Add PSRule for Azure and initial tests for research spoke VM (#89)

* Add bicepparam file inclusion for PSRule test parameter files * Add PSRule configuration and tests for spoke research VM module * Add GitHub Action for PSRule analysis
Azure · Jul 11, 2024 · 2c3f8ed · 2c3f8ed
1 parent 31a0c03
commit 2c3f8ed
Show file tree

Hide file tree

Showing 5 changed files with 105 additions and 1 deletion.
diff --git a/.github/workflows/RunPSRule.yml b/.github/workflows/RunPSRule.yml
@@ -0,0 +1,26 @@
+#
+# Analyze repository with PSRule
+#
+name: Analyze repository with PSRule
+
+# Run analysis for main or PRs against main
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  analyze:
+    name: Analyze repository
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Run PSRule analysis
+        uses: microsoft/ps-rule@v2.9.0
+        with:
+          modules: PSRule.Rules.Azure
diff --git a/.gitignore b/.gitignore
@@ -1,11 +1,12 @@
 # User PowerShell deployment scripts
 *.user.ps1
 
-# Parameter files, except for samples
+# Parameter files, except for samples and tests
 *parameters.json
 *.bicepparam
 
 !main.sample*.bicepparam
+!*.tests.bicepparam
 
 # Compiled Bicep, compiled Bicepparam
 main.json

diff --git a/ps-rule.yaml b/ps-rule.yaml
@@ -0,0 +1,27 @@
+#
+# PSRule configuration
+#
+# Documentation for all configuration options:
+# https://aka.ms/ps-rule/options
+
+requires:
+  PSRule: "@pre >=2.9.0"
+  PSRule.Rules.Azure: "@pre >=1.38.0"
+
+include:
+  module:
+    - PSRule.Rules.Azure
+
+output:
+  culture:
+    - en-US
+
+input:
+  pathIgnore:
+    # Only process *.tests.bicepparam files, in any folder
+    - "**"
+    - "!**/*.tests.bicepparam"
+
+configuration:
+  AZURE_BICEP_CHECK_TOOL: true
+  AZURE_BICEP_MINIMUM_VERSION: "0.28.1"
diff --git a/research-spoke/spoke-servicemodules/researchvm/tests/researchvm-adjoin.tests.bicepparam b/research-spoke/spoke-servicemodules/researchvm/tests/researchvm-adjoin.tests.bicepparam
@@ -0,0 +1,26 @@
+using '../main.bicep'
+
+param backupPolicyName = ''
+param recoveryServicesVaultId = ''
+
+param namingStructure = 'test-test-{rtype}-eastus-01'
+param location = 'eastus'
+
+param subnetId = '/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg-network-eastus-01/providers/Microsoft.Network/virtualNetworks/test-vnet-eastus-01/subnets/ComputeSubnet'
+
+param tags = { test: 'value' }
+
+param vmLocalAdminPassword = 'AzureUser'
+param vmLocalAdminUsername = 'Test12341234'
+
+param vmNamePrefix = 'vm-ad'
+param vmSize = 'Standard_D2as_v5'
+param vmCount = 1
+param osType = 'Windows'
+
+param logonType = 'ad'
+param intuneEnrollment = false
+param domainJoinUsername = 'admin@domain.example.com'
+param domainJoinPassword = 'Test12341234'
+param adDomainFqdn = 'domain.example.com'
+param adOuPath = 'OU=Research,OU=Devices,DC=domain,DC=example,DC=com'
diff --git a/research-spoke/spoke-servicemodules/researchvm/tests/researchvm-entrajoin.tests.bicepparam b/research-spoke/spoke-servicemodules/researchvm/tests/researchvm-entrajoin.tests.bicepparam
@@ -0,0 +1,24 @@
+using '../main.bicep'
+
+// TODO: Create custom rule to require backup
+param backupPolicyName = ''
+param recoveryServicesVaultId = ''
+
+param logonType = 'entraID'
+param intuneEnrollment = false
+
+param namingStructure = 'test-test-{rtype}-eastus-01'
+param location = 'eastus'
+
+param subnetId = '/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg-network-eastus-01/providers/Microsoft.Network/virtualNetworks/test-vnet-eastus-01/subnets/ComputeSubnet'
+
+// Set at least one tag to avoid a failure
+param tags = { test: 'value' }
+
+param vmLocalAdminPassword = 'AzureUser'
+param vmLocalAdminUsername = 'Test12341234'
+
+param vmNamePrefix = 'vm-ad'
+param osType = 'Windows'
+param vmCount = 1
+param vmSize = 'Standard_D2as_v5'