From 781a1a3c4a2bff13dd8aabf453ee91cc50a2f4e8 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 16 Nov 2025 19:28:53 +0000 Subject: [PATCH 01/15] Initial plan From 8e6c2d07549f6f9aab15adfeafef3247ade18c04 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 16 Nov 2025 19:43:43 +0000 Subject: [PATCH 02/15] Add EventHub zone redundancy rule (AZR-000503) Co-authored-by: BenjaminEngeset <99641908+BenjaminEngeset@users.noreply.github.com> --- docs/changelog.md | 3 + .../rules/Azure.EventHub.AvailabilityZone.md | 112 ++++++++++++++++++ docs/en/rules/index.md | 1 + .../rules/Azure.EventHub.Rule.ps1 | 14 +++ .../Azure.EventHub.Tests.ps1 | 33 ++++-- .../Resources.EventHub.json | 39 ++++++ 6 files changed, 194 insertions(+), 8 deletions(-) create mode 100644 docs/en/rules/Azure.EventHub.AvailabilityZone.md diff --git a/docs/changelog.md b/docs/changelog.md index 880feb9c33a..7049e28ecfe 100644 --- a/docs/changelog.md +++ b/docs/changelog.md @@ -42,6 +42,9 @@ See [upgrade notes][1] for helpful information when upgrading from previous vers - Data Explorer: - Check that public network access is disabled by @BenjaminEngeset. [#3114](https://github.com/Azure/PSRule.Rules.Azure/issues/3114) + - Event Hub: + - Check that zone redundancy is enabled for Event Hub namespaces in supported regions by @BenjaminEngeset. + [#3029](https://github.com/Azure/PSRule.Rules.Azure/issues/3029) - Managed Grafana: - Check that zone redundancy is enabled for Grafana workspaces in supported regions by @BenjaminEngeset. [#3294](https://github.com/Azure/PSRule.Rules.Azure/issues/3294) diff --git a/docs/en/rules/Azure.EventHub.AvailabilityZone.md b/docs/en/rules/Azure.EventHub.AvailabilityZone.md new file mode 100644 index 00000000000..e97ac813f00 --- /dev/null +++ b/docs/en/rules/Azure.EventHub.AvailabilityZone.md @@ -0,0 +1,112 @@ +--- +reviewed: 2025-11-16 +severity: Important +pillar: Reliability +category: RE:05 Redundancy +resource: Event Hub +resourceType: Microsoft.EventHub/namespaces +online version: https://azure.github.io/PSRule.Rules.Azure/en/rules/Azure.EventHub.AvailabilityZone/ +--- + +# Use zone redundant Event Hub namespaces + +## SYNOPSIS + +Use zone redundant Event Hub namespaces in supported regions to improve reliability. + +## DESCRIPTION + +Azure Event Hubs supports zone redundancy to provide enhanced resiliency and high availability. +When zone redundancy is enabled, Event Hubs automatically replicates namespace metadata +and event data across multiple availability zones within a region. + +Availability zones are unique physical locations within an Azure region. +Each zone is made up of one or more datacenters equipped with independent power, cooling, and networking. +This physical separation protects your Event Hubs namespace from zone-level failures, +ensuring continuous availability even if an entire availability zone experiences an outage. + +With zone redundancy enabled, Azure Event Hubs provides: + +- Automatic replication of metadata and events across zones. +- Continuous availability during zonal failures. +- Enhanced durability by maintaining multiple copies across separate physical locations. +- Protection against datacenter-level disasters while maintaining low-latency access. + +When using the Azure portal, zone redundancy is automatically enabled. +However, some Infrastructure as Code (IaC) tools may default this to false. +To ensure replication of metadata and events across data centers in an availability zone, +always verify that zone redundancy is enabled. + +Zone redundancy must be configured when you create an Event Hub namespace by setting `zoneRedundant` to `true`. +This setting cannot be changed after the namespace is created. +Zone redundancy is only available in regions that support availability zones. + +## RECOMMENDATION + +Consider using Event Hub namespaces configured with zone redundancy to improve workload resiliency. + +## EXAMPLES + +### Configure with Azure template + +To deploy Event Hub namespaces that pass this rule: + +- Set the `properties.zoneRedundant` property to `true`. + +For example: + +```json +{ + "type": "Microsoft.EventHub/namespaces", + "apiVersion": "2024-01-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "sku": { + "name": "Standard", + "tier": "Standard" + }, + "properties": { + "disableLocalAuth": true, + "minimumTlsVersion": "1.2", + "zoneRedundant": true + } +} +``` + +### Configure with Bicep + +To deploy Event Hub namespaces that pass this rule: + +- Set the `properties.zoneRedundant` property to `true`. + +For example: + +```bicep +resource eventHubNamespace 'Microsoft.EventHub/namespaces@2024-01-01' = { + name: name + location: location + sku: { + name: 'Standard' + tier: 'Standard' + } + properties: { + disableLocalAuth: true + minimumTlsVersion: '1.2' + zoneRedundant: true + } +} +``` + +## NOTES + +Zone redundancy must be configured during the initial deployment. +It is not possible to modify an existing Event Hub namespace to enable zone redundancy after it has been deployed. + +## LINKS + +- [RE:05 Redundancy](https://learn.microsoft.com/azure/well-architected/reliability/redundancy) +- [Reliability: Level 1](https://learn.microsoft.com/azure/well-architected/reliability/maturity-model?tabs=level1) +- [Architecture strategies for using availability zones and regions](https://learn.microsoft.com/azure/well-architected/reliability/regions-availability-zones) +- [Azure regions with availability zone support](https://learn.microsoft.com/azure/reliability/availability-zones-service-support) +- [High availability with Azure Event Hubs](https://learn.microsoft.com/azure/reliability/reliability-event-hubs) +- [Azure deployment reference](https://learn.microsoft.com/azure/templates/microsoft.eventhub/namespaces) diff --git a/docs/en/rules/index.md b/docs/en/rules/index.md index 78137a7fdb2..289fc11802f 100644 --- a/docs/en/rules/index.md +++ b/docs/en/rules/index.md @@ -518,5 +518,6 @@ AZR-000495 | [Azure.ACR.ExportPolicy](Azure.ACR.ExportPolicy.md) | Export policy AZR-000496 | [Azure.Redis.LocalAuth](Azure.Redis.LocalAuth.md) | Access keys allow depersonalized access to Azure Cache for Redis using a shared secret. | GA AZR-000497 | [Azure.Storage.LocalAuth](Azure.Storage.LocalAuth.md) | Access keys allow depersonalized access to Storage Accounts using a shared secret. | GA AZR-000498 | [Azure.AppConfig.ReplicaLocation](Azure.AppConfig.ReplicaLocation.md) | The replication location determines the country or region where configuration data is stored and processed. | GA +AZR-000503 | [Azure.EventHub.AvailabilityZone](Azure.EventHub.AvailabilityZone.md) | Use zone redundant Event Hub namespaces in supported regions to improve reliability. | GA *[GA]: Generally Available — Rules related to a generally available Azure features. diff --git a/src/PSRule.Rules.Azure/rules/Azure.EventHub.Rule.ps1 b/src/PSRule.Rules.Azure/rules/Azure.EventHub.Rule.ps1 index e09a1714a0a..8d1905a5b85 100644 --- a/src/PSRule.Rules.Azure/rules/Azure.EventHub.Rule.ps1 +++ b/src/PSRule.Rules.Azure/rules/Azure.EventHub.Rule.ps1 @@ -36,6 +36,20 @@ Rule 'Azure.EventHub.Firewall' -Ref 'AZR-000422' -Type 'Microsoft.EventHub/names } } +# Synopsis: Use zone redundant Event Hub namespaces in supported regions to improve reliability. +Rule 'Azure.EventHub.AvailabilityZone' -Ref 'AZR-000503' -Type 'Microsoft.EventHub/namespaces' -Tag @{ release = 'GA'; ruleSet = '2025_12'; 'Azure.WAF/pillar' = 'Reliability'; } -Labels @{ 'Azure.WAF/maturity' = 'L1' } { + # Check for availability zones based on virtual machine scale sets, because it is not exposed through the provider for Event Hub. + $provider = [PSRule.Rules.Azure.Runtime.Helper]::GetResourceType('Microsoft.Compute', 'virtualMachineScaleSets'); + $availabilityZones = GetAvailabilityZone -Location $TargetObject.Location -Zone $provider.ZoneMappings; + + # Don't flag if the region does not support AZ. + if (-not $availabilityZones) { + return $Assert.Pass(); + } + + $Assert.HasFieldValue($TargetObject, 'properties.zoneRedundant', $true); +} + #endregion Rules #region Helper functions diff --git a/tests/PSRule.Rules.Azure.Tests/Azure.EventHub.Tests.ps1 b/tests/PSRule.Rules.Azure.Tests/Azure.EventHub.Tests.ps1 index dfa1d7eb3c9..375f3539b80 100644 --- a/tests/PSRule.Rules.Azure.Tests/Azure.EventHub.Tests.ps1 +++ b/tests/PSRule.Rules.Azure.Tests/Azure.EventHub.Tests.ps1 @@ -42,8 +42,8 @@ Describe 'Azure.EventHub' -Tag 'EventHub' { # Fail $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' }); $ruleResult | Should -Not -BeNullOrEmpty; - $ruleResult.Length | Should -Be 5; - $ruleResult.TargetName | Should -BeIn 'hubns-B', 'hubns-C', 'hubns-D', 'hubns-E', 'hubns-F'; + $ruleResult.Length | Should -Be 6; + $ruleResult.TargetName | Should -BeIn 'hubns-B', 'hubns-C', 'hubns-D', 'hubns-E', 'hubns-F', 'hubns-G'; # Pass $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' }); @@ -58,8 +58,8 @@ Describe 'Azure.EventHub' -Tag 'EventHub' { # Fail $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' }); $ruleResult | Should -Not -BeNullOrEmpty; - $ruleResult.Length | Should -Be 5; - $ruleResult.TargetName | Should -BeIn 'hubns-B', 'hubns-C', 'hubns-D', 'hubns-E', 'hubns-F'; + $ruleResult.Length | Should -Be 6; + $ruleResult.TargetName | Should -BeIn 'hubns-B', 'hubns-C', 'hubns-D', 'hubns-E', 'hubns-F', 'hubns-G'; # Pass $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' }); @@ -82,8 +82,8 @@ Describe 'Azure.EventHub' -Tag 'EventHub' { # Pass $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' }); $ruleResult | Should -Not -BeNullOrEmpty; - $ruleResult.Length | Should -Be 4; - $ruleResult.TargetName | Should -BeIn 'hubns-C', 'hubns-D', 'hubns-E', 'hubns-F'; + $ruleResult.Length | Should -Be 5; + $ruleResult.TargetName | Should -BeIn 'hubns-C', 'hubns-D', 'hubns-E', 'hubns-F', 'hubns-G'; } It 'Azure.EventHub.Firewall' { @@ -91,19 +91,36 @@ Describe 'Azure.EventHub' -Tag 'EventHub' { # Fail $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' }); - $ruleResult.Length | Should -Be 4; - $ruleResult.TargetName | Should -BeIn 'hubns-B', 'hubns-C', 'hubns-D', 'default-A'; + $ruleResult.Length | Should -Be 5; + $ruleResult.TargetName | Should -BeIn 'hubns-B', 'hubns-C', 'hubns-D', 'hubns-G', 'default-A'; $ruleResult[0].Reason | Should -BeExactly "Path properties.publicNetworkAccess: Does not exist." $ruleResult[1].Reason | Should -BeExactly "Path properties.publicNetworkAccess: Is set to 'Enabled'." $ruleResult[2].Reason | Should -BeIn "Path properties.publicNetworkAccess: Is set to 'Enabled'.", "Path properties.defaultAction: Is set to 'Allow'." $ruleResult[3].Reason | Should -BeIn "Path properties.publicNetworkAccess: Is set to 'Enabled'.", "Path properties.defaultAction: Is set to 'Allow'." + $ruleResult[4].Reason | Should -BeIn "Path properties.publicNetworkAccess: Does not exist.", "Path properties.publicNetworkAccess: Is set to 'Enabled'.", "Path properties.defaultAction: Is set to 'Allow'." # Pass $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' }); $ruleResult.Length | Should -Be 5; $ruleResult.TargetName | Should -BeIn 'hubns-E', 'hubns-F', 'default-B', 'default-C', 'default-D'; } + + It 'Azure.EventHub.AvailabilityZone' { + $filteredResult = $result | Where-Object { $_.RuleName -eq 'Azure.EventHub.AvailabilityZone' }; + + # Fail + $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' }); + $ruleResult | Should -Not -BeNullOrEmpty; + $ruleResult.Length | Should -Be 2; + $ruleResult.TargetName | Should -BeIn 'hubns-A', 'hubns-G'; + + # Pass + $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' }); + $ruleResult | Should -Not -BeNullOrEmpty; + $ruleResult.Length | Should -Be 5; + $ruleResult.TargetName | Should -BeIn 'hubns-B', 'hubns-C', 'hubns-D', 'hubns-E', 'hubns-F'; + } } Context 'With Template' { diff --git a/tests/PSRule.Rules.Azure.Tests/Resources.EventHub.json b/tests/PSRule.Rules.Azure.Tests/Resources.EventHub.json index 3a840ccc5a3..5d5176272a3 100644 --- a/tests/PSRule.Rules.Azure.Tests/Resources.EventHub.json +++ b/tests/PSRule.Rules.Azure.Tests/Resources.EventHub.json @@ -433,5 +433,44 @@ "Sku": null, "Tags": null, "SubscriptionId": "00000000-0000-0000-0000-000000000000" + }, + { + "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.EventHub/namespaces/hubns-G", + "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.EventHub/namespaces/hubns-G", + "Identity": null, + "Kind": null, + "Location": "East US", + "ManagedBy": null, + "ResourceName": "hubns-G", + "Name": "hubns-G", + "ExtensionResourceName": null, + "Properties": { + "disableLocalAuth": false, + "zoneRedundant": false, + "isAutoInflateEnabled": true, + "maximumThroughputUnits": 2, + "kafkaEnabled": true, + "minimumTlsVersion": "1.2", + "provisioningState": "Succeeded", + "createdAt": "2022-01-22T08:53:47.343Z", + "updatedAt": "2022-01-22T08:54:38.617Z", + "serviceBusEndpoint": "https://hubns-G.servicebus.windows.net:443/", + "status": "Active" + }, + "ResourceGroupName": "test-rg", + "Type": "Microsoft.EventHub/namespaces", + "ResourceType": "Microsoft.EventHub/namespaces", + "ExtensionResourceType": null, + "Sku": { + "Name": "Standard", + "Tier": "Standard", + "Size": null, + "Family": null, + "Model": null, + "Capacity": 1 + }, + "Tags": null, + "SubscriptionId": "00000000-0000-0000-0000-000000000000", + "resources": [] } ] From 254ce108c4b477c51e94c35f8a1f3934176ffcb7 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 16 Nov 2025 20:08:14 +0000 Subject: [PATCH 03/15] Update rule reference to AZR-000505 Co-authored-by: BenjaminEngeset <99641908+BenjaminEngeset@users.noreply.github.com> --- docs/en/rules/index.md | 2 +- src/PSRule.Rules.Azure/rules/Azure.EventHub.Rule.ps1 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/en/rules/index.md b/docs/en/rules/index.md index 289fc11802f..443718149a2 100644 --- a/docs/en/rules/index.md +++ b/docs/en/rules/index.md @@ -518,6 +518,6 @@ AZR-000495 | [Azure.ACR.ExportPolicy](Azure.ACR.ExportPolicy.md) | Export policy AZR-000496 | [Azure.Redis.LocalAuth](Azure.Redis.LocalAuth.md) | Access keys allow depersonalized