Modify rule S6387: Add language AzureResourceManager (Bicep) (#1907)

2023-09-13 10:25:18 +02:00 · 2023-09-13 10:25:18 +02:00 · 4c61cfe3b9
commit 4c61cfe3b9
parent 897bb45fbf
2 changed files with 28 additions and 10 deletions
--- a/rules/S6387/azureresourcemanager/highlighting.adoc
+++ b/rules/S6387/azureresourcemanager/highlighting.adoc
@ -0,0 +1,8 @@
+=== Highlighting
+==== JSON
+
+Highlight the relevant `$schema` property
+
+==== Bicep
+
+Highlight the relevant `targetScope` property
--- a/rules/S6387/azureresourcemanager/rule.adoc
+++ b/rules/S6387/azureresourcemanager/rule.adoc
@ -6,6 +6,15 @@ include::../recommended.adoc[]

 == Sensitive Code Example

+[source,bicep,diff-id=1,diff-type=noncompliant]
+----
+targetScope = 'subscription' // Sensitive
+
+resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid(subscription().id, 'exampleRoleAssignment')
+}
+----
+
 [source,json,diff-id=2,diff-type=noncompliant]
 ----
 {
@ -23,7 +32,16 @@ include::../recommended.adoc[]

 == Compliant Solution

-[source,json,diff-id=2,diff-type=compliant]
+[source,bicep,diff-id=1,diff-type=compliant]
+----
+targetScope = 'resourceGroup'
+
+resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid(resourceGroup().id, 'exampleRoleAssignment')
+}
+----
+
+[source,json,diff-id=2,diff-type=noncompliant]
 ----
 {
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
@ -49,14 +67,6 @@ ifdef::env-github,rspecator-view[]

 include::../message.adoc[]

-=== Highlighting
-==== JSON
-
-Highlight the relevant `$schema` property
-
-==== Bicep
-
-Highlight the relevant `targetScope` property
-
+include::highlighting.adoc[]

 endif::env-github,rspecator-view[]