367 Improving newguid secure parameters (#549)

StartAutomating · web-flow · commit d54725784267 · 2021-12-03T14:44:43.000-06:00
* Improving support for NewGuid in SecureString parameters (Fixing #367) * Adding positive test for concat(NewGuid()) in SecureString parameters (Fixing #367)
diff --git a/arm-ttk/testcases/deploymentTemplate/Secure-String-Parameters-Cannot-Have-Default.test.ps1 b/arm-ttk/testcases/deploymentTemplate/Secure-String-Parameters-Cannot-Have-Default.test.ps1
@@ -32,7 +32,7 @@ foreach ($parameterProp in $templateObject.parameters.psobject.properties) {
     if ($parameter.Type -eq 'securestring' -and $parameter.defaultValue) {
         # the defaultValue must be an empty string "" or must be an expression that contains use the newGuid() function
         if ($parameter.defaultValue -and
-            $parameter.defaultValue -notmatch $usedNewGuid) {
+            -not ($parameter.defaultValue | ?<ARM_Template_Function> -FunctionName 'newguid')) {
             # Will return true when defaultvalue is not null or blank (blank values are OK).
             Write-Error -Message "Parameter $name is a SecureString and must not have a default value unless it is an expression that contains the newGuid() function." `
                 -ErrorId SecureString.Must.Not.Have.Default -TargetObject $parameter
diff --git a/unit-tests/Secure-String-Parameters-Cannot-Have-Default/Pass/NewGuid-With-Concat.json b/unit-tests/Secure-String-Parameters-Cannot-Have-Default/Pass/NewGuid-With-Concat.json
@@ -0,0 +1,10 @@
+﻿{
+    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+    "parameters": {
+        "SecureStringParameter": {
+            "defaultValue": "[concat(newGuid(), 'hello')]",
+            "type": "SecureString"
+        }
+    }
+}
+