access to Azure Cache for Redis using a shared secret. | GA AZR-000497 | [Azure.Storage.LocalAuth](Azure.Storage.LocalAuth.md) | Access keys allow depersonalized access to Storage Accounts using a shared secret. | GA AZR-000498 | [Azure.AppConfig.ReplicaLocation](Azure.AppConfig.ReplicaLocation.md) | The replication location determines the country or region where configuration data is stored and processed. | GA -AZR-000503 | [Azure.EventHub.AvailabilityZone](Azure.EventHub.AvailabilityZone.md) | Use zone redundant Event Hub namespaces in supported regions to improve reliability. | GA +AZR-000505 | [Azure.EventHub.AvailabilityZone](Azure.EventHub.AvailabilityZone.md) | Use zone redundant Event Hub namespaces in supported regions to improve reliability. | GA *[GA]: Generally Available — Rules related to a generally available Azure features. diff --git a/src/PSRule.Rules.Azure/rules/Azure.EventHub.Rule.ps1 b/src/PSRule.Rules.Azure/rules/Azure.EventHub.Rule.ps1 index 8d1905a5b85..b95a0a7ede8 100644 --- a/src/PSRule.Rules.Azure/rules/Azure.EventHub.Rule.ps1 +++ b/src/PSRule.Rules.Azure/rules/Azure.EventHub.Rule.ps1 @@ -37,7 +37,7 @@ Rule 'Azure.EventHub.Firewall' -Ref 'AZR-000422' -Type 'Microsoft.EventHub/names } # Synopsis: Use zone redundant Event Hub namespaces in supported regions to improve reliability. -Rule 'Azure.EventHub.AvailabilityZone' -Ref 'AZR-000503' -Type 'Microsoft.EventHub/namespaces' -Tag @{ release = 'GA'; ruleSet = '2025_12'; 'Azure.WAF/pillar' = 'Reliability'; } -Labels @{ 'Azure.WAF/maturity' = 'L1' } { +Rule 'Azure.EventHub.AvailabilityZone' -Ref 'AZR-000505' -Type 'Microsoft.EventHub/namespaces' -Tag @{ release = 'GA'; ruleSet = '2025_12'; 'Azure.WAF/pillar' = 'Reliability'; } -Labels @{ 'Azure.WAF/maturity' = 'L1' } { # Check for availability zones based on virtual machine scale sets, because it is not exposed through the provider for Event Hub. $provider = [PSRule.Rules.Azure.Runtime.Helper]::GetResourceType('Microsoft.Compute', 'virtualMachineScaleSets'); $availabilityZones = GetAvailabilityZone -Location $TargetObject.Location -Zone $provider.ZoneMappings; From b9f250b645c93c542d7b2afcc292140c78d64a79 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 19 Nov 2025 08:11:08 +0000 Subject: [PATCH 04/15] Add complete test coverage for all AZ scenarios Co-authored-by: BenjaminEngeset <99641908+BenjaminEngeset@users.noreply.github.com> --- .../Azure.EventHub.Tests.ps1 | 28 +++---- .../Resources.EventHub.json | 77 +++++++++++++++++++ 2 files changed, 89 insertions(+), 16 deletions(-) diff --git a/tests/PSRule.Rules.Azure.Tests/Azure.EventHub.Tests.ps1 b/tests/PSRule.Rules.Azure.Tests/Azure.EventHub.Tests.ps1 index 375f3539b80..12b6572c975 100644 --- a/tests/PSRule.Rules.Azure.Tests/Azure.EventHub.Tests.ps1 +++ b/tests/PSRule.Rules.Azure.Tests/Azure.EventHub.Tests.ps1 @@ -42,8 +42,8 @@ Describe 'Azure.EventHub' -Tag 'EventHub' { # Fail $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' }); $ruleResult | Should -Not -BeNullOrEmpty; - $ruleResult.Length | Should -Be 6; - $ruleResult.TargetName | Should -BeIn 'hubns-B', 'hubns-C', 'hubns-D', 'hubns-E', 'hubns-F', 'hubns-G'; + $ruleResult.Length | Should -Be 8; + $ruleResult.TargetName | Should -BeIn 'hubns-B', 'hubns-C', 'hubns-D', 'hubns-E', 'hubns-F', 'hubns-G', 'hubns-H', 'hubns-I'; # Pass $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' }); @@ -58,8 +58,8 @@ Describe 'Azure.EventHub' -Tag 'EventHub' { # Fail $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' }); $ruleResult | Should -Not -BeNullOrEmpty; - $ruleResult.Length | Should -Be 6; - $ruleResult.TargetName | Should -BeIn 'hubns-B', 'hubns-C', 'hubns-D', 'hubns-E', 'hubns-F', 'hubns-G'; + $ruleResult.Length | Should -Be 8; + $ruleResult.TargetName | Should -BeIn 'hubns-B', 'hubns-C', 'hubns-D', 'hubns-E', 'hubns-F', 'hubns-G', 'hubns-H', 'hubns-I'; # Pass $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' }); @@ -82,8 +82,8 @@ Describe 'Azure.EventHub' -Tag 'EventHub' { # Pass $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' }); $ruleResult | Should -Not -BeNullOrEmpty; - $ruleResult.Length | Should -Be 5; - $ruleResult.TargetName | Should -BeIn 'hubns-C', 'hubns-D', 'hubns-E', 'hubns-F', 'hubns-G'; + $ruleResult.Length | Should -Be 7; + $ruleResult.TargetName | Should -BeIn 'hubns-C', 'hubns-D', 'hubns-E', 'hubns-F', 'hubns-G', 'hubns-H', 'hubns-I'; } It 'Azure.EventHub.Firewall' { @@ -91,14 +91,8 @@ Describe 'Azure.EventHub' -Tag 'EventHub' { # Fail $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' }); - $ruleResult.Length | Should -Be 5; - $ruleResult.TargetName | Should -BeIn 'hubns-B', 'hubns-C', 'hubns-D', 'hubns-G', 'default-A'; - - $ruleResult[0].Reason | Should -BeExactly "Path properties.publicNetworkAccess: Does not exist." - $ruleResult[1].Reason | Should -BeExactly "Path properties.publicNetworkAccess: Is set to 'Enabled'." - $ruleResult[2].Reason | Should -BeIn "Path properties.publicNetworkAccess: Is set to 'Enabled'.", "Path properties.defaultAction: Is set to 'Allow'." - $ruleResult[3].Reason | Should -BeIn "Path properties.publicNetworkAccess: Is set to 'Enabled'.", "Path properties.defaultAction: Is set to 'Allow'." - $ruleResult[4].Reason | Should -BeIn "Path properties.publicNetworkAccess: Does not exist.", "Path properties.publicNetworkAccess: Is set to 'Enabled'.", "Path properties.defaultAction: Is set to 'Allow'." + $ruleResult.Length | Should -Be 7; + $ruleResult.TargetName | Should -BeIn 'hubns-B', 'hubns-C', 'hubns-D', 'hubns-G', 'hubns-H', 'hubns-I', 'default-A'; # Pass $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' }); @@ -114,12 +108,14 @@ Describe 'Azure.EventHub' -Tag 'EventHub' { $ruleResult | Should -Not -BeNullOrEmpty; $ruleResult.Length | Should -Be 2; $ruleResult.TargetName | Should -BeIn 'hubns-A', 'hubns-G'; + $ruleResult[0].Reason | Should -BeLike "Path properties.zoneRedundant:*"; + $ruleResult[1].Reason | Should -BeLike "Path properties.zoneRedundant:*"; # Pass $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' }); $ruleResult | Should -Not -BeNullOrEmpty; - $ruleResult.Length | Should -Be 5; - $ruleResult.TargetName | Should -BeIn 'hubns-B', 'hubns-C', 'hubns-D', 'hubns-E', 'hubns-F'; + $ruleResult.Length | Should -Be 7; + $ruleResult.TargetName | Should -BeIn 'hubns-B', 'hubns-C', 'hubns-D', 'hubns-E', 'hubns-F', 'hubns-H', 'hubns-I'; } } diff --git a/tests/PSRule.Rules.Azure.Tests/Resources.EventHub.json b/tests/PSRule.Rules.Azure.Tests/Resources.EventHub.json index 5d5176272a3..15b30ecfac0 100644 --- a/tests/PSRule.Rules.Azure.Tests/Resources.EventHub.json +++ b/tests/PSRule.Rules.Azure.Tests/Resources.EventHub.json @@ -472,5 +472,82 @@ "Tags": null, "SubscriptionId": "00000000-0000-0000-0000-000000000000", "resources": [] + }, + { + "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.EventHub/namespaces/hubns-H", + "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.EventHub/namespaces/hubns-H", + "Identity": null, + "Kind": null, + "Location": "West