diff --git a/docs/header_names/allowed_framework_names.adoc b/docs/header_names/allowed_framework_names.adoc index fe32f163dc3..ed38745f158 100644 --- a/docs/header_names/allowed_framework_names.adoc +++ b/docs/header_names/allowed_framework_names.adoc @@ -150,7 +150,7 @@ * CryptoSwift * IDZSwiftCommonCrypto // Azure resource manager -* ARM templates +* JSON templates * Bicep // PL/SQL * DBMS_CRYPTO diff --git a/rules/S117/azureresourcemanager/rule.adoc b/rules/S117/azureresourcemanager/rule.adoc index e3cff6d098e..6e234a7ebb8 100644 --- a/rules/S117/azureresourcemanager/rule.adoc +++ b/rules/S117/azureresourcemanager/rule.adoc @@ -10,7 +10,7 @@ include::../why-is-this-an-issue.adoc[] include::../what-is-the-potential-impact.adoc[] -== How to fix it in ARM templates +== How to fix it in JSON templates include::../how-to-fix-it-description.adoc[] diff --git a/rules/S1192/azureresourcemanager/rule.adoc b/rules/S1192/azureresourcemanager/rule.adoc index 236e10980cf..75ea1786a07 100644 --- a/rules/S1192/azureresourcemanager/rule.adoc +++ b/rules/S1192/azureresourcemanager/rule.adoc @@ -6,7 +6,7 @@ include::../description.adoc[] include::exceptions-arm.adoc[] -== How to fix it in ARM templates +== How to fix it in JSON templates include::howtofix-arm.adoc[] diff --git a/rules/S1481/azureresourcemanager/rule.adoc b/rules/S1481/azureresourcemanager/rule.adoc index ebf29e98e26..d687b562b79 100644 --- a/rules/S1481/azureresourcemanager/rule.adoc +++ b/rules/S1481/azureresourcemanager/rule.adoc @@ -1,6 +1,6 @@ include::../rationale.adoc[] -== How to fix it in ARM Templates +== How to fix it in JSON templates The fix for this issue is straightforward. Once you ensure the unused variable is not part of an incomplete implementation leading to bugs, you just need to remove it. diff --git a/rules/S6321/azureresourcemanager/how-to-fix-it/bicep.adoc b/rules/S6321/azureresourcemanager/how-to-fix-it/bicep.adoc new file mode 100644 index 00000000000..37cd49ccfd7 --- /dev/null +++ b/rules/S6321/azureresourcemanager/how-to-fix-it/bicep.adoc @@ -0,0 +1,37 @@ +== How to fix it in Bicep + +include::../../common/how-to-fix-it/intro.adoc[] + +=== Code examples + +==== Noncompliant code example + +[source,bicep,diff-id=2,diff-type=noncompliant] +---- +resource securityRules 'Microsoft.Network/networkSecurityGroups/securityRules@2022-11-01' = { + name: 'securityRules' + properties: { + direction: 'Inbound' + access: 'Allow' + protocol: '*' + destinationPortRange: '*' + sourceAddressPrefix: '*' + } +} +---- + +==== Compliant solution + +[source,bicep,diff-id=2,diff-type=compliant] +---- +resource securityRules 'Microsoft.Network/networkSecurityGroups/securityRules@2022-11-01' = { + name: 'securityRules' + properties: { + direction: 'Inbound' + access: 'Allow' + protocol: '*' + destinationPortRange: '22' + sourceAddressPrefix: '10.0.0.0/24' + } +} +---- diff --git a/rules/S6321/azureresourcemanager/how-to-fix-it/json.adoc b/rules/S6321/azureresourcemanager/how-to-fix-it/json.adoc new file mode 100644 index 00000000000..b5eef8364f4 --- /dev/null +++ b/rules/S6321/azureresourcemanager/how-to-fix-it/json.adoc @@ -0,0 +1,53 @@ +== How to fix it in JSON templates + +include::../../common/how-to-fix-it/intro.adoc[] + +=== Code examples + +==== Noncompliant code example + +[source,json,diff-id=1,diff-type=noncompliant] +---- +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [ + { + "name": "networkSecurityGroups/example", + "type": "Microsoft.Network/networkSecurityGroups/securityRules", + "apiVersion": "2022-11-01", + "properties": { + "protocol": "*", + "destinationPortRange": "*", + "sourceAddressPrefix": "*", + "access": "Allow", + "direction": "Inbound" + } + } + ] +} +---- + +==== Compliant solution + +[source,json,diff-id=1,diff-type=compliant] +---- +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [ + { + "name": "networkSecurityGroups/example", + "type": "Microsoft.Network/networkSecurityGroups/securityRules", + "apiVersion": "2022-11-01", + "properties": { + "protocol": "*", + "destinationPortRange": "22", + "sourceAddressPrefix": "10.0.0.0/24", + "access": "Allow", + "direction": "Inbound" + } + } + ] +} +---- diff --git a/rules/S6321/azureresourcemanager/rule.adoc b/rules/S6321/azureresourcemanager/rule.adoc index 706f52f7f0c..0b5d7c53c93 100644 --- a/rules/S6321/azureresourcemanager/rule.adoc +++ b/rules/S6321/azureresourcemanager/rule.adoc @@ -6,87 +6,9 @@ Any firewall rule allowing traffic from all IP addresses to standard network por include::../impact.adoc[] -== How to fix it +include::how-to-fix-it/json.adoc[] -include::../common/how-to-fix-it/intro.adoc[] - -=== Code examples - -==== Noncompliant code example - -[source,json,diff-id=1,diff-type=noncompliant] ----- -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [ - { - "name": "networkSecurityGroups/example", - "type": "Microsoft.Network/networkSecurityGroups/securityRules", - "apiVersion": "2022-11-01", - "properties": { - "protocol": "*", - "destinationPortRange": "*", - "sourceAddressPrefix": "*", - "access": "Allow", - "direction": "Inbound" - } - } - ] -} ----- - -[source,bicep,diff-id=2,diff-type=noncompliant] ----- -resource securityRules 'Microsoft.Network/networkSecurityGroups/securityRules@2022-11-01' = { - name: 'securityRules' - properties: { - direction: 'Inbound' - access: 'Allow' - protocol: '*' - destinationPortRange: '*' - sourceAddressPrefix: '*' - } -} ----- - -==== Compliant solution - -[source,json,diff-id=1,diff-type=compliant] ----- -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [ - { - "name": "networkSecurityGroups/example", - "type": "Microsoft.Network/networkSecurityGroups/securityRules", - "apiVersion": "2022-11-01", - "properties": { - "protocol": "*", - "destinationPortRange": "22", - "sourceAddressPrefix": "10.0.0.0/24", - "access": "Allow", - "direction": "Inbound" - } - } - ] -} ----- - -[source,bicep,diff-id=2,diff-type=compliant] ----- -resource securityRules 'Microsoft.Network/networkSecurityGroups/securityRules@2022-11-01' = { - name: 'securityRules' - properties: { - direction: 'Inbound' - access: 'Allow' - protocol: '*' - destinationPortRange: '22' - sourceAddressPrefix: '10.0.0.0/24' - } -} ----- +include::how-to-fix-it/bicep.adoc[] == Resources diff --git a/rules/S6378/azureresourcemanager/rule.adoc b/rules/S6378/azureresourcemanager/rule.adoc index 98d915babc0..99a196796a5 100644 --- a/rules/S6378/azureresourcemanager/rule.adoc +++ b/rules/S6378/azureresourcemanager/rule.adoc @@ -6,7 +6,7 @@ include::../recommended.adoc[] == Sensitive Code Example -Using ARM templates: +Using JSON templates: [source,json,diff-id=1,diff-type=noncompliant] ---- @@ -35,7 +35,7 @@ resource sensitiveApiManagementService 'Microsoft.ApiManagement/service@2022-09- == Compliant Solution -Using ARM templates: +Using JSON templates: [source,json,diff-id=1,diff-type=compliant] ---- diff --git a/rules/S6385/azureresourcemanager/how-to-fix-it/bicep.adoc b/rules/S6385/azureresourcemanager/how-to-fix-it/bicep.adoc new file mode 100644 index 00000000000..0ef695b7c58 --- /dev/null +++ b/rules/S6385/azureresourcemanager/how-to-fix-it/bicep.adoc @@ -0,0 +1,51 @@ +== How to fix it in Bicep + +include::../../common/fix/rationale.adoc[] + +=== Code examples + +==== Noncompliant code example + +[source,bicep,diff-id=2,diff-type=noncompliant] +---- +targetScope = 'managementGroup' + +resource roleDef 'Microsoft.Authorization/roleDefinitions@2022-04-01' = { // Sensitive + properties: { + permissions: [ + { + actions: ['*'] + notActions: [] + } + ] + + assignableScopes: [ + managementGroup().id + ] + } +} +---- + +==== Compliant solution + +[source,bicep,diff-id=2,diff-type=compliant] +---- +targetScope = 'managementGroup' + +resource roleDef 'Microsoft.Authorization/roleDefinitions@2022-04-01' = { + properties: { + permissions: [ + { + actions: ['Microsoft.Compute/*'] + notActions: [] + } + ] + + assignableScopes: [ + managementGroup().id + ] + } +} +---- + +include::../../common/fix/extra-mile.adoc[] diff --git a/rules/S6385/azureresourcemanager/how_to_fix_it.adoc