This repository was archived by the owner on May 10, 2025. It is now read-only.

microsoft/PSRule.Rules.CAFPublic archive

NotificationsYou must be signed in to change notification settings
Fork14
Star64

A suite of rules to validate Azure resources against the Cloud Adoption Framework (CAF) using PSRule.

License

MIT license

64 stars 14 forks Branches Tags Activity

Star

Notifications

You must be signed in to change notification settings

Branches Tags

Folders and files

Name		Name	Last commit message	Last commit date
Latest commit History 105 Commits
.azure-pipelines		.azure-pipelines
.devcontainer		.devcontainer
.github		.github
.ps-rule		.ps-rule
.vscode		.vscode
docs		docs
scripts		scripts
src/PSRule.Rules.CAF		src/PSRule.Rules.CAF
tests/PSRule.Rules.CAF.Tests		tests/PSRule.Rules.CAF.Tests
.gitignore		.gitignore
.markdownlint.json		.markdownlint.json
BaselineToc.Doc.ps1		BaselineToc.Doc.ps1
CHANGELOG.md		CHANGELOG.md
CODE_OF_CONDUCT.md		CODE_OF_CONDUCT.md
CONTRIBUTING.md		CONTRIBUTING.md
LICENSE		LICENSE
README.md		README.md
RuleToc.Doc.ps1		RuleToc.Doc.ps1
SECURITY.md		SECURITY.md
SUPPORT.md		SUPPORT.md
build.ps1		build.ps1
modules.json		modules.json
pipeline.build.ps1		pipeline.build.ps1
ps-project.yaml		ps-project.yaml
ps-rule.yaml		ps-rule.yaml

Repository files navigation

PSRule for Cloud Adoption Framework

A suite of rules to validate Azure resources against the Cloud Adoption Framework (CAF) using PSRule.

Note

The features of PSRule for CAF have beenconsolidated into PSRule for Azure as of v1.43.0 andthis repository is now archived. Considermigrating your configuration to use PSRule for Azure.

You may still continue to download and use this module from source or the PowerShell Gallery,but it will not receive any further updates or support.

Please log any new issues athttps://github.com/Azure/PSRule.Rules.Azure/issues

Features of PSRule for CAF include:

Ready to go - Leverage configurable rules to validate Azure resources.
DevOps - Validate resources and infrastructure code pre or post-deployment.
Cross-platform - Run on MacOS, Linux, and Windows.

Getting the modules

This project requires thePSRule,PSRule.Rules.Azure andAz PowerShell modules.For details on each seeinstall.

You can download and install these modules from the PowerShell Gallery.

Module	Description	Downloads / instructions
PSRule.Rules.CAF	Validate Azure resources against the CAF.	latest /instructions

Getting started

PSRule for CAF provides two methods for analyzing Azure resources:

Pre-flight - Before resources are deployed from Azure Resource Manager (ARM) templates.
In-flight - After resource are deployed to an Azure subscription.

For additional details see theFAQ.

Using with GitHub Actions

The following example shows how to setup Github Actions to validate templates pre-flight.

SeeCreating a workflow file.
Referencemicrosoft/ps-rule withmodules: 'PSRule.Rules.CAF'.
Create and configureps-rule.yaml in the repository root directory.

Example workflow:

# Example: .github/workflows/analyze-arm.yaml## STEP 1: Template validation#name:Analyze templateson:-pull_requestjobs:analyze_arm:name:Analyze templatesruns-on:ubuntu-lateststeps:    -name:Checkoutuses:actions/checkout@v3# STEP 3: Run analysis against PSRule for Cloud Adoption Framework    -name:Test Azure Infrastructure as Codeuses:microsoft/ps-rule@v2.0.0with:modules:'PSRule.Rules.CAF'

Example PSRule options:

# Example: ps-rule.yaml## PSRule configuration## Please see the documentation for all configuration options:# https://aka.ms/ps-rule/optionsinclude:module:  -PSRule.Rules.CAFrequires:PSRule.Rules.CAF:'>=0.3.0'output:culture:  -en-USconfiguration:# Enable expansion for Bicep source files.AZURE_BICEP_FILE_EXPANSION:true# Enable expansion for template expansion.AZURE_PARAMETER_FILE_EXPANSION:true

Using with Azure Pipelines

The following example shows how to setup Azure Pipelines to validate templates pre-flight.

