Fix Warning Messages in MLZ.

[lisamurphy-msft]

Benefit/Result/Outcome

As a systems administrator, I want to ensure that there are no innocuous warnings in the deployment of MissionLZ

Description

Presently the following warnings are present:

WARNING: /home/vsts/work/1/s/src/bicep/modules/private-link.bicep(54,9) : Warning use-stable-resource-identifiers: Resource identifiers should be reproducible outside of their initial deployment context. Resource globalPrivateLinkScope's 'name' identifier is potentially nondeterministic due to its use of the 'newGuid' function (globalPrivateLinkScope.name -> privateLinkScopeName -> uniqueData (default value) -> newGuid()). [https://aka.ms/bicep/linter/use-stable-resource-identifiers]

/home/vsts/work/1/s/src/bicep/modules/private-link.bicep(60,9) : Warning use-stable-resource-identifiers: Resource identifiers should be reproducible outside of their initial deployment context. Resource logAnalyticsWorkspacePrivateLinkScope's 'name' identifier is potentially nondeterministic due to its use of the 'newGuid' function (logAnalyticsWorkspacePrivateLinkScope.name -> privateLinkScopeName -> uniqueData (default value) -> newGuid()). [https://aka.ms/bicep/linter/use-stable-resource-identifiers]

/home/vsts/work/1/s/src/bicep/modules/private-link.bicep(60,9) : Warning use-stable-resource-identifiers: Resource identifiers should be reproducible outside of their initial deployment context. Resource logAnalyticsWorkspacePrivateLinkScope's 'name' identifier is potentially nondeterministic due to its use of the 'newGuid' function (logAnalyticsWorkspacePrivateLinkScope.name -> privateLinkScopeResourceName -> uniqueData (default value) -> newGuid()). [https://aka.ms/bicep/linter/use-stable-resource-identifiers]

/home/vsts/work/1/s/src/bicep/modules/private-link.bicep(70,9) : Warning use-stable-resource-identifiers: Resource identifiers should be reproducible outside of their initial deployment context. Resource subnetPrivateEndpoint's 'name' identifier is potentially nondeterministic due to its use of the 'newGuid' function (subnetPrivateEndpoint.name -> privateLinkEndpointName -> uniqueData (default value) -> newGuid()). [https://aka.ms/bicep/linter/use-stable-resource-identifiers]

/home/vsts/work/1/s/src/bicep/modules/private-link.bicep(95,9) : Warning use-stable-resource-identifiers: Resource identifiers should be reproducible outside of their initial deployment context. Resource dnsZonePrivateLinkEndpoint's 'name' identifier is potentially nondeterministic due to its use of the 'newGuid' function (dnsZonePrivateLinkEndpoint.name -> privateLinkEndpointName -> uniqueData (default value) -> newGuid()). [https://aka.ms/bicep/linter/use-stable-resource-identifiers]

/home/vsts/work/1/s/src/bicep/mlz.bicep(713,3) : Warning prefer-unquoted-property-names: Property names that are valid identifiers should be declared without quotation marks and accessed using dot notation. [https://aka.ms/bicep/linter/prefer-unquoted-property-names]

/home/vsts/work/1/s/src/bicep/mlz.bicep(714,3) : Warning prefer-unquoted-property-names: Property names that are valid identifiers should be declared without quotation marks and accessed using dot notation. [https://aka.ms/bicep/linter/prefer-unquoted-property-names]

/home/vsts/work/1/s/src/bicep/mlz.bicep(715,3) : Warning prefer-unquoted-property-names: Property names that are valid identifiers should be declared without quotation marks and accessed using dot notation. [https://aka.ms/bicep/linter/prefer-unquoted-property-names]

/home/vsts/work/1/s/src/bicep/modules/log-analytics-diagnostic-logging.bicep(23,10) : Warning no-unused-existing-resources: Existing resource "securityContacts" is declared but never used. [https://aka.ms/bicep/linter/no-unused-existing-resources]

Acceptance Criteria

• Document the findings and a proposed solution
• Mitigate the warnings in the current deployment of MLZ

[BrandonSharp]

fwiw, I believe the changes I made in #748 have had the unintended (but welcome) side effect of also resolving the warnings in the private-link.bicep file.

[BrandonSharp]

Prepping a PR for the remaining warnings. (I like clean deploys too. 😊)

I'm seeing additional warnings in the policy-assignment.bicep and defender.bicep file:

Warning use-resource-id-functions: If property "policyDefinitionId" represents a resource ID, it must use a symbolic resource reference, be a parameter or start with one of these functions: extensionResourceId, guid, if, reference, resourceId, subscription, subscriptionResourceId, tenantResourceId. [https://aka.ms/bicep/linter/use-resource-id-functions]

which can be fixed by referencing the built-in policy defs using tenantResourceId() as described here: https://docs.microsoft.com/en-us/azure/azure-resource-manager/bicep/bicep-functions-resource#tenantresourceid

prefer-unquoted-property-names gets resolved by just removing the single quotes from the keys in the defaultTags var of mlz.bicep (I've verified the tags still get created as expected.)

And finally, removing the unused securityContacts from log-analytics-diagnostic-logging.bicep fixes the last one.

All of the above give me a clean deploy with the Bicep CLI and seems to check out in a MAG subscription I have available for tests. Is there any more formal documentation than the above required to meet the acceptance criteria?