b/rules/S6385/azureresourcemanager/how-to-fix-it/json.adoc similarity index 61% rename from rules/S6385/azureresourcemanager/how_to_fix_it.adoc rename to rules/S6385/azureresourcemanager/how-to-fix-it/json.adoc index 65625378e40..a1de8fb9fd7 100644 --- a/rules/S6385/azureresourcemanager/how_to_fix_it.adoc +++ b/rules/S6385/azureresourcemanager/how-to-fix-it/json.adoc @@ -1,6 +1,6 @@ -== How to fix it +== How to fix it in JSON templates -include::../common/fix/rationale.adoc[] +include::../../common/fix/rationale.adoc[] === Code examples @@ -32,26 +32,6 @@ include::../common/fix/rationale.adoc[] } ---- -[source,bicep,diff-id=2,diff-type=noncompliant] ----- -targetScope = 'managementGroup' - -resource roleDef 'Microsoft.Authorization/roleDefinitions@2022-04-01' = { // Sensitive - properties: { - permissions: [ - { - actions: ['*'] - notActions: [] - } - ] - - assignableScopes: [ - managementGroup().id - ] - } -} ----- - ==== Compliant solution [source,json,diff-id=1,diff-type=compliant] @@ -80,22 +60,4 @@ resource roleDef 'Microsoft.Authorization/roleDefinitions@2022-04-01' = { // Sen } ---- -[source,bicep,diff-id=2,diff-type=compliant] ----- -targetScope = 'managementGroup' - -resource roleDef 'Microsoft.Authorization/roleDefinitions@2022-04-01' = { - properties: { - permissions: [ - { - actions: ['Microsoft.Compute/*'] - notActions: [] - } - ] - - assignableScopes: [ - managementGroup().id - ] - } -} ----- +include::../../common/fix/extra-mile.adoc[] diff --git a/rules/S6385/azureresourcemanager/rule.adoc b/rules/S6385/azureresourcemanager/rule.adoc index ce16b355162..3f5b8c4650b 100644 --- a/rules/S6385/azureresourcemanager/rule.adoc +++ b/rules/S6385/azureresourcemanager/rule.adoc @@ -8,9 +8,9 @@ include::../common/description.adoc[] include::../common/impact/description.adoc[] -include::how_to_fix_it.adoc[] +include::how-to-fix-it/json.adoc[] -include::../common/fix/extra-mile.adoc[] +include::how-to-fix-it/bicep.adoc[] include::../see.adoc[] diff --git a/rules/S6437/azureresourcemanager/rule.adoc b/rules/S6437/azureresourcemanager/rule.adoc index 37c75fbe3af..f5d49138b07 100644 --- a/rules/S6437/azureresourcemanager/rule.adoc +++ b/rules/S6437/azureresourcemanager/rule.adoc @@ -12,7 +12,7 @@ include::../../../shared_content/secrets/impact/financial_loss.adoc[] include::../../../shared_content/secrets/impact/security_downgrade.adoc[] -== How to fix it in ARM Templates +== How to fix it in JSON templates === Code examples diff --git a/rules/S6648/azureresourcemanager/how-to-fix-it/arm.adoc b/rules/S6648/azureresourcemanager/how-to-fix-it/json.adoc similarity index 94% rename from rules/S6648/azureresourcemanager/how-to-fix-it/arm.adoc rename to rules/S6648/azureresourcemanager/how-to-fix-it/json.adoc index d45c3814691..d90b7d32d3c 100644 --- a/rules/S6648/azureresourcemanager/how-to-fix-it/arm.adoc +++ b/rules/S6648/azureresourcemanager/how-to-fix-it/json.adoc @@ -1,4 +1,4 @@ -== How to fix it in ARM templates +== How to fix it in JSON templates === Code examples @@ -31,4 +31,4 @@ } } } ----- \ No newline at end of file +---- diff --git a/rules/S6648/azureresourcemanager/rule.adoc b/rules/S6648/azureresourcemanager/rule.adoc index 39b9855a453..1fdb51f96d1 100644 --- a/rules/S6648/azureresourcemanager/rule.adoc +++ b/rules/S6648/azureresourcemanager/rule.adoc @@ -10,7 +10,7 @@ Secure parameters can be assigned a default value which will be used if the para If the default value contains a secret, it will be disclosed to all accounts that have read access to the deployment history. -include::how-to-fix-it/arm.adoc[] +include::how-to-fix-it/json.adoc[] include::how-to-fix-it/bicep.adoc[] diff --git a/rules/S6656/azureresourcemanager/how-to-fix-it/arm.adoc b/rules/S6656/azureresourcemanager/how-to-fix-it/json.adoc similarity index 98% rename from rules/S6656/azureresourcemanager/how-to-fix-it/arm.adoc rename to rules/S6656/azureresourcemanager/how-to-fix-it/json.adoc index 614b1ede297..5b8cd41546e 100644 --- a/rules/S6656/azureresourcemanager/how-to-fix-it/arm.adoc +++ b/rules/S6656/azureresourcemanager/how-to-fix-it/json.adoc @@ -1,4 +1,4 @@ -== How to fix it in ARM Templates +== How to fix it in JSON templates By setting `properties.expressionEvaluationOptions.scope` to `Inner` in the parent template, template evaluations are limited to the scope of the nested template. This makes it impossible to expose secure parameters defined in the parent template. diff --git a/rules/S6656/azureresourcemanager/rule.adoc b/rules/S6656/azureresourcemanager/rule.adoc index c26abc52c05..4b1dece7b3e 100644 --- a/rules/S6656/azureresourcemanager/rule.adoc +++ b/rules/S6656/azureresourcemanager/rule.adoc @@ -10,7 +10,7 @@ When used in nested deployments, however, it is possible to embed secure paramet If the nested deployment contains a secure parameter in this way, then the value of this parameter may be readable in the deployment history. This can lead to important credentials being leaked to unauthorized accounts. -include::how-to-fix-it/arm.adoc[] +include::how-to-fix-it/json.adoc[] include::how-to-fix-it/bicep.adoc[] @@ -44,4 +44,4 @@ If `properties.expressionEvaluationOptions.scope` or `properties.expressionEvalu ==== Secondary Highlight Highlight the secure parameter in the nested template that is at risk here. -endif::env-github,rspecator-view[] \ No newline at end of file +endif::env-github,rspecator-view[] diff --git a/rules/S6874/azureresourcemanager/rule.adoc b/rules/S6874/azureresourcemanager/rule.adoc index 55806713c55..9805df03e06 100644 --- a/rules/S6874/azureresourcemanager/rule.adoc +++ b/rules/S6874/azureresourcemanager/rule.adoc @@ -11,7 +11,7 @@ the latest version. This can lead to unexpected behaviors like deployment failures, when the API version you set for a resource doesn't match the properties in your template. -== How to fix it in ARM Templates +== How to fix it in JSON templates To avoid these issues, it is recommended to set the `apiVersion` to a hard-coded value for the resource type. diff --git a/rules/S6949/azureresourcemanager/rule.adoc b/rules/S6949/azureresourcemanager/rule.adoc index c84238ef217..e7c8b42f0cf 100644 --- a/rules/S6949/azureresourcemanager/rule.adoc +++ b/rules/S6949/azureresourcemanager/rule.adoc @@ -6,7 +6,7 @@ When deploying an Azure Resource Manager template (ARM template), you must provi It is therefore recommended to use a parameter to specify the location for resources, with the default value set to `resourceGroup().location`. This practice ensures consistency in resource allocation and provides users of the template the flexibility to specify a location where they have the necessary permissions to deploy resources. This approach helps avoid hardcoding locations, which can lead to potential deployment issues and restrictions. -== How to fix it in ARM templates +== How to fix it in JSON templates Create a parameter for the location and set the default value to `resourceGroup().location`. Then, use the parameter to specify the location of resources. @@ -115,4 +115,4 @@ Replace this hardcoded location with a parameter. === Highlighting Highlight the value of the hardcoded `location` property. -endif::env-github,rspecator-view[] \ No newline at end of file +endif::env-github,rspecator-view[] diff --git a/rules/S6952/azureresourcemanager/rule.adoc b/rules/S6952/azureresourcemanager/rule.adoc index 5be30fe2c7f..3db2ef18251 100644 --- a/rules/S6952/azureresourcemanager/rule.adoc +++ b/rules/S6952/azureresourcemanager/rule.adoc @@ -10,7 +10,7 @@ However, a code smell arises when these dependencies are used simultaneously for This redundancy is unnecessary and can lead to confusion. Therefore, to maintain clarity and efficiency in your code, it is best to omit explicit dependencies when they are already defined implicitly. -== How to fix it in ARM templates +== How to fix it in JSON templates If a resource references another with a `reference` function, remove the `dependsOn` element if it points to the same resource. diff --git a/rules/S6953/azureresourcemanager/rule.adoc b/rules/S6953/azureresourcemanager/rule.adoc