microsoft
/
PSRule.Rules.CAF
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Resource case and tagging #35 #36 #38 (#39)

This commit is contained in:
Bernie White 2020-12-26 23:30:29 +10:00 коммит произвёл GitHub
Родитель fe21b13d0a
Коммит 708d1f620b
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
19 изменённых файлов: 786 добавлений и 3439 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

41
BaselineToc.Doc.ps1 Normal file
Просмотреть файл

@ -0,0 +1,41 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
Document 'baseline' {
$baselineName = $InputObject.Name;
# $obsolete = $InputObject.metadata.annotations.obsolete -eq $True;
Title $baselineName;
# if ($obsolete) {
# 'Obsolete' | BlockQuote
# }
Import-Module .\out\modules\PSRule.Rules.CAF;
$rules = @(Get-PSRule -Module PSRule.Rules.CAF -Baseline $baselineName -WarningAction SilentlyContinue);
$ruleCount = $rules.Length;
$InputObject.Synopsis;
Section 'Rules' {
"The following rules are included within ``$baselineName``. This baseline includes a total of $ruleCount rules."
$rules | Sort-Object -Property RuleName | Table -Property @{ Name = 'Name'; Expression = {
"[$($_.RuleName)]($($_.RuleName).md)"
}}, Synopsis
}
$configuration = @($InputObject.Spec.Configuration);
Section 'Configuration' {
$configuration | Table -Property @{ Name = 'Name'; Expression = {
$_.Key
}}, @{ Name = 'Default value'; Expression = {
if ($Null -ne $_.Value -and ![String]::IsNullOrEmpty($_.Value)) {
"``$($_.Value)``"
}
else {
''
}
}}
}
}

7
CHANGELOG.md
Просмотреть файл

@ -2,6 +2,13 @@
## Unreleased
- General improvements:
- Resource name rules are case-sensitive by default. [#36](https://github.com/microsoft/PSRule.Rules.CAF/issues/36)
- Resource and resource group tagging rules are case-sensitive by default. [#35](https://github.com/microsoft/PSRule.Rules.CAF/issues/35)
- **Breaking change**: Separated resource and resource group tagging rules. [#38](https://github.com/microsoft/PSRule.Rules.CAF/issues/38)
- Renamed `CAF.Tag.Required` to `CAF.Tag.Resource`.
- Moved resource group tagging requirements from `CAF.Tag.Resource` to `CAF.Tag.ResourceGroup`.
## v0.1.0-B2009009 (pre-release)
What's changed since pre-release v0.1.0-B2008005:

97
docs/baselines/en/CAF.Strict.md Normal file
Просмотреть файл

@ -0,0 +1,97 @@
# CAF.Strict
The default baseline for Azure Cloud Adoption Framework
## Rules
The following rules are included within `CAF.Strict`. This baseline includes a total of 14 rules.
Name | Synopsis
---- | --------
[CAF.Name.Connection](CAF.Name.Connection.md) | Virtual network gateway connection names should use a standard prefix.
[CAF.Name.LoadBalancer](CAF.Name.LoadBalancer.md) | Load balancer names should use a standard prefix.
[CAF.Name.NSG](CAF.Name.NSG.md) | Network security group (NSG) names should use a standard prefix.
[CAF.Name.PublicIP](CAF.Name.PublicIP.md) | Public IP address names should use a standard prefix.
[CAF.Name.RG](CAF.Name.RG.md) | Resource group names should use a standard prefix.
[CAF.Name.Route](CAF.Name.Route.md) | Route table names should use a standard prefix.
[CAF.Name.Storage](CAF.Name.Storage.md) | Storage account names should use a standard prefix.
[CAF.Name.Subnet](CAF.Name.Subnet.md) | Subnet names should use a standard prefix.
[CAF.Name.VM](CAF.Name.VM.md) | Virtual machine names should use a standard prefix.
[CAF.Name.VNET](CAF.Name.VNET.md) | Virtual network names should use a standard prefix.
[CAF.Name.VNG](CAF.Name.VNG.md) | Virtual network gateway names should use a standard prefix.
[CAF.Tag.Environment](CAF.Tag.Environment.md) | Tag resources and resource groups with a valid environment.
[CAF.Tag.Resource](CAF.Tag.Resource.md) | Tag resources with mandatory tags.
[CAF.Tag.ResourceGroup](CAF.Tag.ResourceGroup.md) | Tag resource groups with mandatory tags.
## Configuration
Name | Default value
---- | -------------
CAF_UseLowerNames | `true`
CAF_ManagementGroupPrefix | `mg-`
CAF_ResourceGroupPrefix | `rg-`
CAF_PolicyDefinitionPrefix | `policy-`
CAF_APIManagementPrefix | `apim-`
CAF_ManagedIdentityPrefix | `id-`
CAF_VirtualNetworkPrefix | `vnet-`
CAF_SubnetPrefix | `snet-`
CAF_VirtualNetworkPeeringPrefix | `peer-`
CAF_NetworkInterfacePrefix | `nic-`
CAF_PublicIPPrefix | `pip-`
CAF_LoadBalancerPrefix | `lbi- lbe-`
CAF_NetworkSecurityGroupPrefix | `nsg-`
CAF_ApplicationSecurityGroupPrefix | `asg-`
CAF_LocalNetworkGatewayPrefix | `lgw-`
CAF_VirtualNetworkGatewayPrefix | `vgw-`
CAF_GatewayConnectionPrefix | `cn-`
CAF_ApplicationGatewayPrefix | `agw-`
CAF_RouteTablePrefix | `route-`
CAF_TrafficManagerProfilePrefix | `traf-`
CAF_FrontDoorPrefix | `fd-`
CAF_CDNProfilePrefix | `cdnp-`
CAF_CDNEndpointPrefix | `cdne-`
CAF_VirtualMachinePrefix | `vm`
CAF_VirtualMachineScaleSetPrefix | `vmss-`
CAF_AvailabilitySetPrefix | `avail-`
CAF_ContainerInstancePrefix | `aci-`
CAF_AKSClusterPrefix | `aks-`
CAF_AppServicePlanPrefix | `plan-`
CAF_WebAppPrefix | `app-`
CAF_FunctionAppPrefix | `func-`
CAF_CloudServicePrefix | `cld-`
CAF_NotificationHubPrefix | `ntf-`
CAF_NotificationHubNamespacePrefix | `ntfns-`
CAF_SQLDatabaseServerPrefix | `sql-`
CAF_SQLDatabasePrefix | `sqldb-`
CAF_CosmosDbPrefix | `cosmos-`
CAF_RedisCachePrefix | `redis-`
CAF_MySQLDatabasePrefix | `mysql-`
CAF_PostgreSQLDatabasePrefix | `psql-`
CAF_SQLDataWarehousePrefix | `sqldw-`
CAF_SynapseAnalyticsPrefix | `syn-`
CAF_SQLStretchDbPrefix | `sqlstrdb-`
CAF_StoragePrefix | `st stvm dls`
CAF_StorSimplePrefix | `ssimp`
CAF_SearchPrefix | `srch-`
CAF_CognitiveServicesPrefix | `cog-`
CAF_MachineLearningWorkspacePrefix | `mlw-`
CAF_StreamAnalyticsPrefix | `asa-`
CAF_DataFactoryPrefix | `adf-`
CAF_DataLakeStorePrefix | `dla`
CAF_EventHubsPrefix | `evh-`
CAF_HDInsightsHadoopPrefix | `hadoop-`
CAF_HDInsightsHBasePrefix | `hbase-`
CAF_HDInsightsSparkPrefix | `spark-`
CAF_IoTHubPrefix | `iot-`
CAF_PowerBIEmbeddedPrefix | `pbi-`
CAF_LogicAppsPrefix | `logic-`
CAF_ServiceBusPrefix | `sb-`
CAF_ServiceBusQueuePrefix | `sbq-`
CAF_ServiceBusTopicPrefix | `sbt-`
CAF_KeyVaultPrefix | `kv-`
CAF_MatchTagNameCase | `true`
CAF_MatchTagValueCase | `true`
CAF_ResourceMandatoryTags |
CAF_ResourceGroupMandatoryTags |
CAF_EnvironmentTag | `Env`
CAF_Environments | `Prod Dev QA Stage Test`

