From 30a2e47b8d0a5ff8a28c785e834a854e206969c4 Mon Sep 17 00:00:00 2001
From: Alexander Sehr <ASehr@hotmail.de>
Date: Tue, 3 Sep 2024 10:22:02 +0200
Subject: [PATCH] fix: Small fix for both the post-removal logic &
 secret-passthru with PSRule (#3149)

## Description

- Fixed the post-deployment loop referencing incorrect variables
- Enabled PSRule to work with secrets pass-thru parameters it must be
able to expand

## Pipeline Reference

<!-- Insert your Pipeline Status Badge below -->

| Pipeline |
| -------- |
|
[![avm.res.compute.virtual-machine](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.compute.virtual-machine.yml/badge.svg?branch=users%2Falsehr%2FciRemovalAndPSRuleFix&event=workflow_dispatch)](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.compute.virtual-machine.yml)
|

## Type of Change

<!-- Use the checkboxes [x] on the options that are relevant. -->

- [x] Update to CI Environment or utilities (Non-module affecting
changes)
- [ ] Azure Verified Module updates:
- [ ] Bugfix containing backwards-compatible bug fixes, and I have NOT
bumped the MAJOR or MINOR version in `version.json`:
- [ ] Someone has opened a bug report issue, and I have included "Closes
#{bug_report_issue_number}" in the PR description.
- [ ] The bug was found by the module author, and no one has opened an
issue to report it yet.
- [ ] Feature update backwards compatible feature updates, and I have
bumped the MINOR version in `version.json`.
- [ ] Breaking changes and I have bumped the MAJOR version in
`version.json`.
  - [ ] Update to documentation
---
 .../virtual-machine/tests/e2e/linux.max/main.test.bicep       | 2 +-
 .../virtual-machine/tests/e2e/waf-aligned/main.test.bicep     | 2 +-
 .../virtual-machine/tests/e2e/windows.max/main.test.bicep     | 2 +-
 avm/res/databricks/workspace/tests/e2e/max/main.test.bicep    | 2 +-
 .../workspace/tests/e2e/waf-aligned/main.test.bicep           | 2 +-
 .../tests/e2e/defaults/main.test.bicep                        | 2 +-
 .../registration-definition/tests/e2e/max/main.test.bicep     | 2 +-
 .../registration-definition/tests/e2e/rg/main.test.bicep      | 2 +-
 .../tests/e2e/waf-aligned/main.test.bicep                     | 2 +-
 .../resourceRemoval/helper/Invoke-ResourcePostRemoval.ps1     | 4 ++--
 avm/utilities/pipelines/staticValidation/psrule/ps-rule.yaml  | 2 +-
 11 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/avm/res/compute/virtual-machine/tests/e2e/linux.max/main.test.bicep b/avm/res/compute/virtual-machine/tests/e2e/linux.max/main.test.bicep
index 248bc72f56..6b1d1a4e1e 100644
--- a/avm/res/compute/virtual-machine/tests/e2e/linux.max/main.test.bicep
+++ b/avm/res/compute/virtual-machine/tests/e2e/linux.max/main.test.bicep
@@ -22,7 +22,7 @@ param namePrefix string = '#_namePrefix_#'
 
 @description('Required. The object id of the Backup Management Service Enterprise Application. This value is tenant-specific and must be stored in the CI Key Vault in a secret named \'CI-BackupManagementServiceEnterpriseApplicationObjectId\'.')
 @secure()
-param backupManagementServiceEnterpriseApplicationObjectId string
+param backupManagementServiceEnterpriseApplicationObjectId string = ''
 
 // ============ //
 // Dependencies //
diff --git a/avm/res/compute/virtual-machine/tests/e2e/waf-aligned/main.test.bicep b/avm/res/compute/virtual-machine/tests/e2e/waf-aligned/main.test.bicep
index c2c0f9abf4..fd619b1589 100644
--- a/avm/res/compute/virtual-machine/tests/e2e/waf-aligned/main.test.bicep
+++ b/avm/res/compute/virtual-machine/tests/e2e/waf-aligned/main.test.bicep
@@ -26,7 +26,7 @@ param namePrefix string = '#_namePrefix_#'
 
