Added additional rule docs (#7)
This commit is contained in:
Родитель
08a7970aa5
Коммит
68947c452c
|
@ -21,6 +21,7 @@
|
||||||
"**/.azure-pipelines/*.yaml": "azure-pipelines"
|
"**/.azure-pipelines/*.yaml": "azure-pipelines"
|
||||||
},
|
},
|
||||||
"cSpell.words": [
|
"cSpell.words": [
|
||||||
|
"NSGs",
|
||||||
"Subnet",
|
"Subnet",
|
||||||
"VNET",
|
"VNET",
|
||||||
"hashtable",
|
"hashtable",
|
||||||
|
|
|
@ -0,0 +1,41 @@
|
||||||
|
---
|
||||||
|
category: Naming
|
||||||
|
online version: https://github.com/microsoft/PSRule.Rules.CAF/blob/master/docs/rules/en/CAF.Name.Connection.md
|
||||||
|
---
|
||||||
|
|
||||||
|
# Use standard connection names
|
||||||
|
|
||||||
|
## SYNOPSIS
|
||||||
|
|
||||||
|
Virtual network gateway connection names should use a standard prefix and meet naming requirements.
|
||||||
|
|
||||||
|
## DESCRIPTION
|
||||||
|
|
||||||
|
An effective naming convention allows operators to quickly identify resource type, associated workload,
|
||||||
|
deployment environment and Azure region.
|
||||||
|
|
||||||
|
For virtual network gateway connections, the Cloud Adoption Framework recommends using the `cn-` prefix.
|
||||||
|
|
||||||
|
Requirements for virtual network gateway connection names:
|
||||||
|
|
||||||
|
- At least 1 character, but no more than 80.
|
||||||
|
- Can include alphanumeric, underscore, hyphen, period characters.
|
||||||
|
- Can only start with a letter or number, and end with a letter, number or underscore.
|
||||||
|
- Connection names must be unique within a resource group.
|
||||||
|
|
||||||
|
## RECOMMENDATION
|
||||||
|
|
||||||
|
Consider creating virtual network gateway connections with a standard name.
|
||||||
|
Additionally consider using Azure Policy to only permit creation using a standard naming convention.
|
||||||
|
|
||||||
|
## NOTES
|
||||||
|
|
||||||
|
This rule does not check if virtual network gateway connection names are unique.
|
||||||
|
|
||||||
|
To configure this rule:
|
||||||
|
|
||||||
|
- Override the `CAF_GatewayConnectionPrefix` configuration value with an array of allowed prefixes.
|
||||||
|
|
||||||
|
## LINKS
|
||||||
|
|
||||||
|
- [Recommended naming and tagging conventions](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/naming-and-tagging)
|
|
@ -0,0 +1,41 @@
|
||||||
|
---
|
||||||
|
category: Naming
|
||||||
|
online version: https://github.com/microsoft/PSRule.Rules.CAF/blob/master/docs/rules/en/CAF.Name.LoadBalancer.md
|
||||||
|
---
|
||||||
|
|
||||||
|
# Use standard load balancer names
|
||||||
|
|
||||||
|
## SYNOPSIS
|
||||||
|
|
||||||
|
Load balancer names should use a standard prefix and meet naming requirements.
|
||||||
|
|
||||||
|
## DESCRIPTION
|
||||||
|
|
||||||
|
An effective naming convention allows operators to quickly identify resource type, associated workload,
|
||||||
|
deployment environment and Azure region.
|
||||||
|
|
||||||
|
For load balancers, the Cloud Adoption Framework recommends using the `lb-` prefix.
|
||||||
|
|
||||||
|
Requirements for load balancers names:
|
||||||
|
|
||||||
|
- At least 1 character, but no more than 80.
|
||||||
|
- Can include alphanumeric, underscore, hyphen, period characters.
|
||||||
|
- Can only start with a letter or number, and end with a letter, number or underscore.
|
||||||
|
- Load balancer names must be unique within a resource group.
|
||||||
|
|
||||||
|
## RECOMMENDATION
|
||||||
|
|
||||||
|
Consider creating load balancers with a standard name.
|
||||||
|
Additionally consider using Azure Policy to only permit creation using a standard naming convention.
|
||||||
|
|
||||||
|
## NOTES
|
||||||
|
|
||||||
|
This rule does not check if load balancer names are unique.
|
||||||
|
|
||||||
|
To configure this rule:
|
||||||
|
|
||||||
|
- Override the `CAF_LoadBalancerPrefix` configuration value with an array of allowed prefixes.