44
docs/rules/en/CAF.Tag.Required.md
Просмотреть файл

@ -1,44 +0,0 @@
---
pillar: Operational Excellence
category: Metadata tagging
online version: https://github.com/microsoft/PSRule.Rules.CAF/blob/main/docs/rules/en/CAF.Tag.Required.md
---
# Use mandatory tags
## SYNOPSIS
Tag resources and resource groups with mandatory tags.
## DESCRIPTION
Metadata tags store additional information about resources and resource groups.
When used consistently, metadata tags can be used to identify resources for searching and reporting.
Additionally tags can store information useful to automated tasks.
Some examples include; de-provisioning, scaling and patching
Resources and resources group pass when they have the required tags.
If any of the tags are missing, this rule fails.
Resources that do not support tags are skipped.
By default, no mandatory tags are configured.
## RECOMMENDATION
Consider updating the resource/ resource group with the required tags.
Additionally consider enforcing mandatory tags with Azure Policy.
## NOTES
To configure this rule:
- Override the `CAF_ResourceMandatoryTags` configuration value with an array of required tags for resources.
- Override the `CAF_ResourceGroupMandatoryTags` configuration value with an array of required tags for resource groups.
## LINKS
- [Metadata tags](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/naming-and-tagging#metadata-tags)
- [Use tags to organize your Azure resources](https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources)
- [Azure Well-Architected Framework](https://docs.microsoft.com/en-gb/azure/architecture/framework/devops/app-design#tagging-and-resource-naming)
- [Tag support for Azure resources](https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/tag-support)

49
docs/rules/en/CAF.Tag.Resource.md Normal file
Просмотреть файл

@ -0,0 +1,49 @@
---
pillar: Cost Optimization
category: Metadata tagging
online version: https://github.com/microsoft/PSRule.Rules.CAF/blob/main/docs/rules/en/CAF.Tag.Required.md
---
# Tag resources
## SYNOPSIS
Tag resources with mandatory tags.
## DESCRIPTION
Metadata tags store additional information about resources.
Each tags is a key value pair, with a tag name and tag value.
When used consistently, metadata tags can be used to identify resources for searching and reporting.
Up to 50 tags can be set on most resource types (see [Tag support for Azure resources]).
Additionally tags can store information useful to automated tasks.
Some examples include; de-provisioning, scaling, and patching.
## RECOMMENDATION
Consider tagging the resources with the mandatory tags.
Additionally consider enforcing mandatory tags and using inheritance with Azure Policy.
## NOTES
Resources pass when they have the required tags.
If any of the tags are missing, this rule fails.
Resources that do not support tags are skipped.
By default:
- No mandatory tags are configured.
- Tag names are case-sensitive.
To configure this rule:
- Override the `CAF_ResourceMandatoryTags` configuration value with an array of required tags.
## LINKS
- [Metadata tags](https://docs.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/resource-tagging)
- [Use tags to organize your Azure resources](https://docs.microsoft.com/azure/azure-resource-manager/management/tag-resources)
- [Azure Well-Architected Framework](https://docs.microsoft.com/azure/architecture/framework/cost/design-governance#enforce-resource-tagging)
- [Tag support for Azure resources]
[Tag support for Azure resources]: https://docs.microsoft.com/azure/azure-resource-manager/management/tag-support

46
docs/rules/en/CAF.Tag.ResourceGroup.md Normal file
Просмотреть файл

@ -0,0 +1,46 @@
---
pillar: Cost Optimization
category: Metadata tagging
online version: https://github.com/microsoft/PSRule.Rules.CAF/blob/main/docs/rules/en/CAF.Tag.ResourceGroup.md
---
# Tag resource groups
## SYNOPSIS
Tag resource groups with mandatory tags.
## DESCRIPTION
Metadata tags store additional information about resource groups.
Each tags is a key value pair, with a tag name and tag value.
When used consistently, metadata tags can be used to identify resource groups for searching and reporting.
Up to 50 tags can be set on each resource group.
Additionally tags can store information useful to automated tasks.
Some examples include; de-provisioning, scaling, and patching.
## RECOMMENDATION
Consider tagging resource group with the mandatory tags.
Additionally consider enforcing mandatory tags with Azure Policy.
## NOTES
Resources group pass when they have the required tags.
If any of the tags are missing, this rule fails.
By default:
- No mandatory tags are configured.
- Tag names are case-sensitive.
To configure this rule:
- Override the `CAF_ResourceGroupMandatoryTags` configuration value with an array of required tags.
## LINKS
- [Metadata tags](https://docs.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/resource-tagging)
- [Use tags to organize your Azure resources](https://docs.microsoft.com/azure/azure-resource-manager/management/tag-resources)
- [Azure Well-Architected Framework](https://docs.microsoft.com/azure/architecture/framework/cost/design-governance#enforce-resource-tagging)
- [Tag support for Azure resources](https://docs.microsoft.com/azure/azure-resource-manager/management/tag-support)

3
docs/rules/en/module.md
Просмотреть файл

@ -9,7 +9,8 @@ The following rules are included within `PSRule.Rules.CAF`.
Name | Synopsis
---- | --------
[CAF.Tag.Environment](CAF.Tag.Environment.md) | Tag resources and resource groups with a valid environment.
[CAF.Tag.Required](CAF.Tag.Required.md) | Tag resources and resource groups with mandatory tags.
[CAF.Tag.Resource](CAF.Tag.Resource.md) | Tag resources with mandatory tags.
[CAF.Tag.ResourceGroup](CAF.Tag.ResourceGroup.md) | Tag resource groups with mandatory tags.
### Resource naming

