bicep/modules/policy/assignments/alzDefaults/bicepconfig.json index 2c0ef2c34..8c7c1e3c3 100644 --- a/infra-as-code/bicep/modules/policy/assignments/alzDefaults/bicepconfig.json +++ b/infra-as-code/bicep/modules/policy/assignments/alzDefaults/bicepconfig.json @@ -57,6 +57,30 @@ }, "max-variables": { "level": "error" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } } diff --git a/infra-as-code/bicep/modules/policy/assignments/bicepconfig.json b/infra-as-code/bicep/modules/policy/assignments/bicepconfig.json index 2c0ef2c34..8c7c1e3c3 100644 --- a/infra-as-code/bicep/modules/policy/assignments/bicepconfig.json +++ b/infra-as-code/bicep/modules/policy/assignments/bicepconfig.json @@ -57,6 +57,30 @@ }, "max-variables": { "level": "error" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } } diff --git a/infra-as-code/bicep/modules/policy/definitions/bicepconfig.json b/infra-as-code/bicep/modules/policy/definitions/bicepconfig.json index 2c0ef2c34..8c7c1e3c3 100644 --- a/infra-as-code/bicep/modules/policy/definitions/bicepconfig.json +++ b/infra-as-code/bicep/modules/policy/definitions/bicepconfig.json @@ -57,6 +57,30 @@ }, "max-variables": { "level": "error" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } } diff --git a/infra-as-code/bicep/modules/publicIp/bicepconfig.json b/infra-as-code/bicep/modules/publicIp/bicepconfig.json index 2c0ef2c34..8c7c1e3c3 100644 --- a/infra-as-code/bicep/modules/publicIp/bicepconfig.json +++ b/infra-as-code/bicep/modules/publicIp/bicepconfig.json @@ -57,6 +57,30 @@ }, "max-variables": { "level": "error" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } } diff --git a/infra-as-code/bicep/modules/resourceGroup/bicepconfig.json b/infra-as-code/bicep/modules/resourceGroup/bicepconfig.json index 2c0ef2c34..8c7c1e3c3 100644 --- a/infra-as-code/bicep/modules/resourceGroup/bicepconfig.json +++ b/infra-as-code/bicep/modules/resourceGroup/bicepconfig.json @@ -57,6 +57,30 @@ }, "max-variables": { "level": "error" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } } diff --git a/infra-as-code/bicep/modules/roleAssignments/bicepconfig.json b/infra-as-code/bicep/modules/roleAssignments/bicepconfig.json index 2c0ef2c34..8c7c1e3c3 100644 --- a/infra-as-code/bicep/modules/roleAssignments/bicepconfig.json +++ b/infra-as-code/bicep/modules/roleAssignments/bicepconfig.json @@ -57,6 +57,30 @@ }, "max-variables": { "level": "error" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } } diff --git a/infra-as-code/bicep/modules/spokeNetworking/bicepconfig.json b/infra-as-code/bicep/modules/spokeNetworking/bicepconfig.json index 2c0ef2c34..8c7c1e3c3 100644 --- a/infra-as-code/bicep/modules/spokeNetworking/bicepconfig.json +++ b/infra-as-code/bicep/modules/spokeNetworking/bicepconfig.json @@ -57,6 +57,30 @@ }, "max-variables": { "level": "error" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } } diff --git a/infra-as-code/bicep/modules/subscriptionPlacement/bicepconfig.json b/infra-as-code/bicep/modules/subscriptionPlacement/bicepconfig.json index 2c0ef2c34..8c7c1e3c3 100644 --- a/infra-as-code/bicep/modules/subscriptionPlacement/bicepconfig.json +++ b/infra-as-code/bicep/modules/subscriptionPlacement/bicepconfig.json @@ -57,6 +57,30 @@ }, "max-variables": { "level": "error" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } } diff --git a/infra-as-code/bicep/modules/unstable/orchestration/hubSpoke/bicepconfig.json b/infra-as-code/bicep/modules/unstable/orchestration/hubSpoke/bicepconfig.json index a1d8d4751..4a5463bb4 100644 --- a/infra-as-code/bicep/modules/unstable/orchestration/hubSpoke/bicepconfig.json +++ b/infra-as-code/bicep/modules/unstable/orchestration/hubSpoke/bicepconfig.json @@ -62,6 +62,30 @@ }, "use-stable-vm-image": { "level": "off" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } } diff --git a/infra-as-code/bicep/modules/vnetPeering/bicepconfig.json b/infra-as-code/bicep/modules/vnetPeering/bicepconfig.json index 2c0ef2c34..8c7c1e3c3 100644 --- a/infra-as-code/bicep/modules/vnetPeering/bicepconfig.json +++ b/infra-as-code/bicep/modules/vnetPeering/bicepconfig.json @@ -57,6 +57,30 @@ }, "max-variables": { "level": "error" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } } diff --git a/infra-as-code/bicep/modules/vnetPeeringVwan/bicepconfig.json b/infra-as-code/bicep/modules/vnetPeeringVwan/bicepconfig.json index 2c0ef2c34..8c7c1e3c3 100644 --- a/infra-as-code/bicep/modules/vnetPeeringVwan/bicepconfig.json +++ b/infra-as-code/bicep/modules/vnetPeeringVwan/bicepconfig.json @@ -57,6 +57,30 @@ }, "max-variables": { "level": "error" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } } diff --git a/infra-as-code/bicep/modules/vwanConnectivity/bicepconfig.json b/infra-as-code/bicep/modules/vwanConnectivity/bicepconfig.json index a33498c39..2200cb038 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/bicepconfig.json +++ b/infra-as-code/bicep/modules/vwanConnectivity/bicepconfig.json @@ -83,6 +83,30 @@ }, "max-variables": { "level": "error" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } } diff --git a/infra-as-code/bicep/orchestration/hubPeeredSpoke/bicepconfig.json b/infra-as-code/bicep/orchestration/hubPeeredSpoke/bicepconfig.json index 2c0ef2c34..8c7c1e3c3 100644 --- a/infra-as-code/bicep/orchestration/hubPeeredSpoke/bicepconfig.json +++ b/infra-as-code/bicep/orchestration/hubPeeredSpoke/bicepconfig.json @@ -57,6 +57,30 @@ }, "max-variables": { "level": "error" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } } diff --git a/infra-as-code/bicep/orchestration/subPlacementAll/bicepconfig.json b/infra-as-code/bicep/orchestration/subPlacementAll/bicepconfig.json index 2c0ef2c34..8c7c1e3c3 100644 --- a/infra-as-code/bicep/orchestration/subPlacementAll/bicepconfig.json +++ b/infra-as-code/bicep/orchestration/subPlacementAll/bicepconfig.json @@ -57,6 +57,30 @@ }, "max-variables": { "level": "error" + }, + "artifacts-parameters":{ + "level": "error" + }, + "no-unused-existing-resources":{ + "level": "error" + }, + "prefer-unquoted-property-names":{ + "level": "error" + }, + "secure-params-in-nested-deploy":{ + "level": "error" + }, + "secure-secrets-in-params":{ + "level": "error" + }, + "use-recent-api-versions":{ + "level": "error" + }, + "use-resource-id-functions":{ + "level": "error" + }, + "use-stable-resource-identifiers":{ + "level": "error" } } } From 81c44d45320a3ea57f1dc2d8d573a00a1227dfd7 Mon Sep 17 00:00:00 2001 From: Jack Tracey <41163455+jtracey93@users.noreply.github.com> Date: Thu, 15 Sep 2022 11:25:29 +0100 Subject: [PATCH 04/16] add bicep installed version output --- .github/workflows/bicep-build-to-validate.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/bicep-build-to-validate.yml b/.github/workflows/bicep-build-to-validate.yml index cefa8b66f..3ba10fdb1 100644 --- a/.github/workflows/bicep-build-to-validate.yml +++ b/.github/workflows/bicep-build-to-validate.yml @@ -22,6 +22,12 @@ jobs: with: fetch-depth: 0 + - name: List Bicep Installed Version + shell: pwsh + run: | + $bicepVersion + Write-Information "=====> Installed Bicep version is: $bicepVersion <=====" -InformationAction Continue + - name: Bicep Build & Lint All Modules shell: pwsh run: | From 84bd1832d5823cb93917f6dff63fda3bf8070577 Mon Sep 17 00:00:00 2001 From: Jack Tracey <41163455+jtracey93@users.noreply.github.com> Date: Thu, 15 Sep 2022 11:26:33 +0100 Subject: [PATCH 05/16] helps if you get the bicep version --- .github/workflows/bicep-build-to-validate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/bicep-build-to-validate.yml b/.github/workflows/bicep-build-to-validate.yml index 3ba10fdb1..289214cdd 100644 --- a/.github/workflows/bicep-build-to-validate.yml +++ b/.github/workflows/bicep-build-to-validate.yml @@ -25,7 +25,7 @@ jobs: - name: List Bicep Installed Version shell: pwsh run: | - $bicepVersion + $bicepVersion = bicep --version Write-Information "=====> Installed Bicep version is: $bicepVersion <=====" -InformationAction Continue - name: Bicep Build & Lint All Modules From d11f514d2971b6611c0fb0bb245cb4e2392a6ba9 Mon Sep 17 00:00:00 2001 From: Jack Tracey <41163455+jtracey93@users.noreply.github.com> Date: Thu, 15 Sep 2022 11:35:11 +0100 Subject: [PATCH 06/16] add step to install latest bicep --- .github/workflows/bicep-build-to-validate.yml | 24 +++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/.github/workflows/bicep-build-to-validate.yml b/.github/workflows/bicep-build-to-validate.yml index 289214cdd..0232605cf 100644 --- a/.github/workflows/bicep-build-to-validate.yml +++ b/.github/workflows/bicep-build-to-validate.yml @@ -22,11 +22,31 @@ jobs: with: fetch-depth: 0 - - name: List Bicep Installed Version + - name: List Currently Installed Bicep Version shell: pwsh run: | $bicepVersion = bicep --version - Write-Information "=====> Installed Bicep version is: $bicepVersion <=====" -InformationAction Continue + Write-Information "=====> Currently installed Bicep version is: $bicepVersion <=====" -InformationAction Continue + + - name: List Currently Installed Bicep Version + shell: sh + run: | + # From https://docs.microsoft.com/en-us/azure/azure-resource-manager/bicep/install#linux + # Fetch the latest Bicep CLI binary + curl -Lo bicep https://github.com/Azure/bicep/releases/latest/download/bicep-linux-x64 + # Mark it as executable + chmod +x ./bicep + # Add bicep to your PATH (requires admin) + sudo mv ./bicep /usr/local/bin/bicep + # Verify you can now access the 'bicep' command + bicep --help + # Done! + + - name: List Now Installed Bicep Version + shell: pwsh + run: | + $bicepVersion = bicep --version + Write-Information "=====> Now installed Bicep version is: $bicepVersion <=====" -InformationAction Continue - name: Bicep Build & Lint All Modules shell: pwsh From 4d1a8287a24d6ada98cca9770fb6ec1a2309cbf1 Mon Sep 17 00:00:00 2001 From: Jack Tracey <41163455+jtracey93@users.noreply.github.com> Date: Thu, 15 Sep 2022 11:37:10 +0100 Subject: [PATCH 07/16] update step name --- .github/workflows/bicep-build-to-validate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/bicep-build-to-validate.yml b/.github/workflows/bicep-build-to-validate.yml index 0232605cf..ece849cc0 100644 --- a/.github/workflows/bicep-build-to-validate.yml +++ b/.github/workflows/bicep-build-to-validate.yml @@ -28,7 +28,7 @@ jobs: $bicepVersion = bicep --version Write-Information "=====> Currently installed Bicep version is: $bicepVersion <=====" -InformationAction Continue - - name: List Currently Installed Bicep Version + - name: Install latest version of Bicep shell: sh run: | # From https://docs.microsoft.com/en-us/azure/azure-resource-manager/bicep/install#linux From 51bd23cf8fb4a8308bb8b15e607d16021255f758 Mon Sep 17 00:00:00 2001 From: Robert Lightner Date: Thu, 15 Sep 2022 07:26:19 -0700 Subject: [PATCH 08/16] fix: updated API to latest preview --- .../bicep/CRML/containerRegistry/containerRegistry.