|
||||||
|
|
||||||
|
## LINKS
|
||||||
|
|
||||||
|
- [Recommended naming and tagging conventions](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/naming-and-tagging)
|
|
@ -0,0 +1,41 @@
|
||||||
|
---
|
||||||
|
category: Naming
|
||||||
|
online version: https://github.com/microsoft/PSRule.Rules.CAF/blob/master/docs/rules/en/CAF.Name.NSG.md
|
||||||
|
---
|
||||||
|
|
||||||
|
# Use standard NSG names
|
||||||
|
|
||||||
|
## SYNOPSIS
|
||||||
|
|
||||||
|
Network security group (NSG) names should use a standard prefix and meet naming requirements.
|
||||||
|
|
||||||
|
## DESCRIPTION
|
||||||
|
|
||||||
|
An effective naming convention allows operators to quickly identify resource type, associated workload,
|
||||||
|
deployment environment and Azure region.
|
||||||
|
|
||||||
|
For NSGs, the Cloud Adoption Framework recommends using the `nsg-` prefix.
|
||||||
|
|
||||||
|
Requirements for NSG names:
|
||||||
|
|
||||||
|
- At least 1 character, but no more than 80.
|
||||||
|
- Can include alphanumeric, underscore, hyphen, period characters.
|
||||||
|
- Can only start with a letter or number, and end with a letter, number or underscore.
|
||||||
|
- NSG names must be unique within a resource group.
|
||||||
|
|
||||||
|
## RECOMMENDATION
|
||||||
|
|
||||||
|
Consider creating NSGs with a standard name.
|
||||||
|
Additionally consider using Azure Policy to only permit creation using a standard naming convention.
|
||||||
|
|
||||||
|
## NOTES
|
||||||
|
|
||||||
|
This rule does not check if NSG names are unique.
|
||||||
|
|
||||||
|
To configure this rule:
|
||||||
|
|
||||||
|
- Override the `CAF_NetworkSecurityGroupPrefix` configuration value with an array of allowed prefixes.
|
||||||
|
|
||||||
|
## LINKS
|
||||||
|
|
||||||
|
- [Recommended naming and tagging conventions](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/naming-and-tagging)
|
|
@ -0,0 +1,41 @@
|
||||||
|
---
|
||||||
|
category: Naming
|
||||||
|
online version: https://github.com/microsoft/PSRule.Rules.CAF/blob/master/docs/rules/en/CAF.Name.PublicIP.md
|
||||||
|
---
|
||||||
|
|
||||||
|
# Use standard public IP names
|
||||||
|
|
||||||
|
## SYNOPSIS
|
||||||
|
|
||||||
|
Public IP address names should use a standard prefix and meet naming requirements.
|
||||||
|
|
||||||
|
## DESCRIPTION
|
||||||
|
|
||||||
|
An effective naming convention allows operators to quickly identify resource type, associated workload,
|
||||||
|
deployment environment and Azure region.
|
||||||
|
|
||||||
|
For public IPs, the Cloud Adoption Framework recommends using the `pip-` prefix.
|
||||||
|
|
||||||
|
Requirements for public IP names:
|
||||||
|
|
||||||
|
- At least 1 character, but no more than 80.
|
||||||
|
- Can include alphanumeric, underscore, hyphen, period characters.
|
||||||
|
- Can only start with a letter or number, and end with a letter, number or underscore.
|
||||||
|
- Public IP names must be unique within a resource group.
|
||||||
|
|
||||||
|
## RECOMMENDATION
|
||||||
|
|
||||||
|
Consider creating public IPs with a standard name.
|
||||||
|
Additionally consider using Azure Policy to only permit creation using a standard naming convention.
|
||||||
|
|
||||||
|
## NOTES
|
||||||
|
|
||||||
|
This rule does not check if public IP names are unique.
|
||||||
|
|
||||||
|
To configure this rule:
|
||||||
|
|
||||||
|
- Override the `CAF_PublicIPPrefix` configuration value with an array of allowed prefixes.
|
||||||
|
|
||||||
|
## LINKS
|
||||||
|
|
||||||
|
- [Recommended naming and tagging conventions](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/naming-and-tagging)
|
|
@ -0,0 +1,41 @@
|
||||||
|
---
|
||||||
|
category: Naming
|
||||||
|
online version: https://github.com/microsoft/PSRule.Rules.CAF/blob/master/docs/rules/en/CAF.Name.Route.md
|
||||||
|
---
|
||||||
|
|
||||||
|
# Use standard route table names
|
||||||
|
|
||||||
|
## SYNOPSIS
|
||||||
|
|
||||||
|
Route table names should use a standard prefix and meet naming requirements.
|
||||||
|
|
||||||
|
## DESCRIPTION
|
||||||
|
|
||||||
|
An effective naming convention allows operators to quickly identify resource type, associated workload,
|
||||||
|
deployment environment and Azure region.
|
||||||
|
|
||||||
|
For route tables, the Cloud Adoption Framework recommends using the `route-` prefix.