17
pipeline.build.ps1
Просмотреть файл

@ -161,11 +161,11 @@ task PSScriptAnalyzer NuGet, {
# Synopsis: Install PSRule
task PSRule NuGet, {
if ($Null -eq (Get-InstalledModule -Name PSRule -MinimumVersion '0.20.0' -AllowPrerelease -ErrorAction Ignore)) {
Install-Module -Name PSRule -Repository PSGallery -MinimumVersion '0.20.0' -AllowPrerelease -Scope CurrentUser -Force;
if ($Null -eq (Get-InstalledModule -Name PSRule -MinimumVersion '0.22.0' -AllowPrerelease -ErrorAction Ignore)) {
Install-Module -Name PSRule -Repository PSGallery -MinimumVersion '0.22.0' -AllowPrerelease -Scope CurrentUser -Force;
}
if ($Null -eq (Get-InstalledModule -Name PSRule.Rules.Azure -MinimumVersion '0.15.0' -ErrorAction Ignore)) {
Install-Module -Name PSRule.Rules.Azure -Repository PSGallery -MinimumVersion '0.15.0' -Scope CurrentUser -Force;
if ($Null -eq (Get-InstalledModule -Name PSRule.Rules.Azure -MinimumVersion '0.18.0' -ErrorAction Ignore)) {
Install-Module -Name PSRule.Rules.Azure -Repository PSGallery -MinimumVersion '0.18.0' -Scope CurrentUser -Force;
}
Import-Module -Name PSRule.Rules.Azure -Verbose:$False;
}
@ -240,10 +240,17 @@ task Analyze Build, PSScriptAnalyzer, {
Invoke-ScriptAnalyzer -Path out/modules/PSRule.Rules.CAF;
}
# Synopsis: Build table of content for rules
# Synopsis: Build table of content for rules and baselines
task BuildRuleDocs Build, PSRule, PSDocs, {
Import-Module (Join-Path -Path $PWD -ChildPath out/modules/PSRule.Rules.CAF) -Force;
$Null = Invoke-PSDocument -Name module -OutputPath .\docs\rules\en\ -Path .\RuleToc.Doc.ps1;
$baselines = Get-PSRuleBaseline -Module PSRule.Rules.CAF -WarningAction SilentlyContinue;
$Null = $baselines | ForEach-Object {
if ($_.Name -like 'CAF.*') {
$_ | Invoke-PSDocument -Name baseline -InstanceName $_.Name -OutputPath .\docs\baselines\en\ -Path .\BaselineToc.Doc.ps1;
}
}
}
# Synopsis: Build help

4
ps-project.yaml
Просмотреть файл

@ -16,8 +16,8 @@ bugs:
url: https://github.com/Microsoft/PSRule.Rules.CAF/issues
modules:
PSRule: ^0.12.0
PSRule.Rules.Azure: ^0.6.0
PSRule: ^0.22.0
PSRule.Rules.Azure: ^0.18.0
tasks:
clear:

13
src/PSRule.Rules.CAF/rules/Baseline.Rule.yaml
Просмотреть файл

@ -7,14 +7,21 @@ metadata:
spec:
configuration:
# Naming
CAF_UseLowerNames: true
# General
CAF_ManagementGroupPrefix: [ 'mg-' ]
CAF_ResourceGroupPrefix: [ 'rg-' ]
CAF_PolicyDefinitionPrefix: [ 'policy-' ]
CAF_APIManagementPrefix: [ 'apim-' ]
CAF_ManagedIdentityPrefix: [ 'id-' ]
# Networking
CAF_VirtualNetworkPrefix: [ 'vnet-' ]
CAF_SubnetPrefix: [ 'snet-' ]
CAF_VirtualNetworkPeeringPrefix: [ 'peer-' ]
CAF_NetworkInterfacePrefix: [ 'nic-' ]
CAF_PublicIPPrefix: [ 'pip-' ]
CAF_LoadBalancerPrefix: [ 'lbi-', 'lbe-' ]
@ -26,6 +33,9 @@ spec:
CAF_ApplicationGatewayPrefix: [ 'agw-' ]
CAF_RouteTablePrefix: [ 'route-' ]
CAF_TrafficManagerProfilePrefix: [ 'traf-' ]
CAF_FrontDoorPrefix: [ 'fd-' ]
CAF_CDNProfilePrefix: [ 'cdnp-' ]
CAF_CDNEndpointPrefix: [ 'cdne-' ]
# Compute and Web
CAF_VirtualMachinePrefix: [ 'vm' ]
@ -80,6 +90,9 @@ spec:
# Management and governance
CAF_KeyVaultPrefix: [ 'kv-' ]
CAF_MatchTagNameCase: true
CAF_MatchTagValueCase: true
# Required tags
CAF_ResourceMandatoryTags: [ ]
CAF_ResourceGroupMandatoryTags: [ ]

53
src/PSRule.Rules.CAF/rules/CAF.Name.Rule.ps1
Просмотреть файл

@ -8,12 +8,18 @@
# Synopsis: Use standard resource groups names.
Rule 'CAF.Name.RG' -Type 'Microsoft.Resources/resourceGroups' -If { !(CAF_IsManagedRG) } {
$Assert.StartsWith($TargetObject, 'Name', $Configuration.CAF_ResourceGroupPrefix)
$Assert.StartsWith($PSRule, 'TargetName', $Configuration.CAF_ResourceGroupPrefix, $True);
if ($Configuration.CAF_UseLowerNames -eq $True) {
$Assert.IsLower($PSRule, 'TargetName');
}
}
# Synopsis: Use standard virtual networks names.
Rule 'CAF.Name.VNET' -Type 'Microsoft.Network/virtualNetworks' {
$Assert.StartsWith($TargetObject, 'Name', $Configuration.CAF_VirtualNetworkPrefix)
$Assert.StartsWith($PSRule, 'TargetName', $Configuration.CAF_VirtualNetworkPrefix, $True);
if ($Configuration.CAF_UseLowerNames -eq $True) {
$Assert.IsLower($PSRule, 'TargetName');
}
}
# Synopsis: Use standard subnets names.
@ -30,47 +36,72 @@ Rule 'CAF.Name.Subnet' -Type 'Microsoft.Network/virtualNetworks', 'Microsoft.Net
$Assert.Pass();
}
else {
$Assert.StartsWith($subnet, 'Name', $Configuration.CAF_SubnetPrefix)
$Assert.StartsWith($subnet, 'Name', $Configuration.CAF_SubnetPrefix);
if ($Configuration.CAF_UseLowerNames -eq $True) {
$Assert.IsLower($subnet, 'Name');
}
}
}
}
# Synopsis: Use standard virtual network gateway names.
Rule 'CAF.Name.VNG' -Type 'Microsoft.Network/virtualNetworkGateways' {
$Assert.StartsWith($TargetObject, 'Name', $Configuration.CAF_VirtualNetworkGatewayPrefix)
$Assert.StartsWith($PSRule, 'TargetName', $Configuration.CAF_VirtualNetworkGatewayPrefix, $True);
if ($Configuration.CAF_UseLowerNames -eq $True) {
$Assert.IsLower($PSRule, 'TargetName');
}
}
# Synopsis: Use standard virtual networks gateway connection names.
Rule 'CAF.Name.Connection' -Type 'Microsoft.Network/connections' {
$Assert.StartsWith($TargetObject, 'Name', $Configuration.CAF_GatewayConnectionPrefix)
$Assert.StartsWith($PSRule, 'TargetName', $Configuration.CAF_GatewayConnectionPrefix, $True);
if ($Configuration.CAF_UseLowerNames -eq $True) {
$Assert.IsLower($PSRule, 'TargetName');
}
}
# Synopsis: Use standard network security group names.
Rule 'CAF.Name.NSG' -Type 'Microsoft.Network/networkSecurityGroups' {
$Assert.StartsWith($TargetObject, 'Name', $Configuration.CAF_NetworkSecurityGroupPrefix)
$Assert.StartsWith($PSRule, 'TargetName', $Configuration.CAF_NetworkSecurityGroupPrefix, $True);
if ($Configuration.CAF_UseLowerNames -eq $True) {
$Assert.IsLower($PSRule, 'TargetName');
}
}
# Synopsis: Use standard route table names.
Rule 'CAF.Name.Route' -Type 'Microsoft.Network/routeTables' {
$Assert.StartsWith($TargetObject, 'Name', $Configuration.CAF_RouteTablePrefix)
$Assert.StartsWith($PSRule, 'TargetName', $Configuration.CAF_RouteTablePrefix, $True);
if ($Configuration.CAF_UseLowerNames -eq $True) {
$Assert.IsLower($PSRule, 'TargetName');
}
}
# Synopsis: Use standard virtual machines names.
Rule 'CAF.Name.VM' -Type 'Microsoft.Compute/virtualMachines' {
$Assert.StartsWith($TargetObject, 'Name', $Configuration.CAF_VirtualMachinePrefix)
$Assert.StartsWith($PSRule, 'TargetName', $Configuration.CAF_VirtualMachinePrefix, $True);
if ($Configuration.CAF_UseLowerNames -eq $True) {
$Assert.IsLower($PSRule, 'TargetName');
}
}
# Synopsis: Use standard storage accounts names.
Rule 'CAF.Name.Storage' -Type 'Microsoft.Storage/storageAccounts' {
$Assert.StartsWith($TargetObject, 'Name', $Configuration.CAF_StoragePrefix)
$Assert.StartsWith($PSRule, 'TargetName', $Configuration.CAF_StoragePrefix, $True);
$Assert.IsLower($PSRule, 'TargetName');
}
# Synopsis: Use standard public IP address names.
Rule 'CAF.Name.PublicIP' -Type 'Microsoft.Network/publicIPAddresses' {
$Assert.StartsWith($TargetObject, 'Name', $Configuration.CAF_PublicIPPrefix)
$Assert.StartsWith($PSRule, 'TargetName', $Configuration.CAF_PublicIPPrefix, $True);
if ($Configuration.CAF_UseLowerNames -eq $True) {
$Assert.IsLower($PSRule, 'TargetName');
}
}
# Synopsis: Use standard load balancer names.
Rule 'CAF.Name.LoadBalancer' -Type 'Microsoft.Network/loadBalancers' -If { !(CAF_IsManagedLB) } {
$Assert.StartsWith($TargetObject, 'Name', $Configuration.CAF_LoadBalancerPrefix)
$Assert.StartsWith($PSRule, 'TargetName', $Configuration.CAF_LoadBalancerPrefix, $True);
if ($Configuration.CAF_UseLowerNames -eq $True) {
$Assert.IsLower($PSRule, 'TargetName');
}
}

