Release v1.11.0 (#1175)

.github/ISSUE_TEMPLATE/bug-report.md

@@ -31,7 +31,7 @@ Steps to reproduce the issue:
 **Module in use and version:**
 
 - Module: PSRule.Rules.Azure
-- Version: **[e.g. 1.10.0]**
+- Version: **[e.g. 1.11.0]**
 
 Captured output from `$PSVersionTable`:
 

docs/CHANGELOG-v1.md

@@ -7,6 +7,84 @@ See [troubleshooting guide] for a workaround to this issue.
 
 ## Unreleased
 
+## v1.11.0
+
+What's changed since v1.10.4:
+
+- New features:
+  - Added baselines containing only Azure preview features. [#1129](https://github.com/Azure/PSRule.Rules.Azure/issues/1129)
+    - Added baseline `Azure.Preview_2021_09`.
+    - Added baseline `Azure.Preview_2021_12`.
+  - Added `Azure.GA_2021_12` baseline. [#1146](https://github.com/Azure/PSRule.Rules.Azure/issues/1146)
+    - Includes rules released before or during December 2021 for Azure GA features.
+    - Marked baseline `Azure.GA_2021_09` as obsolete.
+  - Bicep support promoted from experimental to generally available (GA). [#1176](https://github.com/Azure/PSRule.Rules.Azure/issues/1176)
+- New rules:
+  - All resources:
+    - Check comments for each template resource. [#969](https://github.com/Azure/PSRule.Rules.Azure/issues/969)
+  - Automation Account:
+    - Automation accounts should enable diagnostic logs. [#1075](https://github.com/Azure/PSRule.Rules.Azure/issues/1075)
+  - Azure Kubernetes Service:
+    - Check clusters have the HTTP application routing add-on disabled. [#1131](https://github.com/Azure/PSRule.Rules.Azure/issues/1131)
+    - Check clusters use the Secrets Store CSI Driver add-on. [#992](https://github.com/Azure/PSRule.Rules.Azure/issues/992)
+    - Check clusters autorotation with the Secrets Store CSI Driver add-on. [#993](https://github.com/Azure/PSRule.Rules.Azure/issues/993)
+    - Check clusters use Azure AD Pod Managed Identities (preview). [#991](https://github.com/Azure/PSRule.Rules.Azure/issues/991)
+  - Azure Redis Cache:
+    - Use availability zones for Azure Cache for Redis for regions that support it. [#1078](https://github.com/Azure/PSRule.Rules.Azure/issues/1078)
+      - `Azure.Redis.AvailabilityZone`
+      - `Azure.RedisEnterprise.Zones`
+  - Application Security Group:
+    - Check Application Security Groups meet naming requirements. [#1110](https://github.com/Azure/PSRule.Rules.Azure/issues/1110)
+  - Firewall:
+    - Check Firewalls meet naming requirements. [#1110](https://github.com/Azure/PSRule.Rules.Azure/issues/1110)
+    - Check Firewall policies meet naming requirements. [#1110](https://github.com/Azure/PSRule.Rules.Azure/issues/1110)
+  - Private Endpoint:
+    - Check Private Endpoints meet naming requirements. [#1110](https://github.com/Azure/PSRule.Rules.Azure/issues/1110)
+  - Virtual WAN:
+    - Check Virtual WANs meet naming requirements. [#1110](https://github.com/Azure/PSRule.Rules.Azure/issues/1110)
+- Updated rules:
+  - Azure Kubernetes Service:
+    - Promoted `Azure.AKS.AutoUpgrade` to GA rule set. [#1130](https://github.com/Azure/PSRule.Rules.Azure/issues/1130)
+- General improvements:
+  - Added support for template function `tenant()`. [#1124](https://github.com/Azure/PSRule.Rules.Azure/issues/1124)
+  - Added support for template function `managementGroup()`. [#1125](https://github.com/Azure/PSRule.Rules.Azure/issues/1125)
+  - Added support for template function `pickZones()`. [#518](https://github.com/Azure/PSRule.Rules.Azure/issues/518)
+- Engineering:
+  - Rule refactoring of rules from PowerShell to YAML. [#1109](https://github.com/Azure/PSRule.Rules.Azure/issues/1109)
+    - The following rules were refactored:
+      - `Azure.LB.Name`
+      - `Azure.NSG.Name`
+      - `Azure.Firewall.Mode`
+      - `Azure.Route.Name`
+      - `Azure.VNET.Name`
+      - `Azure.VNG.Name`
+      - `Azure.VNG.ConnectionName`
+      - `Azure.AppConfig.SKU`
+      - `Azure.AppConfig.Name`
+      - `Azure.AppInsights.Workspace`
+      - `Azure.AppInsights.Name`
+      - `Azure.Cosmos.AccountName`
+      - `Azure.FrontDoor.State`
+      - `Azure.FrontDoor.Name`
+      - `Azure.FrontDoor.WAF.Mode`
+      - `Azure.FrontDoor.WAF.Enabled`
+      - `Azure.FrontDoor.WAF.Name`
+      - `Azure.AKS.MinNodeCount`
+      - `Azure.AKS.ManagedIdentity`
+      - `Azure.AKS.StandardLB`
+      - `Azure.AKS.AzurePolicyAddOn`
+      - `Azure.AKS.ManagedAAD`
+      - `Azure.AKS.AuthorizedIPs`
+      - `Azure.AKS.LocalAccounts`
+      - `Azure.AKS.AzureRBAC`
+- Bug fixes:
+  - Fixed output of Bicep informational and warning messages in error stream. [#1157](https://github.com/Azure/PSRule.Rules.Azure/issues/1157)
+
+What's changed since pre-release v1.11.0-B2112112:
+
+- New features:
+  - Bicep support promoted from experimental to generally available (GA). [#1176](https://github.com/Azure/PSRule.Rules.Azure/issues/1176)
+
 ## v1.11.0-B2112112 (pre-release)
 