InstallPSRule extension for Azure DevOps marketplace.
Create a new YAML pipeline with theStarter pipeline template.
Add thePSRule analysis task.
- Setmodules toPSRule.Rules.CAF.
Create and configureps-rule.yaml in the repository root directory.

Example pipeline:

# Example: .pipelines/analyze-arm.yaml## STEP 2: Template validation#jobs:-job:'analyze_arm'displayName:'Analyze templates'pool:vmImage:'ubuntu-20.04'steps:# STEP 3: Run analysis against PSRule for Cloud Adoption Framework  -task:ps-rule-assert@1displayName:Test Azure Infrastructure as Codeinputs:modules:'PSRule.Rules.CAF'

Example PSRule options:

# Example: ps-rule.yaml## PSRule configuration## Please see the documentation for all configuration options:# https://aka.ms/ps-rule/optionsinclude:module:  -PSRule.Rules.CAFrequires:PSRule.Rules.CAF:'>=0.3.0'output:culture:  -en-USconfiguration:# Enable expansion for Bicep source files.AZURE_BICEP_FILE_EXPANSION:true# Enable expansion for template expansion.AZURE_PARAMETER_FILE_EXPANSION:true

Using locally

The following example shows how to setup PSRule locally to validate templates pre-flight.

Install thePSRule.Rules.CAF module and dependencies from the PowerShell Gallery.
Create and configureps-rule.yaml in the repository root directory.
Run analysis against PSRule for Cloud Adoption Framework.

Example install command-line:

# STEP 1: Install from the PowerShell GalleryInstall-Module-Name'PSRule.Rules.CAF'-Scope CurrentUser-Repository PSGallery;

Example PSRule options:

# Example: ps-rule.yaml## PSRule configuration## Please see the documentation for all configuration options:# https://aka.ms/ps-rule/optionsinclude:module:  -PSRule.Rules.CAFrequires:PSRule.Rules.CAF:'>=0.3.0'output:culture:  -en-USconfiguration:# Enable expansion for Bicep source files.AZURE_BICEP_FILE_EXPANSION:true# Enable expansion for template expansion.AZURE_PARAMETER_FILE_EXPANSION:true

Example test command-line:

# STEP 3: Test Azure Infrastructure as CodeAssert-PSRule-Module'PSRule.Rules.CAF'-Format File-InputPath'.';

Troubleshooting expansion

A number of issues can occur when expanding Azure templates or Bicep source files.Or you may not get any results at all if expansion is not configured.See the following topics:

Export in-flight resource data

The following example shows how to setup PSRule locally to validate resources running in a subscription.

Install thePSRule.Rules.CAF module and dependencies from the PowerShell Gallery.
Connect and set context to an Azure subscription from PowerShell.
Export the resource data with theExport-AzRuleData cmdlet.
Run analysis against exported data.

For example:

# STEP 1: Install PSRule.Rules.CAF from the PowerShell GalleryInstall-Module-Name'PSRule.Rules.CAF'-Scope CurrentUser;# STEP 2: Authenticate to Azure, only required if not currently connectedConnect-AzAccount;# Confirm the current subscription contextGet-AzContext;# STEP 3: Exports a resource graph stored as JSON for analysisExport-AzRuleData-OutputPath'out/templates/';# STEP 4: Run analysis against exported dataAssert-PSRule-Module'PSRule.Rules.CAF'-InputPath'out/templates/';

Rule reference

For a list of rules included in thePSRule.Rules.CAF module see:

Module rule reference

Rules included in this module define a number of configurable values that can be set on an as need basis.By default these values use the standards defined by the CAF.A list of configurable values are included in the reference for each rule.

Language reference

Commands

This module uses commands from thePSRule.Rules.Azure module to export resource configuration data.ThePSRule.Rules.Azure module is included as a dependency ofPSRule.Rules.CAF.

For details ofPSRule.Rules.Azure commands see:

Export-AzRuleData - Export resource configuration data from Azure subscriptions.
Export-AzTemplateRuleData - Export resource configuration data from Azure templates.

Changes and versioning

Modules in this repository will use thesemantic versioning model to declare breaking changes from v1.0.0.Prior to v1.0.0, breaking changes may be introduced in minor (0.x.0) version increments.For a list of module changes please see thechange log.

Pre-release module versions are created on major commits and can be installed from the PowerShell Gallery.Pre-release versions should be considered experimental.Modules and change log details for pre-releases will be removed as standard releases are made available.