PSRule.Rules.Azure
PSRule.Rules.Azure copied to clipboard
Azure
Rules to validate Azure resources and infrastructure as code (IaC) using PSRule.
### Discussed in https://github.com/Azure/PSRule.Rules.Azure/discussions/1990 Originally posted by **JonasCordsen** January 14, 2023 Hello @BernieWhite We are running PSRule and found out that if our deployment parameter file has a parameters that...
When generating rules from policy, some cases can be optimized. Specifically when `allOf` and `anyOf` are nested. ## Single child For example, an `anyOf` only child of a `allOf`: ```json...
**Description of the issue** We have (via IaC) deployed app services with the property 'https_only = true' in Terraform F CAF code. When reviewing the deployed resource in the Azure...
# Rule request ## Suggested rule change AKS clusters using Azure CNI should use Azure CNI Overlay networking which currently is in **preview**. Azure CNI Overlay currently has some limitations...
To support exemptions (#1887), exclusions (#1890), and scoped policy assignment rules (#1891) need to emit a scope to resources during expansion. To further complicate this, a single repository could include...
Policy assignments are define against a specific scope. Currently if policy as rules are exported from Azure Policy all rules will apply to matching resource regardless of resource scope. To...
Azure Policy supports exemptions to ignore mitigated or waved policy controls. When importing policy from Azure we also need to add support for these controls. Natively PSRule supports suppression groups...
Azure Policy assignments can be excluded from applying to scopes by using the `notScopes`. We should generate selectors or sub-selectors that automatically ignore resources that have these scopes if `notScopes`...
After exemptions are exported (#1888) from Azure the data needs to be converted into a suppression group as discussed in #1887.
**Description of the issue** Tags are not handled by `Export-AzPolicyAssignmentRuleData` **To Reproduce** Steps to reproduce the issue: Run `Get-AzPolicyAssignmentDataSource | Export-AzPolicyAssignmentRuleData -Verbose` against an assignment file with this content: ```...
