-
Notifications
You must be signed in to change notification settings - Fork 747
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Warn on output values that contain nested secrets #10669
Warn on output values that contain nested secrets #10669
Conversation
…ntain nested secrets
…nStack emptiness check
@jeskew Might not get to this until next week. |
src/Bicep.Core/Analyzers/Linter/Rules/OutputsShouldNotContainSecretsRule.cs
Outdated
Show resolved
Hide resolved
src/Bicep.Core/Analyzers/Linter/Rules/OutputsShouldNotContainSecretsRule.cs
Outdated
Show resolved
Hide resolved
src/Bicep.Core.Samples/Files/InvalidTypeDeclarations_LF/main.diagnostics.bicep
Show resolved
Hide resolved
@jeskew Is there anything in the docs that will need to change? https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/linter-rule-secure-secrets-in-parameters If so, please enter a new bug for that. |
@jeskew Thanks for handling this! Gave it a quick look, will try to finish tomorrow. |
src/Bicep.Core/Analyzers/Linter/Rules/OutputsShouldNotContainSecretsRule.cs
Outdated
Show resolved
Hide resolved
src/Bicep.Core/Analyzers/Linter/Rules/OutputsShouldNotContainSecretsRule.cs
Outdated
Show resolved
Hide resolved
src/Bicep.Core/Analyzers/Linter/Rules/OutputsShouldNotContainSecretsRule.cs
Outdated
Show resolved
Hide resolved
src/Bicep.Core/Analyzers/Linter/Rules/OutputsShouldNotContainSecretsRule.cs
Show resolved
Hide resolved
src/Bicep.Core/Analyzers/Linter/Rules/OutputsShouldNotContainSecretsRule.cs
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Look great, thanks! Sorry for the delay. Left a few comments to consider.
src/Bicep.Core.UnitTests/Diagnostics/LinterRuleTests/OutputsShouldNotContainSecretsRuleTests.cs
Show resolved
Hide resolved
@StephenWeatherford would you mind taking another look when you get a chance? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great job, thanks!
Merging #10669 broke the build on `main` due to a change to an unrelated part of the code since when the PR was checked in CI. This PR fixes the compilation errors that resulted from merging the PR. ###### Microsoft Reviewers: [Open in CodeFlow](https://portal.fabricbot.ms/api/codeflow?pullrequest=https://github.com/Azure/bicep/pull/11084)
Resolves #10676 and resolves #10327
This PR updates the
OutputsShouldNotContainSecretsRule
analyzer rule to warn if an expression used inside an output value contains secrets. This analysis is performed based on the declared type of the value supplied.Microsoft Reviewers: Open in CodeFlow