|
||||||
|
|
||||||
|
Requirements for route table names:
|
||||||
|
|
||||||
|
- At least 1 character, but no more than 80.
|
||||||
|
- Can include alphanumeric, underscore, hyphen, period characters.
|
||||||
|
- Can only start with a letter or number, and end with a letter, number or underscore.
|
||||||
|
- Route table names must be unique within a resource group.
|
||||||
|
|
||||||
|
## RECOMMENDATION
|
||||||
|
|
||||||
|
Consider creating route tables with a standard name.
|
||||||
|
Additionally consider using Azure Policy to only permit creation using a standard naming convention.
|
||||||
|
|
||||||
|
## NOTES
|
||||||
|
|
||||||
|
This rule does not check if route table names are unique.
|
||||||
|
|
||||||
|
To configure this rule:
|
||||||
|
|
||||||
|
- Override the `CAF_RouteTablePrefix` configuration value with an array of allowed prefixes.
|
||||||
|
|
||||||
|
## LINKS
|
||||||
|
|
||||||
|
- [Recommended naming and tagging conventions](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/naming-and-tagging)
|
|
@ -0,0 +1,41 @@
|
||||||
|
---
|
||||||
|
category: Naming
|
||||||
|
online version: https://github.com/microsoft/PSRule.Rules.CAF/blob/master/docs/rules/en/CAF.Name.Storage.md
|
||||||
|
---
|
||||||
|
|
||||||
|
# Use standard storage account names
|
||||||
|
|
||||||
|
## SYNOPSIS
|
||||||
|
|
||||||
|
Storage account names should use a standard prefix and meet naming requirements.
|
||||||
|
|
||||||
|
## DESCRIPTION
|
||||||
|
|
||||||
|
An effective naming convention allows operators to quickly identify resource type, associated workload,
|
||||||
|
deployment environment and Azure region.
|
||||||
|
|
||||||
|
For storage accounts, the Cloud Adoption Framework recommends using the `stor`, `stvm` and `dls` prefix.
|
||||||
|
Use of different prefixes depends on the intended usage of the storage account.
|
||||||
|
|
||||||
|
Requirements for storage account names:
|
||||||
|
|
||||||
|
- At least 3 characters, but no more than 24.
|
||||||
|
- Can include alphanumeric characters only.
|
||||||
|
- Storage account names must be global unique, because they directly relate to a DNS host name.
|
||||||
|
|
||||||
|
## RECOMMENDATION
|
||||||
|
|
||||||
|
Consider creating storage accounts with a standard name.
|
||||||
|
Additionally consider using Azure Policy to only permit creation using a standard naming convention.
|
||||||
|
|
||||||
|
## NOTES
|
||||||
|
|
||||||
|
This rule does not check if storage account names are unique.
|
||||||
|
|
||||||
|
To configure this rule:
|
||||||
|
|
||||||
|
- Override the `CAF_StoragePrefix` configuration value with an array of allowed prefixes.
|
||||||
|
|
||||||
|
## LINKS
|
||||||
|
|
||||||
|
- [Recommended naming and tagging conventions](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/naming-and-tagging)
|
|
@ -0,0 +1,42 @@
|
||||||
|
---
|
||||||
|
category: Naming
|
||||||
|
online version: https://github.com/microsoft/PSRule.Rules.CAF/blob/master/docs/rules/en/CAF.Name.VM.md
|
||||||
|
---
|
||||||
|
|
||||||
|
# Use standard VM names
|
||||||
|
|
||||||
|
## SYNOPSIS
|
||||||
|
|
||||||
|
Virtual machine names should use a standard prefix and meet naming requirements.
|
||||||
|
|
||||||
|
## DESCRIPTION
|
||||||
|
|
||||||
|
An effective naming convention allows operators to quickly identify resource type, associated workload,
|
||||||
|
deployment environment and Azure region.
|
||||||
|
|
||||||
|
For VMs, the Cloud Adoption Framework recommends using the `vm-` prefix.
|
||||||
|
|
||||||
|
Requirements for VM names:
|
||||||
|
|
||||||
|
- For Windows, at least 1 character, but no more than 15.
|
||||||
|
- For Linux, at least 1 character, but no more than 64.
|
||||||
|
- Can include alphanumeric and hyphen characters.
|
||||||
|
- Can only start with a letter or number, and end with a letter or number.
|
||||||
|
- VM names must be unique within a resource group.
|
||||||
|
|
||||||
|
## RECOMMENDATION
|
||||||
|
|
||||||
|
Consider creating VMs with a standard name.
|
||||||
|
Additionally consider using Azure Policy to only permit creation using a standard naming convention.
|
||||||
|
|
||||||
|
## NOTES
|
||||||
|
|
||||||
|
This rule does not check if VM names are unique.
