Create rule S6949: Don't hardcode resource locations (#3783)
Co-authored-by: Peter Trifanov <peter.trifanov@sonarsource.com>
This commit is contained in:
github-actions[bot]
GitHub
parent
68350b2879
commit
688ef12c01
24
rules/S6949/azureresourcemanager/metadata.json
Normal file
24
rules/S6949/azureresourcemanager/metadata.json
Normal file
@ -0,0 +1,24 @@
|
||||
{
|
||||
"title": "Don't hardcode resource locations",
|
||||
"type": "CODE_SMELL",
|
||||
"status": "ready",
|
||||
"remediation": {
|
||||
"func": "Constant\/Issue",
|
||||
"constantCost": "5min"
|
||||
},
|
||||
"tags": [
|
||||
],
|
||||
"defaultSeverity": "Major",
|
||||
"ruleSpecification": "RSPEC-6949",
|
||||
"sqKey": "S6949",
|
||||
"scope": "All",
|
||||
"defaultQualityProfiles": ["Sonar way"],
|
||||
"quickfix": "unknown",
|
||||
"code": {
|
||||
"impacts": {
|
||||
"MAINTAINABILITY": "MEDIUM",
|
||||
"RELIABILITY": "MEDIUM"
|
||||
},
|
||||
"attribute": "CONVENTIONAL"
|
||||
}
|
||||
}
|
||||
118
rules/S6949/azureresourcemanager/rule.adoc
Normal file
118
rules/S6949/azureresourcemanager/rule.adoc
Normal file
@ -0,0 +1,118 @@
|
||||
When deploying an Azure Resource Manager template (ARM template), you must provide a location for each resource. Locations can either be added in a template directly or passed as a parameter. It's advisable to use a parameter to specify the location of resources.
|
||||
|
||||
== Why is this an issue?
|
||||
|
||||
When deploying an Azure Resource Manager template (ARM template), you must provide a location for each resource. This can be done directly in the template or by passing parameters. However, hardcoding locations in the template can limit flexibility and potentially create deployment challenges, restricting users from choosing their preferred deployment location.
|
||||
|
||||
It is therefore recommended to use a parameter to specify the location for resources, with the default value set to `resourceGroup().location`. This practice ensures consistency in resource allocation and provides users of the template the flexibility to specify a location where they have the necessary permissions to deploy resources. This approach helps avoid hardcoding locations, which can lead to potential deployment issues and restrictions.
|
||||
|
||||
== How to fix it in ARM templates
|
||||
|
||||
Create a parameter for the location and set the default value to `resourceGroup().location`. Then, use the parameter to specify the location of resources.
|
||||
|
||||
=== Code examples
|
||||
|
||||
==== Noncompliant code example
|
||||
|
||||
[source,json,diff-id=11,diff-type=noncompliant]
|
||||
----
|
||||
{
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "1.0.0.0",
|
||||
"resources": [
|
||||
{
|
||||
"type": "Microsoft.Storage/storageAccounts",
|
||||
"apiVersion": "2019-06-01",
|
||||
"name": "[parameters('storageAccountName')]",
|
||||
"location": "westus",
|
||||
"sku": {
|
||||
"name": "Standard_LRS"
|
||||
},
|
||||
"kind": "StorageV2"
|
||||
}
|
||||
]
|
||||
}
|
||||
----
|
||||
|
||||
==== Compliant solution
|
||||
[source,json,diff-id=11,diff-type=compliant]
|
||||
----
|
||||
{
|
||||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "1.0.0.0",
|
||||
"parameters": {
|
||||
"location": {
|
||||
"type": "string",
|
||||
"defaultValue": "[resourceGroup().location]",
|
||||
"metadata": {
|
||||
"description": "Location for all resources."
|
||||
}
|
||||
}
|
||||
},
|
||||
"resources": [
|
||||
{
|
||||
"type": "Microsoft.Storage/storageAccounts",
|
||||
"apiVersion": "2019-06-01",
|
||||
"name": "[parameters('storageAccountName')]",
|
||||
"location": "[parameters('location')]",
|
||||
"sku": {
|
||||
"name": "Standard_LRS"
|
||||
},
|
||||
"kind": "StorageV2"
|
||||
}
|
||||
]
|
||||
}
|
||||
----
|
||||
|
||||
== How to fix it in Bicep
|
||||
|
||||
Create a parameter for the location and set the default value to `resourceGroup().location`. Then, use the parameter to specify the location of resources.
|
||||
|
||||
=== Code examples
|
||||
|
||||
==== Noncompliant code example
|
||||
[source,bicep,diff-id=2,diff-type=noncompliant]
|
||||
----
|
||||
resource storageAccount 'Microsoft.Storage/storageAccounts@2019-06-01' = {
|
||||
name: storageAccountName
|
||||
location: 'westus'
|
||||
sku: {
|
||||
name: 'Standard_LRS'
|
||||
}
|
||||
kind: 'StorageV2'
|
||||
}
|
||||
----
|
||||
|
||||
==== Compliant solution
|
||||
|
||||
[source,bicep,diff-id=2,diff-type=compliant]
|
||||
----
|
||||
param location string = resourceGroup().location
|
||||
|
||||
resource storageAccount 'Microsoft.Storage/storageAccounts@2019-06-01' = {
|
||||
name: storageAccountName
|
||||
location: location
|
||||
sku: {
|
||||
name: 'Standard_LRS'
|
||||
}
|
||||
kind: 'StorageV2'
|
||||
}
|
||||
----
|
||||
|
||||
== Resources
|
||||
=== Documentation
|
||||
* https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/resource-location/[Azure Resource Manager templates: Resource location]
|
||||
|
||||
ifdef::env-github,rspecator-view[]
|
||||
|
||||
'''
|
||||
== Implementation Specification
|
||||
(visible only on this page)
|
||||
|
||||
=== Message
|
||||
Replace this hardcoded location with a parameter.
|
||||
|
||||
=== Highlighting
|
||||
Highlight the value of the hardcoded `location` property.
|
||||
|
||||
endif::env-github,rspecator-view[]
|
||||
2
rules/S6949/metadata.json
Normal file
2
rules/S6949/metadata.json
Normal file
@ -0,0 +1,2 @@
|
||||
{
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user