From 708d1f620bdcdf2f2261db646b6f5b6326bef1b5 Mon Sep 17 00:00:00 2001 From: Bernie White Date: Sat, 26 Dec 2020 23:30:29 +1000 Subject: [PATCH] Resource case and tagging #35 #36 #38 (#39) --- BaselineToc.Doc.ps1 | 41 + CHANGELOG.md | 7 + docs/baselines/en/CAF.Strict.md | 97 + docs/rules/en/CAF.Tag.Required.md | 44 - docs/rules/en/CAF.Tag.Resource.md | 49 + docs/rules/en/CAF.Tag.ResourceGroup.md | 46 + docs/rules/en/module.md | 3 +- pipeline.build.ps1 | 17 +- ps-project.yaml | 4 +- src/PSRule.Rules.CAF/rules/Baseline.Rule.yaml | 13 + src/PSRule.Rules.CAF/rules/CAF.Name.Rule.ps1 | 53 +- src/PSRule.Rules.CAF/rules/CAF.Tag.Rule.ps1 | 40 +- .../PSRule.Rules.CAF.Tests/CAF.Name.Tests.ps1 | 536 ++-- .../PSRule.Rules.CAF.Tests/CAF.Tag.Tests.ps1 | 95 +- .../Resources.Network.json | 2486 ----------------- .../PSRule.Rules.CAF.Tests/Resources.RG.json | 24 - .../Resources.Storage.json | 152 - .../PSRule.Rules.CAF.Tests/Resources.VM.json | 245 -- .../PSRule.Rules.CAF.Tests/Resources.VNG.json | 273 -- 19 files changed, 786 insertions(+), 3439 deletions(-) create mode 100644 BaselineToc.Doc.ps1 create mode 100644 docs/baselines/en/CAF.Strict.md delete mode 100644 docs/rules/en/CAF.Tag.Required.md create mode 100644 docs/rules/en/CAF.Tag.Resource.md create mode 100644 docs/rules/en/CAF.Tag.ResourceGroup.md delete mode 100644 tests/PSRule.Rules.CAF.Tests/Resources.Network.json delete mode 100644 tests/PSRule.Rules.CAF.Tests/Resources.RG.json delete mode 100644 tests/PSRule.Rules.CAF.Tests/Resources.Storage.json delete mode 100644 tests/PSRule.Rules.CAF.Tests/Resources.VM.json delete mode 100644 tests/PSRule.Rules.CAF.Tests/Resources.VNG.json diff --git a/BaselineToc.Doc.ps1 b/BaselineToc.Doc.ps1 new file mode 100644 index 0000000..33515f1 --- /dev/null +++ b/BaselineToc.Doc.ps1 @@ -0,0 +1,41 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. + +Document 'baseline' { + $baselineName = $InputObject.Name; + # $obsolete = $InputObject.metadata.annotations.obsolete -eq $True; + + Title $baselineName; + + # if ($obsolete) { + # 'Obsolete' | BlockQuote + # } + + Import-Module .\out\modules\PSRule.Rules.CAF; + $rules = @(Get-PSRule -Module PSRule.Rules.CAF -Baseline $baselineName -WarningAction SilentlyContinue); + $ruleCount = $rules.Length; + + $InputObject.Synopsis; + + Section 'Rules' { + "The following rules are included within ``$baselineName``. This baseline includes a total of $ruleCount rules." + + $rules | Sort-Object -Property RuleName | Table -Property @{ Name = 'Name'; Expression = { + "[$($_.RuleName)]($($_.RuleName).md)" + }}, Synopsis + } + + $configuration = @($InputObject.Spec.Configuration); + Section 'Configuration' { + $configuration | Table -Property @{ Name = 'Name'; Expression = { + $_.Key + }}, @{ Name = 'Default value'; Expression = { + if ($Null -ne $_.Value -and ![String]::IsNullOrEmpty($_.Value)) { + "``$($_.Value)``" + } + else { + '' + } + }} + } +} diff --git a/CHANGELOG.md b/CHANGELOG.md index 9b8ce50..61bfeb9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ ## Unreleased +- General improvements: + - Resource name rules are case-sensitive by default. [#36](https://github.com/microsoft/PSRule.Rules.CAF/issues/36) + - Resource and resource group tagging rules are case-sensitive by default. [#35](https://github.com/microsoft/PSRule.Rules.CAF/issues/35) + - **Breaking change**: Separated resource and resource group tagging rules. [#38](https://github.com/microsoft/PSRule.Rules.CAF/issues/38) + - Renamed `CAF.Tag.Required` to `CAF.Tag.Resource`. + - Moved resource group tagging requirements from `CAF.Tag.Resource` to `CAF.Tag.ResourceGroup`. + ## v0.1.0-B2009009 (pre-release) What's changed since pre-release v0.1.0-B2008005: diff --git a/docs/baselines/en/CAF.Strict.md b/docs/baselines/en/CAF.Strict.md new file mode 100644 index 0000000..eae7a5e --- /dev/null +++ b/docs/baselines/en/CAF.Strict.md @@ -0,0 +1,97 @@ +# CAF.Strict + +The default baseline for Azure Cloud Adoption Framework + +## Rules + +The following rules are included within `CAF.Strict`. This baseline includes a total of 14 rules. + +Name | Synopsis +---- | -------- +[CAF.Name.Connection](CAF.Name.Connection.md) | Virtual network gateway connection names should use a standard prefix. +[CAF.Name.LoadBalancer](CAF.Name.LoadBalancer.md) | Load balancer names should use a standard prefix. +[CAF.Name.NSG](CAF.Name.NSG.md) | Network security group (NSG) names should use a standard prefix. +[CAF.Name.PublicIP](CAF.Name.PublicIP.md) | Public IP address names should use a standard prefix. +[CAF.Name.RG](CAF.Name.RG.md) | Resource group names should use a standard prefix. +[CAF.Name.Route](CAF.Name.Route.md) | Route table names should use a standard prefix. +[CAF.Name.Storage](CAF.Name.Storage.md) | Storage account names should use a standard prefix. +[CAF.Name.Subnet](CAF.Name.Subnet.md) | Subnet names should use a standard prefix. +[CAF.Name.VM](CAF.Name.VM.md) | Virtual machine names should use a standard prefix. +[CAF.Name.VNET](CAF.Name.VNET.md) | Virtual network names should use a standard prefix. +[CAF.Name.VNG](CAF.Name.VNG.md) | Virtual network gateway names should use a standard prefix. +[CAF.Tag.Environment](CAF.Tag.Environment.md) | Tag resources and resource groups with a valid environment. +[CAF.Tag.Resource](CAF.Tag.Resource.md) | Tag resources with mandatory tags. +[CAF.Tag.ResourceGroup](CAF.Tag.ResourceGroup.md) | Tag resource groups with mandatory tags. + +## Configuration + +Name | Default value +---- | ------------- +CAF_UseLowerNames | `true` +CAF_ManagementGroupPrefix | `mg-` +CAF_ResourceGroupPrefix | `rg-` +CAF_PolicyDefinitionPrefix | `policy-` +CAF_APIManagementPrefix | `apim-` +CAF_ManagedIdentityPrefix | `id-` +CAF_VirtualNetworkPrefix | `vnet-` +CAF_SubnetPrefix | `snet-` +CAF_VirtualNetworkPeeringPrefix | `peer-` +CAF_NetworkInterfacePrefix | `nic-` +CAF_PublicIPPrefix | `pip-` +CAF_LoadBalancerPrefix | `lbi- lbe-` +CAF_NetworkSecurityGroupPrefix | `nsg-` +CAF_ApplicationSecurityGroupPrefix | `asg-` +CAF_LocalNetworkGatewayPrefix | `lgw-` +CAF_VirtualNetworkGatewayPrefix | `vgw-` +CAF_GatewayConnectionPrefix | `cn-` +CAF_ApplicationGatewayPrefix | `agw-` +CAF_RouteTablePrefix | `route-` +CAF_TrafficManagerProfilePrefix | `traf-` +CAF_FrontDoorPrefix | `fd-` +CAF_CDNProfilePrefix | `cdnp-` +CAF_CDNEndpointPrefix | `cdne-` +CAF_VirtualMachinePrefix | `vm` +CAF_VirtualMachineScaleSetPrefix | `vmss-` +CAF_AvailabilitySetPrefix | `avail-` +CAF_ContainerInstancePrefix | `aci-` +CAF_AKSClusterPrefix | `aks-` +CAF_AppServicePlanPrefix | `plan-` +CAF_WebAppPrefix | `app-` +CAF_FunctionAppPrefix | `func-` +CAF_CloudServicePrefix | `cld-` +CAF_NotificationHubPrefix | `ntf-` +CAF_NotificationHubNamespacePrefix | `ntfns-` +CAF_SQLDatabaseServerPrefix | `sql-` +CAF_SQLDatabasePrefix | `sqldb-` +CAF_CosmosDbPrefix | `cosmos-` +CAF_RedisCachePrefix | `redis-` +CAF_MySQLDatabasePrefix | `mysql-` +CAF_PostgreSQLDatabasePrefix | `psql-` +CAF_SQLDataWarehousePrefix | `sqldw-` +CAF_SynapseAnalyticsPrefix | `syn-` +CAF_SQLStretchDbPrefix | `sqlstrdb-` +CAF_StoragePrefix | `st stvm dls` +CAF_StorSimplePrefix | `ssimp` +CAF_SearchPrefix | `srch-` +CAF_CognitiveServicesPrefix | `cog-` +CAF_MachineLearningWorkspacePrefix | `mlw-` +CAF_StreamAnalyticsPrefix | `asa-` +CAF_DataFactoryPrefix | `adf-` +CAF_DataLakeStorePrefix | `dla` +CAF_EventHubsPrefix | `evh-` +CAF_HDInsightsHadoopPrefix | `hadoop-` +CAF_HDInsightsHBasePrefix | `hbase-` +CAF_HDInsightsSparkPrefix | `spark-` +CAF_IoTHubPrefix | `iot-` +CAF_PowerBIEmbeddedPrefix | `pbi-` +CAF_LogicAppsPrefix | `logic-` +CAF_ServiceBusPrefix | `sb-` +CAF_ServiceBusQueuePrefix | `sbq-` +CAF_ServiceBusTopicPrefix | `sbt-` +CAF_KeyVaultPrefix | `kv-` +CAF_MatchTagNameCase | `true` +CAF_MatchTagValueCase | `true` +CAF_ResourceMandatoryTags | +CAF_ResourceGroupMandatoryTags | +CAF_EnvironmentTag | `Env` +CAF_Environments | `Prod Dev QA Stage Test` diff --git a/docs/rules/en/CAF.Tag.Required.md b/docs/rules/en/CAF.Tag.Required.md deleted file mode 100644 index 8beb492..0000000 --- a/docs/rules/en/CAF.Tag.Required.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -pillar: Operational Excellence -category: Metadata tagging -online version: https://github.com/microsoft/PSRule.Rules.CAF/blob/main/docs/rules/en/CAF.Tag.Required.md ---- - -# Use mandatory tags - -## SYNOPSIS - -Tag resources and resource groups with mandatory tags. - -## DESCRIPTION - -Metadata tags store additional information about resources and resource groups. -When used consistently, metadata tags can be used to identify resources for searching and reporting. - -Additionally tags can store information useful to automated tasks. -Some examples include; de-provisioning, scaling and patching - -Resources and resources group pass when they have the required tags. -If any of the tags are missing, this rule fails. -Resources that do not support tags are skipped. - -By default, no mandatory tags are configured. - -## RECOMMENDATION - -Consider updating the resource/ resource group with the required tags. -Additionally consider enforcing mandatory tags with Azure Policy. - -## NOTES - -To configure this rule: - -- Override the `CAF_ResourceMandatoryTags` configuration value with an array of required tags for resources. -- Override the `CAF_ResourceGroupMandatoryTags` configuration value with an array of required tags for resource groups. - -## LINKS - -- [Metadata tags](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/naming-and-tagging#metadata-tags) -- [Use tags to organize your Azure resources](https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources) -- [Azure Well-Architected Framework](https://docs.microsoft.com/en-gb/azure/architecture/framework/devops/app-design#tagging-and-resource-naming) -- [Tag support for Azure resources](https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/tag-support) diff --git a/docs/rules/en/CAF.Tag.Resource.md b/docs/rules/en/CAF.Tag.Resource.md new file mode 100644 index 0000000..e8a5dab --- /dev/null +++ b/docs/rules/en/CAF.Tag.Resource.md @@ -0,0 +1,49 @@ +--- +pillar: Cost Optimization +category: Metadata tagging +online version: https://github.com/microsoft/PSRule.Rules.CAF/blob/main/docs/rules/en/CAF.Tag.Required.md +--- + +# Tag resources + +## SYNOPSIS + +Tag resources with mandatory tags. + +## DESCRIPTION + +Metadata tags store additional information about resources. +Each tags is a key value pair, with a tag name and tag value. +When used consistently, metadata tags can be used to identify resources for searching and reporting. +Up to 50 tags can be set on most resource types (see [Tag support for Azure resources]). + +Additionally tags can store information useful to automated tasks. +Some examples include; de-provisioning, scaling, and patching. + +## RECOMMENDATION + +Consider tagging the resources with the mandatory tags. +Additionally consider enforcing mandatory tags and using inheritance with Azure Policy. + +## NOTES + +Resources pass when they have the required tags. +If any of the tags are missing, this rule fails. +Resources that do not support tags are skipped. +By default: + +- No mandatory tags are configured. +- Tag names are case-sensitive. + +To configure this rule: + +- Override the `CAF_ResourceMandatoryTags` configuration value with an array of required tags. + +## LINKS + +- [Metadata tags](https://docs.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/resource-tagging) +- [Use tags to organize your Azure resources](https://docs.microsoft.com/azure/azure-resource-manager/management/tag-resources) +- [Azure Well-Architected Framework](https://docs.microsoft.com/azure/architecture/framework/cost/design-governance#enforce-resource-tagging) +- [Tag support for Azure resources] + +[Tag support for Azure resources]: https://docs.microsoft.com/azure/azure-resource-manager/management/tag-support diff --git a/docs/rules/en/CAF.Tag.ResourceGroup.md b/docs/rules/en/CAF.Tag.ResourceGroup.md new file mode 100644 index 0000000..c8c4a00 --- /dev/null +++ b/docs/rules/en/CAF.Tag.ResourceGroup.md @@ -0,0 +1,46 @@ +--- +pillar: Cost Optimization +category: Metadata tagging +online version: https://github.com/microsoft/PSRule.Rules.CAF/blob/main/docs/rules/en/CAF.Tag.ResourceGroup.md +--- + +# Tag resource groups + +## SYNOPSIS + +Tag resource groups with mandatory tags. + +## DESCRIPTION + +Metadata tags store additional information about resource groups. +Each tags is a key value pair, with a tag name and tag value. +When used consistently, metadata tags can be used to identify resource groups for searching and reporting. +Up to 50 tags can be set on each resource group. + +Additionally tags can store information useful to automated tasks. +Some examples include; de-provisioning, scaling, and patching. + +## RECOMMENDATION + +Consider tagging resource group with the mandatory tags. +Additionally consider enforcing mandatory tags with Azure Policy. + +## NOTES + +Resources group pass when they have the required tags. +If any of the tags are missing, this rule fails. +By default: + +- No mandatory tags are configured. +- Tag names are case-sensitive. + +To configure this rule: + +- Override the `CAF_ResourceGroupMandatoryTags` configuration value with an array of required tags. + +## LINKS + +- [Metadata tags](https://docs.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/resource-tagging) +- [Use tags to organize your Azure resources](https://docs.microsoft.com/azure/azure-resource-manager/management/tag-resources) +- [Azure Well-Architected Framework](https://docs.microsoft.com/azure/architecture/framework/cost/design-governance#enforce-resource-tagging) +- [Tag support for Azure resources](https://docs.microsoft.com/azure/azure-resource-manager/management/tag-support) diff --git a/docs/rules/en/module.md b/docs/rules/en/module.md index de7d858..8a5d78d 100644 --- a/docs/rules/en/module.md +++ b/docs/rules/en/module.md @@ -9,7 +9,8 @@ The following rules are included within `PSRule.Rules.CAF`. Name | Synopsis ---- | -------- [CAF.Tag.Environment](CAF.Tag.Environment.md) | Tag resources and resource groups with a valid environment. -[CAF.Tag.Required](CAF.Tag.Required.md) | Tag resources and resource groups with mandatory tags. +[CAF.Tag.Resource](CAF.Tag.Resource.md) | Tag resources with mandatory tags. +[CAF.Tag.ResourceGroup](CAF.Tag.ResourceGroup.md) | Tag resource groups with mandatory tags. ### Resource naming diff --git a/pipeline.build.ps1 b/pipeline.build.ps1 index d74883e..ee6bbf3 100644 --- a/pipeline.build.ps1 +++ b/pipeline.build.ps1 @@ -161,11 +161,11 @@ task PSScriptAnalyzer NuGet, { # Synopsis: Install PSRule task PSRule NuGet, { - if ($Null -eq (Get-InstalledModule -Name PSRule -MinimumVersion '0.20.0' -AllowPrerelease -ErrorAction Ignore)) { - Install-Module -Name PSRule -Repository PSGallery -MinimumVersion '0.20.0' -AllowPrerelease -Scope CurrentUser -Force; + if ($Null -eq (Get-InstalledModule -Name PSRule -MinimumVersion '0.22.0' -AllowPrerelease -ErrorAction Ignore)) { + Install-Module -Name PSRule -Repository PSGallery -MinimumVersion '0.22.0' -AllowPrerelease -Scope CurrentUser -Force; } - if ($Null -eq (Get-InstalledModule -Name PSRule.Rules.Azure -MinimumVersion '0.15.0' -ErrorAction Ignore)) { - Install-Module -Name PSRule.Rules.Azure -Repository PSGallery -MinimumVersion '0.15.0' -Scope CurrentUser -Force; + if ($Null -eq (Get-InstalledModule -Name PSRule.Rules.Azure -MinimumVersion '0.18.0' -ErrorAction Ignore)) { + Install-Module -Name PSRule.Rules.Azure -Repository PSGallery -MinimumVersion '0.18.0' -Scope CurrentUser -Force; } Import-Module -Name PSRule.Rules.Azure -Verbose:$False; } @@ -240,10 +240,17 @@ task Analyze Build, PSScriptAnalyzer, { Invoke-ScriptAnalyzer -Path out/modules/PSRule.Rules.CAF; } -# Synopsis: Build table of content for rules +# Synopsis: Build table of content for rules and baselines task BuildRuleDocs Build, PSRule, PSDocs, { Import-Module (Join-Path -Path $PWD -ChildPath out/modules/PSRule.Rules.CAF) -Force; $Null = Invoke-PSDocument -Name module -OutputPath .\docs\rules\en\ -Path .\RuleToc.Doc.ps1; + + $baselines = Get-PSRuleBaseline -Module PSRule.Rules.CAF -WarningAction SilentlyContinue; + $Null = $baselines | ForEach-Object { + if ($_.Name -like 'CAF.*') { + $_ | Invoke-PSDocument -Name baseline -InstanceName $_.Name -OutputPath .\docs\baselines\en\ -Path .\BaselineToc.Doc.ps1; + } + } } # Synopsis: Build help diff --git a/ps-project.yaml b/ps-project.yaml index aa602ef..de5d044 100644 --- a/ps-project.yaml +++ b/ps-project.yaml @@ -16,8 +16,8 @@ bugs: url: https://github.com/Microsoft/PSRule.Rules.CAF/issues modules: - PSRule: ^0.12.0 - PSRule.Rules.Azure: ^0.6.0 + PSRule: ^0.22.0 + PSRule.Rules.Azure: ^0.18.0 tasks: clear: diff --git a/src/PSRule.Rules.CAF/rules/Baseline.Rule.yaml b/src/PSRule.Rules.CAF/rules/Baseline.Rule.yaml index d8d0bbd..f8b71a1 100644 --- a/src/PSRule.Rules.CAF/rules/Baseline.Rule.yaml +++ b/src/PSRule.Rules.CAF/rules/Baseline.Rule.yaml @@ -7,14 +7,21 @@ metadata: spec: configuration: + + # Naming + CAF_UseLowerNames: true + # General + CAF_ManagementGroupPrefix: [ 'mg-' ] CAF_ResourceGroupPrefix: [ 'rg-' ] CAF_PolicyDefinitionPrefix: [ 'policy-' ] CAF_APIManagementPrefix: [ 'apim-' ] + CAF_ManagedIdentityPrefix: [ 'id-' ] # Networking CAF_VirtualNetworkPrefix: [ 'vnet-' ] CAF_SubnetPrefix: [ 'snet-' ] + CAF_VirtualNetworkPeeringPrefix: [ 'peer-' ] CAF_NetworkInterfacePrefix: [ 'nic-' ] CAF_PublicIPPrefix: [ 'pip-' ] CAF_LoadBalancerPrefix: [ 'lbi-', 'lbe-' ] @@ -26,6 +33,9 @@ spec: CAF_ApplicationGatewayPrefix: [ 'agw-' ] CAF_RouteTablePrefix: [ 'route-' ] CAF_TrafficManagerProfilePrefix: [ 'traf-' ] + CAF_FrontDoorPrefix: [ 'fd-' ] + CAF_CDNProfilePrefix: [ 'cdnp-' ] + CAF_CDNEndpointPrefix: [ 'cdne-' ] # Compute and Web CAF_VirtualMachinePrefix: [ 'vm' ] @@ -80,6 +90,9 @@ spec: # Management and governance CAF_KeyVaultPrefix: [ 'kv-' ] + CAF_MatchTagNameCase: true + CAF_MatchTagValueCase: true + # Required tags CAF_ResourceMandatoryTags: [ ] CAF_ResourceGroupMandatoryTags: [ ] diff --git a/src/PSRule.Rules.CAF/rules/CAF.Name.Rule.ps1 b/src/PSRule.Rules.CAF/rules/CAF.Name.Rule.ps1 index e0ad09b..a979cd1 100644 --- a/src/PSRule.Rules.CAF/rules/CAF.Name.Rule.ps1 +++ b/src/PSRule.Rules.CAF/rules/CAF.Name.Rule.ps1 @@ -8,12 +8,18 @@ # Synopsis: Use standard resource groups names. Rule 'CAF.Name.RG' -Type 'Microsoft.Resources/resourceGroups' -If { !