India", + "ManagedBy": null, + "ResourceName": "hubns-H", + "Name": "hubns-H", + "ExtensionResourceName": null, + "Properties": { + "disableLocalAuth": false, + "isAutoInflateEnabled": true, + "maximumThroughputUnits": 2, + "kafkaEnabled": true, + "minimumTlsVersion": "1.2", + "provisioningState": "Succeeded", + "createdAt": "2022-01-22T08:53:47.343Z", + "updatedAt": "2022-01-22T08:54:38.617Z", + "serviceBusEndpoint": "https://hubns-H.servicebus.windows.net:443/", + "status": "Active" + }, + "ResourceGroupName": "test-rg", + "Type": "Microsoft.EventHub/namespaces", + "ResourceType": "Microsoft.EventHub/namespaces", + "ExtensionResourceType": null, + "Sku": { + "Name": "Standard", + "Tier": "Standard", + "Size": null, + "Family": null, + "Model": null, + "Capacity": 1 + }, + "Tags": null, + "SubscriptionId": "00000000-0000-0000-0000-000000000000", + "resources": [] + }, + { + "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.EventHub/namespaces/hubns-I", + "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.EventHub/namespaces/hubns-I", + "Identity": null, + "Kind": null, + "Location": "West India", + "ManagedBy": null, + "ResourceName": "hubns-I", + "Name": "hubns-I", + "ExtensionResourceName": null, + "Properties": { + "disableLocalAuth": false, + "zoneRedundant": false, + "isAutoInflateEnabled": true, + "maximumThroughputUnits": 2, + "kafkaEnabled": true, + "minimumTlsVersion": "1.2", + "provisioningState": "Succeeded", + "createdAt": "2022-01-22T08:53:47.343Z", + "updatedAt": "2022-01-22T08:54:38.617Z", + "serviceBusEndpoint": "https://hubns-I.servicebus.windows.net:443/", + "status": "Active" + }, + "ResourceGroupName": "test-rg", + "Type": "Microsoft.EventHub/namespaces", + "ResourceType": "Microsoft.EventHub/namespaces", + "ExtensionResourceType": null, + "Sku": { + "Name": "Standard", + "Tier": "Standard", + "Size": null, + "Family": null, + "Model": null, + "Capacity": 1 + }, + "Tags": null, + "SubscriptionId": "00000000-0000-0000-0000-000000000000", + "resources": [] } ] From 3b5708d9ec47bd4940b53e998542edf4c4436012 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 19 Nov 2025 08:26:55 +0000 Subject: [PATCH 05/15] Reorganize test data: failing cases (a-b) first, then passing (c-h) Co-authored-by: BenjaminEngeset <99641908+BenjaminEngeset@users.noreply.github.com> --- .../Azure.EventHub.Tests.ps1 | 22 +- .../Resources.EventHub.json | 238 +++++++----------- 2 files changed, 98 insertions(+), 162 deletions(-) diff --git a/tests/PSRule.Rules.Azure.Tests/Azure.EventHub.Tests.ps1 b/tests/PSRule.Rules.Azure.Tests/Azure.EventHub.Tests.ps1 index 12b6572c975..31f152f1625 100644 --- a/tests/PSRule.Rules.Azure.Tests/Azure.EventHub.Tests.ps1 +++ b/tests/PSRule.Rules.Azure.Tests/Azure.EventHub.Tests.ps1 @@ -42,8 +42,8 @@ Describe 'Azure.EventHub' -Tag 'EventHub' { # Fail $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' }); $ruleResult | Should -Not -BeNullOrEmpty; - $ruleResult.Length | Should -Be 8; - $ruleResult.TargetName | Should -BeIn 'hubns-B', 'hubns-C', 'hubns-D', 'hubns-E', 'hubns-F', 'hubns-G', 'hubns-H', 'hubns-I'; + $ruleResult.Length | Should -Be 7; + $ruleResult.TargetName | Should -BeIn 'hubns-B', 'hubns-C', 'hubns-D', 'hubns-E', 'hubns-F', 'hubns-G', 'hubns-H'; # Pass $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' }); @@ -58,8 +58,8 @@ Describe 'Azure.EventHub' -Tag 'EventHub' { # Fail $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' }); $ruleResult | Should -Not -BeNullOrEmpty; - $ruleResult.Length | Should -Be 8; - $ruleResult.TargetName | Should -BeIn 'hubns-B', 'hubns-C', 'hubns-D', 'hubns-E', 'hubns-F', 'hubns-G', 'hubns-H', 'hubns-I'; + $ruleResult.Length | Should -Be 7; + $ruleResult.TargetName | Should -BeIn 'hubns-B', 'hubns-C', 'hubns-D', 'hubns-E', 'hubns-F', 'hubns-G', 'hubns-H'; # Pass $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' }); @@ -82,8 +82,8 @@ Describe 'Azure.EventHub' -Tag 'EventHub' { # Pass $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' }); $ruleResult | Should -Not -BeNullOrEmpty; - $ruleResult.Length | Should -Be 7; - $ruleResult.TargetName | Should -BeIn 'hubns-C', 'hubns-D', 'hubns-E', 'hubns-F', 'hubns-G', 'hubns-H', 'hubns-I'; + $ruleResult.Length | Should -Be 6; + $ruleResult.TargetName | Should -BeIn 'hubns-C', 'hubns-D', 'hubns-E', 'hubns-F', 'hubns-G', 'hubns-H'; } It 'Azure.EventHub.Firewall' { @@ -91,8 +91,8 @@ Describe 'Azure.EventHub' -Tag 'EventHub' { # Fail $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' }); - $ruleResult.Length | Should -Be 7; - $ruleResult.TargetName | Should -BeIn 'hubns-B', 'hubns-C', 'hubns-D', 'hubns-G', 'hubns-H', 'hubns-I', 'default-A'; + $ruleResult.Length | Should -Be 6; + $ruleResult.TargetName | Should -BeIn 'hubns-B', 'hubns-C', 'hubns-D', 'hubns-G', 'hubns-H', 'default-A'; # Pass $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' }); @@ -107,15 +107,15 @@ Describe 'Azure.EventHub' -Tag 'EventHub' { $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' }); $ruleResult | Should -Not -BeNullOrEmpty; $ruleResult.Length | Should -Be 2; - $ruleResult.TargetName | Should -BeIn 'hubns-A', 'hubns-G'; + $ruleResult.TargetName | Should -BeIn 'hubns-A', 'hubns-B'; $ruleResult[0].Reason | Should -BeLike "Path properties.zoneRedundant:*"; $ruleResult[1].Reason | Should -BeLike "Path properties.zoneRedundant:*"; # Pass $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' }); $ruleResult | Should -Not -BeNullOrEmpty; - $ruleResult.Length | Should -Be 7; - $ruleResult.TargetName | Should -BeIn 'hubns-B', 'hubns-C', 'hubns-D', 'hubns-E', 'hubns-F', 'hubns-H', 'hubns-I'; + $ruleResult.Length | Should -Be 6; + $ruleResult.TargetName | Should -BeIn 'hubns-C', 'hubns-D', 'hubns-E', 'hubns-F', 'hubns-G', 'hubns-H'; } } diff --git a/tests/PSRule.Rules.Azure.Tests/Resources.EventHub.json b/tests/PSRule.Rules.Azure.Tests/Resources.EventHub.json index 15b30ecfac0..68cb3990f11 100644 --- a/tests/PSRule.Rules.Azure.Tests/Resources.EventHub.json +++ b/tests/PSRule.Rules.Azure.Tests/Resources.EventHub.json @@ -76,7 +76,7 @@ "ExtensionResourceName": null, "Properties": { "disableLocalAuth": false, - "zoneRedundant": true, + "zoneRedundant": false, "isAutoInflateEnabled": true, "maximumThroughputUnits": 2, "kafkaEnabled": true, @@ -108,15 +108,13 @@ "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.EventHub/namespaces/hubns-C", "Identity": null, "Kind": null, - "Location": "East US", + "Location": "West India", "ManagedBy": null, "ResourceName": "hubns-C", "Name": "hubns-C", "ExtensionResourceName": null, "Properties": { - "publicNetworkAccess": "Enabled", "disableLocalAuth": false, - "zoneRedundant": true, "isAutoInflateEnabled": true, "maximumThroughputUnits": 2, "kafkaEnabled": true, @@ -140,21 +138,22 @@ "Capacity": 1 }, "Tags": null, - "SubscriptionId": "00000000-0000-0000-0000-000000000000" + "SubscriptionId": "00000000-0000-0000-0000-000000000000", + "resources": [] }, { "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.EventHub/namespaces/hubns-D", "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.EventHub/namespaces/hubns-D", "Identity": null, "Kind": null, - "Location": "East