 @description('Required. The object id of the Backup Management Service Enterprise Application. This value is tenant-specific and must be stored in the CI Key Vault in a secret named \'CI-BackupManagementServiceEnterpriseApplicationObjectId\'.')
 @secure()
-param backupManagementServiceEnterpriseApplicationObjectId string
+param backupManagementServiceEnterpriseApplicationObjectId string = ''
 
 // ============ //
 // Dependencies //
diff --git a/avm/res/compute/virtual-machine/tests/e2e/windows.max/main.test.bicep b/avm/res/compute/virtual-machine/tests/e2e/windows.max/main.test.bicep
index ef5aef28f6..ac79b215ce 100644
--- a/avm/res/compute/virtual-machine/tests/e2e/windows.max/main.test.bicep
+++ b/avm/res/compute/virtual-machine/tests/e2e/windows.max/main.test.bicep
@@ -26,7 +26,7 @@ param namePrefix string = '#_namePrefix_#'
 
 @description('Required. The object id of the Backup Management Service Enterprise Application. This value is tenant-specific and must be stored in the CI Key Vault in a secret named \'CI-BackupManagementServiceEnterpriseApplicationObjectId\'.')
 @secure()
-param backupManagementServiceEnterpriseApplicationObjectId string
+param backupManagementServiceEnterpriseApplicationObjectId string = ''
 
 // ============ //
 // Dependencies //
diff --git a/avm/res/databricks/workspace/tests/e2e/max/main.test.bicep b/avm/res/databricks/workspace/tests/e2e/max/main.test.bicep
index 7f696b9c29..ae0b21a1a2 100644
--- a/avm/res/databricks/workspace/tests/e2e/max/main.test.bicep
+++ b/avm/res/databricks/workspace/tests/e2e/max/main.test.bicep
@@ -25,7 +25,7 @@ param namePrefix string = '#_namePrefix_#'
 
 @description('Required. The object id of the AzureDatabricks Enterprise Application. This value is tenant-specific and must be stored in the CI Key Vault in a secret named \'CI-AzureDatabricksEnterpriseApplicationObjectId\'.')
 @secure()
-param azureDatabricksEnterpriseApplicationObjectId string
+param azureDatabricksEnterpriseApplicationObjectId string = ''
 
 // ============ //
 // Dependencies //
diff --git a/avm/res/databricks/workspace/tests/e2e/waf-aligned/main.test.bicep b/avm/res/databricks/workspace/tests/e2e/waf-aligned/main.test.bicep
index b841659c89..51bb5f3aba 100644
--- a/avm/res/databricks/workspace/tests/e2e/waf-aligned/main.test.bicep
+++ b/avm/res/databricks/workspace/tests/e2e/waf-aligned/main.test.bicep
@@ -25,7 +25,7 @@ param namePrefix string = '#_namePrefix_#'
 
 @description('Required. The object id of the AzureDatabricks Enterprise Application. This value is tenant-specific and must be stored in the CI Key Vault in a secret named \'CI-AzureDatabricksEnterpriseApplicationObjectId\'.')
 @secure()
-param azureDatabricksEnterpriseApplicationObjectId string
+param azureDatabricksEnterpriseApplicationObjectId string = ''
 
 // ============ //
 // Dependencies //
diff --git a/avm/res/managed-services/registration-definition/tests/e2e/defaults/main.test.bicep b/avm/res/managed-services/registration-definition/tests/e2e/defaults/main.test.bicep
index 49c66084b1..47ad05d1b6 100644
--- a/avm/res/managed-services/registration-definition/tests/e2e/defaults/main.test.bicep
+++ b/avm/res/managed-services/registration-definition/tests/e2e/defaults/main.test.bicep
@@ -18,7 +18,7 @@ param namePrefix string = '#_namePrefix_#'
 
 @description('Required. The tenant Id of the lighthouse tenant. This value is tenant-specific and must be stored in the CI Key Vault in a secret named \'CI-LighthouseManagedByTenantId\'.')
 @secure()
-param lighthouseManagedByTenantId string
+param lighthouseManagedByTenantId string = ''
 
 // ============== //
 // Test Execution //
diff --git a/avm/res/managed-services/registration-definition/tests/e2e/max/main.test.bicep b/avm/res/managed-services/registration-definition/tests/e2e/max/main.test.bicep
index 774e4d5165..f8f3cb2958 100644
--- a/avm/res/managed-services/registration-definition/tests/e2e/max/main.test.bicep
+++ b/avm/res/managed-services/registration-definition/tests/e2e/max/main.test.bicep
@@ -18,7 +18,7 @@ param namePrefix string = '#_namePrefix_#'
 