(CAF_IsManagedRG) } { - $Assert.StartsWith($TargetObject, 'Name', $Configuration.CAF_ResourceGroupPrefix) + $Assert.StartsWith($PSRule, 'TargetName', $Configuration.CAF_ResourceGroupPrefix, $True); + if ($Configuration.CAF_UseLowerNames -eq $True) { + $Assert.IsLower($PSRule, 'TargetName'); + } } # Synopsis: Use standard virtual networks names. Rule 'CAF.Name.VNET' -Type 'Microsoft.Network/virtualNetworks' { - $Assert.StartsWith($TargetObject, 'Name', $Configuration.CAF_VirtualNetworkPrefix) + $Assert.StartsWith($PSRule, 'TargetName', $Configuration.CAF_VirtualNetworkPrefix, $True); + if ($Configuration.CAF_UseLowerNames -eq $True) { + $Assert.IsLower($PSRule, 'TargetName'); + } } # Synopsis: Use standard subnets names. @@ -30,47 +36,72 @@ Rule 'CAF.Name.Subnet' -Type 'Microsoft.Network/virtualNetworks', 'Microsoft.Net $Assert.Pass(); } else { - $Assert.StartsWith($subnet, 'Name', $Configuration.CAF_SubnetPrefix) + $Assert.StartsWith($subnet, 'Name', $Configuration.CAF_SubnetPrefix); + if ($Configuration.CAF_UseLowerNames -eq $True) { + $Assert.IsLower($subnet, 'Name'); + } } } } # Synopsis: Use standard virtual network gateway names. Rule 'CAF.Name.VNG' -Type 'Microsoft.Network/virtualNetworkGateways' { - $Assert.StartsWith($TargetObject, 'Name', $Configuration.CAF_VirtualNetworkGatewayPrefix) + $Assert.StartsWith($PSRule, 'TargetName', $Configuration.CAF_VirtualNetworkGatewayPrefix, $True); + if ($Configuration.CAF_UseLowerNames -eq $True) { + $Assert.IsLower($PSRule, 'TargetName'); + } } # Synopsis: Use standard virtual networks gateway connection names. Rule 'CAF.Name.Connection' -Type 'Microsoft.Network/connections' { - $Assert.StartsWith($TargetObject, 'Name', $Configuration.CAF_GatewayConnectionPrefix) + $Assert.StartsWith($PSRule, 'TargetName', $Configuration.CAF_GatewayConnectionPrefix, $True); + if ($Configuration.CAF_UseLowerNames -eq $True) { + $Assert.IsLower($PSRule, 'TargetName'); + } } # Synopsis: Use standard network security group names. Rule 'CAF.Name.NSG' -Type 'Microsoft.Network/networkSecurityGroups' { - $Assert.StartsWith($TargetObject, 'Name', $Configuration.CAF_NetworkSecurityGroupPrefix) + $Assert.StartsWith($PSRule, 'TargetName', $Configuration.CAF_NetworkSecurityGroupPrefix, $True); + if ($Configuration.CAF_UseLowerNames -eq $True) { + $Assert.IsLower($PSRule, 'TargetName'); + } } # Synopsis: Use standard route table names. Rule 'CAF.Name.Route' -Type 'Microsoft.Network/routeTables' { - $Assert.StartsWith($TargetObject, 'Name', $Configuration.CAF_RouteTablePrefix) + $Assert.StartsWith($PSRule, 'TargetName', $Configuration.CAF_RouteTablePrefix, $True); + if ($Configuration.CAF_UseLowerNames -eq $True) { + $Assert.IsLower($PSRule, 'TargetName'); + } } # Synopsis: Use standard virtual machines names. Rule 'CAF.Name.VM' -Type 'Microsoft.Compute/virtualMachines' { - $Assert.StartsWith($TargetObject, 'Name', $Configuration.CAF_VirtualMachinePrefix) + $Assert.StartsWith($PSRule, 'TargetName', $Configuration.CAF_VirtualMachinePrefix, $True); + if ($Configuration.CAF_UseLowerNames -eq $True) { + $Assert.IsLower($PSRule, 'TargetName'); + } } # Synopsis: Use standard storage accounts names. Rule 'CAF.Name.Storage' -Type 'Microsoft.Storage/storageAccounts' { - $Assert.StartsWith($TargetObject, 'Name', $Configuration.CAF_StoragePrefix) + $Assert.StartsWith($PSRule, 'TargetName', $Configuration.CAF_StoragePrefix, $True); + $Assert.IsLower($PSRule, 'TargetName'); } # Synopsis: Use standard public IP address names. Rule 'CAF.Name.PublicIP' -Type 'Microsoft.Network/publicIPAddresses' { - $Assert.StartsWith($TargetObject, 'Name', $Configuration.CAF_PublicIPPrefix) + $Assert.StartsWith($PSRule, 'TargetName', $Configuration.CAF_PublicIPPrefix, $True); + if ($Configuration.CAF_UseLowerNames -eq $True) { + $Assert.IsLower($PSRule, 'TargetName'); + } } # Synopsis: Use standard load balancer names. Rule 'CAF.Name.LoadBalancer' -Type 'Microsoft.Network/loadBalancers' -If { !(CAF_IsManagedLB) } { - $Assert.StartsWith($TargetObject, 'Name', $Configuration.CAF_LoadBalancerPrefix) + $Assert.StartsWith($PSRule, 'TargetName', $Configuration.CAF_LoadBalancerPrefix, $True); + if ($Configuration.CAF_UseLowerNames -eq $True) { + $Assert.IsLower($PSRule, 'TargetName'); + } } diff --git a/src/PSRule.Rules.CAF/rules/CAF.Tag.Rule.ps1 b/src/PSRule.Rules.CAF/rules/CAF.Tag.Rule.ps1 index f4ec3fd..5f216ba 100644 --- a/src/PSRule.Rules.CAF/rules/CAF.Tag.Rule.ps1 +++ b/src/PSRule.Rules.CAF/rules/CAF.Tag.Rule.ps1 @@ -3,28 +3,34 @@ # Note: # This contains rules for standard tagging suggested in the CAF. -# https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/naming-and-tagging +# https://docs.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/naming-and-tagging -# Synopsis: Tag resources and resource groups with mandatory tags -Rule 'CAF.Tag.Required' -If { (CAF_SupportsTags) } { - # Use resource or resource group mandatory tags +# Synopsis: Tag resources with mandatory tags. +Rule 'CAF.Tag.Resource' -If { (CAF_SupportsTags) -and !(CAF_IsResourceGroup) -and ($Configuration.GetStringValues('CAF_ResourceMandatoryTags').Length -gt 0) } { $required = $Configuration.GetStringValues('CAF_ResourceMandatoryTags') - if ($PSRule.TargetType -eq 'Microsoft.Resources/resourceGroups') { - $required = $Configuration.GetStringValues('CAF_ResourceGroupMandatoryTags') - } - # Check mandatory tags if ($required.Length -eq 0) { - return $True + return $Assert.Pass(); } - else { - Exists 'Tags' - if ($Null -ne $TargetObject.Tags) { - $TargetObject.Tags | Exists $required -All - } + $Assert.HasField($TargetObject, 'Tags'); + if ($Null -ne $TargetObject.Tags) { + $Assert.HasFields($TargetObject.Tags, $required, $Configuration.CAF_MatchTagNameCase); } } -# Synopsis: Use standard environment tag values -Rule 'CAF.Tag.Environment' -If { (CAF_SupportsTags) -and (Exists "Tags.$($Configuration.CAF_EnvironmentTag)") } { - $Assert.In($TargetObject, "Tags.$($Configuration.CAF_EnvironmentTag)", $Configuration.CAF_Environments) +# Synopsis: Tag resource groups with mandatory tags. +Rule 'CAF.Tag.ResourceGroup' -Type 'Microsoft.Resources/resourceGroups' -If { ($Configuration.GetStringValues('CAF_ResourceGroupMandatoryTags').Length -gt 0) } { + $required = $Configuration.GetStringValues('CAF_ResourceGroupMandatoryTags'); + if ($required.Length -eq 0) { + return $Assert.Pass(); + } + $Assert.HasField($TargetObject, 'Tags'); + if ($Null -ne $TargetObject.Tags) { + $Assert.HasFields($TargetObject.Tags, $required, $Configuration.CAF_MatchTagNameCase); + } +} + +# Synopsis: Tag resources and resource groups with a valid environment. +Rule 'CAF.Tag.Environment' -If { (CAF_SupportsTags) -and (Exists "Tags.$($Configuration.CAF_EnvironmentTag)") } { + $Assert.HasField($TargetObject, "Tags.$($Configuration.CAF_EnvironmentTag)", $Configuration.CAF_MatchTagNameCase); + $Assert.In($TargetObject, "Tags.$($Configuration.CAF_EnvironmentTag)", $Configuration.CAF_Environments, $Configuration.CAF_MatchTagValueCase) } diff --git a/tests/PSRule.Rules.CAF.Tests/CAF.Name.Tests.ps1 b/tests/PSRule.Rules.CAF.Tests/CAF.Name.Tests.ps1 index b4ace63..bfe4fc8 100644 --- a/tests/PSRule.Rules.CAF.Tests/CAF.Name.Tests.ps1 +++ b/tests/PSRule.Rules.CAF.Tests/CAF.Name.Tests.ps1 @@ -6,9 +6,7 @@ # [CmdletBinding()] -param ( - -) +param () # Setup error handling $ErrorActionPreference = 'Stop'; @@ -21,193 +19,413 @@ if ($Env:SYSTEM_DEBUG -eq 'true') { # Setup tests paths $rootPath = $PWD; Import-Module (Join-Path -Path $rootPath -ChildPath out/modules/PSRule.Rules.CAF) -Force; -$here = (Resolve-Path $PSScriptRoot).Path; Describe 'CAF.Name' -Tag 'name' { - $dataPath = Join-Path -Path $here -ChildPath 'Resources.*.json'; + $invokeParams = @{ + Module = 'PSRule.Rules.CAF' + WarningAction = 'Ignore' + ErrorAction = 'Stop' + } - Context 'Conditions' { - $invokeParams = @{ - Module = 'PSRule.Rules.CAF' - WarningAction = 'Ignore' - ErrorAction = 'Stop' - } - $result = Invoke-PSRule @invokeParams -InputPath $dataPath -Outcome All; - - It 'CAF.Name.RG' { - $filteredResult = $result | Where-Object { $_.RuleName -eq 'CAF.Name.RG' }; - - # Fail - $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' }); - $ruleResult | Should -Not -BeNullOrEmpty; - $ruleResult.Length | Should -Be 1; - $ruleResult.TargetName | Should -Be 'rgB'; - - # Pass - $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' }); - $ruleResult | Should -Not -BeNullOrEmpty; - $ruleResult.Length | Should -Be 1; - $ruleResult.TargetName | Should -Be 'rg-A'; + Context 'CAF.Name.RG' { + $validNames = @( + 'rg-test-001' + ) + $invalidNames = @( + 'rg-Test-001' + 'rgtest001' + 'test-rg-001' + ) + $testObject = [PSCustomObject]@{ + Name = '' + ResourceType = 'Microsoft.Resources/resourceGroups' } - It 'CAF.Name.VNET' { - $filteredResult = $result | Where-Object { $_.RuleName -eq 'CAF.Name.VNET' }; - - # Fail - $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' }); - $ruleResult | Should -Not -BeNullOrEmpty; - $ruleResult.Length | Should -Be 1; - $ruleResult.TargetName | Should -BeIn 'vnetB'; - - # Pass - $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' }); - $ruleResult | Should -Not -BeNullOrEmpty; - $ruleResult.Length | Should -Be 3; - $ruleResult.TargetName | Should -BeIn 'vnet-A', 'vnet-D', 'vnet-C'; + # Pass + foreach ($name in $validNames) { + It $name { + $testObject.Name = $name; + $ruleResult = $testObject | Invoke-PSRule @invokeParams -Name 'CAF.Name.RG'; + $ruleResult | Should -Not -BeNullOrEmpty; + $ruleResult.Outcome | Should -Be 'Pass'; + } } - It 'CAF.Name.Subnet' { - $filteredResult = $result | Where-Object { $_.RuleName -eq 'CAF.Name.Subnet' }; + # Fail + foreach ($name in $invalidNames) { + It $name { + $testObject.Name = $name; + $ruleResult = $testObject | Invoke-PSRule @invokeParams -Name 'CAF.Name.RG'; + $ruleResult | Should -Not -BeNullOrEmpty; + $ruleResult.Outcome | Should -Be 'Fail'; + } + } + } - # Fail - $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' }); - $ruleResult | Should -Not -BeNullOrEmpty; - $ruleResult.Length | Should -Be 2; - $ruleResult.TargetName | Should -BeIn 'vnetB', 'vnet-D'; - - # Pass - $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' }); - $ruleResult | Should -Not -BeNullOrEmpty; - $ruleResult.Length | Should -Be 2; - $ruleResult.TargetName | Should -BeIn 'vnet-A', 'vnet-C'; + Context 'CAF.Name.VNET' { + $validNames = @( + 'vnet-test-001' + ) + $invalidNames = @( + 'vnet-Test-001' + 'vnetest001' + 'test-vnet-001' + ) + $testObject = [PSCustomObject]@{ + Name = '' + ResourceType = 'Microsoft.Network/virtualNetworks' } - It 'CAF.Name.VNG' { - $filteredResult = $result | Where-Object { $_.RuleName -eq 'CAF.Name.VNG' }; - - # Fail - $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' }); - $ruleResult | Should -Not -BeNullOrEmpty; - $ruleResult.Length | Should -Be 1; - $ruleResult.TargetName | Should -Be 'vng-A'; - - # Pass - $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' }); - $ruleResult | Should -Not -BeNullOrEmpty; - $ruleResult.Length | Should -Be 1; - $ruleResult.TargetName | Should -Be 'vgw-B'; + # Pass + foreach ($name in $validNames) { + It $name { + $testObject.Name = $name; + $ruleResult = $testObject | Invoke-PSRule @invokeParams -Name 'CAF.Name.VNET'; + $ruleResult | Should -Not -BeNullOrEmpty; + $ruleResult.Outcome | Should -Be 'Pass'; + } } - It 'CAF.Name.Connection' { - $filteredResult = $result | Where-Object { $_.RuleName -eq 'CAF.Name.Connection' }; + # Fail + foreach ($name in $invalidNames) { + It $name { + $testObject.Name = $name; + $ruleResult = $testObject | Invoke-PSRule @invokeParams -Name 'CAF.Name.VNET'; + $ruleResult | Should -Not -BeNullOrEmpty; + $ruleResult.Outcome | Should -Be 'Fail'; + } + } + } - # Fail - $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' }); - $ruleResult | Should -Not -BeNullOrEmpty; - $ruleResult.Length | Should -Be 2; - $ruleResult.TargetName | Should -BeIn 'expressroute-connection', 'connection-B'; + Context 'CAF.Name.Subnet' { + $validNames = @( + 'snet-test-001' + ) + $invalidNames = @( + 'snet-Test-001' + 'snettest001' + 'test-snet-001' + ) + $testObject = @( + [PSCustomObject]@{ + Name = '' + ResourceType = 'Microsoft.Network/virtualNetworks/subnets' + } + [PSCustomObject]@{ + Name = '' + ResourceType = 'Microsoft.Network/virtualNetworks' + Properties = @{ + subnets = @( + @{ + Name = '' + } + ) + } + } + ) - # Pass - $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' }); - $ruleResult | Should -Not -BeNullOrEmpty; - $ruleResult.Length | Should -Be 3; - $ruleResult.TargetName | Should -BeIn 'cn-expressroute', 'cn-C', 'cn-A'; + # Pass + foreach ($name in $validNames) { + It $name { + $testObject[0].Name = $name; + $testObject[1].Properties.Subnets[0].Name = $name; + $ruleResult = $testObject | Invoke-PSRule @invokeParams -Name 'CAF.Name.Subnet'; + $ruleResult | Should -Not -BeNullOrEmpty; + $ruleResult.Outcome | Should -BeIn 'Pass'; + } } - It 'CAF.Name.NSG' { - $filteredResult = $result | Where-Object { $_.RuleName -eq 'CAF.Name.NSG' }; + # Fail + foreach ($name in $invalidNames) { + It $name { + $testObject[0].Name = $name; + $testObject[1].Properties.Subnets[0].Name = $name; + $ruleResult = $testObject | Invoke-PSRule @invokeParams -Name 'CAF.Name.Subnet'; + $ruleResult | Should -Not -BeNullOrEmpty; + $ruleResult.Outcome | Should -BeIn 'Fail'; + } + } + } - # Fail - $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' }); - $ruleResult | Should -Not -BeNullOrEmpty; - $ruleResult.Length | Should -Be 1; - $ruleResult.TargetName | Should -BeIn 'nsgB'; - - # Pass - $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' }); - $ruleResult | Should -Not -BeNullOrEmpty; - $ruleResult.Length | Should -Be 2; - $ruleResult.TargetName | Should -BeIn 'nsg-A', 'nsg-C'; + Context 'CAF.Name.VNG' { + $validNames = @( + 'vgw-test-001' + ) + $invalidNames = @( + 'vgw-Test-001' + 'vgwtest001' + 'test-vgw-001' + ) + $testObject = [PSCustomObject]@{ + Name = '' + ResourceType = 'Microsoft.Network/virtualNetworkGateways' } - It 'CAF.Name.Route' { - $filteredResult = $result | Where-Object { $_.RuleName -eq 'CAF.Name.Route' }; - - # Fail - $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' }); - $ruleResult | Should -Not -BeNullOrEmpty; - $ruleResult.Length | Should -Be 1; - $ruleResult.TargetName | Should -Be 'routeB'; - - # Pass - $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' }); - $ruleResult | Should -Not -BeNullOrEmpty; - $ruleResult.Length | Should -Be 1; - $ruleResult.TargetName | Should -Be 'route-A'; + # Pass + foreach ($name in $validNames) { + It $name { + $testObject.Name = $name; + $ruleResult = $testObject | Invoke-PSRule @invokeParams -Name 'CAF.Name.VNG'; + $ruleResult | Should -Not -BeNullOrEmpty; + $ruleResult.Outcome | Should -Be 'Pass'; + } } - It 'CAF.Name.VM' { - $filteredResult = $result | Where-Object { $_.RuleName -eq 'CAF.Name.VM' }; + # Fail + foreach ($name in $invalidNames) { + It $name { + $testObject.Name = $name; + $ruleResult = $testObject | Invoke-PSRule @invokeParams -Name 'CAF.Name.VNG'; + $ruleResult | Should -Not -BeNullOrEmpty; + $ruleResult.Outcome | Should -Be 'Fail'; + } + } + } - # Fail - $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' }); - $ruleResult | Should -Not -BeNullOrEmpty; - $ruleResult.Length | Should -Be 1; - $ruleResult.TargetName | Should -Be 'bvm'; - - # Pass - $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' }); - $ruleResult | Should -Not -BeNullOrEmpty; - $ruleResult.Length | Should -Be 1; - $ruleResult.TargetName | Should -Be 'vm-A'; + Context 'CAF.Name.Connection' { + $validNames = @( + 'cn-test-001' + ) + $invalidNames = @( + 'cn-Test-001' + 'cntest001' + 'test-cn-001' + ) + $testObject = [PSCustomObject]@{ + Name = '' + ResourceType = 'Microsoft.Network/connections' } - It 'CAF.Name.Storage' { - $filteredResult = $result | Where-Object { $_.RuleName -eq 'CAF.Name.Storage' }; - - # Fail - $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' }); - $ruleResult | Should -Not -BeNullOrEmpty; - $ruleResult.Length | Should -Be 1; - $ruleResult.TargetName | Should -Be 'bstorage'; - - # Pass - $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' }); - $ruleResult | Should -Not -BeNullOrEmpty; - $ruleResult.Length | Should -Be 1; - $ruleResult.TargetName | Should -Be 'storagea'; + # Pass + foreach ($name in $validNames) { + It $name { + $testObject.Name = $name; + $ruleResult = $testObject | Invoke-PSRule @invokeParams -Name 'CAF.Name.Connection'; + $ruleResult | Should -Not -BeNullOrEmpty; + $ruleResult.Outcome | Should -Be 'Pass'; + } } - It 'CAF.Name.PublicIP' { - $filteredResult = $result | Where-Object { $_.RuleName -eq 'CAF.Name.PublicIP' }; + # Fail + foreach ($name in $invalidNames) { + It $name { + $testObject.Name = $name; + $ruleResult = $testObject | Invoke-PSRule @invokeParams -Name 'CAF.Name.Connection'; + $ruleResult | Should -Not -BeNullOrEmpty; + $ruleResult.Outcome | Should -Be 'Fail'; + } + } + } - # Fail - $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' }); - $ruleResult | Should -Not -BeNullOrEmpty; - $ruleResult.Length | Should -Be 1; - $ruleResult.TargetName | Should -Be 'pipB'; - - # Pass - $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' }); - $ruleResult | Should -Not -BeNullOrEmpty; - $ruleResult.Length | Should -Be 1; - $ruleResult.TargetName | Should -Be 'pip-A'; + Context 'CAF.Name.NSG' { + $validNames = @( + 'nsg-test-001' + ) + $invalidNames = @( + 'nsg-Test-001' + 'nsgtest001' + 'test-nsg-001' + ) + $testObject = [PSCustomObject]@{ + Name = '' + ResourceType = 'Microsoft.Network/networkSecurityGroups' } - It 'CAF.Name.LoadBalancer' { - $filteredResult = $result | Where-Object { $_.RuleName -eq 'CAF.Name.LoadBalancer' }; + # Pass + foreach ($name in $validNames) { + It $name { + $testObject.Name = $name; + $ruleResult = $testObject | Invoke-PSRule @invokeParams -Name 'CAF.Name.NSG'; + $ruleResult | Should -Not -BeNullOrEmpty; + $ruleResult.Outcome | Should -Be 'Pass'; + } + } - # Fail - $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' }); - $ruleResult | Should -Not -BeNullOrEmpty; - $ruleResult.Length | Should -Be 1; - $ruleResult.TargetName | Should -Be 'lbB'; + # Fail + foreach ($name in $invalidNames) { + It $name { + $testObject.Name = $name; + $ruleResult = $testObject | Invoke-PSRule @invokeParams -Name 'CAF.Name.NSG'; + $ruleResult | Should -Not -BeNullOrEmpty; + $ruleResult.Outcome | Should -Be 'Fail'; + } + } + } - # Pass - $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' }); - $ruleResult | Should -Not -BeNullOrEmpty; - $ruleResult.Length | Should -Be 1; - $ruleResult.TargetName | Should -Be 'lbe-A'; + Context 'CAF.Name.Route' { + $validNames = @( + 'route-test-001' + ) + $invalidNames = @( + 'route-Test-001' + 'routetest001' + 'test-route-001' + ) + $testObject = [PSCustomObject]@{ + Name = '' + ResourceType = 'Microsoft.Network/routeTables' + } + + # Pass + foreach ($name in $validNames) { + It $name { + $testObject.Name = $name; + $ruleResult = $testObject | Invoke-PSRule @invokeParams -Name 'CAF.Name.Route'; + $ruleResult | Should -Not -BeNullOrEmpty; + $ruleResult.Outcome | Should -Be 'Pass'; + } + } + + # Fail + foreach ($name in $invalidNames) { + It $name { + $testObject.Name = $name; + $ruleResult = $testObject | Invoke-PSRule @invokeParams -Name 'CAF.Name.Route'; + $ruleResult | Should -Not -BeNullOrEmpty; + $ruleResult.Outcome | Should -Be 'Fail'; + } + } + } + + Context 'CAF.Name.VM' { + $validNames = @( + 'vm-test-001' + 'vmtest001' + ) + $invalidNames = @( + 'vm-Test-001' + 'test-vm-001' + ) + $testObject = [PSCustomObject]@{ + Name = '' + ResourceType = 'Microsoft.Compute/virtualMachines' + } + + # Pass + foreach ($name in $validNames) { + It $name { + $testObject.Name = $name; + $ruleResult = $testObject | Invoke-PSRule @invokeParams -Name 'CAF.Name.VM'; + $ruleResult | Should -Not -BeNullOrEmpty; + $ruleResult.Outcome | Should -Be 'Pass'; + } + } + + # Fail + foreach ($name in $invalidNames) { + It $name { + $testObject.Name = $name; + $ruleResult = $testObject | Invoke-PSRule @invokeParams -Name 'CAF.Name.VM'; + $ruleResult | Should -Not -BeNullOrEmpty; + $ruleResult.Outcome | Should -Be 'Fail'; + } + } + } + + Context 'CAF.Name.Storage' { + $validNames = @( + 'storage001' + 'stvm001' + 'dls001' + ) + $invalidNames = @( + 'sTest001' + 'testst001' + ) + $testObject = [PSCustomObject]@{ + Name = '' + ResourceType = 'Microsoft.Storage/storageAccounts' + } + + # Pass + foreach ($name in $validNames) { + It $name { + $testObject.Name = $name; + $ruleResult = $testObject | Invoke-PSRule @invokeParams -Name 'CAF.Name.Storage'; + $ruleResult | Should -Not -BeNullOrEmpty; + $ruleResult.Outcome | Should -Be 'Pass'; + } + } + + # Fail + foreach ($name in $invalidNames) { + It $name { + $testObject.Name = $name; + $ruleResult = $testObject | Invoke-PSRule @invokeParams -Name 'CAF.Name.Storage'; + $ruleResult | Should -Not -BeNullOrEmpty; + $ruleResult.Outcome | Should -Be 'Fail'; + } + } + } + + Context 'CAF.Name.PublicIP' { + $validNames = @( + 'pip-test-001' + ) + $invalidNames = @( + 'pip-Test-001' + 'piptest001' + 'test-pip-001' + ) + $testObject = [PSCustomObject]@{ + Name = '' + ResourceType = 'Microsoft.Network/publicIPAddresses' + } + + # Pass + foreach ($name in $validNames) { + It $name { + $testObject.Name = $name; + $ruleResult = $testObject | Invoke-PSRule @invokeParams -Name 'CAF.Name.PublicIP'; + $ruleResult | Should -Not -BeNullOrEmpty; + $ruleResult.Outcome | Should -Be 'Pass'; + } + } + + # Fail + foreach ($name in $invalidNames) { + It $name { + $testObject.Name = $name; + $ruleResult = $testObject | Invoke-PSRule @invokeParams -Name 'CAF.Name.PublicIP'; + $ruleResult | Should -Not -BeNullOrEmpty; + $ruleResult.Outcome | Should -Be 'Fail'; + } + } + } + + Context 'CAF.Name.LoadBalancer' { + $validNames = @( + 'lbi-test-001' + 'lbe-test-001' + ) + $invalidNames = @( + 'lbi-Test-001' + 'lbetest001' + 'test-lbi-001' + ) + $testObject = [PSCustomObject]@{ + Name = '' + ResourceType = 'Microsoft.Network/loadBalancers' + } + + # Pass + foreach ($name in $validNames) { + It $name { + $testObject.Name = $name; + $ruleResult = $testObject | Invoke-PSRule @invokeParams -Name 'CAF.Name.LoadBalancer'; + $ruleResult | Should -Not -BeNullOrEmpty; + $ruleResult.Outcome | Should -Be 'Pass'; + } + } + + # Fail + foreach ($name in $invalidNames) { + It $name { + $testObject.Name = $name; + $ruleResult = $testObject | Invoke-PSRule @invokeParams -Name 'CAF.Name.LoadBalancer'; + $ruleResult | Should -Not -BeNullOrEmpty; + $ruleResult.Outcome | Should -Be 'Fail'; + } } } } diff --git a/tests/PSRule.Rules.CAF.Tests/CAF.Tag.Tests.ps1 b/tests/PSRule.Rules.CAF.Tests/CAF.Tag.Tests.ps1 index ce446f8..ae0f646 100644 --- a/tests/PSRule.Rules.CAF.Tests/CAF.Tag.Tests.ps1 +++ b/tests/PSRule.Rules.CAF.Tests/CAF.Tag.Tests.ps1 @@ -6,9 +6,7 @@ # [CmdletBinding()] -param ( - -) +param () # Setup error handling $ErrorActionPreference = 'Stop'; @@ -21,11 +19,8 @@ if ($Env:SYSTEM_DEBUG -eq 'true') { # Setup tests paths $rootPath = $PWD; Import-Module (Join-Path -Path $rootPath -ChildPath out/modules/PSRule.Rules.CAF) -Force; -$here = (Resolve-Path $PSScriptRoot).Path; Describe 'CAF.Tag' -Tag 'tag' { - $dataPath = Join-Path -Path $here -ChildPath 'Resources.*.json'; - Context 'Conditions' { $invokeParams = @{ Module = 'PSRule.Rules.CAF' @@ -71,13 +66,20 @@ Describe 'CAF.Tag' -Tag 'tag' { Tags = @{ Environment = 'Prod' } + }, + @{ + Name = 'vnet-C' + Type = 'Microsoft.Network/virtualNetworks' + Tags = @{ + env = 'prod' + } } ) - It 'CAF.Tag.Required' { + It 'CAF.Tag.Resource' { # Not set $result = $testObject | Invoke-PSRule @invokeParams -Outcome All; - $filteredResult = $result | Where-Object { $_.RuleName -eq 'CAF.Tag.Required' }; + $filteredResult = $result | Where-Object { $_.RuleName -eq 'CAF.Tag.Resource' }; # Fail $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' }); @@ -85,29 +87,74 @@ Describe 'CAF.Tag' -Tag 'tag' { # Pass $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' }); - $ruleResult | Should -Not -BeNullOrEmpty; - $ruleResult.Length | Should -Be 5; - $ruleResult.TargetName | Should -BeIn 'rg-A', 'rg-B', 'rg-C', 'vnet-A', 'vnet-B'; + $ruleResult | Should -BeNullOrEmpty; # With resource tags set - $result = $testObject | Invoke-PSRule @invokeParams -Outcome All -Option @{ 'Configuration.CAF_ResourceMandatoryTags' = @('Env') }; - $filteredResult = $result | Where-Object { $_.RuleName -eq 'CAF.Tag.Required' }; + $result = $testObject | Invoke-PSRule @invokeParams -Outcome All -Option @{ + 'Configuration.CAF_ResourceMandatoryTags' = @('Env') + }; + $filteredResult = $result | Where-Object { $_.RuleName -eq 'CAF.Tag.Resource' }; + + # Fail + $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' }); + $ruleResult | Should -Not -BeNullOrEmpty; + $ruleResult.Length | Should -Be 2; + $ruleResult.TargetName | Should -BeIn 'vnet-B', 'vnet-C'; + + # Pass + $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' }); + $ruleResult | Should -Not -BeNullOrEmpty; + $ruleResult.Length | Should -Be 1; + $ruleResult.TargetName | Should -BeIn 'vnet-A'; + + # None + $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'None' }); + $ruleResult | Should -Not -BeNullOrEmpty; + $ruleResult.Length | Should -Be 4; + $ruleResult.TargetName | Should -BeIn 'rg-A', 'rg-B', 'rg-C', 'GatewaySubnet'; + + # With resource tags set, non-case-sensitive + $result = $testObject | Invoke-PSRule @invokeParams -Outcome All -Option @{ + 'Configuration.CAF_ResourceMandatoryTags' = 'Env' + 'Configuration.CAF_MatchTagNameCase' = $False + }; + $filteredResult = $result | Where-Object { $_.RuleName -eq 'CAF.Tag.Resource' }; # Fail $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' }); $ruleResult | Should -Not -BeNullOrEmpty; $ruleResult.Length | Should -Be 1; - $ruleResult.TargetName | Should -Be 'vnet-B'; + $ruleResult.TargetName | Should -BeIn 'vnet-B'; # Pass $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' }); $ruleResult | Should -Not -BeNullOrEmpty; + $ruleResult.Length | Should -Be 2; + $ruleResult.TargetName | Should -BeIn 'vnet-A', 'vnet-C'; + + # None + $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'None' }); + $ruleResult | Should -Not -BeNullOrEmpty; $ruleResult.Length | Should -Be 4; - $ruleResult.TargetName | Should -BeIn 'rg-A', 'rg-B', 'rg-C', 'vnet-A'; + $ruleResult.TargetName | Should -BeIn 'rg-A', 'rg-B', 'rg-C', 'GatewaySubnet'; + } + + It 'CAF.Tag.ResourceGroup' { + # Not set + $result = $testObject | Invoke-PSRule @invokeParams -Outcome All; + $filteredResult = $result | Where-Object { $_.RuleName -eq 'CAF.Tag.ResourceGroup' }; + + # Fail + $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' }); + $ruleResult | Should -BeNullOrEmpty; + + # Pass + $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' }); + $ruleResult | Should -BeNullOrEmpty; # With resource group tags set $result = $testObject | Invoke-PSRule @invokeParams -Outcome All -Option @{ 'Configuration.CAF_ResourceGroupMandatoryTags' = @('Env') }; - $filteredResult = $result | Where-Object { $_.RuleName -eq 'CAF.Tag.Required' }; + $filteredResult = $result | Where-Object { $_.RuleName -eq 'CAF.Tag.ResourceGroup' }; # Fail $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' }); @@ -118,8 +165,14 @@ Describe 'CAF.Tag' -Tag 'tag' { # Pass $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' }); $ruleResult | Should -Not -BeNullOrEmpty; - $ruleResult.Length | Should -Be 3; + $ruleResult.Length | Should -Be 1; $ruleResult.TargetName | Should -BeIn 'rg-A', 'vnet-A', 'vnet-B'; + + # None + $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'None' }); + $ruleResult | Should -Not -BeNullOrEmpty; + $ruleResult.Length | Should -Be 4; + $ruleResult.TargetName | Should -BeIn 'vnet-A', 'vnet-B', 'vnet-C', 'GatewaySubnet'; } It 'CAF.Tag.Environment' { @@ -129,7 +182,9 @@ Describe 'CAF.Tag' -Tag 'tag' { # Fail $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' }); - $ruleResult | Should -BeNullOrEmpty; + $ruleResult | Should -Not -BeNullOrEmpty; + $ruleResult.Length | Should -Be 1; + $ruleResult.TargetName | Should -BeIn 'vnet-C'; # Pass $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' }); @@ -162,8 +217,8 @@ Describe 'CAF.Tag' -Tag 'tag' { # None $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'None' }); $ruleResult | Should -Not -BeNullOrEmpty; - $ruleResult.Length | Should -Be 3; - $ruleResult.TargetName | Should -BeIn 'rg-B', 'vnet-A', 'GatewaySubnet'; + $ruleResult.Length | Should -Be 4; + $ruleResult.TargetName | Should -BeIn 'rg-B', 'vnet-A', 'vnet-C', 'GatewaySubnet'; } } } diff --git a/tests/PSRule.Rules.CAF.Tests/Resources.Network.json b/tests/PSRule.Rules.CAF.Tests/Resources.Network.json deleted file mode 100644 index 8cbb833..0000000 --- a/tests/PSRule.Rules.CAF.Tests/Resources.Network.json +++ /dev/null @@ -1,2486 +0,0 @@ -[ - { - "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/routeTables/route-A", - "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/routeTables/route-A", - "Location": "region", - "ResourceName": "route-A", - "Name": "route-A", - "Properties": { - "disableBgpRoutePropagation": false, - "routes": [], - "subnets": [ - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-A/subnets/subnet-A" - }, - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-A/subnets/subnet-B" - } - ] - }, - "ResourceGroupName": "test-rg", - "Type": "Microsoft.Network/routeTables", - "ResourceType": "Microsoft.Network/routeTables", - "Tags": null, - "SubscriptionId": "00000000-0000-0000-0000-000000000000" - }, - { - "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/routeTables/routeB", - "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/routeTables/routeB", - "Location": "region", - "ResourceName": "routeB", - "Name": "routeB", - "Properties": { - "disableBgpRoutePropagation": false, - "routes": [], - "subnets": [ - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-A/subnets/subnet-A" - }, - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-A/subnets/subnet-B" - } - ] - }, - "ResourceGroupName": "test-rg", - "Type": "Microsoft.Network/routeTables", - "ResourceType": "Microsoft.Network/routeTables", - "Tags": null, - "SubscriptionId": "00000000-0000-0000-0000-000000000000" - }, - { - "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-A", - "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-A", - "Location": "region", - "ResourceName": "vnet-A", - "Name": "vnet-A", - "Properties": { - "addressSpace": { - "addressPrefixes": [ - "10.1.0.0/24" - ] - }, - "dhcpOptions": { - "dnsServers": [ - "10.1.0.36", - "168.63.129.16" - ] - }, - "subnets": [ - { - "name": "GatewaySubnet", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-A/subnets/GatewaySubnet", - "properties": { - "addressPrefix": "10.1.0.0/27", - "serviceEndpoints": [], - "delegations": [] - }, - "type": "Microsoft.Network/virtualNetworks/subnets" - }, - { - "name": "snet-A", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-A/subnets/subnet-A", - "properties": { - "addressPrefix": "10.1.0.32/28", - "networkSecurityGroup": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkSecurityGroups/nsg-A" - }, - "routeTable": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/routeTables/route-A" - }, - "serviceEndpoints": [], - "delegations": [] - }, - "type": "Microsoft.Network/virtualNetworks/subnets" - }, - { - "name": "snet-B", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-A/subnets/subnet-B", - "properties": { - "addressPrefix": "10.1.0.48/28", - "networkSecurityGroup": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkSecurityGroups/nsg-A" - }, - "routeTable": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/routeTables/route-A" - }, - "serviceEndpoints": [], - "delegations": [] - }, - "type": "Microsoft.Network/virtualNetworks/subnets" - }, - { - "name": "snet-C", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-A/subnets/subnet-C", - "properties": { - "addressPrefix": "10.1.0.64/28", - "networkSecurityGroup": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkSecurityGroups/nsg-A" - }, - "routeTable": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/routeTables/route-A" - }, - "serviceEndpoints": [], - "delegations": [] - }, - "type": "Microsoft.Network/virtualNetworks/subnets" - }, - { - "name": "snet-D", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-A/subnets/subnet-D", - "properties": { - "addressPrefix": "10.1.0.80/28", - "networkSecurityGroup": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkSecurityGroups/nsg-A" - }, - "routeTable": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/routeTables/route-A" - }, - "serviceEndpoints": [], - "delegations": [] - }, - "type": "Microsoft.Network/virtualNetworks/subnets" - } - ], - "virtualNetworkPeerings": [ - { - "name": "peer-B", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-A/virtualNetworkPeerings/peer-B", - "properties": { - "peeringState": "Connected", - "remoteVirtualNetwork": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-B" - }, - "allowVirtualNetworkAccess": true, - "allowForwardedTraffic": false, - "allowGatewayTransit": false, - "useRemoteGateways": false, - "doNotVerifyRemoteGateways": false, - "remoteAddressSpace": { - "addressPrefixes": [ - "10.2.0.0/24" - ] - }, - "routeServiceVips": {} - }, - "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings" - } - ], - "enableDdosProtection": false, - "enableVmProtection": false - }, - "ResourceGroupName": "test-rg", - "Type": "Microsoft.Network/virtualNetworks", - "ResourceType": "Microsoft.Network/virtualNetworks", - "Tags": null, - "SubscriptionId": "00000000-0000-0000-0000-000000000000" - }, - { - "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnetB", - "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnetB", - "Location": "region", - "ResourceName": "vnetB", - "Name": "vnetB", - "Properties": { - "addressSpace": { - "addressPrefixes": [ - "10.2.0.0/24" - ] - }, - "dhcpOptions": { - "dnsServers": [ - "10.99.0.36" - ] - }, - "subnets": [ - { - "name": "GatewaySubnet", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-B/subnets/GatewaySubnet", - "properties": { - "addressPrefix": "10.2.0.0/27", - "serviceEndpoints": [], - "delegations": [] - }, - "type": "Microsoft.Network/virtualNetworks/subnets" - }, - { - "name": "subnet-A", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-B/subnets/subnet-A", - "properties": { - "addressPrefix": "10.2.0.32/28", - "networkSecurityGroup": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkSecurityGroups/nsg-A" - }, - "routeTable": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/routeTables/route-A" - }, - "serviceEndpoints": [], - "delegations": [] - }, - "type": "Microsoft.Network/virtualNetworks/subnets" - }, - { - "name": "subnet-B", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-B/subnets/subnet-B", - "properties": { - "addressPrefix": "10.2.0.48/28", - "routeTable": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/routeTables/route-A" - }, - "serviceEndpoints": [], - "delegations": [] - }, - "type": "Microsoft.Network/virtualNetworks/subnets" - }, - { - "name": "subnet-C", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-B/subnets/subnet-C", - "properties": { - "addressPrefix": "10.2.0.64/28", - "networkSecurityGroup": null, - "routeTable": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/routeTables/route-A" - }, - "serviceEndpoints": [], - "delegations": [] - }, - "type": "Microsoft.Network/virtualNetworks/subnets" - }, - { - "name": "subnet-D", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-B/subnets/subnet-D", - "properties": { - "addressPrefix": "10.2.0.80/28", - "networkSecurityGroup": {}, - "routeTable": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/routeTables/route-A" - }, - "serviceEndpoints": [], - "delegations": [] - }, - "type": "Microsoft.Network/virtualNetworks/subnets" - } - ], - "virtualNetworkPeerings": [ - { - "name": "peer-A", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-B/virtualNetworkPeerings/peer-A", - "properties": { - "peeringState": "Connected", - "remoteVirtualNetwork": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-A" - }, - "allowVirtualNetworkAccess": true, - "allowForwardedTraffic": false, - "allowGatewayTransit": false, - "useRemoteGateways": false, - "doNotVerifyRemoteGateways": false, - "remoteAddressSpace": { - "addressPrefixes": [ - "10.1.0.0/24" - ] - }, - "routeServiceVips": {} - }, - "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings" - } - ], - "enableDdosProtection": false, - "enableVmProtection": false - }, - "ResourceGroupName": "test-rg", - "Type": "Microsoft.Network/virtualNetworks", - "ResourceType": "Microsoft.Network/virtualNetworks", - "Tags": null, - "SubscriptionId": "00000000-0000-0000-0000-000000000000" - }, - { - "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-C", - "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-C", - "Location": "region", - "ResourceName": "vnet-C", - "Name": "vnet-C", - "Properties": { - "addressSpace": { - "addressPrefixes": [ - "10.3.0.0/24" - ] - }, - "dhcpOptions": { - "dnsServers": [] - }, - "subnets": [ - { - "name": "GatewaySubnet", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-C/subnets/GatewaySubnet", - "properties": { - "addressPrefix": "10.3.0.0/27", - "serviceEndpoints": [], - "delegations": [] - }, - "type": "Microsoft.Network/virtualNetworks/subnets" - }, - { - "name": "snet-A", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-C/subnets/subnet-A", - "properties": { - "addressPrefix": "10.3.0.32/28", - "networkSecurityGroup": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkSecurityGroups/nsg-A" - }, - "routeTable": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/routeTables/route-A" - }, - "serviceEndpoints": [], - "delegations": [] - }, - "type": "Microsoft.Network/virtualNetworks/subnets" - }, - { - "name": "snet-B", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-C/subnets/subnet-B", - "properties": { - "addressPrefix": "10.3.0.48/28", - "routeTable": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/routeTables/route-A" - }, - "serviceEndpoints": [], - "delegations": [] - }, - "type": "Microsoft.Network/virtualNetworks/subnets" - }, - { - "name": "snet-C", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-C/subnets/subnet-C", - "properties": { - "addressPrefix": "10.3.0.64/28", - "networkSecurityGroup": null, - "routeTable": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/routeTables/route-A" - }, - "serviceEndpoints": [], - "delegations": [] - }, - "type": "Microsoft.Network/virtualNetworks/subnets" - }, - { - "name": "AzureFirewallSubnet", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-C/subnets/subnet-D", - "properties": { - "addressPrefix": "10.3.0.80/28", - "networkSecurityGroup": {}, - "routeTable": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/routeTables/route-A" - }, - "serviceEndpoints": [], - "delegations": [] - }, - "type": "Microsoft.Network/virtualNetworks/subnets" - } - ], - "virtualNetworkPeerings": [ - { - "name": "peer-A", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-C/virtualNetworkPeerings/peer-A", - "properties": { - "peeringState": "Connected", - "remoteVirtualNetwork": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-A" - }, - "allowVirtualNetworkAccess": true, - "allowForwardedTraffic": false, - "allowGatewayTransit": false, - "useRemoteGateways": false, - "doNotVerifyRemoteGateways": false, - "remoteAddressSpace": { - "addressPrefixes": [ - "10.1.0.0/24" - ] - }, - "routeServiceVips": {} - }, - "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings" - }, - { - "name": "peer-D", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-C/virtualNetworkPeerings/peer-D", - "properties": { - "peeringState": "Disconnected", - "remoteVirtualNetwork": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-D" - }, - "allowVirtualNetworkAccess": true, - "allowForwardedTraffic": false, - "allowGatewayTransit": false, - "useRemoteGateways": false, - "doNotVerifyRemoteGateways": false, - "remoteAddressSpace": { - "addressPrefixes": [ - "10.4.0.0/24" - ] - }, - "routeServiceVips": {} - }, - "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings" - } - ], - "enableDdosProtection": false, - "enableVmProtection": false - }, - "ResourceGroupName": "test-rg", - "Type": "Microsoft.Network/virtualNetworks", - "ResourceType": "Microsoft.Network/virtualNetworks", - "Tags": null, - "SubscriptionId": "00000000-0000-0000-0000-000000000000" - }, - { - "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-D", - "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-D", - "Location": "region", - "ResourceName": "vnet-D", - "Name": "vnet-D", - "Properties": { - "addressSpace": { - "addressPrefixes": [ - "10.4.0.0/24" - ] - }, - "dhcpOptions": { - "dnsServers": [ - "10.99.0.36", - "10.99.0.37" - ] - }, - "subnets": [ - { - "name": "GatewaySubnet", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-D/subnets/GatewaySubnet", - "properties": { - "addressPrefix": "10.4.0.0/27", - "serviceEndpoints": [], - "delegations": [] - }, - "type": "Microsoft.Network/virtualNetworks/subnets" - }, - { - "name": "subnet-A", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-D/subnets/subnet-A", - "properties": { - "addressPrefix": "10.4.0.32/28", - "networkSecurityGroup": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkSecurityGroups/nsg-A" - }, - "routeTable": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/routeTables/route-A" - }, - "serviceEndpoints": [], - "delegations": [] - }, - "type": "Microsoft.Network/virtualNetworks/subnets" - }, - { - "name": "subnet-B", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-D/subnets/subnet-B", - "properties": { - "addressPrefix": "10.4.0.48/28", - "routeTable": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/routeTables/route-A" - }, - "serviceEndpoints": [], - "delegations": [] - }, - "type": "Microsoft.Network/virtualNetworks/subnets" - }, - { - "name": "subnet-C", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-D/subnets/subnet-C", - "properties": { - "addressPrefix": "10.4.0.64/28", - "networkSecurityGroup": null, - "routeTable": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/routeTables/route-A" - }, - "serviceEndpoints": [], - "delegations": [] - }, - "type": "Microsoft.Network/virtualNetworks/subnets" - }, - { - "name": "subnet-D", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-D/subnets/subnet-D", - "properties": { - "addressPrefix": "10.4.0.80/28", - "networkSecurityGroup": {}, - "routeTable": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/routeTables/route-A" - }, - "serviceEndpoints": [], - "delegations": [] - }, - "type": "Microsoft.Network/virtualNetworks/subnets" - } - ], - "virtualNetworkPeerings": [], - "enableDdosProtection": false, - "enableVmProtection": false - }, - "ResourceGroupName": "test-rg", - "Type": "Microsoft.Network/virtualNetworks", - "ResourceType": "Microsoft.Network/virtualNetworks", - "Tags": null, - "SubscriptionId": "00000000-0000-0000-0000-000000000000" - }, - { - "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkSecurityGroups/nsg-A", - "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkSecurityGroups/nsg-A", - "Location": "region", - "ResourceName": "nsg-A", - "Name": "nsg-A", - "Properties": { - "securityRules": [ - { - "name": "allow-rdp-inbound", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkSecurityGroups/nsg-A/securityRules/allow-rdp-inbound", - "type": "Microsoft.Network/networkSecurityGroups/securityRules", - "properties": { - "protocol": "Tcp", - "sourcePortRange": "*", - "destinationPortRange": "3389", - "destinationAddressPrefix": "VirtualNetwork", - "access": "Allow", - "priority": 400, - "direction": "Inbound", - "sourcePortRanges": [], - "destinationPortRanges": [], - "sourceAddressPrefixes": [], - "destinationAddressPrefixes": [], - "sourceApplicationSecurityGroups": [ - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationSecurityGroups/asg-A" - } - ] - } - }, - { - "name": "allow-dc-to-dc-inbound", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkSecurityGroups/nsg-A/securityRules/allow-dc-to-dc-inbound", - "type": "Microsoft.Network/networkSecurityGroups/securityRules", - "properties": { - "protocol": "*", - "sourcePortRange": "*", - "destinationPortRange": "*", - "destinationAddressPrefix": "VirtualNetwork", - "access": "Allow", - "priority": 300, - "direction": "Inbound", - "sourcePortRanges": [], - "destinationPortRanges": [], - "sourceAddressPrefixes": [ - "10.1.0.32/28", - "10.2.0.32/28", - "10.3.0.32/28" - ], - "destinationAddressPrefixes": [] - } - }, - { - "name": "allow-dc-to-dc-outbound", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkSecurityGroups/nsg-A/securityRules/allow-dc-to-dc-outbound", - "type": "Microsoft.Network/networkSecurityGroups/securityRules", - "properties": { - "protocol": "*", - "sourcePortRange": "*", - "destinationPortRange": "*", - "sourceAddressPrefix": "VirtualNetwork", - "access": "Allow", - "priority": 300, - "direction": "Outbound", - "sourcePortRanges": [], - "destinationPortRanges": [], - "sourceAddressPrefixes": [], - "destinationAddressPrefixes": [ - "10.1.0.32/28", - "10.2.0.32/28", - "10.3.0.32/28" - ] - } - }, - { - "name": "deny-rdp-double-hop-outbound", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkSecurityGroups/nsg-A/securityRules/deny-rdp-double-hop-outbound", - "type": "Microsoft.Network/networkSecurityGroups/securityRules", - "properties": { - "description": "Prevent outbound RDP.", - "protocol": "Tcp", - "sourcePortRange": "*", - "destinationPortRange": "3389", - "sourceAddressPrefix": "VirtualNetwork", - "destinationAddressPrefix": "*", - "access": "Deny", - "priority": 200, - "direction": "Outbound", - "sourcePortRanges": [], - "destinationPortRanges": [], - "sourceAddressPrefixes": [], - "destinationAddressPrefixes": [] - } - } - ], - "defaultSecurityRules": [ - { - "name": "AllowVnetInBound", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkSecurityGroups/nsg-A/defaultSecurityRules/AllowVnetInBound", - "type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules", - "properties": { - "description": "Allow inbound traffic from all VMs in VNET", - "protocol": "*", - "sourcePortRange": "*", - "destinationPortRange": "*", - "sourceAddressPrefix": "VirtualNetwork", - "destinationAddressPrefix": "VirtualNetwork", - "access": "Allow", - "priority": 65000, - "direction": "Inbound", - "sourcePortRanges": [], - "destinationPortRanges": [], - "sourceAddressPrefixes": [], - "destinationAddressPrefixes": [] - } - }, - { - "name": "AllowAzureLoadBalancerInBound", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkSecurityGroups/nsg-A/defaultSecurityRules/AllowAzureLoadBalancerInBound", - "type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules", - "properties": { - "description": "Allow inbound traffic from azure load balancer", - "protocol": "*", - "sourcePortRange": "*", - "destinationPortRange": "*", - "sourceAddressPrefix": "AzureLoadBalancer", - "destinationAddressPrefix": "*", - "access": "Allow", - "priority": 65001, - "direction": "Inbound", - "sourcePortRanges": [], - "destinationPortRanges": [], - "sourceAddressPrefixes": [], - "destinationAddressPrefixes": [] - } - }, - { - "name": "DenyAllInBound", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkSecurityGroups/nsg-A/defaultSecurityRules/DenyAllInBound", - "type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules", - "properties": { - "description": "Deny all inbound traffic", - "protocol": "*", - "sourcePortRange": "*", - "destinationPortRange": "*", - "sourceAddressPrefix": "*", - "destinationAddressPrefix": "*", - "access": "Deny", - "priority": 65500, - "direction": "Inbound", - "sourcePortRanges": [], - "destinationPortRanges": [], - "sourceAddressPrefixes": [], - "destinationAddressPrefixes": [] - } - }, - { - "name": "AllowVnetOutBound", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkSecurityGroups/nsg-A/defaultSecurityRules/AllowVnetOutBound", - "type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules", - "properties": { - "description": "Allow outbound traffic from all VMs to all VMs in VNET", - "protocol": "*", - "sourcePortRange": "*", - "destinationPortRange": "*", - "sourceAddressPrefix": "VirtualNetwork", - "destinationAddressPrefix": "VirtualNetwork", - "access": "Allow", - "priority": 65000, - "direction": "Outbound", - "sourcePortRanges": [], - "destinationPortRanges": [], - "sourceAddressPrefixes": [], - "destinationAddressPrefixes": [] - } - }, - { - "name": "AllowInternetOutBound", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkSecurityGroups/nsg-A/defaultSecurityRules/AllowInternetOutBound", - "type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules", - "properties": { - "description": "Allow outbound traffic from all VMs to Internet", - "protocol": "*", - "sourcePortRange": "*", - "destinationPortRange": "*", - "sourceAddressPrefix": "*", - "destinationAddressPrefix": "Internet", - "access": "Allow", - "priority": 65001, - "direction": "Outbound", - "sourcePortRanges": [], - "destinationPortRanges": [], - "sourceAddressPrefixes": [], - "destinationAddressPrefixes": [] - } - }, - { - "name": "DenyAllOutBound", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkSecurityGroups/nsg-A/defaultSecurityRules/DenyAllOutBound", - "type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules", - "properties": { - "description": "Deny all outbound traffic", - "protocol": "*", - "sourcePortRange": "*", - "destinationPortRange": "*", - "sourceAddressPrefix": "*", - "destinationAddressPrefix": "*", - "access": "Deny", - "priority": 65500, - "direction": "Outbound", - "sourcePortRanges": [], - "destinationPortRanges": [], - "sourceAddressPrefixes": [], - "destinationAddressPrefixes": [] - } - } - ], - "subnets": [ - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-A/subnets/subnet-A" - } - ] - }, - "ResourceGroupName": "test-rg", - "Type": "Microsoft.Network/networkSecurityGroups", - "ResourceType": "Microsoft.Network/networkSecurityGroups", - "Tags": null, - "SubscriptionId": "00000000-0000-0000-0000-000000000000" - }, - { - "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkSecurityGroups/nsgB", - "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkSecurityGroups/nsgB", - "Location": "region", - "ResourceName": "nsgB", - "Name": "nsgB", - "Properties": { - "securityRules": [ - { - "name": "allow-rdp-inbound", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkSecurityGroups/nsgB/securityRules/allow-rdp-inbound", - "type": "Microsoft.Network/networkSecurityGroups/securityRules", - "properties": { - "protocol": "Tcp", - "sourcePortRange": "*", - "destinationPortRange": "3389", - "destinationAddressPrefix": "VirtualNetwork", - "access": "Allow", - "priority": 400, - "direction": "Inbound", - "sourcePortRanges": [], - "destinationPortRanges": [], - "sourceAddressPrefix": "*", - "sourceAddressPrefixes": [], - "destinationAddressPrefixes": [] - } - }, - { - "name": "allow-dc-to-dc-inbound", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkSecurityGroups/nsgB/securityRules/allow-dc-to-dc-inbound", - "type": "Microsoft.Network/networkSecurityGroups/securityRules", - "properties": { - "protocol": "*", - "sourcePortRange": "*", - "destinationPortRange": "*", - "destinationAddressPrefix": "VirtualNetwork", - "access": "Allow", - "priority": 300, - "direction": "Inbound", - "sourcePortRanges": [], - "destinationPortRanges": [], - "sourceAddressPrefixes": [ - "10.1.0.32/28", - "10.2.0.32/28", - "10.3.0.32/28" - ], - "destinationAddressPrefixes": [] - } - }, - { - "name": "allow-dc-to-dc-outbound", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkSecurityGroups/nsgB/securityRules/allow-dc-to-dc-outbound", - "type": "Microsoft.Network/networkSecurityGroups/securityRules", - "properties": { - "protocol": "*", - "sourcePortRange": "*", - "destinationPortRange": "*", - "sourceAddressPrefix": "VirtualNetwork", - "access": "Allow", - "priority": 300, - "direction": "Outbound", - "sourcePortRanges": [], - "destinationPortRanges": [], - "sourceAddressPrefixes": [], - "destinationAddressPrefixes": [ - "10.1.0.32/28", - "10.2.0.32/28", - "10.3.0.32/28" - ] - } - }, - { - "name": "deny-rdp-double-hop-outbound", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkSecurityGroups/nsgB/securityRules/deny-rdp-double-hop-outbound", - "type": "Microsoft.Network/networkSecurityGroups/securityRules", - "properties": { - "description": "Prevent outbound RDP.", - "protocol": "Tcp", - "sourcePortRange": "*", - "sourceAddressPrefix": "VirtualNetwork", - "destinationAddressPrefix": "*", - "access": "Deny", - "priority": 200, - "direction": "Outbound", - "sourcePortRanges": [], - "destinationPortRanges": [ - "3389" - ], - "sourceAddressPrefixes": [], - "destinationAddressPrefixes": [] - } - } - ], - "defaultSecurityRules": [ - { - "name": "AllowVnetInBound", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkSecurityGroups/nsgB/defaultSecurityRules/AllowVnetInBound", - "type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules", - "properties": { - "description": "Allow inbound traffic from all VMs in VNET", - "protocol": "*", - "sourcePortRange": "*", - "destinationPortRange": "*", - "sourceAddressPrefix": "VirtualNetwork", - "destinationAddressPrefix": "VirtualNetwork", - "access": "Allow", - "priority": 65000, - "direction": "Inbound", - "sourcePortRanges": [], - "destinationPortRanges": [], - "sourceAddressPrefixes": [], - "destinationAddressPrefixes": [] - } - }, - { - "name": "AllowAzureLoadBalancerInBound", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkSecurityGroups/nsgB/defaultSecurityRules/AllowAzureLoadBalancerInBound", - "type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules", - "properties": { - "description": "Allow inbound traffic from azure load balancer", - "protocol": "*", - "sourcePortRange": "*", - "destinationPortRange": "*", - "sourceAddressPrefix": "AzureLoadBalancer", - "destinationAddressPrefix": "*", - "access": "Allow", - "priority": 65001, - "direction": "Inbound", - "sourcePortRanges": [], - "destinationPortRanges": [], - "sourceAddressPrefixes": [], - "destinationAddressPrefixes": [] - } - }, - { - "name": "DenyAllInBound", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkSecurityGroups/nsgB/defaultSecurityRules/DenyAllInBound", - "type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules", - "properties": { - "description": "Deny all inbound traffic", - "protocol": "*", - "sourcePortRange": "*", - "destinationPortRange": "*", - "sourceAddressPrefix": "*", - "destinationAddressPrefix": "*", - "access": "Deny", - "priority": 65500, - "direction": "Inbound", - "sourcePortRanges": [], - "destinationPortRanges": [], - "sourceAddressPrefixes": [], - "destinationAddressPrefixes": [] - } - }, - { - "name": "AllowVnetOutBound", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkSecurityGroups/nsgB/defaultSecurityRules/AllowVnetOutBound", - "type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules", - "properties": { - "description": "Allow outbound traffic from all VMs to all VMs in VNET", - "protocol": "*", - "sourcePortRange": "*", - "destinationPortRange": "*", - "sourceAddressPrefix": "VirtualNetwork", - "destinationAddressPrefix": "VirtualNetwork", - "access": "Allow", - "priority": 65000, - "direction": "Outbound", - "sourcePortRanges": [], - "destinationPortRanges": [], - "sourceAddressPrefixes": [], - "destinationAddressPrefixes": [] - } - }, - { - "name": "AllowInternetOutBound", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkSecurityGroups/nsgB/defaultSecurityRules/AllowInternetOutBound", - "type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules", - "properties": { - "description": "Allow outbound traffic from all VMs to Internet", - "protocol": "*", - "sourcePortRange": "*", - "destinationPortRange": "*", - "sourceAddressPrefix": "*", - "destinationAddressPrefix": "Internet", - "access": "Allow", - "priority": 65001, - "direction": "Outbound", - "sourcePortRanges": [], - "destinationPortRanges": [], - "sourceAddressPrefixes": [], - "destinationAddressPrefixes": [] - } - }, - { - "name": "DenyAllOutBound", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkSecurityGroups/nsgB/defaultSecurityRules/DenyAllOutBound", - "type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules", - "properties": { - "description": "Deny all outbound traffic", - "protocol": "*", - "sourcePortRange": "*", - "destinationPortRange": "*", - "sourceAddressPrefix": "*", - "destinationAddressPrefix": "*", - "access": "Deny", - "priority": 65500, - "direction": "Outbound", - "sourcePortRanges": [], - "destinationPortRanges": [], - "sourceAddressPrefixes": [], - "destinationAddressPrefixes": [] - } - } - ], - "subnets": [] - }, - "ResourceGroupName": "test-rg", - "Type": "Microsoft.Network/networkSecurityGroups", - "ResourceType": "Microsoft.Network/networkSecurityGroups", - "Tags": null, - "SubscriptionId": "00000000-0000-0000-0000-000000000000" - }, - { - "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkSecurityGroups/nsg-C", - "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkSecurityGroups/nsg-C", - "Location": "region", - "ResourceName": "nsg-C", - "Name": "nsg-C", - "Properties": { - "securityRules": [ - { - "name": "allow-dc-to-dc-inbound", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkSecurityGroups/nsg-C/securityRules/allow-dc-to-dc-inbound", - "type": "Microsoft.Network/networkSecurityGroups/securityRules", - "properties": { - "protocol": "*", - "sourcePortRange": "*", - "destinationPortRange": "*", - "destinationAddressPrefix": "VirtualNetwork", - "access": "Allow", - "priority": 300, - "direction": "Inbound", - "sourcePortRanges": [], - "destinationPortRanges": [], - "sourceAddressPrefixes": [ - "10.1.0.32/28", - "10.2.0.32/28", - "10.3.0.32/28" - ], - "destinationAddressPrefixes": [] - } - }, - { - "name": "deny-all-inbound", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkSecurityGroups/nsg-C/securityRules/allow-rdp-inbound", - "type": "Microsoft.Network/networkSecurityGroups/securityRules", - "properties": { - "protocol": "Tcp", - "sourcePortRange": "*", - "destinationPortRange": "*", - "destinationAddressPrefix": "VirtualNetwork", - "access": "Deny", - "priority": 200, - "direction": "Inbound", - "sourcePortRanges": [], - "destinationPortRanges": [], - "sourceAddressPrefix": "*", - "sourceAddressPrefixes": [], - "destinationAddressPrefixes": [] - } - }, - { - "name": "allow-dc-to-dc-outbound", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkSecurityGroups/nsg-C/securityRules/allow-dc-to-dc-outbound", - "type": "Microsoft.Network/networkSecurityGroups/securityRules", - "properties": { - "protocol": "*", - "sourcePortRange": "*", - "destinationPortRange": "*", - "sourceAddressPrefix": "VirtualNetwork", - "access": "Allow", - "priority": 300, - "direction": "Outbound", - "sourcePortRanges": [], - "destinationPortRanges": [], - "sourceAddressPrefixes": [], - "destinationAddressPrefixes": [ - "10.1.0.32/28", - "10.2.0.32/28", - "10.3.0.32/28" - ] - } - } - ], - "defaultSecurityRules": [ - { - "name": "AllowVnetInBound", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkSecurityGroups/nsg-C/defaultSecurityRules/AllowVnetInBound", - "type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules", - "properties": { - "description": "Allow inbound traffic from all VMs in VNET", - "protocol": "*", - "sourcePortRange": "*", - "destinationPortRange": "*", - "sourceAddressPrefix": "VirtualNetwork", - "destinationAddressPrefix": "VirtualNetwork", - "access": "Allow", - "priority": 65000, - "direction": "Inbound", - "sourcePortRanges": [], - "destinationPortRanges": [], - "sourceAddressPrefixes": [], - "destinationAddressPrefixes": [] - } - }, - { - "name": "AllowAzureLoadBalancerInBound", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkSecurityGroups/nsg-C/defaultSecurityRules/AllowAzureLoadBalancerInBound", - "type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules", - "properties": { - "description": "Allow inbound traffic from azure load balancer", - "protocol": "*", - "sourcePortRange": "*", - "destinationPortRange": "*", - "sourceAddressPrefix": "AzureLoadBalancer", - "destinationAddressPrefix": "*", - "access": "Allow", - "priority": 65001, - "direction": "Inbound", - "sourcePortRanges": [], - "destinationPortRanges": [], - "sourceAddressPrefixes": [], - "destinationAddressPrefixes": [] - } - }, - { - "name": "DenyAllInBound", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkSecurityGroups/nsg-C/defaultSecurityRules/DenyAllInBound", - "type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules", - "properties": { - "description": "Deny all inbound traffic", - "protocol": "*", - "sourcePortRange": "*", - "destinationPortRange": "*", - "sourceAddressPrefix": "*", - "destinationAddressPrefix": "*", - "access": "Deny", - "priority": 65500, - "direction": "Inbound", - "sourcePortRanges": [], - "destinationPortRanges": [], - "sourceAddressPrefixes": [], - "destinationAddressPrefixes": [] - } - }, - { - "name": "AllowVnetOutBound", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkSecurityGroups/nsg-C/defaultSecurityRules/AllowVnetOutBound", - "type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules", - "properties": { - "description": "Allow outbound traffic from all VMs to all VMs in VNET", - "protocol": "*", - "sourcePortRange": "*", - "destinationPortRange": "*", - "sourceAddressPrefix": "VirtualNetwork", - "destinationAddressPrefix": "VirtualNetwork", - "access": "Allow", - "priority": 65000, - "direction": "Outbound", - "sourcePortRanges": [], - "destinationPortRanges": [], - "sourceAddressPrefixes": [], - "destinationAddressPrefixes": [] - } - }, - { - "name": "AllowInternetOutBound", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkSecurityGroups/nsg-C/defaultSecurityRules/AllowInternetOutBound", - "type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules", - "properties": { - "description": "Allow outbound traffic from all VMs to Internet", - "protocol": "*", - "sourcePortRange": "*", - "destinationPortRange": "*", - "sourceAddressPrefix": "*", - "destinationAddressPrefix": "Internet", - "access": "Allow", - "priority": 65001, - "direction": "Outbound", - "sourcePortRanges": [], - "destinationPortRanges": [], - "sourceAddressPrefixes": [], - "destinationAddressPrefixes": [] - } - }, - { - "name": "DenyAllOutBound", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkSecurityGroups/nsg-C/defaultSecurityRules/DenyAllOutBound", - "type": "Microsoft.Network/networkSecurityGroups/defaultSecurityRules", - "properties": { - "description": "Deny all outbound traffic", - "protocol": "*", - "sourcePortRange": "*", - "destinationPortRange": "*", - "sourceAddressPrefix": "*", - "destinationAddressPrefix": "*", - "access": "Deny", - "priority": 65500, - "direction": "Outbound", - "sourcePortRanges": [], - "destinationPortRanges": [], - "sourceAddressPrefixes": [], - "destinationAddressPrefixes": [] - } - } - ], - "networkInterfaces": [] - }, - "ResourceGroupName": "test-rg", - "Type": "Microsoft.Network/networkSecurityGroups", - "ResourceType": "Microsoft.Network/networkSecurityGroups", - "Tags": null, - "SubscriptionId": "00000000-0000-0000-0000-000000000000" - }, - { - "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-A", - "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-A", - "Location": "region", - "ResourceName": "appgw-A", - "Name": "appgw-A", - "Properties": { - "sku": { - "name": "WAF_Medium", - "tier": "WAF", - "capacity": 2 - }, - "gatewayIPConfigurations": [ - { - "name": "appGatewayIpConfig", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-A/gatewayIPConfigurations/appGatewayIpConfig", - "properties": { - "subnet": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-A/subnets/subnet-A" - } - }, - "type": "Microsoft.Network/applicationGateways/gatewayIPConfigurations" - } - ], - "sslCertificates": [], - "authenticationCertificates": [], - "frontendIPConfigurations": [ - { - "name": "appGatewayFrontendIP", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-A/frontendIPConfigurations/appGatewayFrontendIP", - "type": "Microsoft.Network/applicationGateways/frontendIPConfigurations", - "properties": { - "privateIPAllocationMethod": "Dynamic", - "publicIPAddress": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/publicIPAddresses/appgw-A-ip" - }, - "httpListeners": [ - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-A/httpListeners/appGatewayHttpListener" - } - ] - } - } - ], - "frontendPorts": [ - { - "name": "appGatewayFrontendPort", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-A/frontendPorts/appGatewayFrontendPort", - "properties": { - "port": 80, - "httpListeners": [ - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-A/httpListeners/appGatewayHttpListener" - } - ] - }, - "type": "Microsoft.Network/applicationGateways/frontendPorts" - } - ], - "backendAddressPools": [ - { - "name": "appGatewayBackendPool", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-A/backendAddressPools/appGatewayBackendPool", - "properties": { - "backendAddresses": [], - "requestRoutingRules": [ - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-A/requestRoutingRules/rule1" - } - ] - }, - "type": "Microsoft.Network/applicationGateways/backendAddressPools" - } - ], - "backendHttpSettingsCollection": [ - { - "name": "appGatewayBackendHttpSettings", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-A/backendHttpSettingsCollection/appGatewayBackendHttpSettings", - "properties": { - "port": 80, - "protocol": "Http", - "cookieBasedAffinity": "Disabled", - "pickHostNameFromBackendAddress": false, - "requestTimeout": 30, - "requestRoutingRules": [ - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-A/requestRoutingRules/rule1" - } - ] - }, - "type": "Microsoft.Network/applicationGateways/backendHttpSettingsCollection" - } - ], - "httpListeners": [ - { - "name": "appGatewayHttpListener", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-A/httpListeners/appGatewayHttpListener", - "properties": { - "frontendIPConfiguration": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-A/frontendIPConfigurations/appGatewayFrontendIP" - }, - "frontendPort": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-A/frontendPorts/appGatewayFrontendPort" - }, - "protocol": "Http", - "requireServerNameIndication": false, - "requestRoutingRules": [ - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-A/requestRoutingRules/rule1" - } - ] - }, - "type": "Microsoft.Network/applicationGateways/httpListeners" - } - ], - "urlPathMaps": [], - "requestRoutingRules": [ - { - "name": "rule1", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-A/requestRoutingRules/rule1", - "properties": { - "ruleType": "Basic", - "httpListener": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-A/httpListeners/appGatewayHttpListener" - }, - "backendAddressPool": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-A/backendAddressPools/appGatewayBackendPool" - }, - "backendHttpSettings": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-A/backendHttpSettingsCollection/appGatewayBackendHttpSettings" - } - }, - "type": "Microsoft.Network/applicationGateways/requestRoutingRules" - } - ], - "probes": [], - "rewriteRuleSets": [], - "redirectConfigurations": [], - "webApplicationFirewallConfiguration": { - "enabled": true, - "firewallMode": "Prevention", - "ruleSetType": "OWASP", - "ruleSetVersion": "2.2.9", - "disabledRuleGroups": [], - "requestBodyCheck": true, - "maxRequestBodySizeInKb": 128, - "fileUploadLimitInMb": 100 - }, - "sslPolicy": { - "minProtocolVersion": "TLSv1_2" - }, - "enableHttp2": true - }, - "ResourceGroupName": "test-rg", - "Type": "Microsoft.Network/applicationGateways", - "ResourceType": "Microsoft.Network/applicationGateways", - "Tags": null, - "SubscriptionId": "00000000-0000-0000-0000-000000000000" - }, - { - "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-B", - "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-B", - "Location": "region", - "ResourceName": "appgw-B", - "Name": "appgw-B", - "Properties": { - "sku": { - "name": "Standard_Small", - "tier": "Standard", - "capacity": 1 - }, - "gatewayIPConfigurations": [ - { - "name": "appGatewayIpConfig", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-B/gatewayIPConfigurations/appGatewayIpConfig", - "properties": { - "subnet": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-A/subnets/subnet-A" - } - }, - "type": "Microsoft.Network/applicationGateways/gatewayIPConfigurations" - } - ], - "sslCertificates": [], - "authenticationCertificates": [], - "frontendIPConfigurations": [ - { - "name": "appGatewayFrontendIP", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-B/frontendIPConfigurations/appGatewayFrontendIP", - "type": "Microsoft.Network/applicationGateways/frontendIPConfigurations", - "properties": { - "privateIPAllocationMethod": "Dynamic", - "publicIPAddress": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/publicIPAddresses/appgw-B-ip" - }, - "httpListeners": [ - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-B/httpListeners/appGatewayHttpListener" - } - ] - } - } - ], - "frontendPorts": [ - { - "name": "appGatewayFrontendPort", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-B/frontendPorts/appGatewayFrontendPort", - "properties": { - "port": 80, - "httpListeners": [ - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-B/httpListeners/appGatewayHttpListener" - } - ] - }, - "type": "Microsoft.Network/applicationGateways/frontendPorts" - } - ], - "backendAddressPools": [ - { - "name": "appGatewayBackendPool", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-B/backendAddressPools/appGatewayBackendPool", - "properties": { - "backendAddresses": [], - "requestRoutingRules": [ - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-B/requestRoutingRules/rule1" - } - ] - }, - "type": "Microsoft.Network/applicationGateways/backendAddressPools" - } - ], - "backendHttpSettingsCollection": [ - { - "name": "appGatewayBackendHttpSettings", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-B/backendHttpSettingsCollection/appGatewayBackendHttpSettings", - "properties": { - "port": 80, - "protocol": "Http", - "cookieBasedAffinity": "Disabled", - "pickHostNameFromBackendAddress": false, - "requestTimeout": 30, - "requestRoutingRules": [ - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-B/requestRoutingRules/rule1" - } - ] - }, - "type": "Microsoft.Network/applicationGateways/backendHttpSettingsCollection" - } - ], - "httpListeners": [ - { - "name": "appGatewayHttpListener", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-B/httpListeners/appGatewayHttpListener", - "properties": { - "frontendIPConfiguration": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-B/frontendIPConfigurations/appGatewayFrontendIP" - }, - "frontendPort": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-B/frontendPorts/appGatewayFrontendPort" - }, - "protocol": "Http", - "requireServerNameIndication": false, - "requestRoutingRules": [ - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-B/requestRoutingRules/rule1" - } - ] - }, - "type": "Microsoft.Network/applicationGateways/httpListeners" - } - ], - "urlPathMaps": [], - "requestRoutingRules": [ - { - "name": "rule1", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-B/requestRoutingRules/rule1", - "properties": { - "ruleType": "Basic", - "httpListener": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-B/httpListeners/appGatewayHttpListener" - }, - "backendAddressPool": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-B/backendAddressPools/appGatewayBackendPool" - }, - "backendHttpSettings": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-B/backendHttpSettingsCollection/appGatewayBackendHttpSettings" - } - }, - "type": "Microsoft.Network/applicationGateways/requestRoutingRules" - } - ], - "probes": [], - "rewriteRuleSets": [], - "redirectConfigurations": [], - "webApplicationFirewallConfiguration": { - "enabled": false, - "firewallMode": "Detection", - "ruleSetType": "OWASP", - "ruleSetVersion": "3.0", - "disabledRuleGroups": [], - "requestBodyCheck": true, - "maxRequestBodySizeInKb": 128, - "fileUploadLimitInMb": 100 - }, - "enableHttp2": true - }, - "ResourceGroupName": "test-rg", - "Type": "Microsoft.Network/applicationGateways", - "ResourceType": "Microsoft.Network/applicationGateways", - "Tags": null, - "SubscriptionId": "00000000-0000-0000-0000-000000000000" - }, - { - "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-C", - "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-C", - "Location": "region", - "ManagedBy": null, - "ResourceName": "appgw-C", - "Name": "appgw-C", - "Properties": { - "provisioningState": "Succeeded", - "sku": { - "name": "WAF_v2", - "tier": "WAF_v2" - }, - "operationalState": "Running", - "gatewayIPConfigurations": [ - { - "name": "appGatewayIpConfig", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-C/gatewayIPConfigurations/appGatewayIpConfig", - "properties": { - "provisioningState": "Succeeded", - "subnet": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/service-aks/providers/Microsoft.Network/virtualNetworks/service-int-eus-vnet/subnets/appgw" - } - }, - "type": "Microsoft.Network/applicationGateways/gatewayIPConfigurations" - } - ], - "sslCertificates": [], - "trustedRootCertificates": [], - "frontendIPConfigurations": [ - { - "name": "appGwPublicFrontendIp", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-C/frontendIPConfigurations/appGwPublicFrontendIp", - "type": "Microsoft.Network/applicationGateways/frontendIPConfigurations", - "properties": { - "provisioningState": "Succeeded", - "privateIPAllocationMethod": "Dynamic", - "publicIPAddress": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/publicIPAddresses/app-gw-ip" - }, - "httpListeners": [ - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-C/httpListeners/http-listener" - } - ] - } - } - ], - "frontendPorts": [ - { - "name": "port_80", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-C/frontendPorts/port_80", - "properties": { - "provisioningState": "Succeeded", - "port": 80, - "httpListeners": [ - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-C/httpListeners/http-listener" - } - ] - }, - "type": "Microsoft.Network/applicationGateways/frontendPorts" - } - ], - "backendAddressPools": [ - { - "name": "backend", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-C/backendAddressPools/backend", - "properties": { - "provisioningState": "Succeeded", - "backendAddresses": [ - { - "fqdn": "website-A.azurewebsites.net" - } - ], - "requestRoutingRules": [ - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-C/requestRoutingRules/http-rule" - } - ] - }, - "type": "Microsoft.Network/applicationGateways/backendAddressPools" - } - ], - "backendHttpSettingsCollection": [ - { - "name": "http-settings", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-C/backendHttpSettingsCollection/http-settings", - "properties": { - "provisioningState": "Succeeded", - "port": 80, - "protocol": "Http", - "cookieBasedAffinity": "Enabled", - "pickHostNameFromBackendAddress": true, - "affinityCookieName": "ApplicationGatewayAffinity", - "path": null, - "requestTimeout": 20, - "probe": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-C/probes/http-settings3fb94afb-03a0-4169-a8c7-64a8cc5e001b" - }, - "requestRoutingRules": [ - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-C/requestRoutingRules/http-rule" - } - ] - }, - "type": "Microsoft.Network/applicationGateways/backendHttpSettingsCollection" - } - ], - "httpListeners": [ - { - "name": "http-listener", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-C/httpListeners/http-listener", - "properties": { - "provisioningState": "Succeeded", - "frontendIPConfiguration": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-C/frontendIPConfigurations/appGwPublicFrontendIp" - }, - "frontendPort": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-C/frontendPorts/port_80" - }, - "protocol": "Http", - "requireServerNameIndication": false, - "requestRoutingRules": [ - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-C/requestRoutingRules/http-rule" - } - ] - }, - "type": "Microsoft.Network/applicationGateways/httpListeners" - } - ], - "urlPathMaps": [], - "requestRoutingRules": [ - { - "name": "http-rule", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-C/requestRoutingRules/http-rule", - "properties": { - "provisioningState": "Succeeded", - "ruleType": "Basic", - "httpListener": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-C/httpListeners/http-listener" - }, - "backendAddressPool": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-C/backendAddressPools/backend" - }, - "backendHttpSettings": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-C/backendHttpSettingsCollection/http-settings" - } - }, - "type": "Microsoft.Network/applicationGateways/requestRoutingRules" - } - ], - "probes": [ - { - "name": "http-probe", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-C/probes/http-probe", - "properties": { - "provisioningState": "Succeeded", - "protocol": "Http", - "host": "localhost", - "path": "/", - "interval": 30, - "timeout": 30, - "unhealthyThreshold": 3, - "pickHostNameFromBackendHttpSettings": false, - "minServers": 0, - "match": { - "body": "", - "statusCodes": [ - "200-399" - ] - } - }, - "type": "Microsoft.Network/applicationGateways/probes" - }, - { - "name": "http-settings3fb94afb-03a0-4169-a8c7-64a8cc5e001b", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-C/probes/http-settings3fb94afb-03a0-4169-a8c7-64a8cc5e001b", - "properties": { - "provisioningState": "Succeeded", - "protocol": "Http", - "path": "/", - "interval": 30, - "timeout": 30, - "unhealthyThreshold": 3, - "pickHostNameFromBackendHttpSettings": true, - "minServers": 0, - "match": { - "body": "", - "statusCodes": [ - "200-399" - ] - }, - "backendHttpSettings": [ - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/applicationGateways/appgw-C/backendHttpSettingsCollection/http-settings" - } - ] - }, - "type": "Microsoft.Network/applicationGateways/probes" - } - ], - "rewriteRuleSets": [], - "redirectConfigurations": [], - "webApplicationFirewallConfiguration": { - "enabled": true, - "firewallMode": "Prevention", - "ruleSetType": "OWASP", - "ruleSetVersion": "3.0", - "disabledRuleGroups": [ - { - "ruleGroupName": "REQUEST-921-PROTOCOL-ATTACK" - } - ], - "exclusions": [], - "requestBodyCheck": true, - "maxRequestBodySizeInKb": 128, - "fileUploadLimitInMb": 100 - }, - "enableHttp2": false, - "autoscaleConfiguration": { - "minCapacity": 2, - "maxCapacity": 3 - } - }, - "ResourceGroupName": "test-rg", - "Type": "Microsoft.Network/applicationGateways", - "ResourceType": "Microsoft.Network/applicationGateways", - "Tags": null, - "SubscriptionId": "00000000-0000-0000-0000-000000000000" - }, - { - "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkInterfaces/nic-A", - "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkInterfaces/nic-A", - "Location": "region", - "ResourceName": "nic-A", - "Name": "nic-A", - "Properties": { - "ipConfigurations": [ - { - "name": "ipconfig1", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkInterfaces/nic-A/ipConfigurations/ipconfig1", - "type": "Microsoft.Network/networkInterfaces/ipConfigurations", - "properties": { - "provisioningState": "Succeeded", - "privateIPAddress": "10.0.0.4", - "privateIPAllocationMethod": "Static", - "publicIPAddress": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/publicIPAddresses/nic-A-pip" - }, - "subnet": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-A/subnets/subnet-A" - }, - "primary": true, - "privateIPAddressVersion": "IPv4" - } - } - ], - "dnsSettings": { - "dnsServers": [ - "8.8.8.8" - ], - "appliedDnsServers": [ - "8.8.8.8" - ], - "internalDomainNameSuffix": "example.nn.internal.cloudapp.net" - }, - "macAddress": "00-00-00-00-00-00", - "enableAcceleratedNetworking": false, - "enableIPForwarding": false, - "primary": true, - "virtualMachine": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Compute/virtualMachines/vm-A" - }, - "hostedWorkloads": [], - "tapConfigurations": [] - }, - "ResourceGroupName": "test-rg", - "Type": "Microsoft.Network/networkInterfaces", - "ResourceType": "Microsoft.Network/networkInterfaces", - "Tags": null, - "SubscriptionId": "00000000-0000-0000-0000-000000000000" - }, - { - "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkInterfaces/nic-B", - "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkInterfaces/nic-B", - "Location": "region", - "ResourceName": "nic-B", - "Name": "nic-B", - "Properties": { - "ipConfigurations": [ - { - "name": "ipconfig1", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkInterfaces/nic-B/ipConfigurations/ipconfig1", - "type": "Microsoft.Network/networkInterfaces/ipConfigurations", - "properties": { - "provisioningState": "Succeeded", - "privateIPAddress": "10.0.0.5", - "privateIPAllocationMethod": "Static", - "publicIPAddress": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/publicIPAddresses/nic-B-pip" - }, - "subnet": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-A/subnets/subnet-A" - }, - "primary": true, - "privateIPAddressVersion": "IPv4" - } - } - ], - "dnsSettings": { - "dnsServers": [ - "8.8.8.8" - ], - "appliedDnsServers": [ - "8.8.8.8" - ], - "internalDomainNameSuffix": "example.nn.internal.cloudapp.net" - }, - "macAddress": "00-00-00-00-00-00", - "enableAcceleratedNetworking": false, - "enableIPForwarding": false, - "primary": true, - "hostedWorkloads": [], - "tapConfigurations": [] - }, - "ResourceGroupName": "test-rg", - "Type": "Microsoft.Network/networkInterfaces", - "ResourceType": "Microsoft.Network/networkInterfaces", - "Tags": null, - "SubscriptionId": "00000000-0000-0000-0000-000000000000" - }, - { - "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/kubernetes", - "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/kubernetes", - "Location": "region", - "ManagedBy": null, - "ResourceName": "kubernetes", - "Name": "kubernetes", - "Properties": { - "provisioningState": "Succeeded", - "resourceGuid": "00000000-0000-0000-0000-000000000000", - "frontendIPConfigurations": [ - { - "name": "frontend-A", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/kubernetes/frontendIPConfigurations/frontend-A", - "type": "Microsoft.Network/loadBalancers/frontendIPConfigurations", - "properties": { - "provisioningState": "Succeeded", - "privateIPAllocationMethod": "Dynamic", - "publicIPAddress": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/publicIPAddresses/kubernetes-ip-A" - }, - "loadBalancingRules": [ - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/kubernetes/loadBalancingRules/rule-TCP-80" - }, - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/kubernetes/loadBalancingRules/rule-TCP-443" - } - ], - "privateIPAddressVersion": "IPv4" - } - } - ], - "backendAddressPools": [ - { - "name": "kubernetes", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/kubernetes/backendAddressPools/kubernetes", - "properties": { - "provisioningState": "Succeeded", - "backendIPConfigurations": [ - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Compute/virtualMachineScaleSets/scaleset-A/virtualMachines/2/networkInterfaces/scaleset-A/ipConfigurations/ipconfig1" - }, - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Compute/virtualMachineScaleSets/scaleset-A/virtualMachines/0/networkInterfaces/scaleset-A/ipConfigurations/ipconfig1" - }, - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Compute/virtualMachineScaleSets/scaleset-A/virtualMachines/1/networkInterfaces/scaleset-A/ipConfigurations/ipconfig1" - } - ], - "loadBalancingRules": [ - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/kubernetes/loadBalancingRules/rule-TCP-80" - }, - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/kubernetes/loadBalancingRules/rule-TCP-443" - } - ] - }, - "type": "Microsoft.Network/loadBalancers/backendAddressPools" - } - ], - "loadBalancingRules": [ - { - "name": "rule-TCP-80", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/kubernetes/loadBalancingRules/rule-TCP-80", - "type": "Microsoft.Network/loadBalancers/loadBalancingRules", - "properties": { - "provisioningState": "Succeeded", - "frontendIPConfiguration": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/kubernetes/frontendIPConfigurations/frontend-A" - }, - "frontendPort": 80, - "backendPort": 80, - "enableFloatingIP": true, - "idleTimeoutInMinutes": 4, - "protocol": "Tcp", - "enableDestinationServiceEndpoint": false, - "enableTcpReset": false, - "allowBackendPortConflict": false, - "loadDistribution": "Default", - "backendAddressPool": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/kubernetes/backendAddressPools/kubernetes" - }, - "probe": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/kubernetes/probes/probe-TCP-80" - } - } - }, - { - "name": "rule-TCP-443", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/kubernetes/loadBalancingRules/rule-TCP-443", - "type": "Microsoft.Network/loadBalancers/loadBalancingRules", - "properties": { - "provisioningState": "Succeeded", - "frontendIPConfiguration": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/kubernetes/frontendIPConfigurations/frontend-A" - }, - "frontendPort": 443, - "backendPort": 443, - "enableFloatingIP": true, - "idleTimeoutInMinutes": 4, - "protocol": "Tcp", - "enableDestinationServiceEndpoint": false, - "enableTcpReset": false, - "allowBackendPortConflict": false, - "loadDistribution": "Default", - "backendAddressPool": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/kubernetes/backendAddressPools/kubernetes" - }, - "probe": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/kubernetes/probes/probe-TCP-443" - } - } - } - ], - "probes": [ - { - "name": "probe-TCP-80", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/kubernetes/probes/probe-TCP-80", - "properties": { - "provisioningState": "Succeeded", - "protocol": "Http", - "port": 32042, - "requestPath": "/healthz", - "intervalInSeconds": 5, - "numberOfProbes": 2, - "loadBalancingRules": [ - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/kubernetes/loadBalancingRules/rule-TCP-80" - } - ] - }, - "type": "Microsoft.Network/loadBalancers/probes" - }, - { - "name": "probe-TCP-443", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/kubernetes/probes/probe-TCP-443", - "properties": { - "provisioningState": "Succeeded", - "protocol": "Http", - "port": 32042, - "requestPath": "/healthz", - "intervalInSeconds": 5, - "numberOfProbes": 2, - "loadBalancingRules": [ - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/kubernetes/loadBalancingRules/rule-TCP-443" - } - ] - }, - "type": "Microsoft.Network/loadBalancers/probes" - } - ], - "inboundNatRules": [], - "inboundNatPools": [] - }, - "ResourceGroupName": "test-rg", - "Type": "Microsoft.Network/loadBalancers", - "ResourceType": "Microsoft.Network/loadBalancers", - "Sku": { - "Name": "Basic", - "Tier": "Regional", - "Size": null, - "Family": null, - "Model": null, - "Capacity": null - }, - "Tags": {}, - "SubscriptionId": "00000000-0000-0000-0000-000000000000" - }, - { - "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/lbe-A", - "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/lbe-A", - "Location": "region", - "ManagedBy": null, - "ResourceName": "lbe-A", - "Name": "lbe-A", - "Properties": { - "provisioningState": "Succeeded", - "resourceGuid": "00000000-0000-0000-0000-000000000000", - "frontendIPConfigurations": [ - { - "name": "frontend-A", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/lbe-A/frontendIPConfigurations/frontend-A", - "type": "Microsoft.Network/loadBalancers/frontendIPConfigurations", - "properties": { - "provisioningState": "Succeeded", - "privateIPAllocationMethod": "Dynamic", - "publicIPAddress": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/publicIPAddresses/lbe-A-ip-A" - }, - "loadBalancingRules": [ - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/lbe-A/loadBalancingRules/rule-TCP-80" - }, - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/lbe-A/loadBalancingRules/rule-TCP-443" - } - ], - "privateIPAddressVersion": "IPv4" - } - } - ], - "backendAddressPools": [ - { - "name": "lbe-A", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/lbe-A/backendAddressPools/lbe-A", - "properties": { - "provisioningState": "Succeeded", - "backendIPConfigurations": [ - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Compute/virtualMachineScaleSets/scaleset-A/virtualMachines/2/networkInterfaces/scaleset-A/ipConfigurations/ipconfig1" - }, - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Compute/virtualMachineScaleSets/scaleset-A/virtualMachines/0/networkInterfaces/scaleset-A/ipConfigurations/ipconfig1" - }, - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Compute/virtualMachineScaleSets/scaleset-A/virtualMachines/1/networkInterfaces/scaleset-A/ipConfigurations/ipconfig1" - } - ], - "loadBalancingRules": [ - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/lbe-A/loadBalancingRules/rule-TCP-80" - }, - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/lbe-A/loadBalancingRules/rule-TCP-443" - } - ] - }, - "type": "Microsoft.Network/loadBalancers/backendAddressPools" - } - ], - "loadBalancingRules": [ - { - "name": "rule-TCP-80", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/lbe-A/loadBalancingRules/rule-TCP-80", - "type": "Microsoft.Network/loadBalancers/loadBalancingRules", - "properties": { - "provisioningState": "Succeeded", - "frontendIPConfiguration": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/lbe-A/frontendIPConfigurations/frontend-A" - }, - "frontendPort": 80, - "backendPort": 80, - "enableFloatingIP": true, - "idleTimeoutInMinutes": 4, - "protocol": "Tcp", - "enableDestinationServiceEndpoint": false, - "enableTcpReset": false, - "allowBackendPortConflict": false, - "loadDistribution": "Default", - "backendAddressPool": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/lbe-A/backendAddressPools/lbe-A" - }, - "probe": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/lbe-A/probes/probe-TCP-80" - } - } - }, - { - "name": "rule-TCP-443", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/lbe-A/loadBalancingRules/rule-TCP-443", - "type": "Microsoft.Network/loadBalancers/loadBalancingRules", - "properties": { - "provisioningState": "Succeeded", - "frontendIPConfiguration": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/lbe-A/frontendIPConfigurations/frontend-A" - }, - "frontendPort": 443, - "backendPort": 443, - "enableFloatingIP": true, - "idleTimeoutInMinutes": 4, - "protocol": "Tcp", - "enableDestinationServiceEndpoint": false, - "enableTcpReset": false, - "allowBackendPortConflict": false, - "loadDistribution": "Default", - "backendAddressPool": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/lbe-A/backendAddressPools/lbe-A" - }, - "probe": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/lbe-A/probes/probe-TCP-443" - } - } - } - ], - "probes": [ - { - "name": "probe-TCP-80", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/lbe-A/probes/probe-TCP-80", - "properties": { - "provisioningState": "Succeeded", - "protocol": "Http", - "port": 80, - "requestPath": "/healthz", - "intervalInSeconds": 5, - "numberOfProbes": 2, - "loadBalancingRules": [ - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/lbe-A/loadBalancingRules/rule-TCP-80" - } - ] - }, - "type": "Microsoft.Network/loadBalancers/probes" - }, - { - "name": "probe-TCP-443", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/lbe-A/probes/probe-TCP-443", - "properties": { - "provisioningState": "Succeeded", - "protocol": "Http", - "port": 80, - "requestPath": "/healthz", - "intervalInSeconds": 5, - "numberOfProbes": 2, - "loadBalancingRules": [ - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/lbe-A/loadBalancingRules/rule-TCP-443" - } - ] - }, - "type": "Microsoft.Network/loadBalancers/probes" - } - ], - "inboundNatRules": [], - "inboundNatPools": [] - }, - "ResourceGroupName": "test-rg", - "Type": "Microsoft.Network/loadBalancers", - "ResourceType": "Microsoft.Network/loadBalancers", - "Sku": { - "Name": "Basic", - "Tier": "Regional", - "Size": null, - "Family": null, - "Model": null, - "Capacity": null - }, - "Tags": null, - "SubscriptionId": "00000000-0000-0000-0000-000000000000" - }, - { - "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/lbB", - "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/lbB", - "Location": "region", - "ManagedBy": null, - "ResourceName": "lbB", - "Name": "lbB", - "Properties": { - "provisioningState": "Succeeded", - "resourceGuid": "00000000-0000-0000-0000-000000000000", - "frontendIPConfigurations": [ - { - "name": "frontend-A", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/lbB/frontendIPConfigurations/frontend-A", - "type": "Microsoft.Network/loadBalancers/frontendIPConfigurations", - "properties": { - "provisioningState": "Succeeded", - "privateIPAllocationMethod": "Dynamic", - "publicIPAddress": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/publicIPAddresses/lbB-ip-A" - }, - "loadBalancingRules": [ - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/lbB/loadBalancingRules/rule-TCP-80" - }, - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/lbB/loadBalancingRules/rule-TCP-443" - } - ], - "privateIPAddressVersion": "IPv4" - } - } - ], - "backendAddressPools": [ - { - "name": "lbB", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/lbB/backendAddressPools/lbB", - "properties": { - "provisioningState": "Succeeded", - "backendIPConfigurations": [ - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Compute/virtualMachineScaleSets/scaleset-A/virtualMachines/2/networkInterfaces/scaleset-A/ipConfigurations/ipconfig1" - }, - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Compute/virtualMachineScaleSets/scaleset-A/virtualMachines/0/networkInterfaces/scaleset-A/ipConfigurations/ipconfig1" - }, - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Compute/virtualMachineScaleSets/scaleset-A/virtualMachines/1/networkInterfaces/scaleset-A/ipConfigurations/ipconfig1" - } - ], - "loadBalancingRules": [ - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/lbB/loadBalancingRules/rule-TCP-80" - }, - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/lbB/loadBalancingRules/rule-TCP-443" - } - ] - }, - "type": "Microsoft.Network/loadBalancers/backendAddressPools" - } - ], - "loadBalancingRules": [ - { - "name": "rule-TCP-80", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/lbB/loadBalancingRules/rule-TCP-80", - "type": "Microsoft.Network/loadBalancers/loadBalancingRules", - "properties": { - "provisioningState": "Succeeded", - "frontendIPConfiguration": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/lbB/frontendIPConfigurations/frontend-A" - }, - "frontendPort": 80, - "backendPort": 80, - "enableFloatingIP": true, - "idleTimeoutInMinutes": 4, - "protocol": "Tcp", - "enableDestinationServiceEndpoint": false, - "enableTcpReset": false, - "allowBackendPortConflict": false, - "loadDistribution": "Default", - "backendAddressPool": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/lbB/backendAddressPools/lbB" - }, - "probe": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/lbB/probes/probe-TCP-80" - } - } - }, - { - "name": "rule-TCP-443", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/lbB/loadBalancingRules/rule-TCP-443", - "type": "Microsoft.Network/loadBalancers/loadBalancingRules", - "properties": { - "provisioningState": "Succeeded", - "frontendIPConfiguration": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/lbB/frontendIPConfigurations/frontend-A" - }, - "frontendPort": 443, - "backendPort": 443, - "enableFloatingIP": true, - "idleTimeoutInMinutes": 4, - "protocol": "Tcp", - "enableDestinationServiceEndpoint": false, - "enableTcpReset": false, - "allowBackendPortConflict": false, - "loadDistribution": "Default", - "backendAddressPool": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/lbB/backendAddressPools/lbB" - }, - "probe": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/lbB/probes/probe-TCP-443" - } - } - } - ], - "probes": [ - { - "name": "probe-TCP-80", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/lbB/probes/probe-TCP-80", - "properties": { - "provisioningState": "Succeeded", - "protocol": "Tcp", - "port": 80, - "intervalInSeconds": 5, - "numberOfProbes": 2, - "loadBalancingRules": [ - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/lbB/loadBalancingRules/rule-TCP-80" - } - ] - }, - "type": "Microsoft.Network/loadBalancers/probes" - }, - { - "name": "probe-TCP-443", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/lbB/probes/probe-TCP-443", - "properties": { - "provisioningState": "Succeeded", - "protocol": "Tcp", - "port": 443, - "intervalInSeconds": 5, - "numberOfProbes": 2, - "loadBalancingRules": [ - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/lbB/loadBalancingRules/rule-TCP-443" - } - ] - }, - "type": "Microsoft.Network/loadBalancers/probes" - } - ], - "inboundNatRules": [], - "inboundNatPools": [] - }, - "ResourceGroupName": "test-rg", - "Type": "Microsoft.Network/loadBalancers", - "ResourceType": "Microsoft.Network/loadBalancers", - "Sku": { - "Name": "Basic", - "Tier": "Regional", - "Size": null, - "Family": null, - "Model": null, - "Capacity": null - }, - "Tags": null, - "SubscriptionId": "00000000-0000-0000-0000-000000000000" - }, - { - "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/connections/cn-expressroute", - "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/connections/cn-expressroute", - "Identity": null, - "Kind": null, - "Location": "region", - "ManagedBy": null, - "ResourceName": "cn-expressroute", - "Name": "cn-expressroute", - "ExtensionResourceName": null, - "ParentResource": null, - "Plan": null, - "Properties": { - "provisioningState": "Succeeded", - "virtualNetworkGateway1": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworkGateways/gateway-A" - }, - "connectionType": "ExpressRoute", - "routingWeight": 0, - "enableBgp": false, - "usePolicyBasedTrafficSelectors": false, - "ipsecPolicies": [], - "ingressBytesTransferred": 0, - "egressBytesTransferred": 0, - "peer": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/expressRouteCircuits/expressroute-A" - }, - "tunnelConnectionStatus": [], - "expressRouteGatewayBypass": false - }, - "ResourceGroupName": "test-rg", - "Type": "Microsoft.Network/connections", - "ResourceType": "Microsoft.Network/connections", - "Tags": null, - "SubscriptionId": "00000000-0000-0000-0000-000000000000" - }, - { - "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/connections/expressroute-connection", - "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/connections/expressroute-connection", - "Identity": null, - "Kind": null, - "Location": "region", - "ManagedBy": null, - "ResourceName": "expressroute-connection", - "Name": "expressroute-connection", - "ExtensionResourceName": null, - "ParentResource": null, - "Plan": null, - "Properties": { - "provisioningState": "Succeeded", - "virtualNetworkGateway1": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworkGateways/gateway-A" - }, - "connectionType": "ExpressRoute", - "routingWeight": 0, - "enableBgp": false, - "usePolicyBasedTrafficSelectors": false, - "ipsecPolicies": [], - "ingressBytesTransferred": 0, - "egressBytesTransferred": 0, - "peer": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/expressRouteCircuits/expressroute-A" - }, - "tunnelConnectionStatus": [], - "expressRouteGatewayBypass": false - }, - "ResourceGroupName": "test-rg", - "Type": "Microsoft.Network/connections", - "ResourceType": "Microsoft.Network/connections", - "Tags": null, - "SubscriptionId": "00000000-0000-0000-0000-000000000000" - }, - { - "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/publicIPAddresses/pip-A", - "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/publicIPAddresses/pip-A", - "Identity": null, - "Kind": null, - "Location": "region", - "ManagedBy": null, - "ResourceName": "pip-A", - "Name": "pip-A", - "Plan": null, - "Properties": { - "ipAddress": "0.0.0.0", - "publicIPAddressVersion": "IPv4", - "publicIPAllocationMethod": "Static", - "idleTimeoutInMinutes": 4, - "ipTags": [], - "ipConfiguration": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/lbe-A/frontendIPConfigurations/config-A" - } - }, - "ResourceGroupName": "test-rg", - "Type": "Microsoft.Network/publicIPAddresses", - "ResourceType": "Microsoft.Network/publicIPAddresses", - "Sku": { - "Name": "Basic", - "Tier": null, - "Size": null, - "Family": null, - "Model": null, - "Capacity": null - }, - "Tags": null, - "SubscriptionId": "00000000-0000-0000-0000-000000000000" - }, - { - "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/publicIPAddresses/pipB", - "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/publicIPAddresses/pipB", - "Identity": null, - "Kind": null, - "Location": "region", - "ManagedBy": null, - "ResourceName": "pipB", - "Name": "pipB", - "Plan": null, - "Properties": { - "ipAddress": "0.0.0.0", - "publicIPAddressVersion": "IPv4", - "publicIPAllocationMethod": "Static", - "idleTimeoutInMinutes": 4, - "ipTags": [], - "ipConfiguration": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/loadBalancers/lbe-A/frontendIPConfigurations/config-A" - } - }, - "ResourceGroupName": "test-rg", - "Type": "Microsoft.Network/publicIPAddresses", - "ResourceType": "Microsoft.Network/publicIPAddresses", - "Sku": { - "Name": "Basic", - "Tier": null, - "Size": null, - "Family": null, - "Model": null, - "Capacity": null - }, - "Tags": null, - "SubscriptionId": "00000000-0000-0000-0000-000000000000" - } -] diff --git a/tests/PSRule.Rules.CAF.Tests/Resources.RG.json b/tests/PSRule.Rules.CAF.Tests/Resources.RG.json deleted file mode 100644 index 679e2d0..0000000 --- a/tests/PSRule.Rules.CAF.Tests/Resources.RG.json +++ /dev/null @@ -1,24 +0,0 @@ -[ - { - "ResourceGroupName": "rg-A", - "Location": "region", - "ProvisioningState": "Succeeded", - "Tags": {}, - "TagsTable": null, - "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-A", - "ManagedBy": null, - "ResourceType": "Microsoft.Resources/resourceGroups", - "Name": "rg-A" - }, - { - "ResourceGroupName": "rgB", - "Location": "region", - "ProvisioningState": "Succeeded", - "Tags": {}, - "TagsTable": null, - "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgB", - "ManagedBy": null, - "ResourceType": "Microsoft.Resources/resourceGroups", - "Name": "rgB" - } -] diff --git a/tests/PSRule.Rules.CAF.Tests/Resources.Storage.json b/tests/PSRule.Rules.CAF.Tests/Resources.Storage.json deleted file mode 100644 index 49f006f..0000000 --- a/tests/PSRule.Rules.CAF.Tests/Resources.Storage.json +++ /dev/null @@ -1,152 +0,0 @@ -[ - { - "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Storage/storageAccounts/storagea", - "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Storage/storageAccounts/storagea", - "Kind": "Storage", - "Location": "region", - "ResourceName": "storagea", - "Name": "storagea", - "Properties": { - "networkAcls": { - "bypass": "AzureServices", - "virtualNetworkRules": [], - "ipRules": [], - "defaultAction": "Allow" - }, - "supportsHttpsTrafficOnly": true, - "encryption": { - "services": { - "file": { - "enabled": true - }, - "blob": { - "enabled": true - } - }, - "keySource": "Microsoft.Storage" - }, - "primaryEndpoints": { - "blob": "https://storagea.blob.core.windows.net/", - "queue": "https://storagea.queue.core.windows.net/", - "table": "https://storagea.table.core.windows.net/", - "file": "https://storagea.file.core.windows.net/" - }, - "primaryLocation": "region", - "statusOfPrimary": "available", - "statusOfSecondary": "available" - }, - "ResourceGroupName": "test-rg", - "Type": "Microsoft.Storage/storageAccounts", - "ResourceType": "Microsoft.Storage/storageAccounts", - "Sku": { - "Name": "Standard_GRS", - "Tier": "Standard", - "Size": null, - "Family": null, - "Model": null, - "Capacity": null - }, - "Tags": null, - "SubscriptionId": "00000000-0000-0000-0000-000000000000", - "resources": [ - { - "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Storage/storageAccounts/storagea/blobServices/default", - "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Storage/storageAccounts/storagea/blobServices/default", - "Location": null, - "ManagedBy": null, - "ResourceName": "default", - "Name": "default", - "Properties": { - "cors": { - "corsRules": [] - }, - "deleteRetentionPolicy": { - "enabled": true, - "days": 