Skip to content

Latest commit

 

History

History
106 lines (83 loc) · 2.83 KB

linter-rule-no-hardcoded-environment-urls.md

File metadata and controls

106 lines (83 loc) · 2.83 KB
Raw
title description ms.topic ms.custom ms.date
Linter rule - no hardcoded environment URL
Linter rule - no hardcoded environment URL
reference
devx-track-bicep
07/11/2024

Linter rule - no hardcoded environment URL

This rule finds any hard-coded URLs that vary by the cloud environment.

Linter rule code

Use the following value in the Bicep configuration file to customize rule settings:

no-hardcoded-env-urls

Solution

Instead of hard-coding URLs in your Bicep file, use the environment function to dynamically get these URLs during deployment. The environment function returns different URLs based on the cloud environment you're deploying to.

The following example fails this test because the URL is hardcoded.

var managementURL = 'https://management.azure.com'

The test also fails when used with concat or uri.

var galleryURL1 = concat('https://','gallery.azure.com')
var galleryURL2 = uri('gallery.azure.com','test')

You can fix it by replacing the hard-coded URL with the environment() function.

var galleryURL = environment().gallery

In some cases, you can fix it by getting a property from a resource you've deployed. For example, instead of constructing the endpoint for your storage account, retrieve it with .properties.primaryEndpoints.

param storageAccountName string
param location string = resourceGroup().location

resource sa 'Microsoft.Storage/storageAccounts@2023-04-01' = {
  name: storageAccountName
  location: location
  sku: {
    name: 'Standard_LRS'
  }
  kind: 'StorageV2'
  properties: {
    accessTier: 'Hot'
  }
}

output endpoint string = sa.properties.primaryEndpoints.web

Configuration

By default, this rule uses the following settings for determining which URLs are disallowed.

"analyzers": {
  "core": {
    "verbose": false,
    "enabled": true,
    "rules": {
      "no-hardcoded-env-urls": {
        "level": "warning",
        "disallowedhosts": [
          "gallery.azure.com",
          "management.core.windows.net",
          "management.azure.com",
          "database.windows.net",
          "core.windows.net",
          "login.microsoftonline.com",
          "graph.windows.net",
          "trafficmanager.net",
          "datalake.azure.net",
          "azuredatalakestore.net",
          "azuredatalakeanalytics.net",
          "vault.azure.net",
          "api.loganalytics.io",
          "asazure.windows.net",
          "region.asazure.windows.net",
          "batch.core.windows.net"
        ],
        "excludedhosts": [
          "schema.management.azure.com"
        ]
      }
    }
  }
}

You can customize it by adding a bicepconfig.json file and applying new settings.

Next steps

For more information about the linter, see Use Bicep linter.