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra-as-code/bicep/CRML/containerRegistry/containerRegistry.bicep b/infra-as-code/bicep/CRML/containerRegistry/containerRegistry.bicep index d257380af..64112b8e9 100644 --- a/infra-as-code/bicep/CRML/containerRegistry/containerRegistry.bicep +++ b/infra-as-code/bicep/CRML/containerRegistry/containerRegistry.bicep @@ -23,7 +23,7 @@ param parAcrSku string = 'Basic' @description('Tags to be applied to resource when deployed. Default: None') param parTags object ={} -resource resAzureContainerRegistry 'Microsoft.ContainerRegistry/registries@2021-06-01-preview' = { +resource resAzureContainerRegistry 'Microsoft.ContainerRegistry/registries@2022-02-01-preview' = { name: parAcrName tags: parTags location: parLocation From 7b23e72032cc33ecc679df2d71255096871e368d Mon Sep 17 00:00:00 2001 From: Robert Lightner Date: Fri, 16 Sep 2022 15:47:59 -0700 Subject: [PATCH 09/16] fix: throw exception after processing all files --- .github/workflows/bicep-build-to-validate.yml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/.github/workflows/bicep-build-to-validate.yml b/.github/workflows/bicep-build-to-validate.yml index ece849cc0..3b1edf319 100644 --- a/.github/workflows/bicep-build-to-validate.yml +++ b/.github/workflows/bicep-build-to-validate.yml @@ -53,15 +53,20 @@ jobs: run: | Get-ChildItem -Recurse -Filter '*.bicep' -Exclude 'callModuleFromACR.example.bicep','orchHubSpoke.bicep' | ForEach-Object { Write-Information "==> Attempting Bicep Build For File: $_" -InformationAction Continue - $output = bicep build $_.FullName 2>&1 + $bicepOutput = bicep build $_.FullName 2>&1 if ($LastExitCode -ne 0) { - throw $output + foreach ($item in $bicepOutput) { + $output += "$(item) `r`n" + } } Else { echo $output - } + } + } + if ($output.length -gt 0) { + throw $output } - name: List Azure Resource Types From 778dda32233454b511b3b6be0cb71b416d1cb2eb Mon Sep 17 00:00:00 2001 From: Robert Lightner Date: Fri, 16 Sep 2022 15:51:14 -0700 Subject: [PATCH 10/16] fix: declare $output outside of foreach loop --- .github/workflows/bicep-build-to-validate.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/bicep-build-to-validate.yml b/.github/workflows/bicep-build-to-validate.yml index 3b1edf319..bad21980b 100644 --- a/.github/workflows/bicep-build-to-validate.yml +++ b/.github/workflows/bicep-build-to-validate.yml @@ -51,6 +51,7 @@ jobs: - name: Bicep Build & Lint All Modules shell: pwsh run: | + $output = @() Get-ChildItem -Recurse -Filter '*.bicep' -Exclude 'callModuleFromACR.example.bicep','orchHubSpoke.bicep' | ForEach-Object { Write-Information "==> Attempting Bicep Build For File: $_" -InformationAction Continue $bicepOutput = bicep build $_.FullName 2>&1 From d7dcd169a6c80cb822cde95a88a445ee0be37d14 Mon Sep 17 00:00:00 2001 From: Robert Lightner Date: Fri, 16 Sep 2022 16:01:27 -0700 Subject: [PATCH 11/16] fix: added bicep path for get-childitem --- .github/workflows/bicep-build-to-validate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/bicep-build-to-validate.yml b/.github/workflows/bicep-build-to-validate.yml index bad21980b..b13d9d4c9 100644 --- a/.github/workflows/bicep-build-to-validate.yml +++ b/.github/workflows/bicep-build-to-validate.yml @@ -52,7 +52,7 @@ jobs: shell: pwsh run: | $output = @() - Get-ChildItem -Recurse -Filter '*.bicep' -Exclude 'callModuleFromACR.example.bicep','orchHubSpoke.bicep' | ForEach-Object { + Get-ChildItem -Path '.