Merge pull request #274403 from mumian/0506-linter-secure

v-dirichards · web-flow · commit 84aa21281ab9 · 2024-05-07T10:39:50.000-05:00
new linter rule for adminPassword
diff --git a/articles/azure-resource-manager/bicep/bicep-config-linter.md b/articles/azure-resource-manager/bicep/bicep-config-linter.md
@@ -121,6 +121,9 @@ The following example shows the rules that are available for configuration.
         "use-resource-symbol-reference": {
           "level": "warning"
         },
+        "use-secure-value-for-secure-inputs": {
+          "level": "error"
+        },
         "use-stable-resource-identifiers": {
           "level": "warning"
         },
diff --git a/articles/azure-resource-manager/bicep/linter-rule-use-secure-value-for-secure-inputs.md b/articles/azure-resource-manager/bicep/linter-rule-use-secure-value-for-secure-inputs.md
@@ -0,0 +1,94 @@
+---
+title: Linter rule - adminPassword should be assigned a secure value
+description: Linter rule - adminPassword should be assigned a secure value.
+ms.topic: conceptual
+ms.custom: devx-track-bicep
+ms.date: 05/06/2024
+---
+
+# Linter rule - adminPassword should be assigned a secure value.
+
+This rule finds the value of the property path `properties.osProfile.adminPassword` for resources of type `Microsoft.Compute/virtualMachines` or `Microsoft.Compute/virtualMachineScaleSets` that doesn't have a secure value.
+
+## Linter rule code
+
+Use the following value in the [Bicep configuration file](bicep-config-linter.md) to customize rule settings:
+
+`use-secure-value-for-secure-inputs`
+
+## Solution
+
+Assign a secure value to the property with the property path `properties.osProfile.adminPassword` for resources of type `Microsoft.Compute/virtualMachines` or `Microsoft.Compute/virtualMachineScaleSets`. Don't use a literal value. Instead, create a parameter with the [`@secure()` decorator](./parameters.md#secure-parameters) for the password and assign it to `adminPassword`.
+
+The following examples fail this test because the `adminPassword` is not a secure value.
+
+```bicep
+resource ubuntuVM 'Microsoft.Compute/virtualMachineScaleSets@2023-09-01' = {
+  name: 'name'
+  location: 'West US'
+  properties: {
+    virtualMachineProfile: {
+      osProfile: {
+        adminUsername: 'adminUsername'
+        adminPassword: 'adminPassword'
+      }
+    }
+  }
+}
+```
+
+```bicep
+resource ubuntuVM 'Microsoft.Compute/virtualMachines@2023-09-01' = {
+  name: 'name'
+  location: 'West US'
+  properties: {
+    osProfile: {
+      computerName: 'computerName'
+      adminUsername: 'adminUsername'
+      adminPassword: 'adminPassword'
+    }
+  }
+}
+```
+
+```bicep
+param adminPassword string
+
+resource ubuntuVM 'Microsoft.Compute/virtualMachines@2023-09-01' = {
+  name: 'name'
+  location: 'West US'
+  properties: {
+    osProfile: {
+      computerName: 'computerName'
+      adminUsername: 'adminUsername'
+      adminPassword: adminPassword
+    }
+  }
+}
+```
+
+The following example passes this test.
+
+```bicep
+@secure()
+param adminPassword string
+@secure()
+param adminUsername string
+param location string = resourceGroup().location
+
+resource ubuntuVM 'Microsoft.Compute/virtualMachines@2023-09-01' = {
+  name: 'name'
+  location: location
+  properties: {
+    osProfile: {
+      computerName: 'computerName'
+      adminUsername: adminUsername
+      adminPassword: adminPassword
+    }
+  }
+}
+```
+
+## Next steps
+
+For more information about the linter, see [Use Bicep linter](./linter.md).
diff --git a/articles/azure-resource-manager/bicep/linter.md b/articles/azure-resource-manager/bicep/linter.md
@@ -3,7 +3,7 @@ title: Use Bicep linter
 description: Learn how to use Bicep linter.
 ms.topic: conceptual
 ms.custom: devx-track-bicep
-ms.date: 03/20/2024
+ms.date: 05/06/2024
 ---
 
 # Use Bicep linter
@@ -50,6 +50,7 @@ The default set of linter rules is minimal and taken from [arm-ttk test cases](.
 - [use-recent-api-versions](./linter-rule-use-recent-api-versions.md)
 - [use-resource-id-functions](./linter-rule-use-resource-id-functions.md)
 - [use-resource-symbol-reference](./linter-rule-use-resource-symbol-reference.md)
+- [use-secure-value-for-secure-inputs](./linter-rule-use-secure-value-for-secure-inputs.md)
 - [use-stable-resource-identifiers](./linter-rule-use-stable-resource-identifier.md)
 - [use-stable-vm-image](./linter-rule-use-stable-vm-image.md)
 
diff --git a/articles/azure-resource-manager/bicep/toc.yml b/articles/azure-resource-manager/bicep/toc.yml
@@ -542,6 +542,9 @@
       - name: Use resource symbol reference
         displayName: linter
         href: linter-rule-use-resource-symbol-reference.md
+      - name: Use secure value for secure inputs
+        displayName: linter
+        href: linter-rule-use-secure-value-for-secure-inputs.md
       - name: Use stable resource identifier
         displayName: linter
         href: linter-rule-use-stable-resource-identifier.md