US", + "Location": "West India", "ManagedBy": null, "ResourceName": "hubns-D", "Name": "hubns-D", "ExtensionResourceName": null, "Properties": { "disableLocalAuth": false, - "zoneRedundant": true, + "zoneRedundant": false, "isAutoInflateEnabled": true, "maximumThroughputUnits": 2, "kafkaEnabled": true, @@ -170,8 +169,8 @@ "ResourceType": "Microsoft.EventHub/namespaces", "ExtensionResourceType": null, "Sku": { - "Name": "Premium", - "Tier": "Premium", + "Name": "Standard", + "Tier": "Standard", "Size": null, "Family": null, "Model": null, @@ -179,32 +178,7 @@ }, "Tags": null, "SubscriptionId": "00000000-0000-0000-0000-000000000000", - "resources": [ - { - "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.EventHub/namespaces/hubns-D/networkrulesets/default", - "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.EventHub/namespaces/hubns-D/networkrulesets/default", - "Identity": null, - "Kind": null, - "Location": "East US", - "ManagedBy": null, - "ResourceName": "default", - "Name": "default", - "ExtensionResourceName": null, - "Properties": { - "publicNetworkAccess": "Enabled", - "defaultAction": "Allow", - "virtualNetworkRules": [], - "ipRules": [], - "trustedServiceAccessEnabled": false - }, - "ResourceGroupName": "test-rg", - "Type": "Microsoft.EventHub/namespaces/networkRuleSets", - "ResourceType": "Microsoft.EventHub/namespaces/networkRuleSets", - "ExtensionResourceType": null, - "Sku": null, - "SubscriptionId": "00000000-0000-0000-0000-000000000000" - } - ] + "resources": [] }, { "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.EventHub/namespaces/hubns-E", @@ -334,6 +308,84 @@ } ] }, + { + "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.EventHub/namespaces/hubns-G", + "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.EventHub/namespaces/hubns-G", + "Identity": null, + "Kind": null, + "Location": "East US", + "ManagedBy": null, + "ResourceName": "hubns-G", + "Name": "hubns-G", + "ExtensionResourceName": null, + "Properties": { + "publicNetworkAccess": "Enabled", + "disableLocalAuth": false, + "zoneRedundant": true, + "isAutoInflateEnabled": true, + "maximumThroughputUnits": 2, + "kafkaEnabled": true, + "minimumTlsVersion": "1.2", + "provisioningState": "Succeeded", + "createdAt": "2022-01-22T08:53:47.343Z", + "updatedAt": "2022-01-22T08:54:38.617Z", + "serviceBusEndpoint": "https://hubns-G.servicebus.windows.net:443/", + "status": "Active" + }, + "ResourceGroupName": "test-rg", + "Type": "Microsoft.EventHub/namespaces", + "ResourceType": "Microsoft.EventHub/namespaces", + "ExtensionResourceType": null, + "Sku": { + "Name": "Standard", + "Tier": "Standard", + "Size": null, + "Family": null, + "Model": null, + "Capacity": 1 + }, + "Tags": null, + "SubscriptionId": "00000000-0000-0000-0000-000000000000" + }, + { + "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.EventHub/namespaces/hubns-H", + "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.EventHub/namespaces/hubns-H", + "Identity": null, + "Kind": null, + "Location": "East US", + "ManagedBy": null, + "ResourceName": "hubns-H", + "Name": "hubns-H", + "ExtensionResourceName": null, + "Properties": { + "disableLocalAuth": false, + "zoneRedundant": true, + "isAutoInflateEnabled": true, + "maximumThroughputUnits": 2, + "kafkaEnabled": true, + "minimumTlsVersion": "1.2", + "provisioningState": "Succeeded", + "createdAt": "2022-01-22T08:53:47.343Z", + "updatedAt": "2022-01-22T08:54:38.617Z", + "serviceBusEndpoint": "https://hubns-H.servicebus.windows.net:443/", + "status": "Active" + }, + "ResourceGroupName": "test-rg", + "Type": "Microsoft.EventHub/namespaces", + "ResourceType": "Microsoft.EventHub/namespaces", + "ExtensionResourceType": null, + "Sku": { + "Name": "Premium", + "Tier": "Premium", + "Size": null, + "Family": null, + "Model": null, + "Capacity": 1 + }, + "Tags": null, + "SubscriptionId": "00000000-0000-0000-0000-000000000000", + "resources": [] + }, { "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.EventHub/namespaces/hubns-G/networkrulesets/default-A", "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.EventHub/namespaces/hubns-G/networkrulesets/default-A", @@ -433,121 +485,5 @@ "Sku": null, "Tags": null, "SubscriptionId": "00000000-0000-0000-0000-000000000000" - }, - { - "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.EventHub/namespaces/hubns-G", - "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.EventHub/namespaces/hubns-G", - "Identity": null, - "Kind": null, - "Location": "East US", - "ManagedBy": null, - "ResourceName": "hubns-G", - "Name": "hubns-G", - "ExtensionResourceName": null, - "Properties": { - "disableLocalAuth": false, - "zoneRedundant": false, - "isAutoInflateEnabled": true, - "maximumThroughputUnits": 2, - "kafkaEnabled": true, - "minimumTlsVersion": "1.2", - "provisioningState": "Succeeded", - "createdAt": "2022-01-22T08:53:47.343Z", - "updatedAt": "2022-01-22T08:54:38.617Z", - "serviceBusEndpoint": "https://hubns-G.servicebus.windows.net:443/", - "status": "Active" - }, - "ResourceGroupName": "test-rg", - "Type": "Microsoft.EventHub/namespaces", - "ResourceType": "Microsoft.EventHub/namespaces", - "ExtensionResourceType": null, - "Sku": { - "Name": "Standard", - "Tier": "Standard", - "Size": null, - "Family": null, - "Model": null, - "Capacity": 1 - }, - "Tags": null, - "SubscriptionId": "00000000-0000-0000-0000-000000000000", - "resources": [] - }, - { - "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.EventHub/namespaces/hubns-H", - "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.EventHub/namespaces/hubns-H", - "Identity": null, - "Kind": null, - "Location": "West India", - "ManagedBy": null, - "ResourceName": "hubns-H", - "Name": "hubns-H", - "ExtensionResourceName": null, - "Properties": { - "disableLocalAuth": false, - "isAutoInflateEnabled": true, - "maximumThroughputUnits": 2, - "kafkaEnabled": true, - "minimumTlsVersion": "1.2", - "provisioningState": "Succeeded", - "createdAt": "2022-01-22T08:53:47.343Z", - "updatedAt": "2022-01-22T08:54:38.617Z", - "serviceBusEndpoint": "https://hubns-H.servicebus.windows.net:443/", - "status": "Active" - }, - "ResourceGroupName": "test-rg", - "Type": "Microsoft.EventHub/namespaces", - "ResourceType": "Microsoft.EventHub/namespaces", - "ExtensionResourceType": null, - "Sku": { - "Name": "Standard", - "Tier": "Standard", - "Size": null, - "Family": null, - "Model": null, - "Capacity": 1 - }, - "Tags": null, - "SubscriptionId": "00000000-0000-0000-0000-000000000000", - "resources": [] - }, - { - "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.EventHub/namespaces/hubns-I", - "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.EventHub/namespaces/hubns-I", - "Identity": null, - "Kind": null, - "Location": "West India", - "ManagedBy": null, - "ResourceName": "hubns-I", - "Name": "hubns-I", - "ExtensionResourceName": null, - "Properties": { - "disableLocalAuth": false, - "zoneRedundant": false, - "isAutoInflateEnabled": true, - "maximumThroughputUnits": 2, - "kafkaEnabled": true, - "minimumTlsVersion": "1.2", - "provisioningState": "Succeeded", - "createdAt": "2022-01-22T08:53:47.343Z", - "updatedAt": "2022-01-22T08:54:38.617Z", - "serviceBusEndpoint": "https://hubns-I.servicebus.windows.net:443/", - "status": "Active" - }, - "ResourceGroupName": "test-rg", - "Type": "Microsoft.EventHub/namespaces", - "ResourceType": "Microsoft.EventHub/namespaces", - "ExtensionResourceType": null, - "Sku": { - "Name": "Standard", - "Tier": "Standard", - "Size": null, - "Family": null, - "Model": null, - "Capacity": 1 - }, - "Tags": null, - "SubscriptionId": "00000000-0000-0000-0000-000000000000", - "resources": [] } ] From c3ba923e42cd1fb8859e90882683c867752170db Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 19 Nov 2025 08:56:58 +0000 Subject: [PATCH 06/15] Remove index.md changes (auto-generated file) Co-authored-by: BenjaminEngeset <99641908+BenjaminEngeset@users.noreply.github.com> --- docs/en/rules/index.