 What's changed since pre-release v1.11.0-B2112104:
@@ -66,6 +144,7 @@ What's changed since pre-release v1.11.0-B2112024:
 - Bug fixes:
   - Fixed template function `equals` parameter count mismatch. [#1137](https://github.com/Azure/PSRule.Rules.Azure/issues/1137)
   - Fixed copy loop on nested deployment parameters is not handled. [#1144](https://github.com/Azure/PSRule.Rules.Azure/issues/1144)
+  - Fixed outer copy loop of nested deployment. [#1154](https://github.com/Azure/PSRule.Rules.Azure/issues/1154)
 
 ## v1.11.0-B2112024 (pre-release)
 
@@ -78,7 +157,7 @@ What's changed since pre-release v1.11.0-B2111014:
     - Check clusters autorotation with the Secrets Store CSI Driver add-on. [#993](https://github.com/Azure/PSRule.Rules.Azure/issues/993)
   - Automation Account:
     - Automation accounts should enable diagnostic logs. [#1075](https://github.com/Azure/PSRule.Rules.Azure/issues/1075)
-- Update rules:
+- Updated rules:
   - Azure Kubernetes Service:
     - Promoted `Azure.AKS.AutoUpgrade` to GA rule set. [#1130](https://github.com/Azure/PSRule.Rules.Azure/issues/1130)
 - General improvements:

docs/benchmark/results-pre-v1.8.0.md

@@ -0,0 +1,15 @@
+``` ini
+
+BenchmarkDotNet=v0.13.1, OS=Windows 10.0.19043.1165 (21H1/May2021Update)
+Intel Core i7-1065G7 CPU 1.30GHz, 1 CPU, 8 logical and 4 physical cores
+.NET SDK=5.0.400
+  [Host]     : .NET Core 3.1.18 (CoreCLR 4.700.21.35901, CoreFX 4.700.21.36305), X64 RyuJIT
+  DefaultJob : .NET Core 3.1.18 (CoreCLR 4.700.21.35901, CoreFX 4.700.21.36305), X64 RyuJIT
+
+
+```
+|               Method |     Mean |    Error |   StdDev |     Gen 0 |    Gen 1 | Allocated |
+|--------------------- |---------:|---------:|---------:|----------:|---------:|----------:|
+|             Template | 41.65 ms | 0.824 ms | 0.731 ms | 5333.3333 | 416.6667 |     21 MB |
+|     PropertyCopyLoop | 30.70 ms | 0.542 ms | 0.795 ms | 3843.7500 |  62.5000 |     15 MB |
+| UserDefinedFunctions | 17.54 ms | 0.322 ms | 0.301 ms | 1125.0000 |  31.2500 |      5 MB |

docs/benchmark/results-v1.10.4.md

@@ -0,0 +1,15 @@
+``` ini
+
+BenchmarkDotNet=v0.13.1, OS=Windows 10.0.22000
+Intel Core i7-1065G7 CPU 1.30GHz, 1 CPU, 8 logical and 4 physical cores
+.NET SDK=5.0.404
+  [Host]     : .NET Core 3.1.22 (CoreCLR 4.700.21.56803, CoreFX 4.700.21.57101), X64 RyuJIT
+  DefaultJob : .NET Core 3.1.22 (CoreCLR 4.700.21.56803, CoreFX 4.700.21.57101), X64 RyuJIT
+
+
+```
+|               Method |     Mean |    Error |    StdDev |     Gen 0 |     Gen 1 | Allocated |
+|--------------------- |---------:|---------:|----------:|----------:|----------:|----------:|
+|             Template | 74.25 ms | 4.140 ms | 12.206 ms | 6000.0000 | 1000.0000 |     27 MB |
+|     PropertyCopyLoop | 47.84 ms | 0.936 ms |  1.615 ms | 4444.4444 |  222.2222 |     18 MB |
+| UserDefinedFunctions | 28.87 ms | 0.574 ms |  1.224 ms | 1500.0000 |   62.5000 |      6 MB |

