search

Azure / arm-template-whatif

A repository to track issues related to what-if noise suppression
MIT License
90 stars 14 forks source link

Noisy what-if in defenderForStorageSettings resource #352

Open ksstott opened 9 months ago

ksstott commented 9 months ago

Describe the noise

Resource type Microsoft.Security/DefenderForStorageSettings

apiVersion 2022-12-01-preview

Client (PowerShell, Azure CLI, or API) Azure Cli

Relevant ARM Template code (we only need the resource object for the above resourceType and apiVersion, but if it's easier you can include the entire template

resource defenderForStorageSettings 'Microsoft.Security/DefenderForStorageSettings@2022-12-01-preview' = if(malwareCapGBPerMonth != 0) {
  name: 'current'
  scope: storage
  properties: {
    isEnabled: true
    malwareScanning: {
      onUpload: {
        isEnabled: true
        capGBPerMonth: malwareCapGBPerMonth
      }
    }
    sensitiveDataDiscovery: {
      isEnabled: true
    }
    overrideSubscriptionLevelSettings: true
  }
}

Expected response I expected no noise since the template has not been modified since the resources were deployed

Current (noisy) response (either include a screenshot of the what-if output, or copy/paste the text) Apparently removal of the I assume read-only dataScannerResourceId property

  ~ Microsoft.Storage/storageAccounts/xxxxx/providers/Microsoft.Security/defenderForStorageSettings/current [2022-12-01-preview]
    - properties.dataScannerResourceId: "/subscriptions/xxx-xxx-xxx/providers/Microsoft.Security/datascanners/storageDataScanner"