Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] False positive with load balancers that use a public IP #2814

Closed
BernieWhite opened this issue Apr 9, 2024 · 0 comments · Fixed by #2820
Closed

[BUG] False positive with load balancers that use a public IP #2814

BernieWhite opened this issue Apr 9, 2024 · 0 comments · Fixed by #2820
Assignees
@BernieWhite
Labels
bug Something isn't working rule: network Rules for virtual networking
Milestone
v1.35.3

Comments

@BernieWhite
Copy link
Collaborator

Existing rule

Azure.LB.AvailabilityZone

Description of the issue

properties.frontendIPConfigurations[*].zones is only valid with an internal load balancer and not when the load balancer is configured with a public IP.

As a rule the rule is failing with a false positive.

Error messages

No response

Reproduction

var frontendIPConfigurationsVar = [
  for (frontendIPConfiguration, index) in frontendIPConfigurations: {
    name: frontendIPConfiguration.name
    properties: {
      subnet: contains(frontendIPConfiguration, 'subnetId') && !empty(frontendIPConfiguration.subnetId)
        ? {
            id: frontendIPConfiguration.subnetId
          }
        : null
      publicIPAddress: contains(frontendIPConfiguration, 'publicIPAddressId') && !empty(frontendIPConfiguration.publicIPAddressId)
        ? {
            id: frontendIPConfiguration.publicIPAddressId
          }
        : null
      privateIPAddress: contains(frontendIPConfiguration, 'privateIPAddress') && !empty(frontendIPConfiguration.privateIPAddress)
        ? frontendIPConfiguration.privateIPAddress
        : null
      privateIPAddressVersion: contains(frontendIPConfiguration, 'privateIPAddressVersion')
        ? frontendIPConfiguration.privateIPAddressVersion
        : 'IPv4'
      privateIPAllocationMethod: contains(frontendIPConfiguration, 'subnetId') && !empty(frontendIPConfiguration.subnetId)
        ? (contains(frontendIPConfiguration, 'privateIPAddress') ? 'Static' : 'Dynamic')
        : null
      gatewayLoadBalancer: contains(frontendIPConfiguration, 'gatewayLoadBalancer') && !empty(frontendIPConfiguration.gatewayLoadBalancer)
        ? {
            id: frontendIPConfiguration.gatewayLoadBalancer
          }
        : null
      publicIPPrefix: contains(frontendIPConfiguration, 'publicIPPrefix') && !empty(frontendIPConfiguration.publicIPPrefix)
        ? {
            id: frontendIPConfiguration.publicIPPrefix
          }
        : null
    }
    zones: contains(frontendIPConfiguration, 'subnetId') && !empty(frontendIPConfiguration.subnetId)
    ? [
      '1'
      '2'
      '3'
    ]
    :null
  }
]

Version of PSRule

2.9.0

Version of PSRule for Azure

1.35.2

Additional context

https://github.com/arnoldna/bicep-registry-modules/actions/runs/8621385310/job/23630221539
@BernieWhite BernieWhite added bug Something isn't working rule: network Rules for virtual networking labels Apr 9, 2024
@BernieWhite BernieWhite added this to the v1.35.3 milestone Apr 10, 2024
@BernieWhite BernieWhite self-assigned this Apr 10, 2024
BernieWhite added a commit to BernieWhite/PSRule.Rules.Azure that referenced this issue Apr 10, 2024
@BernieWhite
Fixed false positive with load balancers that use a public IP Azure#2814
9dfccc2
@BernieWhite BernieWhite mentioned this issue Apr 10, 2024
Merged
8 tasks
BernieWhite added a commit that referenced this issue Apr 10, 2024
@BernieWhite
Fixed false positive with load balancers that use a public IP #2814 (#…
fcf0828 
…2818)
This was referenced Apr 10, 2024
Merged
Merged
@arnoldna arnoldna mentioned this issue Apr 10, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@BernieWhite BernieWhite

Labels
bug Something isn't working rule: network Rules for virtual networking
Projects
None yet
Milestone
v1.35.3
Development

Successfully merging a pull request may close this issue.

Merge patch v1.35.3 BernieWhite/PSRule.Rules.Azure
1 participant
@BernieWhite