|
||||||
|
|
||||||
|
To configure this rule:
|
||||||
|
|
||||||
|
- Override the `CAF_VirtualMachinePrefix` configuration value with an array of allowed prefixes.
|
||||||
|
|
||||||
|
## LINKS
|
||||||
|
|
||||||
|
- [Recommended naming and tagging conventions](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/naming-and-tagging)
|
|
@ -0,0 +1,41 @@
|
||||||
|
---
|
||||||
|
category: Naming
|
||||||
|
online version: https://github.com/microsoft/PSRule.Rules.CAF/blob/master/docs/rules/en/CAF.Name.VNG.md
|
||||||
|
---
|
||||||
|
|
||||||
|
# Use standard virtual network gateway names
|
||||||
|
|
||||||
|
## SYNOPSIS
|
||||||
|
|
||||||
|
Virtual network gateway names should use a standard prefix and meet naming requirements.
|
||||||
|
|
||||||
|
## DESCRIPTION
|
||||||
|
|
||||||
|
An effective naming convention allows operators to quickly identify resource type, associated workload,
|
||||||
|
deployment environment and Azure region.
|
||||||
|
|
||||||
|
For virtual network gateways, the Cloud Adoption Framework recommends using the `vnet-gw-` prefix.
|
||||||
|
|
||||||
|
Requirements for virtual network gateway names:
|
||||||
|
|
||||||
|
- At least 1 character, but no more than 80.
|
||||||
|
- Can include alphanumeric, underscore, hyphen, period characters.
|
||||||
|
- Can only start with a letter or number, and end with a letter, number or underscore.
|
||||||
|
- Virtual network gateway names must be unique within a resource group.
|
||||||
|
|
||||||
|
## RECOMMENDATION
|
||||||
|
|
||||||
|
Consider creating virtual network gateways with a standard name.
|
||||||
|
Additionally consider using Azure Policy to only permit creation using a standard naming convention.
|
||||||
|
|
||||||
|
## NOTES
|
||||||
|
|
||||||
|
This rule does not check if virtual network gateway names are unique.
|
||||||
|
|
||||||
|
To configure this rule:
|
||||||
|
|
||||||
|
- Override the `CAF_VirtualNetworkGatewayPrefix` configuration value with an array of allowed prefixes.
|
||||||
|
|
||||||
|
## LINKS
|
||||||
|
|
||||||
|
- [Recommended naming and tagging conventions](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/naming-and-tagging)
|
|
@ -61,11 +61,21 @@ Rule 'CAF.Name.Subnet' -Type 'Microsoft.Network/virtualNetworks', 'Microsoft.Net
|
||||||
# Synopsis: Use standard virtual network gateway names
|
# Synopsis: Use standard virtual network gateway names
|
||||||
Rule 'CAF.Name.VNG' -Type 'Microsoft.Network/virtualNetworkGateways' {
|
Rule 'CAF.Name.VNG' -Type 'Microsoft.Network/virtualNetworkGateways' {
|
||||||
$Assert.StartsWith($TargetObject, 'Name', $Configuration.CAF_VirtualNetworkGatewayPrefix)
|
$Assert.StartsWith($TargetObject, 'Name', $Configuration.CAF_VirtualNetworkGatewayPrefix)
|
||||||
|
|
||||||
|
# Name requirements
|
||||||
|
$Assert.GreaterOrEqual($TargetObject, 'Name', 1)
|
||||||
|
$Assert.LessOrEqual($TargetObject, 'Name', 80)
|
||||||
|
Match 'Name' '^[\w][-\w_\.]*[\w_]$'
|
||||||
}
|
}
|
||||||
|
|
||||||
# Synopsis: Use standard virtual networks gateway connection names
|
# Synopsis: Use standard virtual networks gateway connection names
|
||||||
Rule 'CAF.Name.Connection' -Type 'Microsoft.Network/connections' {
|
Rule 'CAF.Name.Connection' -Type 'Microsoft.Network/connections' {
|
||||||
$Assert.StartsWith($TargetObject, 'Name', $Configuration.CAF_GatewayConnectionPrefix)
|
$Assert.StartsWith($TargetObject, 'Name', $Configuration.CAF_GatewayConnectionPrefix)
|
||||||
|
|
||||||
|
# Name requirements
|
||||||
|
$Assert.GreaterOrEqual($TargetObject, 'Name', 1)
|
||||||
|
$Assert.LessOrEqual($TargetObject, 'Name', 80)
|
||||||
|
Match 'Name' '^[\w][-\w_\.]*[\w_]$'
|
||||||
}
|
}
|
||||||
|
|
||||||
# Synopsis: Use standard network security group names
|
# Synopsis: Use standard network security group names
|
||||||
|
|
Загрузка…
Ссылка в новой задаче