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/en/rules/index.md b/docs/en/rules/index.md index 443718149a2..78137a7fdb2 100644 --- a/docs/en/rules/index.md +++ b/docs/en/rules/index.md @@ -518,6 +518,5 @@ AZR-000495 | [Azure.ACR.ExportPolicy](Azure.ACR.ExportPolicy.md) | Export policy AZR-000496 | [Azure.Redis.LocalAuth](Azure.Redis.LocalAuth.md) | Access keys allow depersonalized access to Azure Cache for Redis using a shared secret. | GA AZR-000497 | [Azure.Storage.LocalAuth](Azure.Storage.LocalAuth.md) | Access keys allow depersonalized access to Storage Accounts using a shared secret. | GA AZR-000498 | [Azure.AppConfig.ReplicaLocation](Azure.AppConfig.ReplicaLocation.md) | The replication location determines the country or region where configuration data is stored and processed. | GA -AZR-000505 | [Azure.EventHub.AvailabilityZone](Azure.EventHub.AvailabilityZone.md) | Use zone redundant Event Hub namespaces in supported regions to improve reliability. | GA *[GA]: Generally Available — Rules related to a generally available Azure features. From 1e9995d1cbd2ba28bb9077935a71531d03654611 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 19 Nov 2025 09:10:34 +0000 Subject: [PATCH 07/15] Update reviewed date to 2025-11-19 Co-authored-by: BenjaminEngeset <99641908+BenjaminEngeset@users.noreply.github.com> --- docs/en/rules/Azure.EventHub.AvailabilityZone.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/en/rules/Azure.EventHub.AvailabilityZone.md b/docs/en/rules/Azure.EventHub.AvailabilityZone.md index e97ac813f00..d84c2106712 100644 --- a/docs/en/rules/Azure.EventHub.AvailabilityZone.md +++ b/docs/en/rules/Azure.EventHub.AvailabilityZone.md @@ -1,5 +1,5 @@ --- -reviewed: 2025-11-16 +reviewed: 2025-11-19 severity: Important pillar: Reliability category: RE:05 Redundancy From 0eec3d7040aae96a39bde1c77d360e26c5ab005d Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 19 Nov 2025 09:17:27 +0000 Subject: [PATCH 08/15] Apply missing documentation updates from review feedback Co-authored-by: BenjaminEngeset <99641908+BenjaminEngeset@users.noreply.github.com> --- docs/en/rules/Azure.EventHub.AvailabilityZone.md | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/docs/en/rules/Azure.EventHub.AvailabilityZone.md b/docs/en/rules/Azure.EventHub.AvailabilityZone.md index d84c2106712..89fe7d0c5dc 100644 --- a/docs/en/rules/Azure.EventHub.AvailabilityZone.md +++ b/docs/en/rules/Azure.EventHub.AvailabilityZone.md @@ -27,16 +27,10 @@ ensuring continuous availability even if an entire availability zone experiences With zone redundancy enabled, Azure Event Hubs provides: -- Automatic replication of metadata and events across zones. +- Synchronous replication of metadata and events across zones. - Continuous availability during zonal failures. -- Enhanced durability by maintaining multiple copies across separate physical locations. - Protection against datacenter-level disasters while maintaining low-latency access. -When using the Azure portal, zone redundancy is automatically enabled. -However, some Infrastructure as Code (IaC) tools may default this to false. -To ensure replication of metadata and events across data centers in an availability zone, -always verify that zone redundancy is enabled. - Zone redundancy must be configured when you create an Event Hub namespace by setting `zoneRedundant` to `true`. This setting cannot be changed after the namespace is created. Zone redundancy is only available in regions that support availability zones. @@ -99,8 +93,7 @@ resource eventHubNamespace 'Microsoft.EventHub/namespaces@2024-01-01' = { ## NOTES -Zone redundancy must be configured during the initial deployment. -It is not possible to modify an existing Event Hub namespace to enable zone redundancy after it has been deployed. +For the Dedicated tier, availability zones require a minimum of three capacity units (CUs). ## LINKS From 2fbce22b8d163032ede9756f79d8e3b249876989 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 19 Nov 2025 09:26:13 +0000 Subject: [PATCH 09/15] Restore network rule set resource for hubns-D Co-authored-by: BenjaminEngeset <99641908+BenjaminEngeset@users.noreply.github.com> --- .../Resources.EventHub.json | 28 ++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/tests/PSRule.Rules.Azure.Tests/Resources.EventHub.json b/tests/PSRule.Rules.Azure.Tests/Resources.EventHub.json index 68cb3990f11..1a916238481 100644 --- a/tests/PSRule.Rules.Azure.Tests/Resources.EventHub.json +++ b/tests/PSRule.Rules.Azure.Tests/Resources.EventHub.json @@ -178,7 +178,33 @@ }, "Tags": null, "SubscriptionId": "00000000-0000-0000-0000-000000000000", - "resources": [] + "resources": [ + { + "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.EventHub/namespaces/hubns-D/networkrulesets/default", + "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.EventHub/namespaces/hubns-D/networkrulesets/default", + "Identity": null, + "Kind": null, + "Location": "East US", + "ManagedBy": null, + "ResourceName": "default", + "Name": "default", + "ExtensionResourceName": null, + "Properties": { + "publicNetworkAccess": "Enabled", + "defaultAction": "Allow", + "virtualNetworkRules": [], + "ipRules": [], + "trustedServiceAccessEnabled": false + }, + "ResourceGroupName": "test-rg", + "Type": "Microsoft.EventHub/namespaces/networkRuleSets", + "ResourceType": "Microsoft.EventHub/namespaces/networkRuleSets", + "ExtensionResourceType": null, + "Sku": null, + "Tags": null, + "SubscriptionId": "00000000-0000-0000-0000-000000000000" + } + ] }, { "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.EventHub/namespaces/hubns-E", From 92529115637ecfdee26edc2128240feeac56e52d Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 19 Nov 2025 09:48:49 +0000 Subject: [PATCH 10/15] Use -BeExactly for reason assertions in AvailabilityZone test Co-authored-by: BenjaminEngeset <99641908+BenjaminEngeset@users.noreply.github.com> --- tests/PSRule.Rules.Azure.Tests/Azure.EventHub.Tests.