1. Home
  2. Avoid hardcoded Microsoft URLs with Bicep environments

Avoid hardcoded Microsoft URLs with Bicep environments

Avoid hardcoded Microsoft URLs with Bicep environments

Avoid hardcoded Microsoft URLs with Bicep environments

Bicep has a great feature, which meanwhile also leads to warnings during execution if you don't pay attention to it: the avoidance of static values like URLs in Bicep files. A corresponding warning looks like this:

Warning no-hardcoded-env-urls: Environment URLs should not be hardcoded. Use the environment() function to ensure compatibility across clouds. Found this disallowed host: "login.microsoftonline.com" [https://aka.ms/bicep/linter/no-hardcoded-env-urls]

Bicep has an environment() function for this purpose.

Instead of

var loginEndpointUri = 'https://login.microsoftonline.com/'

you should write

var loginEndpointUri = environment().authentication.loginEndpoint

This in itself affects quite a few static values. A short overview:

{
  "name": "AzureCloud",
  "gallery": "https://gallery.azure.com/",
  "graph": "https://graph.windows.net/",
  "portal": "https://portal.azure.com",
  "graphAudience": "https://graph.windows.net/",
  "activeDirectoryDataLake": "https://datalake.azure.net/",
  "batch": "https://batch.core.windows.net/",
  "media": "https://rest.media.azure.net",
  "sqlManagement": "https://management.core.windows.net:8443/",
  "vmImageAliasDoc": "https://raw.githubusercontent.com/Azure/azure-rest-api-specs/master/arm-compute/quickstart-templates/aliases.json",
  "resourceManager": "https://management.azure.com/",
  "authentication": {
    "loginEndpoint": "https://login.windows.net/",
    "audiences": [
      "https://management.core.windows.net/",
      "https://management.azure.com/"
    ],
    "tenant": "common",
    "identityProvider": "AAD"
  },
  "suffixes": {
    "acrLoginServer": ".azurecr.io",
    "azureDatalakeAnalyticsCatalogAndJob": "azuredatalakeanalytics.net",
    "azureDatalakeStoreFileSystem": "azuredatalakestore.net",
    "azureFrontDoorEndpointSuffix": "azurefd.net",
    "keyvaultDns": ".vault.azure.net",
    "sqlServerHostname": ".database.windows.net",
    "storage": "core.windows.net"
  }
}

Deployment functions for Bicep

Docs: Avoid hardcoded URLs