38
src/PSRule.Rules.CAF/rules/CAF.Tag.Rule.ps1
Просмотреть файл

@ -3,28 +3,34 @@
# Note:
# This contains rules for standard tagging suggested in the CAF.
# https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/naming-and-tagging
# https://docs.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/naming-and-tagging
# Synopsis: Tag resources and resource groups with mandatory tags
Rule 'CAF.Tag.Required' -If { (CAF_SupportsTags) } {
# Use resource or resource group mandatory tags
# Synopsis: Tag resources with mandatory tags.
Rule 'CAF.Tag.Resource' -If { (CAF_SupportsTags) -and !(CAF_IsResourceGroup) -and ($Configuration.GetStringValues('CAF_ResourceMandatoryTags').Length -gt 0) } {
$required = $Configuration.GetStringValues('CAF_ResourceMandatoryTags')
if ($PSRule.TargetType -eq 'Microsoft.Resources/resourceGroups') {
$required = $Configuration.GetStringValues('CAF_ResourceGroupMandatoryTags')
}
# Check mandatory tags
if ($required.Length -eq 0) {
return $True
return $Assert.Pass();
}
else {
Exists 'Tags'
$Assert.HasField($TargetObject, 'Tags');
if ($Null -ne $TargetObject.Tags) {
$TargetObject.Tags | Exists $required -All
}
$Assert.HasFields($TargetObject.Tags, $required, $Configuration.CAF_MatchTagNameCase);
}
}
# Synopsis: Use standard environment tag values
Rule 'CAF.Tag.Environment' -If { (CAF_SupportsTags) -and (Exists "Tags.$($Configuration.CAF_EnvironmentTag)") } {
$Assert.In($TargetObject, "Tags.$($Configuration.CAF_EnvironmentTag)", $Configuration.CAF_Environments)
# Synopsis: Tag resource groups with mandatory tags.
Rule 'CAF.Tag.ResourceGroup' -Type 'Microsoft.Resources/resourceGroups' -If { ($Configuration.GetStringValues('CAF_ResourceGroupMandatoryTags').Length -gt 0) } {
$required = $Configuration.GetStringValues('CAF_ResourceGroupMandatoryTags');
if ($required.Length -eq 0) {
return $Assert.Pass();
}
$Assert.HasField($TargetObject, 'Tags');
if ($Null -ne $TargetObject.Tags) {
$Assert.HasFields($TargetObject.Tags, $required, $Configuration.CAF_MatchTagNameCase);
}
}
# Synopsis: Tag resources and resource groups with a valid environment.
Rule 'CAF.Tag.Environment' -If { (CAF_SupportsTags) -and (Exists "Tags.$($Configuration.CAF_EnvironmentTag)") } {
$Assert.HasField($TargetObject, "Tags.$($Configuration.CAF_EnvironmentTag)", $Configuration.CAF_MatchTagNameCase);
$Assert.In($TargetObject, "Tags.$($Configuration.CAF_EnvironmentTag)", $Configuration.CAF_Environments, $Configuration.CAF_MatchTagValueCase)
}

