diff --git a/.vscode/settings.json b/.vscode/settings.json index a5eb5c9..f2c5063 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -21,6 +21,7 @@ "**/.azure-pipelines/*.yaml": "azure-pipelines" }, "cSpell.words": [ + "NSGs", "Subnet", "VNET", "hashtable", diff --git a/docs/rules/en/CAF.Name.Connection.md b/docs/rules/en/CAF.Name.Connection.md new file mode 100644 index 0000000..8f0aa0a --- /dev/null +++ b/docs/rules/en/CAF.Name.Connection.md @@ -0,0 +1,41 @@ +--- +category: Naming +online version: https://github.com/microsoft/PSRule.Rules.CAF/blob/master/docs/rules/en/CAF.Name.Connection.md +--- + +# Use standard connection names + +## SYNOPSIS + +Virtual network gateway connection names should use a standard prefix and meet naming requirements. + +## DESCRIPTION + +An effective naming convention allows operators to quickly identify resource type, associated workload, +deployment environment and Azure region. + +For virtual network gateway connections, the Cloud Adoption Framework recommends using the `cn-` prefix. + +Requirements for virtual network gateway connection names: + +- At least 1 character, but no more than 80. +- Can include alphanumeric, underscore, hyphen, period characters. +- Can only start with a letter or number, and end with a letter, number or underscore. +- Connection names must be unique within a resource group. + +## RECOMMENDATION + +Consider creating virtual network gateway connections with a standard name. +Additionally consider using Azure Policy to only permit creation using a standard naming convention. + +## NOTES + +This rule does not check if virtual network gateway connection names are unique. + +To configure this rule: + +- Override the `CAF_GatewayConnectionPrefix` configuration value with an array of allowed prefixes. + +## LINKS + +- [Recommended naming and tagging conventions](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/naming-and-tagging) diff --git a/docs/rules/en/CAF.Name.LoadBalancer.md b/docs/rules/en/CAF.Name.LoadBalancer.md new file mode 100644 index 0000000..2108cb6 --- /dev/null +++ b/docs/rules/en/CAF.Name.LoadBalancer.md @@ -0,0 +1,41 @@ +--- +category: Naming +online version: https://github.com/microsoft/PSRule.Rules.CAF/blob/master/docs/rules/en/CAF.Name.LoadBalancer.md +--- + +# Use standard load balancer names + +## SYNOPSIS + +Load balancer names should use a standard prefix and meet naming requirements. + +## DESCRIPTION + +An effective naming convention allows operators to quickly identify resource type, associated workload, +deployment environment and Azure region. + +For load balancers, the Cloud Adoption Framework recommends using the `lb-` prefix. + +Requirements for load balancers names: + +- At least 1 character, but no more than 80. +- Can include alphanumeric, underscore, hyphen, period characters. +- Can only start with a letter or number, and end with a letter, number or underscore. +- Load balancer names must be unique within a resource group. + +## RECOMMENDATION + +Consider creating load balancers with a standard name. +Additionally consider using Azure Policy to only permit creation using a standard naming convention. + +## NOTES + +This rule does not check if load balancer names are unique. + +To configure this rule: + +- Override the `CAF_LoadBalancerPrefix` configuration value with an array of allowed prefixes. + +## LINKS + +- [Recommended naming and tagging conventions](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/naming-and-tagging) diff --git a/docs/rules/en/CAF.Name.NSG.md b/docs/rules/en/CAF.Name.NSG.md new file mode 100644 index 0000000..8c40176 --- /dev/null +++ b/docs/rules/en/CAF.Name.NSG.md @@ -0,0 +1,41 @@ +--- +category: Naming +online version: https://github.com/microsoft/PSRule.Rules.CAF/blob/master/docs/rules/en/CAF.Name.NSG.md +--- + +# Use standard NSG names + +## SYNOPSIS + +Network security group (NSG) names should use a standard prefix and meet naming requirements. + +## DESCRIPTION + +An effective naming convention allows operators to quickly identify resource type, associated workload, +deployment environment and Azure region. + +For NSGs, the Cloud Adoption Framework recommends using the `nsg-` prefix. + +Requirements for NSG names: + +- At least 1 character, but no more than 80. +- Can include alphanumeric, underscore, hyphen, period characters. +- Can only start with a letter or number, and end with a letter, number or underscore. +- NSG names must be unique within a resource group. + +## RECOMMENDATION + +Consider creating NSGs with a standard name. +Additionally consider using Azure Policy to only permit creation using a standard