9a888ec176
## Review A dedicated reviewer checked the rule description successfully for: - [ ] logical errors and incorrect information - [ ] information gaps and missing content - [ ] text style and tone - [ ] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)
93 lines
2.4 KiB
Plaintext
93 lines
2.4 KiB
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
[source,json,diff-id=1,diff-type=noncompliant]
|
|
----
|
|
{
|
|
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
|
"contentVersion": "1.0.0.0",
|
|
"resources": [
|
|
{
|
|
"name": "example",
|
|
"type": "Microsoft.Authorization/roleAssignments",
|
|
"apiVersion": "2022-04-01",
|
|
"properties": {
|
|
"description": "Assign the contributor role",
|
|
"principalId": "string",
|
|
"principalType": "ServicePrincipal",
|
|
"roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
----
|
|
|
|
[source,bicep,diff-id=11,diff-type=noncompliant]
|
|
----
|
|
resource symbolicname 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
|
|
scope: tenant()
|
|
properties: {
|
|
description: 'Assign the contributor role'
|
|
principalId: 'string'
|
|
principalType: 'ServicePrincipal'
|
|
roleDefinitionId: resourceId('Microsoft.Authorization/roleAssignments', 'b24988ac-6180-42a0-ab88-20f7382dd24c') // Sensitive
|
|
}
|
|
}
|
|
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
[source,json,diff-id=1,diff-type=compliant]
|
|
----
|
|
{
|
|
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
|
"contentVersion": "1.0.0.0",
|
|
"resources": [
|
|
{
|
|
"name": "example",
|
|
"type": "Microsoft.Authorization/roleAssignments",
|
|
"apiVersion": "2022-04-01",
|
|
"properties": {
|
|
"description": "Assign the reader role",
|
|
"principalId": "string",
|
|
"principalType": "ServicePrincipal",
|
|
"roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
----
|
|
|
|
[source,bicep,diff-id=11,diff-type=compliant]
|
|
----
|
|
resource symbolicname 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
|
|
scope: tenant()
|
|
properties: {
|
|
description: 'Assign the reader role'
|
|
principalId: 'string'
|
|
principalType: 'ServicePrincipal'
|
|
roleDefinitionId: resourceId('Microsoft.Authorization/roleAssignments', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')
|
|
}
|
|
}
|
|
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
include::../highlighting.adoc[]
|
|
|
|
endif::env-github,rspecator-view[] |