\infra-as-code\bicep' -Recurse -Filter '*.bicep' -Exclude 'callModuleFromACR.example.bicep','orchHubSpoke.bicep' | ForEach-Object { Write-Information "==> Attempting Bicep Build For File: $_" -InformationAction Continue $bicepOutput = bicep build $_.FullName 2>&1 if ($LastExitCode -ne 0) From 8f7a460bbdb112269a85a2a2458fabca44581f40 Mon Sep 17 00:00:00 2001 From: Robert Lightner Date: Fri, 16 Sep 2022 16:03:31 -0700 Subject: [PATCH 12/16] revert: removed -Path parameter --- .github/workflows/bicep-build-to-validate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/bicep-build-to-validate.yml b/.github/workflows/bicep-build-to-validate.yml index b13d9d4c9..bad21980b 100644 --- a/.github/workflows/bicep-build-to-validate.yml +++ b/.github/workflows/bicep-build-to-validate.yml @@ -52,7 +52,7 @@ jobs: shell: pwsh run: | $output = @() - Get-ChildItem -Path '.\infra-as-code\bicep' -Recurse -Filter '*.bicep' -Exclude 'callModuleFromACR.example.bicep','orchHubSpoke.bicep' | ForEach-Object { + Get-ChildItem -Recurse -Filter '*.bicep' -Exclude 'callModuleFromACR.example.bicep','orchHubSpoke.bicep' | ForEach-Object { Write-Information "==> Attempting Bicep Build For File: $_" -InformationAction Continue $bicepOutput = bicep build $_.FullName 2>&1 if ($LastExitCode -ne 0) From e33f5c5e61026587bf0b11005675dbd1c6624ade Mon Sep 17 00:00:00 2001 From: Robert Lightner Date: Fri, 16 Sep 2022 16:09:46 -0700 Subject: [PATCH 13/16] fix: customRoles API version --- .../definitions/cafApplicationOwnerRole.bicep | 2 +- .../definitions/cafNetworkManagementRole.bicep | 2 +- .../definitions/cafSecurityOperationsRole.bicep | 2 +- .../definitions/cafSubscriptionOwnerRole.bicep | 2 +- .../definitions/china/mc-cafNetworkManagementRole.bicep | 2 +- .../definitions/china/mc-cafSecurityOperationsRole.bicep | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/infra-as-code/bicep/modules/customRoleDefinitions/definitions/cafApplicationOwnerRole.bicep b/infra-as-code/bicep/modules/customRoleDefinitions/definitions/cafApplicationOwnerRole.bicep index f6f92e7de..9b59d4279 100644 --- a/infra-as-code/bicep/modules/customRoleDefinitions/definitions/cafApplicationOwnerRole.bicep +++ b/infra-as-code/bicep/modules/customRoleDefinitions/definitions/cafApplicationOwnerRole.bicep @@ -8,7 +8,7 @@ var varRole = { description: 'Contributor role granted for application/operations team at resource group level' } -resource resRoleDefinition 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' = { +resource resRoleDefinition 'Microsoft.Authorization/roleDefinitions@2022-04-01' = { name: guid(varRole.name) properties: { roleName: varRole.name diff --git a/infra-as-code/bicep/modules/customRoleDefinitions/definitions/cafNetworkManagementRole.bicep b/infra-as-code/bicep/modules/customRoleDefinitions/definitions/cafNetworkManagementRole.bicep index dc308145e..8c57805d9 100644 --- a/infra-as-code/bicep/modules/customRoleDefinitions/definitions/cafNetworkManagementRole.bicep +++ b/infra-as-code/bicep/modules/customRoleDefinitions/definitions/cafNetworkManagementRole.bicep @@ -8,7 +8,7 @@ var varRole = { description: 'Platform-wide global connectivity management: Virtual networks, UDRs, NSGs, NVAs, VPN, Azure ExpressRoute, and others' } -resource resRoleDefinition 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' = { +resource resRoleDefinition 'Microsoft.Authorization/roleDefinitions@2022-04-01' = { name: guid(varRole.name) properties: { roleName: varRole.name diff --git a/infra-as-code/bicep/modules/customRoleDefinitions/definitions/cafSecurityOperationsRole.bicep b/infra-as-code/bicep/modules/customRoleDefinitions/definitions/cafSecurityOperationsRole.bicep index d316107fd..fb7268896 100644 --- a/infra-as-code/bicep/modules/customRoleDefinitions/definitions/cafSecurityOperationsRole.bicep +++ b/infra-as-code/bicep/modules/customRoleDefinitions/definitions/cafSecurityOperationsRole.bicep @@ -8,7 +8,7 @@ var varRole = { description: 'Security administrator role with a horizontal view across the entire Azure estate and the Azure Key Vault purge policy' } -resource resRoleDefinition 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' = { +resource resRoleDefinition 'Microsoft.Authorization/roleDefinitions@2022-04-01' = { name: guid(varRole.name) properties: { roleName: varRole.name diff --git a/infra-as-code/bicep/modules/customRoleDefinitions/definitions/cafSubscriptionOwnerRole.bicep b/infra-as-code/bicep/modules/customRoleDefinitions/definitions/cafSubscriptionOwnerRole.bicep index 9c2ab55f8..1cb1ca330 100644 --- a/infra-as-code/bicep/modules/customRoleDefinitions/definitions/cafSubscriptionOwnerRole.bicep +++ b/infra-as-code/bicep/modules/customRoleDefinitions/definitions/cafSubscriptionOwnerRole.bicep @@ -8,7 +8,7 @@ var varRole = { description: 'Delegated role for subscription owner derived from subscription Owner role' } -resource resRoleDefinition 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' = { +resource resRoleDefinition 'Microsoft.Authorization/roleDefinitions@2022-04-01' = { name: guid(varRole.name) properties: { roleName: varRole.name diff --git a/infra-as-code/bicep/modules/customRoleDefinitions/definitions/china/mc-cafNetworkManagementRole.bicep b/infra-as-code/bicep/modules/customRoleDefinitions/definitions/china/mc-cafNetworkManagementRole.bicep index 8110a529a..0be84fb36 100644 --- a/infra-as-code/bicep/modules/customRoleDefinitions/definitions/china/mc-cafNetworkManagementRole.bicep +++ b/infra-as-code/bicep/modules/customRoleDefinitions/definitions/china/mc-cafNetworkManagementRole.bicep @@ -8,7 +8,7 @@ var varRole = { description: 'Platform-wide global connectivity management: Virtual networks, UDRs, NSGs, NVAs, VPN, Azure ExpressRoute, and others' } -resource resRoleDefinition 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' = { +resource resRoleDefinition 'Microsoft.Authorization/roleDefinitions@2022-04-01' = { name: guid(varRole.name) properties: { roleName: varRole.name diff --git a/infra-as-code/bicep/modules/customRoleDefinitions/definitions/china/mc-cafSecurityOperationsRole.bicep b/infra-as-code/bicep/modules/customRoleDefinitions/definitions/china/mc-cafSecurityOperationsRole.bicep index b828903ed..41a89468a 100644 --- a/infra-as-code/bicep/modules/customRoleDefinitions/definitions/china/mc-cafSecurityOperationsRole.bicep +++ b/infra-as-code/bicep/modules/customRoleDefinitions/definitions/china/mc-cafSecurityOperationsRole.bicep @@ -8,7 +8,7 @@ var varRole = { description: 'Security administrator role with a horizontal view across the entire Azure estate and the Azure Key Vault purge policy' } -resource resRoleDefinition 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' = { +resource resRoleDefinition 'Microsoft.Authorization/roleDefinitions@2022-04-01' = { name: guid(varRole.name) properties: { roleName: varRole.name From ffe0be9baed1d6ba9b578bf84448b7ddfc7f52ef Mon Sep 17 00:00:00 2001 From: Robert Lightner Date: Fri, 16 Sep 2022 16:13:51 -0700 Subject: [PATCH 14/16] fix: typo, missing $ --- .github/workflows/bicep-build-to-validate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/bicep-build-to-validate.yml b/.github/workflows/bicep-build-to-validate.yml index bad21980b..aaabe680e 100644 --- a/.github/workflows/bicep-build-to-validate.yml +++ b/.github/workflows/bicep-build-to-validate.yml @@ -58,7 +58,7 @@ jobs: if ($LastExitCode -ne 0) { foreach ($item in $bicepOutput) { - $output += "$(item) `r`n" + $output += "$($item) `r`n" } } Else From 36ccd783f5888a0e0261cd94a42cb501f2bf49e3 Mon Sep 17 00:00:00 2001 From: Robert