Linter rule - no hardcoded environment URL
This rule finds any hard-coded URLs that vary by the cloud environment.
Linter rule code
Use the following value in the Bicep configuration file to customize rule settings:
no-hardcoded-env-urls
Solution
Instead of hard-coding URLs in your Bicep file, use the environment function to dynamically get these URLs during deployment. The environment function returns different URLs based on the cloud environment you're deploying to.
The following example fails this test because the URL is hardcoded.
var managementURL = 'https://management.azure.com'
The test also fails when used with concat or uri.
var galleryURL1 = concat('https://','gallery.azure.com')
var galleryURL2 = uri('gallery.azure.com','test')
You can fix it by replacing the hard-coded URL with the environment()
function.
var galleryURL = environment().gallery
In some cases, you can fix it by getting a property from a resource you've deployed. For example, instead of constructing the endpoint for your storage account, retrieve it with .properties.primaryEndpoints
.
param storageAccountName string
param location string = resourceGroup().location
resource sa 'Microsoft.Storage/storageAccounts@2022-09-01' = {
name: storageAccountName
location: location
sku: {
name: 'Standard_LRS'
}
kind: 'StorageV2'
properties: {
accessTier: 'Hot'
}
}
output endpoint string = sa.properties.primaryEndpoints.web
Configuration
By default, this rule uses the following settings for determining which URLs are disallowed.
"analyzers": {
"core": {
"verbose": false,
"enabled": true,
"rules": {
"no-hardcoded-env-urls": {
"level": "warning",
"disallowedhosts": [
"gallery.azure.com",
"management.core.windows.net",
"management.azure.com",
"database.windows.net",
"core.windows.net",
"login.microsoftonline.com",
"graph.windows.net",
"trafficmanager.net",
"datalake.azure.net",
"azuredatalakestore.net",
"azuredatalakeanalytics.net",
"vault.azure.net",
"api.loganalytics.io",
"asazure.windows.net",
"region.asazure.windows.net",
"batch.core.windows.net"
],
"excludedhosts": [
"schema.management.azure.com"
]
}
}
}
}
You can customize it by adding a bicepconfig.json file and applying new settings.
Next steps
For more information about the linter, see Use Bicep linter.
Phản hồi
https://aka.ms/ContentUserFeedback.
Sắp ra mắt: Trong năm 2024, chúng tôi sẽ dần gỡ bỏ Sự cố với GitHub dưới dạng cơ chế phản hồi cho nội dung và thay thế bằng hệ thống phản hồi mới. Để biết thêm thông tin, hãy xem:Gửi và xem ý kiến phản hồi dành cho