Open
Description
Overview
This issue tracks Phase 2 of the ARM template validation rollout from PR #1606. We need to fix validation errors in existing templates before enabling automated CI/CD validation.
Background
PR #1606 introduced ARM template validation using PSRule, ARM-TTK, and Azure CLI. Testing revealed multiple validation errors in our existing templates that need to be fixed before we can enable CI/CD validation.
Validation Errors Found
FinOps Hub Templates
- apiVersions Should Be Recent: Multiple nested templates using outdated API versions
- Location Should Not Be Hardcoded: Some templates have hardcoded locations
- Password params must be secure: Key vault secrets need secure parameter handling
- Template Should Not Contain Blanks: Multiple templates have trailing whitespace
- URIs Should Be Properly Constructed: Some nested template URIs need fixes
- CreateUIDefinition Must Not Have Blanks: Trailing whitespace in UI definition
Other Templates
- DeploymentParameters Should Have Schema: Parameters files missing schema declaration
- Various other template-specific issues
Tasks
- Fix API version warnings (update to recent versions)
- Remove hardcoded locations (use parameters or functions)
- Add secure parameter handling for passwords/secrets
- Remove trailing whitespace from all templates
- Fix URI construction issues
- Add missing schemas to parameter files
- Test all fixes with local validation
- Update any affected documentation
Testing
Run local validation before submitting fixes:
cd /path/to/finops-toolkit
./src/scripts/Test-ArmTemplateSuccess Criteria
- All templates pass strict validation locally
- No regression in deployment functionality
- Ready for Phase 3: Enable CI/CD validation
Related to: #1606