502
tests/PSRule.Rules.CAF.Tests/CAF.Name.Tests.ps1
Просмотреть файл

@ -6,9 +6,7 @@
#
[CmdletBinding()]
param (
)
param ()
# Setup error handling
$ErrorActionPreference = 'Stop';
@ -21,193 +19,413 @@ if ($Env:SYSTEM_DEBUG -eq 'true') {
# Setup tests paths
$rootPath = $PWD;
Import-Module (Join-Path -Path $rootPath -ChildPath out/modules/PSRule.Rules.CAF) -Force;
$here = (Resolve-Path $PSScriptRoot).Path;
Describe 'CAF.Name' -Tag 'name' {
$dataPath = Join-Path -Path $here -ChildPath 'Resources.*.json';
Context 'Conditions' {
$invokeParams = @{
Module = 'PSRule.Rules.CAF'
WarningAction = 'Ignore'
ErrorAction = 'Stop'
}
$result = Invoke-PSRule @invokeParams -InputPath $dataPath -Outcome All;
It 'CAF.Name.RG' {
$filteredResult = $result | Where-Object { $_.RuleName -eq 'CAF.Name.RG' };
# Fail
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' });
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Length | Should -Be 1;
$ruleResult.TargetName | Should -Be 'rgB';
# Pass
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' });
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Length | Should -Be 1;
$ruleResult.TargetName | Should -Be 'rg-A';
Context 'CAF.Name.RG' {
$validNames = @(
'rg-test-001'
)
$invalidNames = @(
'rg-Test-001'
'rgtest001'
'test-rg-001'
)
$testObject = [PSCustomObject]@{
Name = ''
ResourceType = 'Microsoft.Resources/resourceGroups'
}
It 'CAF.Name.VNET' {
$filteredResult = $result | Where-Object { $_.RuleName -eq 'CAF.Name.VNET' };
# Fail
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' });
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Length | Should -Be 1;
$ruleResult.TargetName | Should -BeIn 'vnetB';
# Pass
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' });
foreach ($name in $validNames) {
It $name {
$testObject.Name = $name;
$ruleResult = $testObject | Invoke-PSRule @invokeParams -Name 'CAF.Name.RG';
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Length | Should -Be 3;
$ruleResult.TargetName | Should -BeIn 'vnet-A', 'vnet-D', 'vnet-C';
$ruleResult.Outcome | Should -Be 'Pass';
}
}
It 'CAF.Name.Subnet' {
$filteredResult = $result | Where-Object { $_.RuleName -eq 'CAF.Name.Subnet' };
# Fail
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' });
foreach ($name in $invalidNames) {
It $name {
$testObject.Name = $name;
$ruleResult = $testObject | Invoke-PSRule @invokeParams -Name 'CAF.Name.RG';
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Length | Should -Be 2;
$ruleResult.TargetName | Should -BeIn 'vnetB', 'vnet-D';
# Pass
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' });
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Length | Should -Be 2;
$ruleResult.TargetName | Should -BeIn 'vnet-A', 'vnet-C';
$ruleResult.Outcome | Should -Be 'Fail';
}
}
}
It 'CAF.Name.VNG' {
$filteredResult = $result | Where-Object { $_.RuleName -eq 'CAF.Name.VNG' };
# Fail
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' });
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Length | Should -Be 1;
$ruleResult.TargetName | Should -Be 'vng-A';
# Pass
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' });
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Length | Should -Be 1;
$ruleResult.TargetName | Should -Be 'vgw-B';
Context 'CAF.Name.VNET' {
$validNames = @(
'vnet-test-001'
)
$invalidNames = @(
'vnet-Test-001'
'vnetest001'
'test-vnet-001'
)
$testObject = [PSCustomObject]@{
Name = ''
ResourceType = 'Microsoft.Network/virtualNetworks'
}
It 'CAF.Name.Connection' {
$filteredResult = $result | Where-Object { $_.RuleName -eq 'CAF.Name.Connection' };
# Fail
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' });
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Length | Should -Be 2;
$ruleResult.TargetName | Should -BeIn 'expressroute-connection', 'connection-B';
# Pass
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' });
foreach ($name in $validNames) {
It $name {
$testObject.Name = $name;
$ruleResult = $testObject | Invoke-PSRule @invokeParams -Name 'CAF.Name.VNET';
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Length | Should -Be 3;
$ruleResult.TargetName | Should -BeIn 'cn-expressroute', 'cn-C', 'cn-A';
$ruleResult.Outcome | Should -Be 'Pass';
}
}
It 'CAF.Name.NSG' {
$filteredResult = $result | Where-Object { $_.RuleName -eq 'CAF.Name.NSG' };
# Fail
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' });
foreach ($name in $invalidNames) {
It $name {
$testObject.Name = $name;
$ruleResult = $testObject | Invoke-PSRule @invokeParams -Name 'CAF.Name.VNET';
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Length | Should -Be 1;
$ruleResult.TargetName | Should -BeIn 'nsgB';
# Pass
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' });
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Length | Should -Be 2;
$ruleResult.TargetName | Should -BeIn 'nsg-A', 'nsg-C';
$ruleResult.Outcome | Should -Be 'Fail';
}
}
}
It 'CAF.Name.Route' {
$filteredResult = $result | Where-Object { $_.RuleName -eq 'CAF.Name.Route' };
# Fail
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' });
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Length | Should -Be 1;
$ruleResult.TargetName | Should -Be 'routeB';
Context 'CAF.Name.Subnet' {
$validNames = @(
'snet-test-001'
)
$invalidNames = @(
'snet-Test-001'
'snettest001'
'test-snet-001'
)
$testObject = @(
[PSCustomObject]@{
Name = ''
ResourceType = 'Microsoft.Network/virtualNetworks/subnets'
}
[PSCustomObject]@{
Name = ''
ResourceType = 'Microsoft.Network/virtualNetworks'
Properties = @{
subnets = @(
@{
Name = ''
}
)
}
}
)
# Pass
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' });
foreach ($name in $validNames) {
It $name {
$testObject[0].Name = $name;
$testObject[1].Properties.Subnets[0].Name = $name;
$ruleResult = $testObject | Invoke-PSRule @invokeParams -Name 'CAF.Name.Subnet';
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Length | Should -Be 1;
$ruleResult.TargetName | Should -Be 'route-A';
$ruleResult.Outcome | Should -BeIn 'Pass';
}
}
It 'CAF.Name.VM' {
$filteredResult = $result | Where-Object { $_.RuleName -eq 'CAF.Name.VM' };
# Fail
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' });
foreach ($name in $invalidNames) {
It $name {
$testObject[0].Name = $name;
$testObject[1].Properties.Subnets[0].Name = $name;
$ruleResult = $testObject | Invoke-PSRule @invokeParams -Name 'CAF.Name.Subnet';
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Length | Should -Be 1;
$ruleResult.TargetName | Should -Be 'bvm';
# Pass
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' });
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Length | Should -Be 1;
$ruleResult.TargetName | Should -Be 'vm-A';
$ruleResult.Outcome | Should -BeIn 'Fail';
}
}
}
It 'CAF.Name.Storage' {
$filteredResult = $result | Where-Object { $_.RuleName -eq 'CAF.Name.Storage' };
# Fail
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' });
