Describe the bug
The builtin rule TA-000001 has the following rule:
"anyOf": [
{
"resourceType": "Microsoft.Web/sites/config",
"allOf": [
{
"path": "properties.detailedErrorLoggingEnabled",
"equals": true
},
{
"path": "properties.httpLoggingEnabled",
"equals": true
},
{
"path": "properties.requestTracingEnabled",
"equals": true
}
]
},But, whilst those are the property names for properties.siteConfig in the Web/Sites app, they are not for the Microsoft.Web/sites/config resource.
This is a valid site config, but the rule is still triggering on this template--
resource configLogs 'Microsoft.Web/sites/config@2022-03-01' = {
name: 'logs'
parent: appService
properties: {
applicationLogs: { fileSystem: { level: 'Verbose' } }
detailedErrorMessages: { enabled: true }
failedRequestsTracing: { enabled: true }
httpLogs: { fileSystem: { enabled: true, retentionInDays: 1, retentionInMb: 35 } }
}
dependsOn: [configAppSettings]
}This means the rule will always trigger on a Web/sites/config object, because properties.detailedErrorLoggingEnabled doesn't exist.
Describe the bug
The builtin rule TA-000001 has the following rule:
But, whilst those are the property names for
properties.siteConfigin theWeb/Sitesapp, they are not for theMicrosoft.Web/sites/configresource.This is a valid site config, but the rule is still triggering on this template--
This means the rule will always trigger on a
Web/sites/configobject, becauseproperties.detailedErrorLoggingEnableddoesn't exist.