diff --git a/rules/S6387/azureresourcemanager/highlighting.adoc b/rules/S6387/azureresourcemanager/highlighting.adoc new file mode 100644 index 00000000000..32e603e715b --- /dev/null +++ b/rules/S6387/azureresourcemanager/highlighting.adoc @@ -0,0 +1,8 @@ +=== Highlighting +==== JSON + +Highlight the relevant `$schema` property + +==== Bicep + +Highlight the relevant `targetScope` property diff --git a/rules/S6387/azureresourcemanager/metadata.json b/rules/S6387/azureresourcemanager/metadata.json new file mode 100644 index 00000000000..0967ef424bc --- /dev/null +++ b/rules/S6387/azureresourcemanager/metadata.json @@ -0,0 +1 @@ +{} diff --git a/rules/S6387/azureresourcemanager/rule.adoc b/rules/S6387/azureresourcemanager/rule.adoc new file mode 100644 index 00000000000..dacf8f88b9f --- /dev/null +++ b/rules/S6387/azureresourcemanager/rule.adoc @@ -0,0 +1,54 @@ +include::../description.adoc[] + +include::../ask-yourself.adoc[] + +include::../recommended.adoc[] + +== Sensitive Code Example + +[source,json,diff-id=2,diff-type=noncompliant] +---- +{ + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [ + { + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "name": "[guid(subscription().id, 'exampleRoleAssignment')]" + } + ] +} +---- + +== Compliant Solution + +[source,json,diff-id=2,diff-type=noncompliant] +---- +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [ + { + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "name": "[guid(resourceGroup().id, 'exampleRoleAssignment')]" + } + ] +} +---- + +include::../see.adoc[] + + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +include::../message.adoc[] + +include::highlighting.adoc[] + +endif::env-github,rspecator-view[] \ No newline at end of file