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Length | Should -Be 1;
$ruleResult.TargetName | Should -Be 'bstorage';
# Pass
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' });
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Length | Should -Be 1;
$ruleResult.TargetName | Should -Be 'storagea';
Context 'CAF.Name.VNG' {
$validNames = @(
'vgw-test-001'
)
$invalidNames = @(
'vgw-Test-001'
'vgwtest001'
'test-vgw-001'
)
$testObject = [PSCustomObject]@{
Name = ''
ResourceType = 'Microsoft.Network/virtualNetworkGateways'
}
It 'CAF.Name.PublicIP' {
$filteredResult = $result | Where-Object { $_.RuleName -eq 'CAF.Name.PublicIP' };
# Fail
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' });
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Length | Should -Be 1;
$ruleResult.TargetName | Should -Be 'pipB';
# Pass
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' });
foreach ($name in $validNames) {
It $name {
$testObject.Name = $name;
$ruleResult = $testObject | Invoke-PSRule @invokeParams -Name 'CAF.Name.VNG';
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Length | Should -Be 1;
$ruleResult.TargetName | Should -Be 'pip-A';
$ruleResult.Outcome | Should -Be 'Pass';
}
}
It 'CAF.Name.LoadBalancer' {
$filteredResult = $result | Where-Object { $_.RuleName -eq 'CAF.Name.LoadBalancer' };
# Fail
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' });
foreach ($name in $invalidNames) {
It $name {
$testObject.Name = $name;
$ruleResult = $testObject | Invoke-PSRule @invokeParams -Name 'CAF.Name.VNG';
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Length | Should -Be 1;
$ruleResult.TargetName | Should -Be 'lbB';
$ruleResult.Outcome | Should -Be 'Fail';
}
}
}
Context 'CAF.Name.Connection' {
$validNames = @(
'cn-test-001'
)
$invalidNames = @(
'cn-Test-001'
'cntest001'
'test-cn-001'
)
$testObject = [PSCustomObject]@{
Name = ''
ResourceType = 'Microsoft.Network/connections'
}
# Pass
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' });
foreach ($name in $validNames) {
It $name {
$testObject.Name = $name;
$ruleResult = $testObject | Invoke-PSRule @invokeParams -Name 'CAF.Name.Connection';
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Length | Should -Be 1;
$ruleResult.TargetName | Should -Be 'lbe-A';
$ruleResult.Outcome | Should -Be 'Pass';
}
}
# Fail
foreach ($name in $invalidNames) {
It $name {
$testObject.Name = $name;
$ruleResult = $testObject | Invoke-PSRule @invokeParams -Name 'CAF.Name.Connection';
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Outcome | Should -Be 'Fail';
}
}
}
Context 'CAF.Name.NSG' {
$validNames = @(
'nsg-test-001'
)
$invalidNames = @(
'nsg-Test-001'
'nsgtest001'
'test-nsg-001'
)
$testObject = [PSCustomObject]@{
Name = ''
ResourceType = 'Microsoft.Network/networkSecurityGroups'
}
# Pass
foreach ($name in $validNames) {
It $name {
$testObject.Name = $name;
$ruleResult = $testObject | Invoke-PSRule @invokeParams -Name 'CAF.Name.NSG';
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Outcome | Should -Be 'Pass';
}
}
# Fail
foreach ($name in $invalidNames) {
It $name {
$testObject.Name = $name;
$ruleResult = $testObject | Invoke-PSRule @invokeParams -Name 'CAF.Name.NSG';
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Outcome | Should -Be 'Fail';
}
}
}
Context 'CAF.Name.Route' {
$validNames = @(
'route-test-001'
)
$invalidNames = @(
'route-Test-001'
'routetest001'
'test-route-001'
)
$testObject = [PSCustomObject]@{
Name = ''
ResourceType = 'Microsoft.Network/routeTables'
}
# Pass
foreach ($name in $validNames) {
It $name {
$testObject.Name = $name;
$ruleResult = $testObject | Invoke-PSRule @invokeParams -Name 'CAF.Name.Route';
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Outcome | Should -Be 'Pass';
}
}
# Fail
foreach ($name in $invalidNames) {
It $name {
$testObject.Name = $name;
$ruleResult = $testObject | Invoke-PSRule @invokeParams -Name 'CAF.Name.Route';
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Outcome | Should -Be 'Fail';
}
}
}
Context 'CAF.Name.VM' {
$validNames = @(
'vm-test-001'
'vmtest001'
)
$invalidNames = @(
'vm-Test-001'
'test-vm-001'
)
$testObject = [PSCustomObject]@{
Name = ''
ResourceType = 'Microsoft.Compute/virtualMachines'
}
# Pass
foreach ($name in $validNames) {
It $name {
$testObject.Name = $name;
$ruleResult = $testObject | Invoke-PSRule @invokeParams -Name 'CAF.Name.VM';
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Outcome | Should -Be 'Pass';
}
}
# Fail
foreach ($name in $invalidNames) {
It $name {
$testObject.Name = $name;
$ruleResult = $testObject | Invoke-PSRule @invokeParams -Name 'CAF.Name.VM';
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Outcome | Should -Be 'Fail';
}
}
}
Context 'CAF.Name.Storage' {
$validNames = @(
'storage001'
'stvm001'
'dls001'
)
$invalidNames = @(
'sTest001'
'testst001'
)
$testObject = [PSCustomObject]@{
Name = ''
ResourceType = 'Microsoft.Storage/storageAccounts'
}
# Pass
foreach ($name in $validNames) {
It $name {
$testObject.Name = $name;
$ruleResult = $testObject | Invoke-PSRule @invokeParams -Name 'CAF.Name.Storage';
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Outcome | Should -Be 'Pass';
}
}
# Fail
foreach ($name in $invalidNames) {
It $name {
$testObject.Name = $name;
$ruleResult = $testObject | Invoke-PSRule @invokeParams -Name 'CAF.Name.Storage';
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Outcome | Should -Be 'Fail';
}
}
}
Context 'CAF.Name.PublicIP' {
$validNames = @(
'pip-test-001'
)
$invalidNames = @(
'pip-Test-001'
'piptest001'
'test-pip-001'
)
$testObject = [PSCustomObject]@{
Name = ''
ResourceType = 'Microsoft.Network/publicIPAddresses'
}
# Pass
foreach ($name in $validNames) {
It $name {
$testObject.Name = $name;
$ruleResult = $testObject | Invoke-PSRule @invokeParams -Name 'CAF.Name.PublicIP';
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Outcome | Should -Be 'Pass';
}
}
# Fail
foreach ($name in $invalidNames) {
It $name {
$testObject.Name = $name;
$ruleResult = $testObject | Invoke-PSRule @invokeParams -Name 'CAF.Name.PublicIP';
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Outcome | Should -Be 'Fail';
}
}
}
Context 'CAF.Name.LoadBalancer' {
$validNames = @(
'lbi-test-001'
'lbe-test-001'
)
$invalidNames = @(
'lbi-Test-001'
'lbetest001'
'test-lbi-001'
)
$testObject = [PSCustomObject]@{
Name = ''
ResourceType = 'Microsoft.Network/loadBalancers'
}
# Pass
foreach ($name in $validNames) {
It $name {
$testObject.Name = $name;
$ruleResult = $testObject | Invoke-PSRule @invokeParams -Name 'CAF.Name.LoadBalancer';
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Outcome | Should -Be 'Pass';
}
}
# Fail
foreach ($name in $invalidNames) {
It $name {
$testObject.Name = $name;
$ruleResult = $testObject | Invoke-PSRule @invokeParams -Name 'CAF.Name.LoadBalancer';
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Outcome | Should -Be 'Fail';
}
}
}
}