Lightner Date: Fri, 16 Sep 2022 16:18:52 -0700 Subject: [PATCH 15/16] fix: Adjusting output if no error --- .github/workflows/bicep-build-to-validate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/bicep-build-to-validate.yml b/.github/workflows/bicep-build-to-validate.yml index aaabe680e..2d9b84002 100644 --- a/.github/workflows/bicep-build-to-validate.yml +++ b/.github/workflows/bicep-build-to-validate.yml @@ -63,7 +63,7 @@ jobs: } Else { - echo $output + echo "Bicep Build Successful for File: $_" } } if ($output.length -gt 0) { From 338c7d0703e56a1758e2b6f2ac8e966ea7c1393f Mon Sep 17 00:00:00 2001 From: Robert Lightner Date: Fri, 16 Sep 2022 16:43:50 -0700 Subject: [PATCH 16/16] fix: linter findings - resolved --- .../bicep/modules/managementGroups/managementGroups.bicep | 2 +- .../policy/assignments/policyAssignmentManagementGroup.bicep | 2 +- .../modules/policy/definitions/customPolicyDefinitions.bicep | 4 ++-- .../policy/definitions/mc-customPolicyDefinitions.bicep | 4 ++-- .../roleAssignments/roleAssignmentManagementGroup.bicep | 2 +- .../modules/roleAssignments/roleAssignmentSubscription.bicep | 2 +- 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/infra-as-code/bicep/modules/managementGroups/managementGroups.bicep b/infra-as-code/bicep/modules/managementGroups/managementGroups.bicep index 67f9019f6..dfdef2e14 100644 --- a/infra-as-code/bicep/modules/managementGroups/managementGroups.bicep +++ b/infra-as-code/bicep/modules/managementGroups/managementGroups.bicep @@ -97,7 +97,7 @@ resource resTopLevelMg 'Microsoft.Management/managementGroups@2021-04-01' = { displayName: parTopLevelManagementGroupDisplayName details: { parent: { - id: (empty(parTopLevelManagementGroupParentId) ? '/providers/Microsoft.Management/managementGroups/${tenant().tenantId}' : parTopLevelManagementGroupParentId) + id: empty(parTopLevelManagementGroupParentId) ? '/providers/Microsoft.Management/managementGroups/${tenant().tenantId}' : parTopLevelManagementGroupParentId } } } diff --git a/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep b/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep index ed9753f36..227bba935 100644 --- a/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep +++ b/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep @@ -61,7 +61,7 @@ var varPolicyAssignmentIdentityRoleAssignmentsMgsConverged = parPolicyAssignment // Customer Usage Attribution Id var varCuaid = '78001e36-9738-429c-a343-45cc84e8a527' -resource resPolicyAssignment 'Microsoft.Authorization/policyAssignments@2020-09-01' = { +resource resPolicyAssignment 'Microsoft.Authorization/policyAssignments@2021-06-01' = { name: parPolicyAssignmentName properties: { displayName: parPolicyAssignmentDisplayName diff --git a/infra-as-code/bicep/modules/policy/definitions/customPolicyDefinitions.bicep b/infra-as-code/bicep/modules/policy/definitions/customPolicyDefinitions.bicep index 72a0e241e..b6d43f1cb 100644 --- a/infra-as-code/bicep/modules/policy/definitions/customPolicyDefinitions.bicep +++ b/infra-as-code/bicep/modules/policy/definitions/customPolicyDefinitions.bicep @@ -1236,7 +1236,7 @@ var varPolicySetDefinitionEsEnforceEncrypttransitParameters = loadJsonContent('l // Customer Usage Attribution Id var varCuaid = '2b136786-9881-412e-84ba-f4c2822e1ac9' -resource resPolicyDefinitions 'Microsoft.Authorization/policyDefinitions@2020-09-01' = [for policy in varCustomPolicyDefinitionsArray: { +resource resPolicyDefinitions 'Microsoft.Authorization/policyDefinitions@2021-06-01' = [for policy in varCustomPolicyDefinitionsArray: { name: policy.libDefinition.name properties: { description: policy.libDefinition.properties.description @@ -1249,7 +1249,7 @@ resource resPolicyDefinitions 'Microsoft.Authorization/policyDefinitions@2020-09 } }] -resource resPolicySetDefinitions 'Microsoft.Authorization/policySetDefinitions@2020-09-01' = [for policySet in varCustomPolicySetDefinitionsArray: { +resource resPolicySetDefinitions 'Microsoft.Authorization/policySetDefinitions@2021-06-01' = [for policySet in varCustomPolicySetDefinitionsArray: { dependsOn: [ resPolicyDefinitions // Must wait for policy definitons to be deployed before starting the creation of Policy Set/Initiative Defininitions ] diff --git a/infra-as-code/bicep/modules/policy/definitions/mc-customPolicyDefinitions.bicep b/infra-as-code/bicep/modules/policy/definitions/mc-customPolicyDefinitions.bicep index d9601f9c5..25adee4a7 100644 --- a/infra-as-code/bicep/modules/policy/definitions/mc-customPolicyDefinitions.bicep +++ b/infra-as-code/bicep/modules/policy/definitions/mc-customPolicyDefinitions.bicep @@ -1153,7 +1153,7 @@ var varPolicySetDefinitionEsMcEnforceEncrypttransitParameters = loadJsonContent( // Customer Usage Attribution Id var varCuaid = '2b136786-9881-412e-84ba-f4c2822e1ac9' -resource resPolicyDefinitions 'Microsoft.Authorization/policyDefinitions@2020-09-01' = [for policy in varCustomPolicyDefinitionsArray: { +resource resPolicyDefinitions 'Microsoft.Authorization/policyDefinitions@2021-06-01' = [for policy in varCustomPolicyDefinitionsArray: { name: policy.libDefinition.name properties: { description: policy.libDefinition.properties.description @@ -1166,7 +1166,7 @@ resource resPolicyDefinitions 'Microsoft.Authorization/policyDefinitions@2020-09 } }] -resource resPolicySetDefinitions 'Microsoft.Authorization/policySetDefinitions@2020-09-01' = [for policySet in varCustomPolicySetDefinitionsArray: { +resource resPolicySetDefinitions 'Microsoft.Authorization/policySetDefinitions@2021-06-01' = [for policySet in varCustomPolicySetDefinitionsArray: { dependsOn: [ resPolicyDefinitions // Must wait for policy definitons to be deployed before starting the creation of Policy Set/Initiative Defininitions ] diff --git a/infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroup.bicep b/infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroup.bicep index 6bfa483b8..9f8994a3d 100644 --- a/infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroup.bicep +++ b/infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroup.bicep @@ -22,7 +22,7 @@ param parTelemetryOptOut bool = false // Customer Usage Attribution Id var varCuaid = '59c2ac61-cd36-413b-b999-86a3e0d958fb' -resource resRoleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = { +resource resRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = { name: parRoleAssignmentNameGuid properties: { roleDefinitionId: tenantResourceId('Microsoft.Authorization/roleDefinitions', parRoleDefinitionId) diff --git a/infra-as-code/bicep/modules/roleAssignments/roleAssignmentSubscription.bicep b/infra-as-code/bicep/modules/roleAssignments/roleAssignmentSubscription.bicep index c27bdab09..9c72089b5 100644 --- a/infra-as-code/bicep/modules/roleAssignments/roleAssignmentSubscription.bicep +++ b/infra-as-code/bicep/modules/roleAssignments/roleAssignmentSubscription.bicep @@ -22,7 +22,7 @@ param parTelemetryOptOut bool = false // Customer Usage Attribution Id var varCuaid = '59c2ac61-cd36-413b-b999-86a3e0d958fb' -resource resRoleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = { +resource resRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = { name: parRoleAssignmentNameGuid properties: { roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', parRoleDefinitionId)