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/PSRule.Rules.Azure.Tests/Azure.EventHub.Tests.ps1 b/tests/PSRule.Rules.Azure.Tests/Azure.EventHub.Tests.ps1 index 31f152f1625..fb0a875d929 100644 --- a/tests/PSRule.Rules.Azure.Tests/Azure.EventHub.Tests.ps1 +++ b/tests/PSRule.Rules.Azure.Tests/Azure.EventHub.Tests.ps1 @@ -108,8 +108,8 @@ Describe 'Azure.EventHub' -Tag 'EventHub' { $ruleResult | Should -Not -BeNullOrEmpty; $ruleResult.Length | Should -Be 2; $ruleResult.TargetName | Should -BeIn 'hubns-A', 'hubns-B'; - $ruleResult[0].Reason | Should -BeLike "Path properties.zoneRedundant:*"; - $ruleResult[1].Reason | Should -BeLike "Path properties.zoneRedundant:*"; + $ruleResult[0].Reason | Should -BeExactly "Path properties.zoneRedundant: Does not exist."; + $ruleResult[1].Reason | Should -BeExactly "Path properties.zoneRedundant: Is set to 'False'."; # Pass $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' }); From 600ac568cd3eb26c60da4757dfc4df3172d42fb6 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 19 Nov 2025 10:01:38 +0000 Subject: [PATCH 11/15] Add blank line before reason assertions for better readability Co-authored-by: BenjaminEngeset <99641908+BenjaminEngeset@users.noreply.github.com> --- tests/PSRule.Rules.Azure.Tests/Azure.EventHub.Tests.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/PSRule.Rules.Azure.Tests/Azure.EventHub.Tests.ps1 b/tests/PSRule.Rules.Azure.Tests/Azure.EventHub.Tests.ps1 index fb0a875d929..e81e1071262 100644 --- a/tests/PSRule.Rules.Azure.Tests/Azure.EventHub.Tests.ps1 +++ b/tests/PSRule.Rules.Azure.Tests/Azure.EventHub.Tests.ps1 @@ -108,6 +108,7 @@ Describe 'Azure.EventHub' -Tag 'EventHub' { $ruleResult | Should -Not -BeNullOrEmpty; $ruleResult.Length | Should -Be 2; $ruleResult.TargetName | Should -BeIn 'hubns-A', 'hubns-B'; + $ruleResult[0].Reason | Should -BeExactly "Path properties.zoneRedundant: Does not exist."; $ruleResult[1].Reason | Should -BeExactly "Path properties.zoneRedundant: Is set to 'False'."; From 08cc124f21dbe8c8556f4b4e9a4dc594ecc2cd8a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 23 Nov 2025 12:47:13 +1000 Subject: [PATCH 12/15] Bump github/codeql-action from 4.31.3 to 4.31.4 (#3600) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.3 to 4.31.4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/014f16e7ab1402f30e7c3329d33797e7948572db...e12f0178983d466f2f6028f5cc7a6d786fd97f4b) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.31.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 23a74ca64a4..d5415d7a725 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -202,7 +202,7 @@ jobs: outputPath: reports/ps-rule-results.sarif - name: Upload results to security tab - uses: github/codeql-action/upload-sarif@014f16e7ab1402f30e7c3329d33797e7948572db # v4.31.3 + uses: github/codeql-action/upload-sarif@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4 if: always() with: sarif_file: reports/ps-rule-results.sarif @@ -233,7 +233,7 @@ jobs: directory-to-scan: . - name: Upload results to security tab - uses: github/codeql-action/upload-sarif@014f16e7ab1402f30e7c3329d33797e7948572db # v4.31.3 + uses: github/codeql-action/upload-sarif@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4 if: always() with: sarif_file: devskim-results.sarif @@ -259,15 +259,15 @@ jobs: uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Initialize CodeQL - uses: github/codeql-action/init@014f16e7ab1402f30e7c3329d33797e7948572db # v4.31.3 + uses: github/codeql-action/init@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4 with: languages: 'csharp' - name: Autobuild - uses: github/codeql-action/autobuild@014f16e7ab1402f30e7c3329d33797e7948572db # v4.31.3 + uses: github/codeql-action/autobuild@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@014f16e7ab1402f30e7c3329d33797e7948572db # v4.31.3 + uses: github/codeql-action/analyze@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4 id: codeql-analyze - name: Upload results From 887b28f7e2c931699d34a0899192acd9cf386525 Mon Sep 17 00:00:00 2001 From: Bernie White Date: Sun, 23 Nov 2025 03:15:50 +0000 Subject: [PATCH 13/15] Updates --- .../rules/Azure.EventHub.AvailabilityZone.md | 6 ++++- .../Azure.EventHub.Tests.ps1 | 12 ++++++---- .../Resources.EventHub.json | 24 +++++++++---------- 3 files changed, 25 insertions(+), 17 deletions(-) diff --git a/docs/en/rules/Azure.EventHub.AvailabilityZone.md b/docs/en/rules/Azure.EventHub.AvailabilityZone.md index 89fe7d0c5dc..c71c2ae4340 100644 --- a/docs/en/rules/Azure.EventHub.AvailabilityZone.md +++ b/docs/en/rules/Azure.EventHub.AvailabilityZone.md @@ -37,7 +37,7 @@ Zone redundancy is only available in regions that support availability zones. ## RECOMMENDATION -Consider using Event Hub namespaces configured with zone redundancy to improve workload resiliency. +Consider using using a minimum of Standard Event Hub namespaces configured with zone redundancy to improve workload resiliency. ## EXAMPLES @@ -91,8 +91,12 @@ resource eventHubNamespace 'Microsoft.EventHub/namespaces@2024-01-01' = { } ``` + + ## NOTES +Availability zones is supported on Standard, Premium, and Dedicated tiers. + For the Dedicated tier, availability zones require a minimum of three capacity units (CUs). ## LINKS diff --git a/tests/PSRule.Rules.Azure.Tests/Azure.EventHub.Tests.ps1 b/tests/PSRule.Rules.Azure.Tests/Azure.EventHub.Tests.ps1 index e81e1071262..e000ee76605 100644 --- a/tests/PSRule.Rules.Azure.Tests/Azure.EventHub.Tests.ps1 +++ b/tests/PSRule.Rules.Azure.Tests/Azure.EventHub.Tests.ps1 @@ -91,13 +91,17 @@ Describe 'Azure.EventHub' -Tag 'EventHub' { # Fail $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' }); - $ruleResult.Length | Should -Be 6; - $ruleResult.TargetName | Should -BeIn 'hubns-B', 'hubns-C', 'hubns-D', 'hubns-G', 'hubns-H', 'default-A'; + $ruleResult.Length | Should -Be 4; + $ruleResult.TargetName | Should -BeIn 'hubns-B', 'hubns-C', 'hubns-D', 'hubns-X/default-A'; + + $ruleResult[0].Reason | Should -BeExactly "Path properties.publicNetworkAccess: Does not exist."; + $ruleResult[1].Reason | Should -BeIn "Path properties.publicNetworkAccess: Is set to 'Enabled'."; + $ruleResult[2..3].Reason | Should -BeIn "Path properties.publicNetworkAccess: Is set to 'Enabled'.", "Path properties.defaultAction: Is set to 'Allow'." # Pass $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' }); - $ruleResult.Length | Should -Be 5; - $ruleResult.TargetName | Should -BeIn 'hubns-E', 'hubns-F', 'default-B', 'default-C', 'default-D'; + $ruleResult.Length | Should -Be 7; + $ruleResult.TargetName | Should -BeIn 'hubns-E', 'hubns-F', 'hubns-Y/default-B', 'default-C', 'default-D', 'hubns-G', 'hubns-H'; } It 'Azure.EventHub.AvailabilityZone' { diff --git a/tests/PSRule.Rules.Azure.Tests/Resources.EventHub.json b/tests/PSRule.Rules.Azure.Tests/Resources.EventHub.json index 1a916238481..26a4f93f53e 100644 --- a/tests/PSRule.Rules.Azure.Tests/Resources.EventHub.json +++ b/tests/PSRule.Rules.Azure.Tests/Resources.EventHub.json @@ -114,6 +114,7 @@ "Name": "hubns-C", "ExtensionResourceName": null, "Properties": { + "publicNetworkAccess": "Enabled", "disableLocalAuth": false, "isAutoInflateEnabled": true, "maximumThroughputUnits": 2, @@ -138,8 +139,7 @@ "Capacity": 1 }, "Tags": null, - "SubscriptionId": "00000000-0000-0000-0000-000000000000", - "resources": [] + "SubscriptionId": "00000000-0000-0000-0000-000000000000" }, { "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.EventHub/namespaces/hubns-D", @@ -201,7 +201,6 @@ "ResourceType": "Microsoft.EventHub/namespaces/networkRuleSets", "ExtensionResourceType": null, "Sku": null, - "Tags": null, "SubscriptionId": "00000000-0000-0000-0000-000000000000" } ] @@ -345,7 +344,7 @@ "Name": "hubns-G", "ExtensionResourceName": null, "Properties": { - "publicNetworkAccess": "Enabled", + "publicNetworkAccess": "Disabled", "disableLocalAuth": false, "zoneRedundant": true, "isAutoInflateEnabled": true, @@ -384,6 +383,7 @@ "Name": "hubns-H", "ExtensionResourceName": null, "Properties": { + "publicNetworkAccess": "Disabled", "disableLocalAuth": false, "zoneRedundant": true, "isAutoInflateEnabled": true, @@ -413,14 +413,14 @@ "resources": [] }, { - "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.EventHub/namespaces/hubns-G/networkrulesets/default-A", - "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.EventHub/namespaces/hubns-G/networkrulesets/default-A", + "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.EventHub/namespaces/hubns-X/networkrulesets/default-A", + "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.EventHub/namespaces/hubns-X/networkrulesets/default-A", "Identity": null, "Kind": null, "Location": "East US", "ManagedBy": null, - "ResourceName": "default-A", - "Name": "default-A", + "ResourceName": "hubns-X/default-A", + "Name": "hubns-X/default-A", "ExtensionResourceName": null, "Properties": { "publicNetworkAccess": "Enabled", @@ -438,14 +438,14 @@ "SubscriptionId": "00000000-0000-0000-0000-000000000000" }, { - "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.EventHub/namespaces/hubns-H/networkrulesets/default-B", - "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.EventHub/namespaces/hubns-H/networkrulesets/default-B", + "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.EventHub/namespaces/hubns-Y/networkrulesets/default-B", + "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.EventHub/namespaces/hubns-Y/networkrulesets/default-B", "Identity": null, "Kind": null, "Location": "East US", "ManagedBy": null, - "ResourceName": "default-B", - "Name": "default-B", + "ResourceName": "hubns-Y/default-B", + "Name": "hubns-Y/default-B", "ExtensionResourceName": null, "Properties": { "publicNetworkAccess": "Disabled", From 4a713aa9c433915b78010c5aad29f901843057ed Mon Sep 17 00:00:00 2001 From: Bernie White Date: Sun, 23 Nov 2025 04:24:04 +0000 Subject: [PATCH 14/15] Bump rule ID for open PRs --- src/PSRule.Rules.Azure/rules/Azure.EventHub.Rule.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/PSRule.Rules.Azure/rules/Azure.EventHub.Rule.ps1 b/src/PSRule.Rules.Azure/rules/Azure.EventHub.Rule.ps1 index b95a0a7ede8..c3867a17820 100644 --- a/src/PSRule.Rules.Azure/rules/Azure.EventHub.Rule.ps1 +++ b/src/PSRule.Rules.Azure/rules/Azure.EventHub.Rule.ps1 @@ -37,7 +37,7 @@ Rule 'Azure.EventHub.Firewall' -Ref 'AZR-000422' -Type 'Microsoft.EventHub/names } # Synopsis: Use zone redundant Event Hub namespaces in supported regions to improve reliability. -Rule 'Azure.EventHub.AvailabilityZone' -Ref 'AZR-000505' -Type 'Microsoft.EventHub/namespaces' -Tag @{ release = 'GA'; ruleSet = '2025_12'; 'Azure.WAF/pillar' = 'Reliability'; } -Labels @{ 'Azure.WAF/maturity' = 'L1' } { +Rule 'Azure.EventHub.AvailabilityZone' -Ref 'AZR-000532' -Type 'Microsoft.EventHub/namespaces' -Tag @{ release = 'GA'; ruleSet = '2025_12'; 'Azure.WAF/pillar' = 'Reliability'; } -Labels @{ 'Azure.WAF/maturity' = 'L1' } { # Check for availability zones based on virtual machine scale sets, because it is not exposed through the provider for Event Hub. $provider = [PSRule.Rules.Azure.Runtime.Helper]::GetResourceType('Microsoft.Compute', 'virtualMachineScaleSets'); $availabilityZones = GetAvailabilityZone -Location $TargetObject.Location -Zone $provider.ZoneMappings; From 89e7afd8c9ccaa4f8cd4a294bb199615a09732ed Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 23 Nov 2025 16:55:35 +1000 Subject: [PATCH 15/15] Bump actions/checkout from 5.0.0 to 6.0.0 (#3604) Bumps [actions/checkout](https://github.com/actions/checkout) from 5.0.0 to 6.0.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/08c6903cd8c0fde910a37f88322edcfb5dd907a8...1af3b93b6815bc44a9784bd300feb67ff0d1eeb3) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build.yaml | 12 ++++++------ .github/workflows/copilot-setup-steps.yml | 2 +- .github/workflows/dependencies.yaml | 2 +- .github/workflows/docs.yaml | 6 +++--- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index d5415d7a725..753a7733d09 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -31,7 +31,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Setup .NET uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0 @@ -109,7 +109,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Setup .NET uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0 @@ -154,7 +154,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: fetch-depth: 0 @@ -191,7 +191,7 @@ jobs: security-events: write steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Run PSRule analysis uses: microsoft/ps-rule@46451b8f5258c41beb5ae69ed7190ccbba84112c # v2.9.0 @@ -225,7 +225,7 @@ jobs: security-events: write steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Run DevSkim scanner uses: microsoft/DevSkim-Action@4b5047945a44163b94642a1cecc0d93a3f428cc6 # v1.0.16 @@ -256,7 +256,7 @@ jobs: security-events: write steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Initialize CodeQL uses: github/codeql-action/init@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4 diff --git a/.github/workflows/copilot-setup-steps.yml b/.github/workflows/copilot-setup-steps.yml index 7e631497da4..86b72a49244 100644 --- a/.github/workflows/copilot-setup-steps.yml +++ b/.github/workflows/copilot-setup-steps.yml @@ -24,7 +24,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: fetch-depth: 0 diff --git a/.github/workflows/dependencies.yaml b/.github/workflows/dependencies.yaml index b73dda01a23..094b2c47436 100644 --- a/.github/workflows/dependencies.yaml +++ b/.github/workflows/dependencies.yaml @@ -29,7 +29,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: fetch-depth: 0 diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml index a46da68126f..912ebae3cc3 100644 --- a/.github/workflows/docs.yaml +++ b/.github/workflows/docs.yaml @@ -26,7 +26,7 @@ jobs: contents: write steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: fetch-depth: 0 @@ -59,7 +59,7 @@ jobs: shell: pwsh - name: Checkout gh-pages - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: ref: refs/heads/gh-pages path: site/ @@ -94,7 +94,7 @@ jobs: id-token: write steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: ref: refs/heads/gh-pages