Merge pull request #289 from Azure/development

VeraBE · web-flow · commit 93284217883f · 2022-09-09T11:14:32.000-07:00
Release version 0.3.1
diff --git a/src/Analyzer.Cli.FunctionalTests/CommandLineParserTests.cs b/src/Analyzer.Cli.FunctionalTests/CommandLineParserTests.cs
@@ -102,7 +102,7 @@ public void AnalyzeTemplate_IncludesOrNotNonSecurityRules_ReturnsExpectedExitCod
         [TestMethod]
         public void AnalyzeDirectory_ValidInputValues_AnalyzesExpectedNumberOfFiles()
         {
-            var args = new string[] { "analyze-directory", Directory.GetCurrentDirectory() };
+            var args = new string[] { "analyze-directory", Path.Combine(Directory.GetCurrentDirectory(), "Tests") };
 
             using StringWriter outputWriter = new();
             Console.SetOut(outputWriter);
diff --git a/src/Analyzer.PowerShellRuleEngine/PowerShellRuleEngine.cs b/src/Analyzer.PowerShellRuleEngine/PowerShellRuleEngine.cs
@@ -4,13 +4,16 @@
 using System;
 using System.Collections.Generic;
 using System.IO;
+using System.Management.Automation;
+using System.Management.Automation.Runspaces;
 using Microsoft.Azure.Templates.Analyzer.Types;
 using Microsoft.Azure.Templates.Analyzer.Utilities;
 using Microsoft.Extensions.Logging;
 using Newtonsoft.Json.Linq;
 using PSRule.Configuration;
 using PSRule.Pipeline;
 using PSRule.Rules;
+using Powershell = System.Management.Automation.PowerShell; // There's a conflict between this class name and a namespace
 
 namespace Microsoft.Azure.Templates.Analyzer.RuleEngines.PowerShellEngine
 {
@@ -38,6 +41,55 @@ public PowerShellRuleEngine(bool includeNonSecurityRules, ILogger logger = null)
         {
             this.includeNonSecurityRules = includeNonSecurityRules;
             this.logger = logger;
+
+            // We need to unblock the PowerShell scripts on Windows to allow them to run
+            // If a script is not unblocked, even if it's signed, PowerShell prompts for confirmation before executing
+            // This prompting would throw an exception, because there's no interaction with a user that would allow for confirmation
+            if (Platform.IsWindows)
+            {
+                try
+                {
+                    // There are 2 different 'Default' functions available:
+                    // https://docs.microsoft.com/en-us/powershell/scripting/developer/hosting/creating-an-initialsessionstate?view=powershell-7.2
+                    //
+                    // CreateDefault has a dependency on Microsoft.Management.Infrastructure.dll, which is missing when publishing for 'win-x64',
+                    // and PowerShell throws an exception creating the InitialSessionState.
+                    //
+                    // CreateDefault2 does NOT have this dependency.
+                    // Notably, Microsoft.Management.Infrastructure.dll is available when publishing for specific Windows versions (such as win7-x64),
+                    // but since this libary is not needed in our usage of PowerShell, we can eliminate the dependency.
+                    var initialState = InitialSessionState.CreateDefault2();
+
+                    // Ensure we can execute the signed bundled scripts
+                    // This sets the policy at the Process scope
+                    initialState.ExecutionPolicy = PowerShell.ExecutionPolicy.RemoteSigned;
+
+                    var powershell = Powershell.Create(initialState);
+
+                    powershell
+                        .AddCommand("Get-ChildItem")
+                        .AddParameter("Path", Path.Combine(AppContext.BaseDirectory, "Modules", "PSRule.Rules.Azure"))
+                        .AddParameter("Recurse")
+                        .AddParameter("Filter", "*.ps1")
+                        .AddCommand("Unblock-File")
+                        .Invoke();
+
+                    if (powershell.HadErrors)
+                    {
+                        this.logger?.LogError("There was an error unblocking the PowerShell scripts");
+
+                        foreach (var error in powershell.Streams.Error)
+                        {
+                            this.logger?.LogError(error.ToString());
+                        }
+                    }
+                }
+                catch(Exception exception)
+                {
+                    this.logger?.LogError(exception, "There was an exception while unblocking the PowerShell scripts");
+                }
+
+            }
         }
 
         /// <summary>
@@ -98,17 +150,8 @@ public IEnumerable<IEvaluation> AnalyzeTemplate(TemplateContext templateContext)
                         NotProcessedWarning = false,
 
