From 2c3f8edd4aac3bc68949826d8e917c083fb01f66 Mon Sep 17 00:00:00 2001 From: Sven Aelterman <17446043+SvenAelterman@users.noreply.github.com> Date: Thu, 11 Jul 2024 09:58:55 -0500 Subject: [PATCH] Add PSRule for Azure and initial tests for research spoke VM (#89) * Add bicepparam file inclusion for PSRule test parameter files * Add PSRule configuration and tests for spoke research VM module * Add GitHub Action for PSRule analysis --- .github/workflows/RunPSRule.yml | 26 ++++++++++++++++++ .gitignore | 3 ++- ps-rule.yaml | 27 +++++++++++++++++++ .../tests/researchvm-adjoin.tests.bicepparam | 26 ++++++++++++++++++ .../researchvm-entrajoin.tests.bicepparam | 24 +++++++++++++++++ 5 files changed, 105 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/RunPSRule.yml create mode 100644 ps-rule.yaml create mode 100644 research-spoke/spoke-servicemodules/researchvm/tests/researchvm-adjoin.tests.bicepparam create mode 100644 research-spoke/spoke-servicemodules/researchvm/tests/researchvm-entrajoin.tests.bicepparam diff --git a/.github/workflows/RunPSRule.yml b/.github/workflows/RunPSRule.yml new file mode 100644 index 0000000..2b04555 --- /dev/null +++ b/.github/workflows/RunPSRule.yml @@ -0,0 +1,26 @@ +# +# Analyze repository with PSRule +# +name: Analyze repository with PSRule + +# Run analysis for main or PRs against main +on: + push: + branches: + - main + pull_request: + branches: + - main + +jobs: + analyze: + name: Analyze repository + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Run PSRule analysis + uses: microsoft/ps-rule@v2.9.0 + with: + modules: PSRule.Rules.Azure diff --git a/.gitignore b/.gitignore index 4015a96..f3ffa04 100644 --- a/.gitignore +++ b/.gitignore @@ -1,11 +1,12 @@ # User PowerShell deployment scripts *.user.ps1 -# Parameter files, except for samples +# Parameter files, except for samples and tests *parameters.json *.bicepparam !main.sample*.bicepparam +!*.tests.bicepparam # Compiled Bicep, compiled Bicepparam main.json diff --git a/ps-rule.yaml b/ps-rule.yaml new file mode 100644 index 0000000..dcab57f --- /dev/null +++ b/ps-rule.yaml @@ -0,0 +1,27 @@ +# +# PSRule configuration +# +# Documentation for all configuration options: +# https://aka.ms/ps-rule/options + +requires: + PSRule: "@pre >=2.9.0" + PSRule.Rules.Azure: "@pre >=1.38.0" + +include: + module: + - PSRule.Rules.Azure + +output: + culture: + - en-US + +input: + pathIgnore: + # Only process *.tests.bicepparam files, in any folder + - "**" + - "!**/*.tests.bicepparam" + +configuration: + AZURE_BICEP_CHECK_TOOL: true + AZURE_BICEP_MINIMUM_VERSION: "0.28.1" diff --git a/research-spoke/spoke-servicemodules/researchvm/tests/researchvm-adjoin.tests.bicepparam b/research-spoke/spoke-servicemodules/researchvm/tests/researchvm-adjoin.tests.bicepparam new file mode 100644 index 0000000..376285d --- /dev/null +++ b/research-spoke/spoke-servicemodules/researchvm/tests/researchvm-adjoin.tests.bicepparam @@ -0,0 +1,26 @@ +using '../main.bicep' + +param backupPolicyName = '' +param recoveryServicesVaultId = '' + +param namingStructure = 'test-test-{rtype}-eastus-01' +param location = 'eastus' + +param subnetId = '/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg-network-eastus-01/providers/Microsoft.Network/virtualNetworks/test-vnet-eastus-01/subnets/ComputeSubnet' + +param tags = { test: 'value' } + +param vmLocalAdminPassword = 'AzureUser' +param vmLocalAdminUsername = 'Test12341234' + +param vmNamePrefix = 'vm-ad' +param vmSize = 'Standard_D2as_v5' +param vmCount = 1 +param osType = 'Windows' + +param logonType = 'ad' +param intuneEnrollment = false +param domainJoinUsername = 'admin@domain.example.com' +param domainJoinPassword = 'Test12341234' +param adDomainFqdn = 'domain.example.com' +param adOuPath = 'OU=Research,OU=Devices,DC=domain,DC=example,DC=com' diff --git a/research-spoke/spoke-servicemodules/researchvm/tests/researchvm-entrajoin.tests.bicepparam b/research-spoke/spoke-servicemodules/researchvm/tests/researchvm-entrajoin.tests.bicepparam new file mode 100644 index 0000000..2c4f423 --- /dev/null +++ b/research-spoke/spoke-servicemodules/researchvm/tests/researchvm-entrajoin.tests.bicepparam @@ -0,0 +1,24 @@ +using '../main.bicep' + +// TODO: Create custom rule to require backup +param backupPolicyName = '' +param recoveryServicesVaultId = '' + +param logonType = 'entraID' +param intuneEnrollment = false + +param namingStructure = 'test-test-{rtype}-eastus-01' +param location = 'eastus' + +param subnetId = '/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg-network-eastus-01/providers/Microsoft.Network/virtualNetworks/test-vnet-eastus-01/subnets/ComputeSubnet' + +// Set at least one tag to avoid a failure +param tags = { test: 'value' } + +param vmLocalAdminPassword = 'AzureUser' +param vmLocalAdminUsername = 'Test12341234' + +param vmNamePrefix = 'vm-ad' +param osType = 'Windows' +param vmCount = 1 +param vmSize = 'Standard_D2as_v5'