Linter rule - secure params in nested deploy
Outer-scoped nested deployment resources shouldn't use for secure parameters or list* functions. You could expose the secure values in the deployment history.
Linter rule code
Use the following value in the Bicep configuration file to customize rule settings:
secure-params-in-nested-deploy
Solution
Either set the deployment's properties.expressionEvaluationOptions.scope to inner
or use a Bicep module instead.
The following example fails this test because a secure parameter is referenced in an outer-scoped nested deployment resource.
@secure()
param secureValue string
resource nested 'Microsoft.Resources/deployments@2021-04-01' = {
name: 'nested'
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
variables: {}
resources: [
{
name: 'outerImplicit'
type: 'Microsoft.Network/networkSecurityGroups'
apiVersion: '2019-11-01'
location: '[resourceGroup().location]'
properties: {
securityRules: [
{
name: 'outerImplicit'
properties: {
description: format('{0}', secureValue)
protocol: 'Tcp'
}
}
]
}
}
]
}
}
}
You can fix it by setting the deployment's properties.expressionEvaluationOptions.scope to 'inner':
@secure()
param secureValue string
resource nested 'Microsoft.Resources/deployments@2021-04-01' = {
name: 'nested'
properties: {
mode: 'Incremental'
expressionEvaluationOptions: {
scope: 'Inner' // Set to inner scope
}
template: {
'$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
variables: {}
resources: [
{
name: 'outerImplicit'
type: 'Microsoft.Network/networkSecurityGroups'
apiVersion: '2019-11-01'
location: '[resourceGroup().location]'
properties: {
securityRules: [
{
name: 'outerImplicit'
properties: {
description: format('{0}', secureValue)
protocol: 'Tcp'
}
}
]
}
}
]
}
}
}
Next steps
For more information about the linter, see Use Bicep linter.
Feedback
https://aka.ms/ContentUserFeedback.
În curând: Pe parcursul anului 2024, vom elimina treptat Probleme legate de GitHub ca mecanism de feedback pentru conținut și îl vom înlocui cu un nou sistem de feedback. Pentru mai multe informații, consultați:Trimiteți și vizualizați feedback pentru