 @description('Required. The tenant Id of the lighthouse tenant. This value is tenant-specific and must be stored in the CI Key Vault in a secret named \'CI-LighthouseManagedByTenantId\'.')
 @secure()
-param lighthouseManagedByTenantId string
+param lighthouseManagedByTenantId string = ''
 
 // ============== //
 // Test Execution //
diff --git a/avm/res/managed-services/registration-definition/tests/e2e/rg/main.test.bicep b/avm/res/managed-services/registration-definition/tests/e2e/rg/main.test.bicep
index 0779dc39e3..979aa9f048 100644
--- a/avm/res/managed-services/registration-definition/tests/e2e/rg/main.test.bicep
+++ b/avm/res/managed-services/registration-definition/tests/e2e/rg/main.test.bicep
@@ -22,7 +22,7 @@ param namePrefix string = '#_namePrefix_#'
 
 @description('Required. The tenant Id of the lighthouse tenant. This value is tenant-specific and must be stored in the CI Key Vault in a secret named \'CI-LighthouseManagedByTenantId\'.')
 @secure()
-param lighthouseManagedByTenantId string
+param lighthouseManagedByTenantId string = ''
 
 // ============ //
 // Dependencies //
diff --git a/avm/res/managed-services/registration-definition/tests/e2e/waf-aligned/main.test.bicep b/avm/res/managed-services/registration-definition/tests/e2e/waf-aligned/main.test.bicep
index b69547f748..9e733740da 100644
--- a/avm/res/managed-services/registration-definition/tests/e2e/waf-aligned/main.test.bicep
+++ b/avm/res/managed-services/registration-definition/tests/e2e/waf-aligned/main.test.bicep
@@ -22,7 +22,7 @@ param namePrefix string = '#_namePrefix_#'
 
 @description('Required. The tenant Id of the lighthouse tenant. This value is tenant-specific and must be stored in the CI Key Vault in a secret named \'CI-LighthouseManagedByTenantId\'.')
 @secure()
-param lighthouseManagedByTenantId string
+param lighthouseManagedByTenantId string = ''
 
 // ============ //
 // Dependencies //
diff --git a/avm/utilities/pipelines/e2eValidation/resourceRemoval/helper/Invoke-ResourcePostRemoval.ps1 b/avm/utilities/pipelines/e2eValidation/resourceRemoval/helper/Invoke-ResourcePostRemoval.ps1
index d78e5860cd..4e13284417 100644
--- a/avm/utilities/pipelines/e2eValidation/resourceRemoval/helper/Invoke-ResourcePostRemoval.ps1
+++ b/avm/utilities/pipelines/e2eValidation/resourceRemoval/helper/Invoke-ResourcePostRemoval.ps1
@@ -33,7 +33,7 @@ function Invoke-ResourcePostRemoval {
         [int] $PostRemovalRetryLimit = 3
     )
 
-    $postRemovalRetryCount = 1
+    $removalRetryCount = 1
     do {
         try {
             switch ($Type) {
@@ -191,5 +191,5 @@ function Invoke-ResourcePostRemoval {
             Write-Warning ('[!] Post-removal operation failed. Reason: [{0}]. Retry [{1}/{2}]' -f $_.Exception.Message, $removalRetryCount, $PostRemovalRetryLimit)
             $removalRetryCount++
         }
-    } while ($postRemovalRetryCount -le $PostRemovalRetryLimit)
+    } while ($removalRetryCount -le $PostRemovalRetryLimit)
 }
diff --git a/avm/utilities/pipelines/staticValidation/psrule/ps-rule.yaml b/avm/utilities/pipelines/staticValidation/psrule/ps-rule.yaml
index ac04f433c9..cde38fa9db 100644
--- a/avm/utilities/pipelines/staticValidation/psrule/ps-rule.yaml
+++ b/avm/utilities/pipelines/staticValidation/psrule/ps-rule.yaml
@@ -16,7 +16,7 @@ binding:
 # Require minimum versions of modules.
 requires:
   PSRule: "@pre >=2.9.0"
-  PSRule.Rules.Azure: "@pre >=1.29.0"
+  PSRule.Rules.Azure: "@pre >=1.38.0"
 
 # Use PSRule for Azure.
 include: