Add Compliance stage with policheck (Azure#24276)

* Add Compliance stage with policheck

* Add vmImage pool

* Fix issues flagged by PoliCheck

* Move credscan into the compliance stage

eng/guardian-tools/policheck/PolicheckExclusions.xml

@@ -0,0 +1,12 @@
+<PoliCheckExclusions>
+<!-- All strings must be UPPER CASE -->
+<!-- Each of these exclusions is a folder name - if \[name]\ exists in the file path, it will be skipped -->
+<!--<Exclusion Type="FolderPathFull">ABC|XYZ</Exclusion>-->
+<!-- Each of these exclusions is a folder name - if any folder or file starts with "\[name]", it will be 
+skipped -->
+<!--<Exclusion Type="FolderPathStart">ABC|XYZ</Exclusion>-->
+<!-- Each of these file types will be completely skipped for the entire scan -->
+<!--<Exclusion Type="FileType">.ABC|.XYZ</Exclusion>-->
+<!-- The specified file names will be skipped during the scan regardless which folder they are in -->
+<!--<Exclusion Type="FileName">ABC.TXT|XYZ.CS</Exclusion>-->
+</PoliCheckExclusions>

sdk/cosmos/azure-cosmos-spark_3-1_2-12/CHANGELOG.md

@@ -54,7 +54,7 @@
 
 #### Key Bug Fixes
 * Added validation for all config-settings with a name starting with "spark.cosmos."
-* Fixed a bug in bulk write causing hang.
+* Fixed a bug in bulk write causing nonresponse.
 
 ### 4.0.0-beta.2 (2021-04-19)
 * Cosmos DB Spark 3.1.1 Connector Preview `4.0.0-beta.2` Release.

sdk/cosmos/azure-cosmos/src/main/java/com/azure/cosmos/implementation/directconnectivity/rntbd/RntbdClientChannelHealthChecker.java

@@ -144,7 +144,7 @@ public Future<Boolean> isHealthy(final Channel channel) {
 
         // Black hole detection, part 1:
         // Treat the channel as unhealthy if the gap between the last attempted write and the last successful write
-        // grew beyond acceptable limits, unless a write was attempted recently. This is a sign of a hung write.
+        // grew beyond acceptable limits, unless a write was attempted recently. This is a sign of a nonresponding write.
 
         final long writeDelayInNanos =
             timestamps.lastChannelWriteAttemptNanoTime() - timestamps.lastChannelWriteNanoTime();
@@ -157,7 +157,7 @@ public Future<Boolean> isHealthy(final Channel channel) {
             final Optional<RntbdContext> rntbdContext = requestManager.rntbdContext();
             final int pendingRequestCount = requestManager.pendingRequestCount();
 
-            logger.warn("{} health check failed due to hung write: {lastChannelWriteAttemptNanoTime: {}, " +
+            logger.warn("{} health check failed due to nonresponding write: {lastChannelWriteAttemptNanoTime: {}, " +
                     "lastChannelWriteNanoTime: {}, writeDelayInNanos: {}, writeDelayLimitInNanos: {}, " +
                     "rntbdContext: {}, pendingRequestCount: {}}",
                 channel, timestamps.lastChannelWriteAttemptNanoTime(), timestamps.lastChannelWriteNanoTime(),
@@ -168,7 +168,7 @@ public Future<Boolean> isHealthy(final Channel channel) {
 
         // Black hole detection, part 2:
         // Treat the connection as unhealthy if the gap between the last successful write and the last successful read
-        // grew beyond acceptable limits, unless a write succeeded recently. This is a sign of a hung read.
+        // grew beyond acceptable limits, unless a write succeeded recently. This is a sign of a nonresponding read.
 
         final long readDelay = timestamps.lastChannelWriteNanoTime() - timestamps.lastChannelReadNanoTime();
         final long readHangDuration = currentTime - timestamps.lastChannelWriteNanoTime();
@@ -178,7 +178,7 @@ public Future<Boolean> isHealthy(final Channel channel) {
             final Optional<RntbdContext> rntbdContext = requestManager.rntbdContext();
             final int pendingRequestCount = requestManager.pendingRequestCount();
 
-            logger.warn("{} health check failed due to hung read: {lastChannelWrite: {}, lastChannelRead: {}, "
+            logger.warn("{} health check failed due to nonresponding read: {lastChannelWrite: {}, lastChannelRead: {}, "
                 + "readDelay: {}, readDelayLimit: {}, rntbdContext: {}, pendingRequestCount: {}}", channel,
                 timestamps.lastChannelWriteNanoTime(), timestamps.lastChannelReadNanoTime(), readDelay,
                 this.readDelayLimitInNanos, rntbdContext, pendingRequestCount);

sdk/eventhubs/azure-messaging-eventhubs-checkpointstore-blob/CHANGELOG.md

@@ -114,7 +114,7 @@
 - Updated version of `azure-messaging-eventhubs` to `5.1.0-beta.1` that supports receiving events in batches.
 
 ## 1.0.3 (2020-04-08)
-- Fix bug where processor would hang after a reconnect due to being unable to load balance partitions.
+- Fix bug where processor would not respond after a reconnect due to being unable to load balance partitions.
 
 ## 1.0.2 (2020-02-12)
 - Dependency fixed so `EventProcessor` consumers can use blocking method calls in their code.

sdk/keyvault/regenerate_and_fix_sdk.py

@@ -70,7 +70,7 @@ def correct_file(file, verbose):
 
     classre = re.compile(r'public class ([a-z|A-Z|0-9]*?)[ \n\r\t]*{')
 
-    # If this is a model class and not a custom model class, extend our custom code if necessary - additionally add back potentially nuked imports
+    # If this is a model class and not a custom model class, extend our custom code if necessary - additionally add back potentially removed imports
     dir, fn = os.path.split(file)
     if os.path.split(dir)[1] == "models":
         classes = classre.search(code)
@@ -82,7 +82,7 @@ def correct_file(file, verbose):
                     print("Updating generated '%s' to extend custom '%s'" % (classname, classname))
                 code = classre.sub(r'public class \1 extends %s.\1 {' % CUSTOM_MODEL_NAMESPACE, code)
 
-        # Add back webkey imports which may have been nuked
+        # Add back webkey imports which may have been removed
         class_usage_re = re.compile(r'[ \t<](' + '|'.join(WEBKEY_REPLACE_MODELS) + ')[ \t>]')
         needed_classes = list(set(class_usage_re.findall(code)))
         if len(needed_classes) > 0:

sdk/resourcemanager/azure-resourcemanager-appservice/src/main/java/com/azure/resourcemanager/appservice/models/DeployOptions.java

@@ -63,7 +63,7 @@ public Boolean cleanDeployment() {
      * By default {@code type=zip} and {@code type=war&path=webapps/<appname>} performs clean deployment.
      * All other types of artifacts will be deployed incrementally.
      * The default behavior for any artifact type can be changed by this option.
-     * A clean deployment nukes the default directory associated with the type of artifact being deployed.
+     * A clean deployment removes the default directory associated with the type of artifact being deployed.
      *
      * @param cleanDeployment whether to perform clean deployment
      * @return the DeployOptions object

sdk/storage/azure-storage-blob-cryptography/src/main/java/com/azure/storage/blob/specialized/cryptography/EncryptedBlobClientBuilder.java

@@ -551,7 +551,7 @@ public EncryptedBlobClientBuilder httpLogOptions(HttpLogOptions logOptions) {
     }
 
     /**
-     * Gets the default Storage whitelist log headers and query parameters.
+     * Gets the default Storage allowlist log headers and query parameters.
      *
      * @return the default http log options.
      */

sdk/storage/azure-storage-blob/CHANGELOG.md

@@ -38,11 +38,11 @@
 - Updated `azure-core` to version `1.16.0`
 
 ## 12.11.0 (2021-04-29)
-- Fixed a bug where large files would hang when the upload method was called. 
+- Fixed a bug where large files would not respond when the upload method was called. 
 
 ## 12.11.0-beta.3 (2021-04-16)
 - Fixed a bug where BlobOutputStream would lock up if the inner uploadWithResponse call is cancelled for any reason.
-- Fixed a bug where BlobOutputStream could hang when writing in a tight loop because the inner FluxSink would buffer in an unbounded manner. This would cause memory issues especially if the heap size was set to less than the size of the data being uploaded.
+- Fixed a bug where BlobOutputStream could not respond when writing in a tight loop because the inner FluxSink would buffer in an unbounded manner. This would cause memory issues especially if the heap size was set to less than the size of the data being uploaded.
 - Fixed a bug where a null check was placed on the wrong parameter of the InputStream constructor for BlobParallelUploadOptions
 
 ## 12.11.0-beta.2 (2021-03-29)

sdk/storage/azure-storage-blob/src/main/java/com/azure/storage/blob/BlobClientBuilder.java

@@ -413,7 +413,7 @@ public BlobClientBuilder httpLogOptions(HttpLogOptions logOptions) {
     }
 
     /**
-     * Gets the default Storage whitelist log headers and query parameters.
+     * Gets the default Storage allowlist log headers and query parameters.
      *
      * @return the default http log options.
      */

sdk/storage/azure-storage-blob/src/main/java/com/azure/storage/blob/BlobContainerClientBuilder.java

@@ -370,7 +370,7 @@ public BlobContainerClientBuilder httpLogOptions(HttpLogOptions logOptions) {
     }
 
     /**
-     * Gets the default Storage whitelist log headers and query parameters.
+     * Gets the default Storage allowlist log headers and query parameters.
      *
      * @return the default http log options.
      */

sdk/storage/azure-storage-blob/src/main/java/com/azure/storage/blob/BlobServiceClientBuilder.java

@@ -343,7 +343,7 @@ public BlobServiceClientBuilder httpLogOptions(HttpLogOptions logOptions) {
     }
 
     /**
-     * Gets the default Storage whitelist log headers and query parameters.
+     * Gets the default Storage allowlist log headers and query parameters.
      *
      * @return the default http log options.
      */

sdk/storage/azure-storage-blob/src/main/java/com/azure/storage/blob/specialized/SpecializedBlobClientBuilder.java

@@ -561,7 +561,7 @@ public SpecializedBlobClientBuilder httpLogOptions(HttpLogOptions logOptions) {
     }
 
     /**
-     * Gets the default Storage whitelist log headers and query parameters.
+     * Gets the default Storage allowlist log headers and query parameters.
      *
      * @return the default http log options.
      */

sdk/storage/azure-storage-common/CHANGELOG.md

@@ -29,7 +29,7 @@
 - Updated `azure-core` to version `1.16.0`
 
 ## 12.11.0 (2021-04-29)
-- Fixed concurrency issue in UploadBufferPool that caused large files to hang.
+- Fixed concurrency issue in UploadBufferPool that caused large files to not respond.
 
 ## 12.11.0-beta.3 (2021-04-16)
 - Fixed a bug where connection strings with unencoded SAS's would result in URL exceptions. 

sdk/storage/azure-storage-file-datalake/CHANGELOG.md

@@ -36,7 +36,7 @@
 - Updated `azure-core` to version `1.16.0`
 
 ## 12.5.0 (2021-04-29)
-- Fixed a bug where large files would hang when the upload method was called. 
+- Fixed a bug where large files would not respond when the upload method was called. 
 - DataLakeLeaseClient now remembers the Lease ID after a lease change.
 
 ## 12.5.0-beta.3 (2021-04-16)

sdk/storage/azure-storage-file-datalake/src/main/java/com/azure/storage/file/datalake/DataLakeFileSystemClientBuilder.java

@@ -261,7 +261,7 @@ public DataLakeFileSystemClientBuilder httpClient(HttpClient httpClient) {
     }
 
     /**
-     * Gets the default Storage whitelist log headers and query parameters.
+     * Gets the default Storage allowlist log headers and query parameters.
      *
      * @return the default http log options.
      */

sdk/storage/azure-storage-file-datalake/src/main/java/com/azure/storage/file/datalake/DataLakePathClientBuilder.java

@@ -365,7 +365,7 @@ public DataLakePathClientBuilder addPolicy(HttpPipelinePolicy pipelinePolicy) {
     }
 
     /**
-     * Gets the default Storage whitelist log headers and query parameters.
+     * Gets the default Storage allowlist log headers and query parameters.
      *
      * @return the default http log options.
      */

sdk/storage/azure-storage-file-datalake/src/main/java/com/azure/storage/file/datalake/DataLakeServiceClientBuilder.java

@@ -248,7 +248,7 @@ public DataLakeServiceClientBuilder httpLogOptions(HttpLogOptions logOptions) {
     }
 
     /**
-     * Gets the default Storage whitelist log headers and query parameters.
+     * Gets the default Storage allowlist log headers and query parameters.
      *
      * @return the default http log options.
      */

sdk/storage/azure-storage-queue/src/main/java/com/azure/storage/queue/QueueClientBuilder.java

@@ -345,7 +345,7 @@ public QueueClientBuilder httpLogOptions(HttpLogOptions logOptions) {
     }
 
     /**
-     * Gets the default Storage whitelist log headers and query parameters.
+     * Gets the default Storage allowlist log headers and query parameters.
      *
      * @return the default http log options.
      */

sdk/storage/azure-storage-queue/src/main/java/com/azure/storage/queue/QueueServiceClientBuilder.java

@@ -324,7 +324,7 @@ public QueueServiceClientBuilder httpLogOptions(HttpLogOptions logOptions) {
     }
 
     /**
-     * Gets the default Storage whitelist log headers and query parameters.
+     * Gets the default Storage allowlist log headers and query parameters.
      *
      * @return the default http log options.
      */