PSRule.Rules.Azure
PSRule.Rules.Azure copied to clipboard
Azure
Rules to validate Azure resources and infrastructure as code (IaC) using PSRule.
This issue is about looking through the policies definitions in https://github.com/Azure/PSRule.Rules.Azure/blob/main/tests/PSRule.Rules.Azure.Tests/Policy.assignment.json to identify any policies that are duplicates of existing rules within PSRule for Azure. Duplicates will: - Have documentation...
Using PSRule v2.8.1 Using PSRule.Rules.Azure v1.26.0 Github runner: Ubuntu-latest Deployment error ``` Error: Unable to expand resources because the source file '/home/runner/work/Solution.ManagedOxygen/Solution.ManagedOxygen/OxygenManagementZone.bicep' was not valid. An error occurred evaluating expression...
### Existing rule Azure.AKS.Version ### Suggested rule Update the rule to support handling for LTS version 1.27 when paid premium plan is active on a cluster. In the future, `Azure.AKS.Version`...
### Existing rule _No response_ ### Suggested rule A planned maintenance window should be used to schedule upgrades to avoid periods of high cluster utilization. The `aksManagedAutoUpgradeSchedule` should be used...
### Existing rule None ### Suggested rule Create a new rule `Azure.AKS.AuditAdmin` to flag when the `kube-audit` log is collected with diagnostic settings. When `kube-audit` is enabled, this can significantly...
Update documentation to include Bicep code samples. Find documentation here: https://azure.github.io/PSRule.Rules.Azure/en/rules/resource/#policy Find source here: https://github.com/Azure/PSRule.Rules.Azure/tree/main/docs/en/rules An example of documentation that is representative of ideal documentation is Cognitive Services: https://azure.github.io/PSRule.Rules.Azure/en/rules/resource/#cognitive-services
Review and update rule documentation with template and bicep examples. Find documentation here: https://azure.github.io/PSRule.Rules.Azure/en/rules/resource/#traffic-manager Find source here: https://github.com/Azure/PSRule.Rules.Azure/tree/main/docs/en/rules An example of documentation that is representative of ideal documentation is Cognitive...
### Existing rule Azure.AKS.AuditLogs ### Suggested rule Update the guidance. Both `kube-audit` or `kube-audit-admin` should not be enabled. Update the docs to reflect that: - Either log can be enabled....
### Existing rule _No response_ ### Suggested rule Use the `SecurityPatch` or `NodeImage` channels with node OS auto-upgrade to maintain secure node images to run cluster components and workloads. ###...
Bicep parameter files support loading from environment variables as values to module parameters. This can be implemented as configuration to dynamically set environment variable for Bicep CLI prior to build...