Validate objects with Azure policy conditions

[BernieWhite]

PSRule can validate objects with custom PowerShell, YAML or JSON rules.

PSRule for Azure should be able to validate resources based on Azure Policies.

Migrated from Microsoft/PSRule#43

[ArmaanMcleod]

@BernieWhite I can probably help with this one. Should be able to use the JSON format from PSRule to make this easier to do.

[BernieWhite]

@ArmaanMcleod I've had quite a bit of time to think about this one. I think for the most part we should provide a way to export Azure Policy assignments and linked definitions into JSON based rules. I say assignments because there may be parameters like many of the built-in policies support. Customers would set these to different values based on their environment.

Maybe use the built-in "Allowed locations" policy as a sample case.

[ArmaanMcleod]

@BernieWhite Would we export Azure Policies with a cmdlet like Export-AzRulePolicyAssignmentData? I'd assume this could handle builtin and custom policies, and flags to filter by management groups/subscriptions(resource group as well for assignments). Also would make sense to export the full linked defintions along with the assignments to JSON based rules, and support pre and post validation.

Let me know what you think. Might need to figure out how we want to design this cmdlet.

[BernieWhite]

@ArmaanMcleod Yes. I was thinking:

• Default to the current subscription scope or provide the specific scope that you want to export.
• Export policy assignments and referenced policy definitions. I don't think we care or want to collect any additional policy definitions that are not assigned.
• Visit the policy assignment bundle, and emit JSON rules.