Επεξεργασία

Κοινή χρήση μέσω


Linter rule - adminPassword should be assigned a secure value.

This rule finds the value of the property path properties.osProfile.adminPassword for resources of type Microsoft.Compute/virtualMachines or Microsoft.Compute/virtualMachineScaleSets that doesn't have a secure value.

Linter rule code

Use the following value in the Bicep configuration file to customize rule settings:

use-secure-value-for-secure-inputs

Solution

Assign a secure value to the property with the property path properties.osProfile.adminPassword for resources of type Microsoft.Compute/virtualMachines or Microsoft.Compute/virtualMachineScaleSets. Don't use a literal value. Instead, create a parameter with the @secure() decorator for the password and assign it to adminPassword.

The following examples fail this test because the adminPassword is not a secure value.

resource ubuntuVM 'Microsoft.Compute/virtualMachineScaleSets@2024-03-01' = {
  name: 'name'
  location: 'West US'
  properties: {
    virtualMachineProfile: {
      osProfile: {
        adminUsername: 'adminUsername'
        adminPassword: 'adminPassword'
      }
    }
  }
}
resource ubuntuVM 'Microsoft.Compute/virtualMachines@2024-03-01' = {
  name: 'name'
  location: 'West US'
  properties: {
    osProfile: {
      computerName: 'computerName'
      adminUsername: 'adminUsername'
      adminPassword: 'adminPassword'
    }
  }
}
param adminPassword string

resource ubuntuVM 'Microsoft.Compute/virtualMachines@2024-03-01' = {
  name: 'name'
  location: 'West US'
  properties: {
    osProfile: {
      computerName: 'computerName'
      adminUsername: 'adminUsername'
      adminPassword: adminPassword
    }
  }
}

The following example passes this test.

@secure()
param adminPassword string
@secure()
param adminUsername string
param location string = resourceGroup().location

resource ubuntuVM 'Microsoft.Compute/virtualMachines@2024-03-01' = {
  name: 'name'
  location: location
  properties: {
    osProfile: {
      computerName: 'computerName'
      adminUsername: adminUsername
      adminPassword: adminPassword
    }
  }
}

Next steps

For more information about the linter, see Use Bicep linter.