                         // PSRule internally creates a PowerShell initial state with InitialSessionState.CreateDefault().
-                        // There are 2 different 'Default' functions available:
-                        // https://docs.microsoft.com/en-us/powershell/scripting/developer/hosting/creating-an-initialsessionstate?view=powershell-7.2
-                        //
-                        // CreateDefault has a dependency on Microsoft.Management.Infrastructure.dll, which is missing when publishing for 'win-x64',
-                        // and PowerShell throws an exception creating the InitialSessionState.
-                        //
-                        // CreateDefault2 does NOT have this dependency.
                         // SessionState.Minimal causes PSRule to use CreateDefault2 instead of CreateDefault.
-                        // Notably, Microsoft.Management.Infrastructure.dll is available when publishing for specific Windows versions (such as win7-x64),
-                        // but since this libary is not needed in our usage of PowerShell, we can eliminate the dependency.
-                        InitialSessionState = SessionState.Minimal
+                        InitialSessionState = PSRule.Configuration.SessionState.Minimal
                     }
                 };
                 var resources = templateContext.ExpandedTemplate.InsensitiveToken("resources").Values<JObject>();
diff --git a/src/Analyzer.TemplateProcessor.UnitTests/ArmTemplateProcessorTests.cs b/src/Analyzer.TemplateProcessor.UnitTests/ArmTemplateProcessorTests.cs
@@ -1114,7 +1114,7 @@ public void ProcessTemplate_ValidTemplateUsingManagementGroupFunction_ProcessTem
 
             JToken template = armTemplateProcessor.ProcessTemplate();
 
-            Assert.AreEqual("/providers/Microsoft.Management/managementGroups/examplemg1", template["resources"][0]["properties"]["details"]["parent"]["id"]);
+            Assert.AreEqual("/providers/Microsoft.Management/managementGroups/placeholderManagementGroup", template["resources"][0]["properties"]["details"]["parent"]["id"]);
         }
 
         private string GenerateTemplateWithOutputs(string outputValue)
diff --git a/src/Analyzer.TemplateProcessor/PlaceholderInputGenerator.cs b/src/Analyzer.TemplateProcessor/PlaceholderInputGenerator.cs
@@ -104,16 +104,16 @@ internal static InsensitiveDictionary<JToken> GeneratePlaceholderDeploymentMetad
         {
             var deployment = JObject.Parse(@"
             {
-                ""name"": ""deploymentname"",
-                ""type"": ""deploymenttype"",
+                ""name"": ""placeholderDeploymentName"",
+                ""type"": ""placeholderDeploymentType"",
                 ""location"": ""westus2"",
-                ""id"": ""/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourceGroupName"",
+                ""id"": ""/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/placeholderResourceGroup"",
                 ""properties"": {
                     ""templateLink"": {
                         ""uri"": ""https://deploymenturi"",
                         ""contentVersion"": ""0.0"",
                         ""metadata"": {
-                            ""metadata"": ""deploymentmetadata""
+                            ""metadata"": ""placeholderDeploymentMetadata""
                         }
                     }
                 }
@@ -160,40 +160,62 @@ internal static InsensitiveDictionary<JToken> GeneratePlaceholderDeploymentMetad
                 }                    
             }");
 
-            var managementGroupInfo = JObject.Parse(@"
+            var managementGroup = JObject.Parse(@"
             {
-                ""id"": ""/providers/Microsoft.Management/managementGroups/examplemg1"",
-                ""name"": ""examplemg1"",
+                ""id"": ""/providers/Microsoft.Management/managementGroups/placeholderManagementGroup"",
+                ""name"": ""placeholderManagementGroup"",
                 ""properties"": {
                   ""details"": {
                     ""parent"": {
-                      ""displayName"": ""Tenant Root Group"",
+                      ""displayName"": ""Placeholder Tenant Root Group"",
                       ""id"": ""/providers/Microsoft.Management/managementGroups/00000000-0000-0000-0000-000000000000"",
                       ""name"": ""00000000-0000-0000-0000-000000000000""
                     },
                     ""updatedBy"": ""00000000-0000-0000-0000-000000000000"",
                     ""updatedTime"": ""2020-07-23T21:05:52.661306Z"",
                     ""version"": ""1""
                   },
-                  ""displayName"": ""Example MG 1"",
+                  ""displayName"": ""Placeholder Management Group"",
                   ""tenantId"": ""00000000-0000-0000-0000-000000000000""
                 },
                 ""type"": ""/providers/Microsoft.Management/managementGroups""
             }");
 