30 - } - }, - "ResourceGroupName": "test-rg", - "Type": "Microsoft.Storage/storageAccounts/blobServices", - "ResourceType": "Microsoft.Storage/storageAccounts/blobServices", - "ExtensionResourceType": null, - "Sku": null, - "Tags": null, - "SubscriptionId": "00000000-0000-0000-0000-000000000000" - } - ] - }, - { - "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Storage/storageAccounts/bstorage", - "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Storage/storageAccounts/bstorage", - "Kind": "Storage", - "Location": "region", - "ResourceName": "bstorage", - "Name": "bstorage", - "Properties": { - "networkAcls": { - "bypass": "AzureServices", - "virtualNetworkRules": [], - "ipRules": [], - "defaultAction": "Allow" - }, - "supportsHttpsTrafficOnly": false, - "encryption": { - "services": { - "file": { - "enabled": false - }, - "blob": { - "enabled": false - } - }, - "keySource": "Microsoft.Storage" - }, - "primaryEndpoints": { - "blob": "https://bstorage.blob.core.windows.net/", - "queue": "https://bstorage.queue.core.windows.net/", - "table": "https://bstorage.table.core.windows.net/", - "file": "https://bstorage.file.core.windows.net/" - }, - "primaryLocation": "region", - "statusOfPrimary": "available" - }, - "ResourceGroupName": "test-rg", - "Type": "Microsoft.Storage/storageAccounts", - "ResourceType": "Microsoft.Storage/storageAccounts", - "Sku": { - "Name": "Standard_LRS", - "Tier": "Standard", - "Size": null, - "Family": null, - "Model": null, - "Capacity": null - }, - "Tags": null, - "SubscriptionId": "00000000-0000-0000-0000-000000000000", - "resources": [ - { - "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Storage/storageAccounts/bstorage/blobServices/default", - "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Storage/storageAccounts/bstorage/blobServices/default", - "Location": null, - "ManagedBy": null, - "ResourceName": "default", - "Name": "default", - "Properties": { - "cors": { - "corsRules": [] - }, - "deleteRetentionPolicy": { - "enabled": false - } - }, - "ResourceGroupName": "test-rg", - "Type": "Microsoft.Storage/storageAccounts/blobServices", - "ResourceType": "Microsoft.Storage/storageAccounts/blobServices", - "ExtensionResourceType": null, - "Sku": null, - "Tags": null, - "SubscriptionId": "00000000-0000-0000-0000-000000000000" - } - ] - } -] \ No newline at end of file diff --git a/tests/PSRule.Rules.CAF.Tests/Resources.VM.json b/tests/PSRule.Rules.CAF.Tests/Resources.VM.json deleted file mode 100644 index 6a3fc15..0000000 --- a/tests/PSRule.Rules.CAF.Tests/Resources.VM.json +++ /dev/null @@ -1,245 +0,0 @@ -[ - { - "Name": "vm-A", - "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Compute/virtualMachines/vm-A", - "ResourceName": "vm-A", - "ResourceType": "Microsoft.Compute/virtualMachines", - "ResourceGroupName": "test-rg", - "Location": "region", - "SubscriptionId": "00000000-0000-0000-0000-000000000000", - "Properties": { - "hardwareProfile": { - "vmSize": "Standard_E32s_v3" - }, - "storageProfile": { - "imageReference": { - "publisher": "MicrosoftSQLServer", - "offer": "SQL2017-WS2016", - "sku": "Enterprise", - "version": "latest" - }, - "osDisk": { - "osType": "Windows", - "name": "vm-A_OsDisk_1_0000000000000000000000000000000", - "createOption": "FromImage", - "caching": "ReadWrite", - "managedDisk": { - "storageAccountType": "StandardSSD_LRS", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Compute/disks/vm-A_OsDisk_1_0000000000000000000000000000000" - }, - "diskSizeGB": 127 - }, - "dataDisks": [ - { - "lun": 0, - "name": "vm-A_disk2_0000000000000000000000000000000", - "createOption": "Empty", - "caching": "ReadOnly", - "managedDisk": { - "storageAccountType": "StandardSSD_LRS", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Compute/disks/vm-A_disk2_0000000000000000000000000000000" - }, - "diskSizeGB": 1023 - } - ] - }, - "osProfile": { - "computerName": "vm-A", - "adminUsername": "vm-admin", - "windowsConfiguration": { - "provisionVMAgent": true, - "enableAutomaticUpdates": true - }, - "secrets": [], - "allowExtensionOperations": true - }, - "networkProfile": { - "networkInterfaces": [ - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkInterfaces/vm-A-nic" - } - ] - }, - "diagnosticsProfile": { - "bootDiagnostics": { - "enabled": true, - "storageUri": "https://storage-A.blob.core.windows.net/" - } - }, - "licenseType": "Windows_Server" - }, - "resources": [ - { - "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkInterfaces/nic-A", - "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkInterfaces/nic-A", - "Location": "region", - "ResourceName": "nic-A", - "Name": "nic-A", - "Properties": { - "ipConfigurations": [ - { - "name": "ipconfig1", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkInterfaces/nic-A/ipConfigurations/ipconfig1", - "type": "Microsoft.Network/networkInterfaces/ipConfigurations", - "properties": { - "provisioningState": "Succeeded", - "privateIPAddress": "10.0.0.4", - "privateIPAllocationMethod": "Static", - "publicIPAddress": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/publicIPAddresses/nic-A-pip" - }, - "subnet": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-A/subnets/subnet-A" - }, - "primary": true, - "privateIPAddressVersion": "IPv4" - } - } - ], - "dnsSettings": { - "dnsServers": [ - "8.8.8.8" - ], - "appliedDnsServers": [ - "8.8.8.8" - ], - "internalDomainNameSuffix": "example.nn.internal.cloudapp.net" - }, - "macAddress": "00-00-00-00-00-00", - "enableAcceleratedNetworking": true, - "enableIPForwarding": false, - "primary": true, - "virtualMachine": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Compute/virtualMachines/vm-A" - }, - "hostedWorkloads": [], - "tapConfigurations": [] - }, - "ResourceGroupName": "test-rg", - "Type": "Microsoft.Network/networkInterfaces", - "ResourceType": "Microsoft.Network/networkInterfaces", - "Tags": null, - "SubscriptionId": "00000000-0000-0000-0000-000000000000" - } - ] - }, - { - "Name": "bvm", - "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Compute/virtualMachines/bvm", - "ResourceName": "bvm", - "ResourceType": "Microsoft.Compute/virtualMachines", - "ResourceGroupName": "test-rg", - "Location": "region", - "SubscriptionId": "00000000-0000-0000-0000-000000000000", - "Properties": { - "hardwareProfile": { - "vmSize": "Standard_E32s_v3" - }, - "storageProfile": { - "imageReference": { - "publisher": "MicrosoftSQLServer", - "offer": "SQL2017-WS2016", - "sku": "Enterprise", - "version": "latest" - }, - "osDisk": { - "osType": "Windows", - "name": "bvm_OsDisk_1_0000000000000000000000000000000", - "createOption": "FromImage", - "caching": "ReadWrite", - "managedDisk": { - "storageAccountType": "StandardSSD_LRS", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Compute/disks/bvm_OsDisk_1_0000000000000000000000000000000" - }, - "diskSizeGB": 127 - }, - "dataDisks": [ - { - "lun": 0, - "name": "bvm_disk2_0000000000000000000000000000000", - "createOption": "Empty", - "caching": "ReadOnly", - "diskSizeGB": 1023 - } - ] - }, - "osProfile": { - "computerName": "bvm", - "adminUsername": "vm-admin", - "windowsConfiguration": { - "provisionVMAgent": false, - "enableAutomaticUpdates": false - }, - "secrets": [], - "allowExtensionOperations": false - }, - "networkProfile": { - "networkInterfaces": [ - { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkInterfaces/bvm-nic" - } - ] - }, - "diagnosticsProfile": { - "bootDiagnostics": { - "enabled": true, - "storageUri": "https://storage-A.blob.core.windows.net/" - } - } - }, - "resources": [ - { - "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkInterfaces/nic-A", - "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkInterfaces/nic-A", - "Location": "region", - "ResourceName": "nic-A", - "Name": "nic-A", - "Properties": { - "ipConfigurations": [ - { - "name": "ipconfig1", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkInterfaces/nic-A/ipConfigurations/ipconfig1", - "type": "Microsoft.Network/networkInterfaces/ipConfigurations", - "properties": { - "provisioningState": "Succeeded", - "privateIPAddress": "10.0.0.4", - "privateIPAllocationMethod": "Static", - "publicIPAddress": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/publicIPAddresses/nic-A-pip" - }, - "subnet": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-A/subnets/subnet-A" - }, - "primary": true, - "privateIPAddressVersion": "IPv4" - } - } - ], - "dnsSettings": { - "dnsServers": [ - "8.8.8.8" - ], - "appliedDnsServers": [ - "8.8.8.8" - ], - "internalDomainNameSuffix": "example.nn.internal.cloudapp.net" - }, - "macAddress": "00-00-00-00-00-00", - "enableAcceleratedNetworking": false, - "enableIPForwarding": false, - "primary": true, - "virtualMachine": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Compute/virtualMachines/bvm" - }, - "hostedWorkloads": [], - "tapConfigurations": [] - }, - "ResourceGroupName": "test-rg", - "Type": "Microsoft.Network/networkInterfaces", - "ResourceType": "Microsoft.Network/networkInterfaces", - "Tags": null, - "SubscriptionId": "00000000-0000-0000-0000-000000000000" - } - ] - } -] \ No newline at end of file diff --git a/tests/PSRule.Rules.CAF.Tests/Resources.VNG.json b/tests/PSRule.Rules.CAF.Tests/Resources.VNG.json deleted file mode 100644 index e254795..0000000 --- a/tests/PSRule.Rules.CAF.Tests/Resources.VNG.json +++ /dev/null @@ -1,273 +0,0 @@ -[ - { - "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworkGateways/vng-A", - "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworkGateways/vng-A", - "Identity": null, - "Kind": null, - "Location": "region", - "ManagedBy": null, - "ResourceName": "vng-A", - "Name": "vng-A", - "ExtensionResourceName": null, - "ParentResource": null, - "Plan": null, - "Properties": { - "provisioningState": "Succeeded", - "ipConfigurations": [ - { - "name": "default", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworkGateways/vng-A/ipConfigurations/default", - "type": "Microsoft.Network/virtualNetworkGateways/ipConfigurations", - "properties": { - "provisioningState": "Succeeded", - "privateIPAllocationMethod": "Dynamic", - "publicIPAddress": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/publicIPAddresses/vng-A-pip" - }, - "subnet": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/test-rg/subnets/GatewaySubnet" - } - } - } - ], - "sku": { - "name": "VpnGw1", - "tier": "VpnGw1", - "capacity": 2 - }, - "gatewayType": "Vpn", - "vpnType": "RouteBased", - "enableBgp": false, - "activeActive": false, - "bgpSettings": { - "asn": 65515, - "bgpPeeringAddress": "10.64.0.4", - "peerWeight": 0 - } - }, - "ResourceGroupName": "test-rg", - "Type": "Microsoft.Network/virtualNetworkGateways", - "ResourceType": "Microsoft.Network/virtualNetworkGateways", - "ExtensionResourceType": null, - "Sku": null, - "Tags": {}, - "SubscriptionId": "00000000-0000-0000-0000-000000000000" - }, - { - "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworkGateways/vgw-B", - "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworkGateways/vgw-B", - "Identity": null, - "Kind": null, - "Location": "region", - "ManagedBy": null, - "ResourceName": "vgw-B", - "Name": "vgw-B", - "ExtensionResourceName": null, - "ParentResource": null, - "Plan": null, - "Properties": { - "provisioningState": "Succeeded", - "ipConfigurations": [ - { - "name": "default", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworkGateways/vgw-B/ipConfigurations/default", - "type": "Microsoft.Network/virtualNetworkGateways/ipConfigurations", - "properties": { - "provisioningState": "Succeeded", - "privateIPAllocationMethod": "Dynamic", - "publicIPAddress": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/publicIPAddresses/vgw-B-pip" - }, - "subnet": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/test-rg/subnets/GatewaySubnet" - } - } - } - ], - "sku": { - "name": "VpnGw1", - "tier": "VpnGw1", - "capacity": 2 - }, - "gatewayType": "Vpn", - "vpnType": "RouteBased", - "enableBgp": false, - "activeActive": false, - "bgpSettings": { - "asn": 65515, - "bgpPeeringAddress": "10.64.0.4", - "peerWeight": 0 - } - }, - "ResourceGroupName": "test-rg", - "Type": "Microsoft.Network/virtualNetworkGateways", - "ResourceType": "Microsoft.Network/virtualNetworkGateways", - "ExtensionResourceType": null, - "Sku": null, - "Tags": {}, - "SubscriptionId": "00000000-0000-0000-0000-000000000000" - }, - { - "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/connections/cn-A", - "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/connections/cn-A", - "Identity": null, - "Kind": null, - "Location": "region", - "ManagedBy": null, - "ResourceName": "cn-A", - "Name": "cn-A", - "Properties": { - "provisioningState": "Succeeded", - "resourceGuid": "00000000-0000-0000-0000-000000000000", - "virtualNetworkGateway1": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworkGateways/vng-A" - }, - "localNetworkGateway2": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/localNetworkGateways/lng-A" - }, - "connectionType": "IPsec", - "connectionProtocol": "IKEv2", - "routingWeight": 0, - "sharedKey": "00000000-0000-0000-0000-000000000000", - "enableBgp": false, - "usePolicyBasedTrafficSelectors": false, - "ipsecPolicies": [], - "connectionStatus": "Connecting", - "ingressBytesTransferred": 0, - "egressBytesTransferred": 0, - "expressRouteGatewayBypass": false - }, - "ResourceGroupName": "test-rg", - "Type": "Microsoft.Network/connections", - "ResourceType": "Microsoft.Network/connections", - "ExtensionResourceType": null, - "Sku": null, - "Tags": null, - "SubscriptionId": "00000000-0000-0000-0000-000000000000" - }, - { - "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/localNetworkGateways/lng-A", - "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/localNetworkGateways/lng-A", - "Identity": null, - "Kind": null, - "Location": "region", - "ManagedBy": null, - "ResourceName": "lng-A", - "Name": "lng-A", - "Properties": { - "provisioningState": "Succeeded", - "resourceGuid": "00000000-0000-0000-0000-000000000000", - "localNetworkAddressSpace": { - "addressPrefixes": [ - "10.1.0.0/16" - ] - }, - "gatewayIpAddress": "10.1.0.0" - }, - "ResourceGroupName": "test-rg", - "Type": "Microsoft.Network/localNetworkGateways", - "ResourceType": "Microsoft.Network/localNetworkGateways", - "ExtensionResourceType": null, - "Sku": null, - "Tags": null, - "SubscriptionId": "00000000-0000-0000-0000-000000000000" - }, - { - "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/connections/connection-B", - "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/connections/connection-B", - "Identity": null, - "Kind": null, - "Location": "region", - "ManagedBy": null, - "ResourceName": "connection-B", - "Name": "connection-B", - "Properties": { - "provisioningState": "Succeeded", - "resourceGuid": "00000000-0000-0000-0000-000000000000", - "virtualNetworkGateway1": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworkGateways/vgw-B" - }, - "localNetworkGateway2": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/localNetworkGateways/lng-A" - }, - "connectionType": "IPsec", - "connectionProtocol": "IKEv2", - "routingWeight": 0, - "sharedKey": "00000000-0000-0000-0000-000000000000", - "enableBgp": false, - "usePolicyBasedTrafficSelectors": false, - "ipsecPolicies": [ - { - "saLifeTimeSeconds": 27000, - "saDataSizeKilobytes": 102400000, - "ipsecEncryption": "AES256", - "ipsecIntegrity": "SHA256", - "ikeEncryption": "AES256", - "ikeIntegrity": "SHA1", - "dhGroup": "DHGroup24", - "pfsGroup": "None" - } - ], - "connectionStatus": "Connecting", - "ingressBytesTransferred": 0, - "egressBytesTransferred": 0, - "expressRouteGatewayBypass": false - }, - "ResourceGroupName": "test-rg", - "Type": "Microsoft.Network/connections", - "ResourceType": "Microsoft.Network/connections", - "ExtensionResourceType": null, - "Sku": null, - "Tags": null, - "SubscriptionId": "00000000-0000-0000-0000-000000000000" - }, - { - "ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/connections/cn-C", - "Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/connections/cn-C", - "Identity": null, - "Kind": null, - "Location": "region", - "ManagedBy": null, - "ResourceName": "cn-C", - "Name": "cn-C", - "Properties": { - "provisioningState": "Succeeded", - "resourceGuid": "00000000-0000-0000-0000-000000000000", - "virtualNetworkGateway1": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworkGateways/vgw-B" - }, - "localNetworkGateway2": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/localNetworkGateways/lng-A" - }, - "connectionType": "IPsec", - "connectionProtocol": "IKEv2", - "routingWeight": 0, - "sharedKey": "00000000-0000-0000-0000-000000000000", - "enableBgp": false, - "usePolicyBasedTrafficSelectors": false, - "ipsecPolicies": [ - { - "saLifeTimeSeconds": 14400, - "saDataSizeKilobytes": 102400000, - "ipsecEncryption": "AES256", - "ipsecIntegrity": "SHA256", - "ikeEncryption": "AES256", - "ikeIntegrity": "SHA384", - "dhGroup": "DHGroup24", - "pfsGroup": "PFS2" - } - ], - "connectionStatus": "Connecting", - "ingressBytesTransferred": 0, - "egressBytesTransferred": 0, - "expressRouteGatewayBypass": false - }, - "ResourceGroupName": "test-rg", - "Type": "Microsoft.Network/connections", - "ResourceType": "Microsoft.Network/connections", - "ExtensionResourceType": null, - "Sku": null, - "Tags": null, - "SubscriptionId": "00000000-0000-0000-0000-000000000000" - } -]