index de791e2f95e..34ce1ea926c 100644 --- a/rules/S6953/azureresourcemanager/rule.adoc +++ b/rules/S6953/azureresourcemanager/rule.adoc @@ -12,7 +12,7 @@ However, when it comes to a parameter defining the `location` of a resource, thi Specifically, setting `allowedValues` for a location parameter can cause issues because the locations list might not be exhaustive or suitable for all users. Users may be unable to deploy such a template if their desired location is not included in the `allowedValues`, causing inconvenience and potential delays in their work. -== How to fix it in ARM Templates +== How to fix it in JSON templates Remove `allowedValues` for the parameter specifying the location. @@ -114,4 +114,4 @@ In case of ARM Tempates , highlight the `allowedValues` property in the paramete In case of Bicep, highlight the `@allowed` decorator above the parameter specifying the location. -endif::env-github,rspecator-view[] \ No newline at end of file +endif::env-github,rspecator-view[] diff --git a/rules/S6954/azureresourcemanager/rule.adoc b/rules/S6954/azureresourcemanager/rule.adoc index f755a9be95e..5d31bf3eba9 100644 --- a/rules/S6954/azureresourcemanager/rule.adoc +++ b/rules/S6954/azureresourcemanager/rule.adoc @@ -11,7 +11,7 @@ They are useless and prevent readability of the code. The top-level JSON template properties: `parameters`, `variables`, `functions`, `resources` and `outputs` are excluded from this rule. Also required properties are excluded from this rule. -== How to fix it in ARM Templates +== How to fix it in JSON templates Empty or null elements should be removed or completed with real code. diff --git a/rules/S6955/azureresourcemanager/rule.adoc b/rules/S6955/azureresourcemanager/rule.adoc index dcac56a2b00..0fc84a54ae4 100644 --- a/rules/S6955/azureresourcemanager/rule.adoc +++ b/rules/S6955/azureresourcemanager/rule.adoc @@ -24,7 +24,7 @@ In summary, unused local parameters can make your code less readable, more confu Therefore, it is best to remove them. -== How to fix it in ARM Templates +== How to fix it in JSON templates include::../how-to-fix-it-text.adoc[] diff --git a/rules/S6956/azureresourcemanager/how-to-fix-it/bicep.adoc b/rules/S6956/azureresourcemanager/how-to-fix-it/bicep.adoc new file mode 100644 index 00000000000..b3eed1f5b66 --- /dev/null +++ b/rules/S6956/azureresourcemanager/how-to-fix-it/bicep.adoc @@ -0,0 +1,20 @@ +== How to fix it in Bicep + +=== Code examples + +==== Compliant solution + +*Recommended order of elements*: + +[source,bicep] +---- +targetScope ... +metadata ... +param ... +func ... +var ... +resource ... // (existing resources collected together) +resource ... // (new resources) +module ... +output ... +---- diff --git a/rules/S6956/azureresourcemanager/how-to-fix-it/json.adoc b/rules/S6956/azureresourcemanager/how-to-fix-it/json.adoc new file mode 100644 index 00000000000..dd8824cd2f6 --- /dev/null +++ b/rules/S6956/azureresourcemanager/how-to-fix-it/json.adoc @@ -0,0 +1,22 @@ +== How to fix it in JSON templates + +=== Code examples + +==== Compliant solution + +*Recommended order of properties*: + +[source,json] +---- +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/...", + "contentVersion": "1.0.0.0", + "metadata": {}, + "apiProfile": "...", + "parameters": {}, + "functions": {}, + "variables": {}, + "resources": [], + "outputs": {} +} +---- diff --git a/rules/S6956/azureresourcemanager/rule.adoc b/rules/S6956/azureresourcemanager/rule.adoc index e0e91a29278..79660dda056 100644 --- a/rules/S6956/azureresourcemanager/rule.adoc +++ b/rules/S6956/azureresourcemanager/rule.adoc @@ -6,41 +6,9 @@ This makes it easier to read and understand the template. Not following this convention has no technical impact, but will reduce the template's readability because most developers are used to the standard order. -== How to fix it in ARM Templates +include::how-to-fix-it/json.adoc[] -*Recommended order of properties*: - -[source,json] ----- -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/...", - "contentVersion": "1.0.0.0", - "metadata": {}, - "apiProfile": "...", - "parameters": {}, - "functions": {}, - "variables": {}, - "resources": [], - "outputs": {} -} ----- - -== How to fix it in Bicep - -*Recommended order of elements*: - -[source,bicep] ----- -targetScope ... -metadata ... -param ... -func ... -var ... -resource ... // (existing resources collected together) -resource ... // (new resources) -module ... -output ... ----- +include::how-to-fix-it/bicep.adoc[] == Resources === Documentation diff --git a/rules/S6975/azureresourcemanager/how-to-fix-it/bicep.adoc b/rules/S6975/azureresourcemanager/how-to-fix-it/bicep.adoc new file mode 100644 index 00000000000..822c6f14548 --- /dev/null +++ b/rules/S6975/azureresourcemanager/how-to-fix-it/bicep.adoc @@ -0,0 +1,30 @@ +== How to fix it in Bicep + +=== Code examples + +==== Compliant solution + +*Recommended order of the resource elements and decorators*: + +[source,bicep] +---- +@description +@batchSize +resource resourceName + parent + scope + name + location/extendedLocation + zones + sku + kind + scale + plan + identity + dependsOn + tags + properties +---- + +Any other decorated not listed here should be placed before the `resource` object and after the other decorators. +Any other elements not listed here should be placed before the `properties` object for the resource. diff --git a/rules/S6975/azureresourcemanager/how-to-fix-it/json.adoc b/rules/S6975/azureresourcemanager/how-to-fix-it/json.adoc new file mode 100644 index 00000000000..29b89c9a226 --- /dev/null +++ b/rules/S6975/azureresourcemanager/how-to-fix-it/json.adoc @@ -0,0 +1,36 @@ +== How to fix it in JSON templates + +=== Code examples + +==== Compliant solution + +*Recommended order of the resource elements*: + +[source,json] +---- +{ + "resources": [ + { + "comments": "if any", + "condition": true, + "scope": "% parent scope %", + "type": "Microsoft.Compute/virtualMachines", + "apiVersion": "2023-09-01", + "name": "resourceName", + "location": "[parameters('location')]", + "zones": [], + "sku": {}, + "kind": "", + "scale": "", + "plan": {}, + "identity": {}, + "copy": {}, + "dependsOn": [], + "tags": {}, + "properties": {} + } + ] +} +---- + +Any other properties not listed here should be placed before the `properties` object for the resource. diff --git a/rules/S6975/azureresourcemanager/rule.adoc b/rules/S6975/azureresourcemanager/rule.adoc index f92d2164487..69432d270a8 100644 --- a/rules/S6975/azureresourcemanager/rule.adoc +++ b/rules/S6975/azureresourcemanager/rule.adoc @@ -6,65 +6,9 @@ This makes it easier to read and understand the template. Not following this convention has no technical impact, but will reduce the template's readability because most developers are used to the standard order. -== How to fix it in ARM Templates - -*Recommended order of the resource elements*: - -[source,json] ----- -{ - "resources": [ - { - "comments": "if any", - "condition": true, - "scope": "% parent scope %", - "type": "Microsoft.Compute/virtualMachines", - "apiVersion": "2023-09-01", - "name": "resourceName", - "location": "[parameters('location')]", - "zones": [], - "sku": {}, - "kind": "", - "scale": "", - "plan": {}, - "identity": {}, - "copy": {}, - "dependsOn": [], - "tags": {}, - "properties": {} - } - ] -} ----- - -Any other properties not listed here should be placed before the `properties` object for the resource. - -== How to fix it in Bicep - -*Recommended order of the resource elements and decorators*: - -[source,bicep] ----- -@description -@batchSize -resource resourceName - parent - scope - name - location/extendedLocation - zones - sku - kind - scale - plan - identity - dependsOn - tags - properties ----- - -Any other decorated not listed here should be placed before the `resource` object and after the other decorators. -Any other elements not listed here should be placed before the `properties` object for the resource. +include::how-to-fix-it/json.adoc[] + +include::how-to-fix-it/bicep.adoc[] == Resources === Documentation