naming convention. + +## NOTES + +This rule does not check if NSG names are unique. + +To configure this rule: + +- Override the `CAF_NetworkSecurityGroupPrefix` configuration value with an array of allowed prefixes. + +## LINKS + +- [Recommended naming and tagging conventions](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/naming-and-tagging) diff --git a/docs/rules/en/CAF.Name.PublicIP.md b/docs/rules/en/CAF.Name.PublicIP.md new file mode 100644 index 0000000..0d94cb3 --- /dev/null +++ b/docs/rules/en/CAF.Name.PublicIP.md @@ -0,0 +1,41 @@ +--- +category: Naming +online version: https://github.com/microsoft/PSRule.Rules.CAF/blob/master/docs/rules/en/CAF.Name.PublicIP.md +--- + +# Use standard public IP names + +## SYNOPSIS + +Public IP address names should use a standard prefix and meet naming requirements. + +## DESCRIPTION + +An effective naming convention allows operators to quickly identify resource type, associated workload, +deployment environment and Azure region. + +For public IPs, the Cloud Adoption Framework recommends using the `pip-` prefix. + +Requirements for public IP names: + +- At least 1 character, but no more than 80. +- Can include alphanumeric, underscore, hyphen, period characters. +- Can only start with a letter or number, and end with a letter, number or underscore. +- Public IP names must be unique within a resource group. + +## RECOMMENDATION + +Consider creating public IPs with a standard name. +Additionally consider using Azure Policy to only permit creation using a standard naming convention. + +## NOTES + +This rule does not check if public IP names are unique. + +To configure this rule: + +- Override the `CAF_PublicIPPrefix` configuration value with an array of allowed prefixes. + +## LINKS + +- [Recommended naming and tagging conventions](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/naming-and-tagging) diff --git a/docs/rules/en/CAF.Name.Route.md b/docs/rules/en/CAF.Name.Route.md new file mode 100644 index 0000000..c0d397b --- /dev/null +++ b/docs/rules/en/CAF.Name.Route.md @@ -0,0 +1,41 @@ +--- +category: Naming +online version: https://github.com/microsoft/PSRule.Rules.CAF/blob/master/docs/rules/en/CAF.Name.Route.md +--- + +# Use standard route table names + +## SYNOPSIS + +Route table names should use a standard prefix and meet naming requirements. + +## DESCRIPTION + +An effective naming convention allows operators to quickly identify resource type, associated workload, +deployment environment and Azure region. + +For route tables, the Cloud Adoption Framework recommends using the `route-` prefix. + +Requirements for route table names: + +- At least 1 character, but no more than 80. +- Can include alphanumeric, underscore, hyphen, period characters. +- Can only start with a letter or number, and end with a letter, number or underscore. +- Route table names must be unique within a resource group. + +## RECOMMENDATION + +Consider creating route tables with a standard name. +Additionally consider using Azure Policy to only permit creation using a standard naming convention. + +## NOTES + +This rule does not check if route table names are unique. + +To configure this rule: + +- Override the `CAF_RouteTablePrefix` configuration value with an array of allowed prefixes. + +## LINKS + +- [Recommended naming and tagging conventions](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/naming-and-tagging) diff --git a/docs/rules/en/CAF.Name.Storage.md b/docs/rules/en/CAF.Name.Storage.md new file mode 100644 index 0000000..2718832 --- /dev/null +++ b/docs/rules/en/CAF.Name.Storage.md @@ -0,0 +1,41 @@ +--- +category: Naming +online version: https://github.com/microsoft/PSRule.Rules.CAF/blob/master/docs/rules/en/CAF.Name.Storage.md +--- + +# Use standard storage account names + +## SYNOPSIS + +Storage account names should use a standard prefix and meet naming requirements. + +## DESCRIPTION + +An effective naming convention allows operators to quickly identify resource type, associated workload, +deployment environment and Azure region. + +For storage accounts, the Cloud Adoption Framework recommends using the `stor`, `stvm` and `dls` prefix. +Use of different prefixes depends on the intended usage of the storage account. + +Requirements for storage account names: + +- At least 3 characters, but no more than 24. +- Can include alphanumeric characters only. +- Storage account names must be global unique, because they directly relate to a DNS host name. + +## RECOMMENDATION + +Consider creating storage accounts with a standard name. +Additionally consider using Azure Policy to only permit creation using a