Linter rule: Prefer specifying subnets under network properties.subnets rather than stand-alone or child resources

[StephenWeatherford]

See also https://github.com/Azure/bicep/issues/3886

Example:

GOOD: https://github.com/Azure/bicep/blob/cb2fb8d223862260cfe8bfdc5899477deca3ff7f/docs/examples/101/vnet-two-subnets/main.bicep#L23

resource vnet 'Microsoft.Network/virtualNetworks@2020-06-01' = {
  name: vnetName
  location: resourceGroup().location
  properties: {
    addressSpace: {
      addressPrefixes: [
        addressPrefix
      ]
    }
    subnets: [
      {
        name: 'subnet001'
        properties: {
          addressPrefix: '10.0.0.0/24'
        }
      }
      {
        name: 'subnet002'
        properties: {
          addressPrefix: '10.0.1.0/24'
        }
      }
    ]
  }
}

BAD: https://github.com/Azure/azure-quickstart-templates/blob/0fc9fbd4407bbb1f58148bdc7247aa095c16b39a/quickstarts/microsoft.network/vnet-two-subnets/main.bicep#L33

resource vnet 'Microsoft.Network/virtualNetworks@2020-06-01' = {
  name: vnetName
  location: location
  properties: {
    addressSpace: {
      addressPrefixes: [
        vnetAddressPrefix
      ]
    }
  }

  resource subnet1 'subnets' = {
    name: subnet1Name
    properties: {
      addressPrefix: subnet1Prefix
    }
  }

  resource subnet2 'subnets' = {
    name: subnet2Name
    dependsOn: [
      subnet1
    ]
    properties: {
      addressPrefix: subnet2Prefix
    }
  }
}

[StephenWeatherford]

NOTE: This means that any references directly to the subnet need to change to reference(), or else you also need to add an "existing" resource for the subnets in order to use a symbolic name.

[slavizh]

https://techcommunity.microsoft.com/t5/azure-networking-blog/azure-virtual-network-now-supports-updates-without-subnet/ba-p/4067952

[alex-frankel]

Editing the title, because the linter rule should now actually be the reverse. All subnets should be declared as child resources once the new API rolls out fully.