Closed maxricketts closed 1 year ago
@maxricketts Thanks for reporting the issue.
I think this is related to #1826. However I couldn't reproduce the issue.
Do you have a slightly more complete sample that you can share that has the issue?
Yes this is the same issue, but I am seeing this returned with the scale set module with the system identity.
Here is the link to the line that I think is causing the issue.
I am here to help it you require any assistance with this issue.
Here is my pipeline task
# yaml-language-server: $schema=./deploy.yml
stages:
- stage: PSRuleScanning
displayName: PSRule Scanning
jobs:
- job: PSRule
displayName: PS Rule Scanning
steps:
- checkout: Exg.DevOps.ScaleSets
# Analyze Azure resources using PSRule for Azure
- task: ps-rule-assert@2
displayName: Analyze Azure template files
inputs:
modules: 'PSRule.Rules.Azure'
inputPath: bicep/
outputFormat: Nunit3
outputPath: reports/rule-report.xml
env:
# Define environment variables within Azure Pipelines
AZURE_CLIENT_ID: $(psrule-clientid)
AZURE_CLIENT_SECRET: $(psrule-secret)
AZURE_TENANT_ID: $(psrule-tenant)
# PSRule results
- task: PublishTestResults@2
displayName: 'Publish PSRule results'
inputs:
testRunTitle: 'PSRule'
testRunner: NUnit
testResultsFiles: 'reports/rule-report.xml'
mergeTestResults: true
publishRunAttachments: true
condition: succeededOrFailed()
Here is my ps-rule.yaml
configuration:
# Enable expansion for Bicep source files.
AZURE_BICEP_FILE_EXPANSION: true
AZURE_BICEP_FILE_EXPANSION_TIMEOUT: 15
AZURE_PARAMETER_DEFAULTS:
resourceGroupName: test-rg
input:
pathIgnore:
# Exclude bicepconfig.json
- 'bicep/bicepconfig.json'
# # Exclude module files
# - 'modules/**/*.bicep'
# # Include test files from modules
# - '!modules/**/*.tests.bicep'
# YAML: Using the execution/notProcessedWarning property
execution:
notProcessedWarning: false
@maxricketts I found the issue on this one. It's caused by an empty secure parameter being incorrectly handled.
It will be fixed in the next release.
Description of the issue
A module that is being referenced (computer/scalesets) is returns an output of the below.
PSRule is flagging this as an error
Consider removing any output values that return secret values in code. See details online .
The following reasons were reported:
Path properties.template.outputs.systemAssignedPrincipalId: The output 'systemAssignedPrincipalId' exposes a secure value.
failed Azure.Deployment.OutputSecretValue. Avoid outputting sensitive deployment values
Module in use and version:
The modules that I am referencing are a clone of
https://github.com/Azure/ResourceModules
Kind regards, Max