docs/benchmark/results-v1.11.0.md

@@ -0,0 +1,15 @@
+``` ini
+
+BenchmarkDotNet=v0.13.1, OS=Windows 10.0.22000
+Intel Core i7-1065G7 CPU 1.30GHz, 1 CPU, 8 logical and 4 physical cores
+.NET SDK=5.0.404
+  [Host]     : .NET Core 3.1.22 (CoreCLR 4.700.21.56803, CoreFX 4.700.21.57101), X64 RyuJIT
+  DefaultJob : .NET Core 3.1.22 (CoreCLR 4.700.21.56803, CoreFX 4.700.21.57101), X64 RyuJIT
+
+
+```
+|               Method |     Mean |    Error |   StdDev |     Gen 0 |     Gen 1 | Allocated |
+|--------------------- |---------:|---------:|---------:|----------:|----------:|----------:|
+|             Template | 78.97 ms | 2.842 ms | 8.246 ms | 6000.0000 | 1000.0000 |     27 MB |
+|     PropertyCopyLoop | 47.83 ms | 0.954 ms | 2.033 ms | 4400.0000 |  200.0000 |     18 MB |
+| UserDefinedFunctions | 29.42 ms | 0.587 ms | 1.172 ms | 1500.0000 |   62.5000 |      6 MB |

docs/benchmark/results-v1.8.1.md

@@ -0,0 +1,15 @@
+``` ini
+
+BenchmarkDotNet=v0.13.1, OS=Windows 10.0.22000
+Intel Core i7-1065G7 CPU 1.30GHz, 1 CPU, 8 logical and 4 physical cores
+.NET SDK=5.0.404
+  [Host]     : .NET Core 3.1.22 (CoreCLR 4.700.21.56803, CoreFX 4.700.21.57101), X64 RyuJIT
+  DefaultJob : .NET Core 3.1.22 (CoreCLR 4.700.21.56803, CoreFX 4.700.21.57101), X64 RyuJIT
+
+
+```
+|               Method |     Mean |    Error |   StdDev |     Gen 0 |     Gen 1 | Allocated |
+|--------------------- |---------:|---------:|---------:|----------:|----------:|----------:|
+|             Template | 49.11 ms | 1.871 ms | 5.307 ms | 5000.0000 | 1000.0000 |     21 MB |
+|     PropertyCopyLoop | 42.65 ms | 0.815 ms | 1.001 ms | 3812.5000 |  125.0000 |     15 MB |
+| UserDefinedFunctions | 26.26 ms | 0.518 ms | 1.126 ms | 1125.0000 |   31.2500 |      5 MB |

docs/benchmark/results-v1.9.1.md

@@ -0,0 +1,15 @@
+``` ini
+
+BenchmarkDotNet=v0.13.1, OS=Windows 10.0.22000
+Intel Core i7-1065G7 CPU 1.30GHz, 1 CPU, 8 logical and 4 physical cores
+.NET SDK=5.0.404
+  [Host]     : .NET Core 3.1.22 (CoreCLR 4.700.21.56803, CoreFX 4.700.21.57101), X64 RyuJIT
+  DefaultJob : .NET Core 3.1.22 (CoreCLR 4.700.21.56803, CoreFX 4.700.21.57101), X64 RyuJIT
+
+
+```
+|               Method |     Mean |    Error |   StdDev |     Gen 0 |    Gen 1 | Allocated |
+|--------------------- |---------:|---------:|---------:|----------:|---------:|----------:|
+|             Template | 54.28 ms | 1.081 ms | 1.443 ms | 5333.3333 | 555.5556 |     21 MB |
+|     PropertyCopyLoop | 42.15 ms | 0.823 ms | 0.881 ms | 3833.3333 | 166.6667 |     15 MB |
+| UserDefinedFunctions | 25.76 ms | 0.510 ms | 1.076 ms | 1125.0000 |  31.2500 |      5 MB |

docs/setup/configuring-expansion.md

@@ -49,7 +49,7 @@ configuration:
 
 ### Bicep source expansion
 
-:octicons-milestone-24: v1.6.0 · :octicons-beaker-24: Experimental
+:octicons-milestone-24: v1.11.0
 
 This configuration option determines if Azure Bicep source files will automatically be expanded.
 By default, Bicep files will not be automatically expanded.

docs/setup/setup-bicep.md

@@ -113,7 +113,7 @@ To configure additional arguments, set the `PSRULE_AZURE_BICEP_ARGS` environment
 
 ## Configuring expansion
 
-[:octicons-book-24: Docs][4] · :octicons-beaker-24: Experimental
+[:octicons-book-24: Docs][4]
 
 PSRule for Azure can automatically expand Bicep source files.
 When enabled, PSRule for Azure automatically expands and analyzes Azure resource from `.bicep` files.

docs/using-bicep.md

@@ -12,11 +12,6 @@ To enable this feature, you need to:
   - Define a deployment.
   - Configure path exclusions.
 
-!!! Experimental
-    Support for Bicep source files is currently an experimental feature.
-    It is not recommended for production use.
-    Please give us [feedback] on this feature and report any [issues] you encounter.
-
 !!! Abstract
     This topic covers how you can validate Azure resources within `.bicep` files.
     To learn more about why this is important see [Expanding source files](expanding-source-files.md).