You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
AZR-000284: Administrator Username Types
Severity: High
Recommendation: Sensitive properties should be passed as parameters. Avoid using deterministic values for sensitive properties.
More information: https://azure.github.io/PSRule.Rules.Azure/en/rules/Azure.Deployment.AdminUsername/
Result: Failed
Line: 9
AZR-000316: Use secure resource values
Severity: High
Recommendation: Consider using secure parameters for sensitive resource properties.
More information: https://azure.github.io/PSRule.Rules.Azure/en/rules/Azure.Deployment.SecureValue/
Result: Failed
Line: 9
Reproduction
main.bicep
// Parameters
@description('The name of the SQL logical server.')
paramsqlServerNamestring = uniqueString('sql', resourceGroup().id)
@description('The name of the SQL Database.')
paramsqlDbNamestring = 'SampleDB'
@description('Location for all resources.')
paramlocationstring = resourceGroup().location
@description('The administrator username of the SQL logical server.')
@secure()
paramsqlAdminLoginstring
@description('The administrator password of the SQL logical server.')
@secure()
paramsqlAdminPasswordstring
@description('SKU name. Typically a letter representing tier, followed by a number e.g. S4')
paramsqlSkuNamestring = 'Standard'
@description('SKU level/tier. Typically Basic/Standard/Premium')
paramsqlSkuTierstring = 'Standard'// Resource Declarationsmodulesql_database'./modules/sqlDatabase.bicep' = {
name: 'sqlDatabaseDeploy'params: {
serverName: sqlServerNamedatabaseName: sqlDbNamelocation: locationadminLogin: sqlAdminLoginadminPassword: sqlAdminPasswordskuName: sqlSkuNameskuTier: sqlSkuTier
}
}
modules/sqlDatabase.bicep
@description('The name of the SQL logical server.')
paramserverNamestring = uniqueString('sql', resourceGroup().id)
@description('The name of the SQL Database.')
paramdatabaseNamestring = 'SampleDB'
@description('Location for all resources.')
paramlocationstring = resourceGroup().location
@description('The administrator username of the SQL logical server.')
@secure()
paramadminLoginstring
@description('The administrator password of the SQL logical server.')
@secure()
paramadminPasswordstring
@description('SKU name. Typically a letter representing tier, followed by a number e.g. S4')
paramskuNamestring = 'Standard'
@description('SKU level/tier. Typically Basic/Standard/Premium')
paramskuTierstring = 'Standard'resourcesqlServer'Microsoft.Sql/servers@2022-05-01-preview' = {
name: serverNamelocation: locationproperties: {
administratorLogin: adminLoginadministratorLoginPassword: adminPasswordpublicNetworkAccess: 'Disabled'minimalTlsVersion: '1.2'
}
}
resourcesqlDatabase'Microsoft.Sql/servers/databases@2022-05-01-preview' = {
parent: sqlServername: databaseNamelocation: locationsku: {
name: skuNametier: skuTier
}
}
resourcesqlAdmins'Microsoft.Sql/servers/administrators@2022-05-01-preview' = {
name: 'ActiveDirectory'parent: sqlServerproperties: {
administratorType: 'ActiveDirectory'login: 'sql-admins'sid: '0c82f823-ffb6-428b-8ef8-de1f967840af'tenantId: subscription().tenantId
}
}
resourcesqlSecurityAlertPolicy'Microsoft.Sql/servers/securityAlertPolicies@2022-05-01-preview' = {
parent: sqlServername: 'default'properties: {
state: 'Enabled'emailAccountAdmins: truedisabledAlerts: []
retentionDays: 30
}
}
resourcesqlAuditSettings'Microsoft.Sql/servers/auditingSettings@2022-08-01-preview' = {
name: 'default'parent: sqlServerproperties: {
isAzureMonitorTargetEnabled: truestate: 'Enabled'retentionDays: 7auditActionsAndGroups: [
'SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP''FAILED_DATABASE_AUTHENTICATION_GROUP''BATCH_COMPLETED_GROUP'
]
}
}
Version of PSRule
2.9.0
Version of PSRule for Azure
1.33.2
Additional context
I'm testing using TemplateAnalyzer - latest version.
Version of Microsoft.PSRule.Rules.Azure.Core.dll is 1.33.2.0
The text was updated successfully, but these errors were encountered:
@BernieWhite following up again as I have tested with version 1.20 where this issue was reportedly first resolved but I still encountered the same error.
Existing rule
AZR-000284
Description of the issue
When creating SQL server
AZR-000284
andAZR-000316
are raised for username and password, even though they are passed asSecure
in bicep.This is similar to #1762
Error messages
Reproduction
main.bicep
modules/sqlDatabase.bicep
Version of PSRule
2.9.0
Version of PSRule for Azure
1.33.2
Additional context
I'm testing using
TemplateAnalyzer
- latest version.Version of
Microsoft.PSRule.Rules.Azure.Core.dll
is1.33.2.0
The text was updated successfully, but these errors were encountered: