fixed the remaining linter warnings

cds-snc · Feb 11, 2023 · 1610a28 · 1610a28
1 parent 9f0e049
commit 1610a28
Show file tree

Hide file tree

Showing 12 changed files with 32 additions and 25 deletions.
diff --git a/azresources/containers/aks/main.bicep b/azresources/containers/aks/main.bicep
@@ -108,7 +108,7 @@ var virtualNetworkName = subnetIdSplit[8]
 var privateDnsZoneIdSplit = split(privateDNSZoneId, '/')
 var privateDnsZoneSubscriptionId = privateDnsZoneIdSplit[2]
 var privateZoneDnsResourceGroupName = privateDnsZoneIdSplit[4]
-var privateZoneResourceName = last(privateDnsZoneIdSplit)
+var privateZoneResourceName = last(privateDnsZoneIdSplit)!
 
 module identity '../../iam/user-assigned-identity.bicep' = {
   name: 'deploy-aks-identity'

diff --git a/azresources/data/sqldb/sqldb-with-cmk.bicep b/azresources/data/sqldb/sqldb-with-cmk.bicep
@@ -107,9 +107,9 @@ resource sqlserver 'Microsoft.Sql/servers@2021-02-01-preview' = {
 }
 
 resource sqlserver_va 'Microsoft.Sql/servers/vulnerabilityAssessments@2020-11-01-preview' = {
-  name: '${sqlServerName}/default'
+  parent: sqlserver
+  name: 'default'
   dependsOn: [
-    sqlserver
     roleAssignSQLToSALogging
   ]
   properties: {

diff --git a/azresources/data/sqldb/sqldb-without-cmk.bicep b/azresources/data/sqldb/sqldb-without-cmk.bicep
@@ -86,9 +86,9 @@ resource sqlserver 'Microsoft.Sql/servers@2021-02-01-preview' = {
 }
 
 resource sqlserver_va 'Microsoft.Sql/servers/vulnerabilityAssessments@2020-11-01-preview' = {
-  name: '${sqlServerName}/default'
+  parent: sqlserver
+  name: 'default'
   dependsOn: [
-    sqlserver
     roleAssignSQLToSALogging
   ]
   properties: {

diff --git a/azresources/data/sqlmi/sqlmi-with-cmk.bicep b/azresources/data/sqlmi/sqlmi-with-cmk.bicep
@@ -98,9 +98,9 @@ resource sqlmi 'Microsoft.Sql/managedInstances@2020-11-01-preview' = {
 }
 
 resource sqlmi_va 'Microsoft.Sql/managedInstances/vulnerabilityAssessments@2020-11-01-preview' = {
-  name: '${name}/default'
+  parent: sqlmi
+  name: 'default'
   dependsOn: [
-    sqlmi
     roleAssignSQLMIToSALogging
   ]
   properties: {

diff --git a/azresources/data/sqlmi/sqlmi-without-cmk.bicep b/azresources/data/sqlmi/sqlmi-without-cmk.bicep
@@ -77,9 +77,9 @@ resource sqlmi 'Microsoft.Sql/managedInstances@2020-11-01-preview' = {
 }
 
 resource sqlmi_va 'Microsoft.Sql/managedInstances/vulnerabilityAssessments@2020-11-01-preview' = {
-  name: '${name}/default'
+  parent: sqlmi
+  name: 'default'
   dependsOn: [
-    sqlmi
     roleAssignSQLMIToSALogging
   ]
   properties: {

diff --git a/policy/custom/assignments/AKS.bicep b/policy/custom/assignments/AKS.bicep
@@ -29,8 +29,10 @@ var policyId = 'custom-aks'
 var assignmentName = 'Custom - Azure Kubernetes Service'
 
 var scope = tenantResourceId('Microsoft.Management/managementGroups', policyAssignmentManagementGroupId)
-var policyScopedId = managementGroupResourceId(policyDefinitionManagementGroupId, 'Microsoft.Authorization/policySetDefinitions/',policyId)
-//var policyScopedId = '/providers/Microsoft.Management/managementGroups/${policyDefinitionManagementGroupId}/providers/Microsoft.Authorization/policySetDefinitions/${policyId}'
+var policyDefinitionScope = tenantResourceId('Microsoft.Management/managementGroups', policyDefinitionManagementGroupId)
+var policyScopedId = extensionResourceId(policyDefinitionScope, 'Microsoft.Authorization/policySetDefinitions', policyId)
+
+
 
 // Telemetry - Azure customer usage attribution
 // Reference:  https://learn.microsoft.com/azure/marketplace/azure-partner-customer-usage-attribution

diff --git a/policy/custom/assignments/DDoS.bicep b/policy/custom/assignments/DDoS.bicep
@@ -32,9 +32,9 @@ var policyId = 'Network-Deploy-DDoS-Standard'
 var assignmentName = 'Custom - Enable DDoS Standard on Virtual Networks'
 
 var scope = tenantResourceId('Microsoft.Management/managementGroups', policyAssignmentManagementGroupId)
-var policyScopedId = managementGroupResourceId(policyDefinitionManagementGroupId, 'Microsoft.Authorization/policySetDefinitions/',policyId)
+var policyDefinitionScope = tenantResourceId('Microsoft.Management/managementGroups', policyDefinitionManagementGroupId)
+var policyScopedId = extensionResourceId(policyDefinitionScope, 'Microsoft.Authorization/policySetDefinitions', policyId)
 
-//var policyScopedId = '/providers/Microsoft.Management/managementGroups/${policyDefinitionManagementGroupId}/providers/Microsoft.Authorization/policyDefinitions/${policyId}'
 
 // Telemetry - Azure customer usage attribution
 // Reference:  https://learn.microsoft.com/azure/marketplace/azure-partner-customer-usage-attribution

diff --git a/policy/custom/assignments/DNSPrivateEndpoints.bicep b/policy/custom/assignments/DNSPrivateEndpoints.bicep
@@ -35,8 +35,9 @@ var policyId = 'custom-central-dns-private-endpoints'
 var assignmentName = 'Custom - Central DNS for Private Endpoints'
 
 var scope = tenantResourceId('Microsoft.Management/managementGroups', policyAssignmentManagementGroupId)
-var policyScopedId = managementGroupResourceId(policyDefinitionManagementGroupId, 'Microsoft.Authorization/policySetDefinitions/',policyId)
-//var policyScopedId = '/providers/Microsoft.Management/managementGroups/${policyDefinitionManagementGroupId}/providers/Microsoft.Authorization/policySetDefinitions/${policyId}'
+var policyDefinitionScope = tenantResourceId('Microsoft.Management/managementGroups', policyDefinitionManagementGroupId)
+var policyScopedId = extensionResourceId(policyDefinitionScope, 'Microsoft.Authorization/policySetDefinitions', policyId)
+
 
 // Telemetry - Azure customer usage attribution
 // Reference:  https://learn.microsoft.com/azure/marketplace/azure-partner-customer-usage-attribution

diff --git a/policy/custom/assignments/DefenderForCloud.bicep b/policy/custom/assignments/DefenderForCloud.bicep
@@ -29,8 +29,8 @@ var policyId = 'custom-enable-azure-defender'
 var assignmentName = 'Custom - Microsoft Defender for Cloud'
 
 var scope = tenantResourceId('Microsoft.Management/managementGroups', policyAssignmentManagementGroupId)
-var policyScopedId = managementGroupResourceId(policyDefinitionManagementGroupId, 'Microsoft.Authorization/policySetDefinitions/',policyId)
-//var policyScopedId = '/providers/Microsoft.Management/managementGroups/${policyDefinitionManagementGroupId}/providers/Microsoft.Authorization/policySetDefinitions/${policyId}'
+var policyDefinitionScope = tenantResourceId('Microsoft.Management/managementGroups', policyDefinitionManagementGroupId)
+var policyScopedId = extensionResourceId(policyDefinitionScope, 'Microsoft.Authorization/policySetDefinitions', policyId)
 
 // Telemetry - Azure customer usage attribution
 // Reference:  https://learn.microsoft.com/azure/marketplace/azure-partner-customer-usage-attribution

diff --git a/policy/custom/assignments/LogAnalytics.bicep b/policy/custom/assignments/LogAnalytics.bicep
@@ -35,8 +35,9 @@ var policyId = 'custom-enable-logging-to-loganalytics'
 var assignmentName = 'Custom - Log Analytics for Azure Services'
 
 var scope = tenantResourceId('Microsoft.Management/managementGroups', policyAssignmentManagementGroupId)
-var policyScopedId = managementGroupResourceId(policyDefinitionManagementGroupId, 'Microsoft.Authorization/policySetDefinitions/',policyId)
-//var policyScopedId = '/providers/Microsoft.Management/managementGroups/${policyDefinitionManagementGroupId}/providers/Microsoft.Authorization/policySetDefinitions/${policyId}'
+var policyDefinitionScope = tenantResourceId('Microsoft.Management/managementGroups', policyDefinitionManagementGroupId)
+var policyScopedId = extensionResourceId(policyDefinitionScope, 'Microsoft.Authorization/policySetDefinitions', policyId)
+
 
 // Telemetry - Azure customer usage attribution
 // Reference:  https://learn.microsoft.com/azure/marketplace/azure-partner-customer-usage-attribution

diff --git a/policy/custom/assignments/Network.bicep b/policy/custom/assignments/Network.bicep
@@ -29,8 +29,9 @@ var policyId = 'custom-network'
 var assignmentName = 'Custom - Network'
 
 var scope = tenantResourceId('Microsoft.Management/managementGroups', policyAssignmentManagementGroupId)
-var policyScopedId = managementGroupResourceId(policyDefinitionManagementGroupId, 'Microsoft.Authorization/policySetDefinitions/',policyId)
-//var policyScopedId = '/providers/Microsoft.Management/managementGroups/${policyDefinitionManagementGroupId}/providers/Microsoft.Authorization/policySetDefinitions/${policyId}'
+var policyDefinitionScope = tenantResourceId('Microsoft.Management/managementGroups', policyDefinitionManagementGroupId)
+var policyScopedId = extensionResourceId(policyDefinitionScope, 'Microsoft.Authorization/policySetDefinitions', policyId)
+
 
 // Telemetry - Azure customer usage attribution
 // Reference:  https://learn.microsoft.com/azure/marketplace/azure-partner-customer-usage-attribution

diff --git a/policy/custom/assignments/Tags.bicep b/policy/custom/assignments/Tags.bicep
@@ -26,6 +26,8 @@ param policyAssignmentManagementGroupId string
 param enforcementMode string = 'Default'
 
 var scope = tenantResourceId('Microsoft.Management/managementGroups', policyAssignmentManagementGroupId)
+var policyDefinitionScope = tenantResourceId('Microsoft.Management/managementGroups', policyDefinitionManagementGroupId)
+
 
 // Telemetry - Azure customer usage attribution
 // Reference:  https://learn.microsoft.com/azure/marketplace/azure-partner-customer-usage-attribution
@@ -42,7 +44,7 @@ resource rgInheritedPolicySetFromSubscriptionToResourceGroupAssignment 'Microsof
   name: 'tags-torg-${uniqueString('tags-torg-', policyAssignmentManagementGroupId)}'
   properties: {
     displayName: rgInheritedAssignmentFromSubscriptionToResourceGroupName
-    policyDefinitionId: '/providers/Microsoft.Management/managementGroups/${policyDefinitionManagementGroupId}/providers/Microsoft.Authorization/policySetDefinitions/${rgInheritedPolicyFromSubscriptionToResourceGroupId}'
+    policyDefinitionId: extensionResourceId(policyDefinitionScope, 'Microsoft.Authorization/policySetDefinitions', rgInheritedPolicyFromSubscriptionToResourceGroupId)
     scope: scope
     notScopes: []
     parameters: {}
@@ -72,7 +74,7 @@ resource rgInheritedPolicySetAssignment 'Microsoft.Authorization/policyAssignmen
   name: 'tags-rg-${uniqueString('tags-from-rg-', policyAssignmentManagementGroupId)}'
   properties: {
     displayName: rgInheritedAssignmentName
-    policyDefinitionId: '/providers/Microsoft.Management/managementGroups/${policyDefinitionManagementGroupId}/providers/Microsoft.Authorization/policySetDefinitions/${rgInheritedPolicyId}'
+    policyDefinitionId: extensionResourceId(policyDefinitionScope, 'Microsoft.Authorization/policySetDefinitions', rgInheritedPolicyId)
     scope: scope
     notScopes: []
     parameters: {}
@@ -102,7 +104,7 @@ resource rgRequiredPolicySetAssignment 'Microsoft.Authorization/policyAssignment
   name: 'tags-rg-${uniqueString('tags-required-', policyAssignmentManagementGroupId)}'
   properties: {
     displayName: rgRequiredAssignmentName
-    policyDefinitionId: '/providers/Microsoft.Management/managementGroups/${policyDefinitionManagementGroupId}/providers/Microsoft.Authorization/policySetDefinitions/${rgRequiredPolicyId}'
+    policyDefinitionId: extensionResourceId(policyDefinitionScope, 'Microsoft.Authorization/policySetDefinitions', rgRequiredPolicyId)
     scope: scope
     notScopes: []
     parameters: {}
@@ -122,7 +124,7 @@ resource resourcesAuditPolicySetAssignment 'Microsoft.Authorization/policyAssign
   name: 'tags-r-${uniqueString('tags-missing-', policyAssignmentManagementGroupId)}'
   properties: {
     displayName: resourcesAssignmentName
-    policyDefinitionId: '/providers/Microsoft.Management/managementGroups/${policyDefinitionManagementGroupId}/providers/Microsoft.Authorization/policySetDefinitions/${resourcesPolicyId}'
+    policyDefinitionId: extensionResourceId(policyDefinitionScope, 'Microsoft.Authorization/policySetDefinitions', resourcesPolicyId)
     scope: scope
     notScopes: []
     parameters: {}