Merge pull request #212329 from mumian/0921-linter-resource-id

v-regandowner · web-flow · commit 83e676c73b8a · 2022-09-23T19:51:44.000-04:00
Linter rule - use resource id functions
diff --git a/articles/azure-resource-manager/bicep/bicep-config-linter.md b/articles/azure-resource-manager/bicep/bicep-config-linter.md
@@ -2,7 +2,7 @@
 title: Linter settings for Bicep config
 description: Describes how to customize configuration values for the Bicep linter
 ms.topic: conceptual
-ms.date: 09/21/2022
+ms.date: 09/23/2022
 ---
 
 # Add linter settings in the Bicep config file
@@ -89,6 +89,9 @@ The following example shows the rules that are available for configuration.
         "use-protectedsettings-for-commandtoexecute-secrets": {
           "level": "warning"
         },
+        "use-resource-id-functions": {
+          "level": "warning"
+        },
         "use-stable-resource-identifiers": {
           "level": "warning"
         },
diff --git a/articles/azure-resource-manager/bicep/linter-rule-no-hardcoded-location.md b/articles/azure-resource-manager/bicep/linter-rule-no-hardcoded-location.md
@@ -1,11 +1,11 @@
 ---
-title: Linter rule - no hard-coded locations
-description: Linter rule - no hard-coded locations
+title: Linter rule - no hardcoded locations
+description: Linter rule - no hardcoded locations
 ms.topic: conceptual
 ms.date: 1/6/2022
 ---
 
-# Linter rule - no hard-coded locations
+# Linter rule - no hardcoded locations
 
 This rule finds uses of Azure location values that aren't parameterized.
 
@@ -17,9 +17,9 @@ Use the following value in the [Bicep configuration file](bicep-config-linter.md
 
 ## Solution
 
-Template users may have limited access to regions where they can create resources. A hard-coded resource location might block users from creating a resource, thus preventing them from using the template. By providing a location parameter that defaults to the resource group location, users can use the default value when convenient but also specify a different location.
+Template users may have limited access to regions where they can create resources. A hardcoded resource location might block users from creating a resource, thus preventing them from using the template. By providing a location parameter that defaults to the resource group location, users can use the default value when convenient but also specify a different location.
 
-Rather than using a hard-coded string or variable value, use a parameter, the string 'global', or an expression (but not `resourceGroup().location` or `deployment().location`, see [no-loc-expr-outside-params](./linter-rule-no-loc-expr-outside-params.md)). Best practice suggests that to set your resources' locations, your template should have a string parameter named `location`. This parameter may default to the resource group or deployment location (`resourceGroup().location` or `deployment().location`).
+Rather than using a hardcoded string or variable value, use a parameter, the string 'global', or an expression (but not `resourceGroup().location` or `deployment().location`, see [no-loc-expr-outside-params](./linter-rule-no-loc-expr-outside-params.md)). Best practice suggests that to set your resources' locations, your template should have a string parameter named `location`. This parameter may default to the resource group or deployment location (`resourceGroup().location` or `deployment().location`).
 
 The following example fails this test because the resource's `location` property uses a string literal:
 
@@ -61,7 +61,7 @@ The following example fails this test because a string literal is being passed i
 module m1 'module1.bicep' = {
   name: 'module1'
   params: {
-    location: 'westus'    
+    location: 'westus'
   }
 }
 ```
diff --git a/articles/azure-resource-manager/bicep/linter-rule-use-resource-id-functions.md b/articles/azure-resource-manager/bicep/linter-rule-use-resource-id-functions.md
@@ -0,0 +1,114 @@
+---
+title: Linter rule - use resource ID functions
+description: Linter rule - use resource ID functions
+ms.topic: conceptual
+ms.date: 09/23/2022
+---
+
+# Linter rule - use resource ID functions
+
+Ensures that the ID of a symbolic resource name or a suitable function is used rather than a manually created ID, such as a concatenating string, for all properties representing a resource ID. Use resource symbolic names whenever it's possible.
+
+The allowed functions include:
+
+- [`extensionResourceId`](./bicep-functions-resource.md#extensionresourceid)
+- [`resourceId`](./bicep-functions-resource.md#resourceid)
+- [`subscriptionResourceId`](./bicep-functions-resource.md#subscriptionresourceid)
+- [`tenantResourceId`](./bicep-functions-resource.md#tenantresourceid)
+- [`reference`](./bicep-functions-resource.md#reference)
+- [`subscription`](./bicep-functions-scope.md#subscription)
+- [`guid`](./bicep-functions-string.md#guid)
+
+## Linter rule code
+
+Use the following value in the [Bicep configuration file](bicep-config-linter.md) to customize rule settings:
+
+`use-resource-id-functions`
+
+## Solution
+
+The following example fails this test because the resource's `api/id` property uses a manually created string:
+
+```bicep
+@description('description')
+param connections_azuremonitorlogs_name string
+
+@description('description')
+param location string
+
+@description('description')
+param resourceTags object
+param tenantId string
+
+resource connections_azuremonitorlogs_name_resource 'Microsoft.Web/connections@2016-06-01' = {
+  name: connections_azuremonitorlogs_name
+  location: location
+  tags: resourceTags
+  properties: {
+    displayName: 'azuremonitorlogs'
+    statuses: [
+      {
+        status: 'Connected'
+      }
+    ]
+    nonSecretParameterValues: {
+      'token:TenantId': tenantId
+      'token:grantType': 'code'
+    }
+    api: {
+      name: connections_azuremonitorlogs_name
+      displayName: 'Azure Monitor Logs'
+      description: 'Use this connector to query your Azure Monitor Logs across Log Analytics workspace and Application Insights component, to list or visualize results.'
+      iconUri: 'https://connectoricons-prod.azureedge.net/releases/v1.0.1501/1.0.1501.2507/${connections_azuremonitorlogs_name}/icon.png'
+      brandColor: '#0072C6'
+      id: '/subscriptions/<subscription_id_here>/providers/Microsoft.Web/locations/<region_here>/managedApis/${connections_azuremonitorlogs_name}'
+      type: 'Microsoft.Web/locations/managedApis'
+    }
+  }
+}
+```
+
+You can fix it by using the `subscriptionResourceId()` function:
+
+```bicep
+@description('description')
+param connections_azuremonitorlogs_name string
+
+@description('description')
+param location string
+
+@description('description')
+param resourceTags object
+param tenantId string
+
+resource connections_azuremonitorlogs_name_resource 'Microsoft.Web/connections@2016-06-01' = {
+  name: connections_azuremonitorlogs_name
+  location: location
+  tags: resourceTags
+  properties: {
+    displayName: 'azuremonitorlogs'
+    statuses: [
+      {
+        status: 'Connected'
+      }
+    ]
+    nonSecretParameterValues: {
+      'token:TenantId': tenantId
+      'token:grantType': 'code'
+    }
+    api: {
+      name: connections_azuremonitorlogs_name
+      displayName: 'Azure Monitor Logs'
+      description: 'Use this connector to query your Azure Monitor Logs across Log Analytics workspace and Application Insights component, to list or visualize results.'
+      iconUri: 'https://connectoricons-prod.azureedge.net/releases/v1.0.1501/1.0.1501.2507/${connections_azuremonitorlogs_name}/icon.png'
+      brandColor: '#0072C6'
+      id: subscriptionResourceId('Microsoft.Web/locations/managedApis', location, connections_azuremonitorlogs_name)
+      type: 'Microsoft.Web/locations/managedApis'
+    }
+  }
+}
+```
+
+## Next steps
+
+For more information about the linter, see [Use Bicep linter](./linter.md).
diff --git a/articles/azure-resource-manager/bicep/linter.md b/articles/azure-resource-manager/bicep/linter.md
@@ -2,7 +2,7 @@
 title: Use Bicep linter
 description: Learn how to use Bicep linter.
 ms.topic: conceptual
-ms.date: 09/21/2022
+ms.date: 9/23/2022
 ---
 
 # Use Bicep linter
@@ -39,6 +39,7 @@ The default set of linter rules is minimal and taken from [arm-ttk test cases](.
 - [secure-secrets-in-params](./linter-rule-secure-secrets-in-parameters.md)
 - [simplify-interpolation](./linter-rule-simplify-interpolation.md)
 - [use-protectedsettings-for-commandtoexecute-secrets](./linter-rule-use-protectedsettings-for-commandtoexecute-secrets.md)
+- [use-resource-id-functions](./linter-rule-use-resource-id-functions.md)
 - [use-stable-resource-identifiers](./linter-rule-use-stable-resource-identifier.md)
 - [use-stable-vm-image](./linter-rule-use-stable-vm-image.md)
 
diff --git a/articles/azure-resource-manager/bicep/toc.yml b/articles/azure-resource-manager/bicep/toc.yml
@@ -432,6 +432,8 @@
         href: linter-rule-simplify-interpolation.md
       - name: Use explicit values for module location parameters
         href: linter-rule-explicit-values-for-loc-params.md
+      - name: use resource ID functions
+        href: linter-rule-use-resource-id-functions.md
       - name: Use stable resource identifier
         href: linter-rule-use-stable-resource-identifier.md
       - name: Use stable VM image