standard naming convention. + +## NOTES + +This rule does not check if storage account names are unique. + +To configure this rule: + +- Override the `CAF_StoragePrefix` configuration value with an array of allowed prefixes. + +## LINKS + +- [Recommended naming and tagging conventions](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/naming-and-tagging) diff --git a/docs/rules/en/CAF.Name.VM.md b/docs/rules/en/CAF.Name.VM.md new file mode 100644 index 0000000..31cc63c --- /dev/null +++ b/docs/rules/en/CAF.Name.VM.md @@ -0,0 +1,42 @@ +--- +category: Naming +online version: https://github.com/microsoft/PSRule.Rules.CAF/blob/master/docs/rules/en/CAF.Name.VM.md +--- + +# Use standard VM names + +## SYNOPSIS + +Virtual machine names should use a standard prefix and meet naming requirements. + +## DESCRIPTION + +An effective naming convention allows operators to quickly identify resource type, associated workload, +deployment environment and Azure region. + +For VMs, the Cloud Adoption Framework recommends using the `vm-` prefix. + +Requirements for VM names: + +- For Windows, at least 1 character, but no more than 15. +- For Linux, at least 1 character, but no more than 64. +- Can include alphanumeric and hyphen characters. +- Can only start with a letter or number, and end with a letter or number. +- VM names must be unique within a resource group. + +## RECOMMENDATION + +Consider creating VMs with a standard name. +Additionally consider using Azure Policy to only permit creation using a standard naming convention. + +## NOTES + +This rule does not check if VM names are unique. + +To configure this rule: + +- Override the `CAF_VirtualMachinePrefix` configuration value with an array of allowed prefixes. + +## LINKS + +- [Recommended naming and tagging conventions](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/naming-and-tagging) diff --git a/docs/rules/en/CAF.Name.VNG.md b/docs/rules/en/CAF.Name.VNG.md new file mode 100644 index 0000000..f67e888 --- /dev/null +++ b/docs/rules/en/CAF.Name.VNG.md @@ -0,0 +1,41 @@ +--- +category: Naming +online version: https://github.com/microsoft/PSRule.Rules.CAF/blob/master/docs/rules/en/CAF.Name.VNG.md +--- + +# Use standard virtual network gateway names + +## SYNOPSIS + +Virtual network gateway names should use a standard prefix and meet naming requirements. + +## DESCRIPTION + +An effective naming convention allows operators to quickly identify resource type, associated workload, +deployment environment and Azure region. + +For virtual network gateways, the Cloud Adoption Framework recommends using the `vnet-gw-` prefix. + +Requirements for virtual network gateway names: + +- At least 1 character, but no more than 80. +- Can include alphanumeric, underscore, hyphen, period characters. +- Can only start with a letter or number, and end with a letter, number or underscore. +- Virtual network gateway names must be unique within a resource group. + +## RECOMMENDATION + +Consider creating virtual network gateways with a standard name. +Additionally consider using Azure Policy to only permit creation using a standard naming convention. + +## NOTES + +This rule does not check if virtual network gateway names are unique. + +To configure this rule: + +- Override the `CAF_VirtualNetworkGatewayPrefix` configuration value with an array of allowed prefixes. + +## LINKS + +- [Recommended naming and tagging conventions](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/naming-and-tagging) diff --git a/src/PSRule.Rules.CAF/rules/CAF.Name.Rule.ps1 b/src/PSRule.Rules.CAF/rules/CAF.Name.Rule.ps1 index 35fb95c..d560320 100644 --- a/src/PSRule.Rules.CAF/rules/CAF.Name.Rule.ps1 +++ b/src/PSRule.Rules.CAF/rules/CAF.Name.Rule.ps1 @@ -61,11 +61,21 @@ Rule 'CAF.Name.Subnet' -Type 'Microsoft.Network/virtualNetworks', 'Microsoft.Net # Synopsis: Use standard virtual network gateway names Rule 'CAF.Name.VNG' -Type 'Microsoft.Network/virtualNetworkGateways' { $Assert.StartsWith($TargetObject, 'Name', $Configuration.CAF_VirtualNetworkGatewayPrefix) + + # Name requirements + $Assert.GreaterOrEqual($TargetObject, 'Name', 1) + $Assert.LessOrEqual($TargetObject, 'Name', 80) + Match 'Name' '^[\w][-\w_\.]*[\w_]$' } # Synopsis: Use standard virtual networks gateway connection names Rule 'CAF.Name.Connection' -Type 'Microsoft.Network/connections' { $Assert.StartsWith($TargetObject, 'Name', $Configuration.CAF_GatewayConnectionPrefix) + + # Name requirements + $Assert.GreaterOrEqual($TargetObject, 'Name', 1) + $Assert.LessOrEqual($TargetObject, 'Name', 80) + Match 'Name' '^[\w][-\w_\.]*[\w_]$' } # Synopsis: Use standard network security group names