+            var subscription = JObject.Parse(@"
+            {
+                ""id"": ""/subscriptions/00000000-0000-0000-0000-000000000000"",
+                ""subscriptionId"": ""00000000-0000-0000-0000-000000000000"",
+                ""tenantId"": ""00000000-0000-0000-0000-000000000000"",
+                ""displayName"": ""Placeholder Subscription Name""
+            }");
+
+            var resourceGroup = JObject.Parse(@"
+            {
+                ""id"": ""/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/placeholderResourceGroup"",
+                ""name"": ""placeholderResourceGroup"",
+                ""type"":""Microsoft.Resources/resourceGroups"",
+                ""location"": ""westus2"",
+                ""properties"": {
+                    ""provisioningState"": ""Succeeded""
+                }
+            }");
+
+            var tenant = JObject.Parse(@"
+            {
+                ""countryCode"": ""US"",
+                ""displayName"": ""Placeholder Tenant"",
+                ""id"": ""/tenants/00000000-0000-0000-0000-000000000000"",
+                ""tenantId"": ""00000000-0000-0000-0000-000000000000""
+            }");
+
             var metadata = new InsensitiveDictionary<JToken>
             {
-                { "subscription", new JObject(
-                    new JProperty("id", "/subscriptions/00000000-0000-0000-0000-000000000000"),
-                    new JProperty("subscriptionId", "00000000-0000-0000-0000-000000000000"),
-                    new JProperty("tenantId", "00000000-0000-0000-0000-000000000000")) },
-                { "resourceGroup", new JObject(
-                    new JProperty("id", "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourceGroupName"),
-                    new JProperty("location", "westus2"),
-                    new JProperty("name", "resource-group")) },
-                { "managementGroup", managementGroupInfo },
+                { "subscription", subscription },
+                { "resourceGroup", resourceGroup },
+                { "managementGroup", managementGroup },
                 { "deployment", deployment },
                 { "tenantId", "00000000-0000-0000-0000-000000000000" },
+                { "tenant", tenant },
                 { "providers", providers },
                 { "environment", environment }
             };
diff --git a/src/Directory.Build.targets b/src/Directory.Build.targets
@@ -4,4 +4,17 @@
     <DocumentationFile>bin\$(Configuration)\$(TargetFramework)\$(AssemblyName).xml</DocumentationFile>
     <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
   </PropertyGroup>
+
+  <!-- Move platform-specific runtime modules directly into the publish directory -->
+  <Target Name="UpdatePSRuntimeModules" AfterTargets="Publish">
+    <PropertyGroup>
+      <OSDirectory Condition="'$(OS)' == 'Unix'">unix</OSDirectory>
+      <OSDirectory Condition="'$(OS)' != 'Unix'">win</OSDirectory>
+    </PropertyGroup>
+    <ItemGroup>
+      <Modules Include="$(PublishDir)\runtimes\$(OSDirectory)\lib\$(TargetFramework)\Modules\**\*" />
+    </ItemGroup>
+    <Move SourceFiles="@(Modules)" DestinationFolder="$(PublishDir)\Modules\%(RecursiveDir)" />
+    <RemoveDir Directories="$(PublishDir)\runtimes" />
+  </Target>
 </Project>

Original file line number	Diff line number	Diff line change
`@@ -102,7 +102,7 @@ public void AnalyzeTemplate_IncludesOrNotNonSecurityRules_ReturnsExpectedExitCod`
`102`	`102`	`[TestMethod]`
`103`	`103`	`public void AnalyzeDirectory_ValidInputValues_AnalyzesExpectedNumberOfFiles()`
`104`	`104`	`{`
`105`		`- var args = new string[] { "analyze-directory", Directory.GetCurrentDirectory() };`
	`105`	`+ var args = new string[] { "analyze-directory", Path.Combine(Directory.GetCurrentDirectory(), "Tests") };`
`106`	`106`
`107`	`107`	`using StringWriter outputWriter = new();`
`108`	`108`	`Console.SetOut(outputWriter);`
Original file line number	Diff line number	Diff line change
`@@ -1114,7 +1114,7 @@ public void ProcessTemplate_ValidTemplateUsingManagementGroupFunction_ProcessTem`
`1114`	`1114`
`1115`	`1115`	`JToken template = armTemplateProcessor.ProcessTemplate();`
`1116`	`1116`
`1117`		`- Assert.AreEqual("/providers/Microsoft.Management/managementGroups/examplemg1", template["resources"][0]["properties"]["details"]["parent"]["id"]);`
	`1117`	`+ Assert.AreEqual("/providers/Microsoft.Management/managementGroups/placeholderManagementGroup", template["resources"][0]["properties"]["details"]["parent"]["id"]);`
`1118`	`1118`	`}`
`1119`	`1119`
`1120`	`1120`	`private string GenerateTemplateWithOutputs(string outputValue)`