95
tests/PSRule.Rules.CAF.Tests/CAF.Tag.Tests.ps1
Просмотреть файл

@ -6,9 +6,7 @@
#
[CmdletBinding()]
param (
)
param ()
# Setup error handling
$ErrorActionPreference = 'Stop';
@ -21,11 +19,8 @@ if ($Env:SYSTEM_DEBUG -eq 'true') {
# Setup tests paths
$rootPath = $PWD;
Import-Module (Join-Path -Path $rootPath -ChildPath out/modules/PSRule.Rules.CAF) -Force;
$here = (Resolve-Path $PSScriptRoot).Path;
Describe 'CAF.Tag' -Tag 'tag' {
$dataPath = Join-Path -Path $here -ChildPath 'Resources.*.json';
Context 'Conditions' {
$invokeParams = @{
Module = 'PSRule.Rules.CAF'
@ -71,13 +66,20 @@ Describe 'CAF.Tag' -Tag 'tag' {
Tags = @{
Environment = 'Prod'
}
},
@{
Name = 'vnet-C'
Type = 'Microsoft.Network/virtualNetworks'
Tags = @{
env = 'prod'
}
}
)
It 'CAF.Tag.Required' {
It 'CAF.Tag.Resource' {
# Not set
$result = $testObject | Invoke-PSRule @invokeParams -Outcome All;
$filteredResult = $result | Where-Object { $_.RuleName -eq 'CAF.Tag.Required' };
$filteredResult = $result | Where-Object { $_.RuleName -eq 'CAF.Tag.Resource' };
# Fail
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' });
@ -85,29 +87,74 @@ Describe 'CAF.Tag' -Tag 'tag' {
# Pass
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' });
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Length | Should -Be 5;
$ruleResult.TargetName | Should -BeIn 'rg-A', 'rg-B', 'rg-C', 'vnet-A', 'vnet-B';
$ruleResult | Should -BeNullOrEmpty;
# With resource tags set
$result = $testObject | Invoke-PSRule @invokeParams -Outcome All -Option @{ 'Configuration.CAF_ResourceMandatoryTags' = @('Env') };
$filteredResult = $result | Where-Object { $_.RuleName -eq 'CAF.Tag.Required' };
$result = $testObject | Invoke-PSRule @invokeParams -Outcome All -Option @{
'Configuration.CAF_ResourceMandatoryTags' = @('Env')
};
$filteredResult = $result | Where-Object { $_.RuleName -eq 'CAF.Tag.Resource' };
# Fail
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' });
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Length | Should -Be 2;
$ruleResult.TargetName | Should -BeIn 'vnet-B', 'vnet-C';
# Pass
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' });
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Length | Should -Be 1;
$ruleResult.TargetName | Should -BeIn 'vnet-A';
# None
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'None' });
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Length | Should -Be 4;
$ruleResult.TargetName | Should -BeIn 'rg-A', 'rg-B', 'rg-C', 'GatewaySubnet';
# With resource tags set, non-case-sensitive
$result = $testObject | Invoke-PSRule @invokeParams -Outcome All -Option @{
'Configuration.CAF_ResourceMandatoryTags' = 'Env'
'Configuration.CAF_MatchTagNameCase' = $False
};
$filteredResult = $result | Where-Object { $_.RuleName -eq 'CAF.Tag.Resource' };
# Fail
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' });
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Length | Should -Be 1;
$ruleResult.TargetName | Should -Be 'vnet-B';
$ruleResult.TargetName | Should -BeIn 'vnet-B';
# Pass
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' });
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Length | Should -Be 2;
$ruleResult.TargetName | Should -BeIn 'vnet-A', 'vnet-C';
# None
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'None' });
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Length | Should -Be 4;
$ruleResult.TargetName | Should -BeIn 'rg-A', 'rg-B', 'rg-C', 'vnet-A';
$ruleResult.TargetName | Should -BeIn 'rg-A', 'rg-B', 'rg-C', 'GatewaySubnet';
}
It 'CAF.Tag.ResourceGroup' {
# Not set
$result = $testObject | Invoke-PSRule @invokeParams -Outcome All;
$filteredResult = $result | Where-Object { $_.RuleName -eq 'CAF.Tag.ResourceGroup' };
# Fail
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' });
$ruleResult | Should -BeNullOrEmpty;
# Pass
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' });
$ruleResult | Should -BeNullOrEmpty;
# With resource group tags set
$result = $testObject | Invoke-PSRule @invokeParams -Outcome All -Option @{ 'Configuration.CAF_ResourceGroupMandatoryTags' = @('Env') };
$filteredResult = $result | Where-Object { $_.RuleName -eq 'CAF.Tag.Required' };
$filteredResult = $result | Where-Object { $_.RuleName -eq 'CAF.Tag.ResourceGroup' };
# Fail
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' });
@ -118,8 +165,14 @@ Describe 'CAF.Tag' -Tag 'tag' {
# Pass
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' });
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Length | Should -Be 3;
$ruleResult.Length | Should -Be 1;
$ruleResult.TargetName | Should -BeIn 'rg-A', 'vnet-A', 'vnet-B';
# None
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'None' });
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Length | Should -Be 4;
$ruleResult.TargetName | Should -BeIn 'vnet-A', 'vnet-B', 'vnet-C', 'GatewaySubnet';
}
It 'CAF.Tag.Environment' {
@ -129,7 +182,9 @@ Describe 'CAF.Tag' -Tag 'tag' {
# Fail
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' });
$ruleResult | Should -BeNullOrEmpty;
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Length | Should -Be 1;
$ruleResult.TargetName | Should -BeIn 'vnet-C';
# Pass
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' });
@ -162,8 +217,8 @@ Describe 'CAF.Tag' -Tag 'tag' {
# None
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'None' });
$ruleResult | Should -Not -BeNullOrEmpty;
$ruleResult.Length | Should -Be 3;
$ruleResult.TargetName | Should -BeIn 'rg-B', 'vnet-A', 'GatewaySubnet';
$ruleResult.Length | Should -Be 4;
$ruleResult.TargetName | Should -BeIn 'rg-B', 'vnet-A', 'vnet-C', 'GatewaySubnet';
}
}
}

2486
tests/PSRule.Rules.CAF.Tests/Resources.Network.json
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

24
tests/PSRule.Rules.CAF.Tests/Resources.RG.json
Просмотреть файл

@ -1,24 +0,0 @@
[
{
"ResourceGroupName": "rg-A",
"Location": "region",
"ProvisioningState": "Succeeded",
"Tags": {},
"TagsTable": null,
"ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-A",
"ManagedBy": null,
"ResourceType": "Microsoft.Resources/resourceGroups",
"Name": "rg-A"
},
{
"ResourceGroupName": "rgB",
"Location": "region",
"ProvisioningState": "Succeeded",
"Tags": {},
"TagsTable": null,
"ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgB",
"ManagedBy": null,
"ResourceType": "Microsoft.Resources/resourceGroups",
"Name": "rgB"
}
]

152
tests/PSRule.Rules.CAF.Tests/Resources.Storage.json
Просмотреть файл

@ -1,152 +0,0 @@
[
{
"ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Storage/storageAccounts/storagea",
"Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Storage/storageAccounts/storagea",
"Kind": "Storage",
"Location": "region",
"ResourceName": "storagea",
"Name": "storagea",
"Properties": {
"networkAcls": {
"bypass": "AzureServices",
"virtualNetworkRules": [],
"ipRules": [],
"defaultAction": "Allow"
},
"supportsHttpsTrafficOnly": true,
"encryption": {
"services": {
"file": {
"enabled": true
},
"blob": {
"enabled": true
}
},
"keySource": "Microsoft.Storage"
},
"primaryEndpoints": {
"blob": "https://storagea.blob.core.windows.net/",
"queue": "https://storagea.queue.core.windows.net/",
"table": "https://storagea.table.core.windows.net/",
"file": "https://storagea.file.core.windows.net/"
},
"primaryLocation": "region",
"statusOfPrimary": "available",
"statusOfSecondary": "available"
},
"ResourceGroupName": "test-rg",
"Type": "Microsoft.Storage/storageAccounts",
"ResourceType": "Microsoft.Storage/storageAccounts",
"Sku": {
"Name": "Standard_GRS",
"Tier": "Standard",
"Size": null,
"Family": null,
"Model": null,
"Capacity": null
},
"Tags": null,
"SubscriptionId": "00000000-0000-0000-0000-000000000000",
"resources": [
{
"ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Storage/storageAccounts/storagea/blobServices/default",
"Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Storage/storageAccounts/storagea/blobServices/default",
"Location": null,
"ManagedBy": null,
"ResourceName": "default",
"Name": "default",
"Properties": {
"cors": {
"corsRules": []
},
"deleteRetentionPolicy": {
"enabled": true,
"days": 30
}
},
"ResourceGroupName": "test-rg",
"Type": "Microsoft.Storage/storageAccounts/blobServices",
"ResourceType": "Microsoft.Storage/storageAccounts/blobServices",
"ExtensionResourceType": null,
"Sku": null,
"Tags": null,
"SubscriptionId": "00000000-0000-0000-0000-000000000000"
}
]
},
{
"ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Storage/storageAccounts/bstorage",
"Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Storage/storageAccounts/bstorage",
"Kind": "Storage",
"Location": "region",
"ResourceName": "bstorage",
"Name": "bstorage",
"Properties": {
"networkAcls": {
"bypass": "AzureServices",
"virtualNetworkRules": [],
"ipRules": [],
"defaultAction": "Allow"
},
"supportsHttpsTrafficOnly": false,
"encryption": {
"services": {
"file": {
"enabled": false
},
"blob": {
"enabled": false
}
},
"keySource": "Microsoft.Storage"
},
"primaryEndpoints": {
"blob": "https://bstorage.blob.core.windows.net/",
"queue": "https://bstorage.queue.core.windows.net/",
"table": "https://bstorage.table.core.windows.net/",
"file": "https://bstorage.file.core.windows.net/"
},
"primaryLocation": "region",
"statusOfPrimary": "available"
},
"ResourceGroupName": "test-rg",
"Type": "Microsoft.Storage/storageAccounts",
"ResourceType": "Microsoft.Storage/storageAccounts",
"Sku": {
"Name": "Standard_LRS",
"Tier": "Standard",
"Size": null,
"Family": null,
"Model": null,
"Capacity": null
},
"Tags": null,
"SubscriptionId": "00000000-0000-0000-0000-000000000000",
"resources": [
{
"ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Storage/storageAccounts/bstorage/blobServices/default",
"Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Storage/storageAccounts/bstorage/blobServices/default",
"Location": null,
"ManagedBy": null,
"ResourceName": "default",
"Name": "default",
"Properties": {
"cors": {
"corsRules": []
},
"deleteRetentionPolicy": {
"enabled": false
}
},
"ResourceGroupName": "test-rg",
"Type": "Microsoft.Storage/storageAccounts/blobServices",
"ResourceType": "Microsoft.Storage/storageAccounts/blobServices",
"ExtensionResourceType": null,
"Sku": null,
"Tags": null,
"SubscriptionId": "00000000-0000-0000-0000-000000000000"
}
]
}
]

245
tests/PSRule.Rules.CAF.Tests/Resources.VM.json
Просмотреть файл

@ -1,245 +0,0 @@
[
{
"Name": "vm-A",
"ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Compute/virtualMachines/vm-A",
"ResourceName": "vm-A",
"ResourceType": "Microsoft.Compute/virtualMachines",
"ResourceGroupName": "test-rg",
"Location": "region",
"SubscriptionId": "00000000-0000-0000-0000-000000000000",
"Properties": {
"hardwareProfile": {
"vmSize": "Standard_E32s_v3"
},
"storageProfile": {
"imageReference": {
"publisher": "MicrosoftSQLServer",
"offer": "SQL2017-WS2016",
"sku": "Enterprise",
"version": "latest"
},
"osDisk": {
"osType": "Windows",
"name": "vm-A_OsDisk_1_0000000000000000000000000000000",
"createOption": "FromImage",
"caching": "ReadWrite",
"managedDisk": {
"storageAccountType": "StandardSSD_LRS",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Compute/disks/vm-A_OsDisk_1_0000000000000000000000000000000"
},
"diskSizeGB": 127
},
"dataDisks": [
{
"lun": 0,
"name": "vm-A_disk2_0000000000000000000000000000000",
"createOption": "Empty",
"caching": "ReadOnly",
"managedDisk": {
"storageAccountType": "StandardSSD_LRS",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Compute/disks/vm-A_disk2_0000000000000000000000000000000"
},
"diskSizeGB": 1023
}
]
},
"osProfile": {
"computerName": "vm-A",
"adminUsername": "vm-admin",
"windowsConfiguration": {
"provisionVMAgent": true,
"enableAutomaticUpdates": true
},
"secrets": [],
"allowExtensionOperations": true
},
"networkProfile": {
"networkInterfaces": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkInterfaces/vm-A-nic"
}
]
},
"diagnosticsProfile": {
"bootDiagnostics": {
"enabled": true,
"storageUri": "https://storage-A.blob.core.windows.net/"
}
},
"licenseType": "Windows_Server"
},
"resources": [
{
"ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkInterfaces/nic-A",
"Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkInterfaces/nic-A",
"Location": "region",
"ResourceName": "nic-A",
"Name": "nic-A",
"Properties": {
"ipConfigurations": [
{
"name": "ipconfig1",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkInterfaces/nic-A/ipConfigurations/ipconfig1",
"type": "Microsoft.Network/networkInterfaces/ipConfigurations",
"properties": {
"provisioningState": "Succeeded",
"privateIPAddress": "10.0.0.4",
"privateIPAllocationMethod": "Static",
"publicIPAddress": {
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/publicIPAddresses/nic-A-pip"
},
"subnet": {
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-A/subnets/subnet-A"
},
"primary": true,
"privateIPAddressVersion": "IPv4"
}
}
],
"dnsSettings": {
"dnsServers": [
"8.8.8.8"
],
"appliedDnsServers": [
"8.8.8.8"
],
"internalDomainNameSuffix": "example.nn.internal.cloudapp.net"
},
"macAddress": "00-00-00-00-00-00",
"enableAcceleratedNetworking": true,
"enableIPForwarding": false,
"primary": true,
"virtualMachine": {
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Compute/virtualMachines/vm-A"
},
"hostedWorkloads": [],
"tapConfigurations": []
},
"ResourceGroupName": "test-rg",
"Type": "Microsoft.Network/networkInterfaces",
"ResourceType": "Microsoft.Network/networkInterfaces",
"Tags": null,
"SubscriptionId": "00000000-0000-0000-0000-000000000000"
}
]
},
{
"Name": "bvm",
"ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Compute/virtualMachines/bvm",
"ResourceName": "bvm",
"ResourceType": "Microsoft.Compute/virtualMachines",
"ResourceGroupName": "test-rg",
"Location": "region",
"SubscriptionId": "00000000-0000-0000-0000-000000000000",
"Properties": {
"hardwareProfile": {
"vmSize": "Standard_E32s_v3"
},
"storageProfile": {
"imageReference": {
"publisher": "MicrosoftSQLServer",
"offer": "SQL2017-WS2016",
"sku": "Enterprise",
"version": "latest"
},
"osDisk": {
"osType": "Windows",
"name": "bvm_OsDisk_1_0000000000000000000000000000000",
"createOption": "FromImage",
"caching": "ReadWrite",
"managedDisk": {
"storageAccountType": "StandardSSD_LRS",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Compute/disks/bvm_OsDisk_1_0000000000000000000000000000000"
},
"diskSizeGB": 127
},
"dataDisks": [
{
"lun": 0,
"name": "bvm_disk2_0000000000000000000000000000000",
"createOption": "Empty",
"caching": "ReadOnly",
"diskSizeGB": 1023
}
]
},
"osProfile": {
"computerName": "bvm",
"adminUsername": "vm-admin",
"windowsConfiguration": {
"provisionVMAgent": false,
"enableAutomaticUpdates": false
},
"secrets": [],
"allowExtensionOperations": false
},
"networkProfile": {
"networkInterfaces": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkInterfaces/bvm-nic"
}
]
},
"diagnosticsProfile": {
"bootDiagnostics": {
"enabled": true,
"storageUri": "https://storage-A.blob.core.windows.net/"
}
}
},
"resources": [
{
"ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkInterfaces/nic-A",
"Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkInterfaces/nic-A",
"Location": "region",
"ResourceName": "nic-A",
"Name": "nic-A",
"Properties": {
"ipConfigurations": [
{
"name": "ipconfig1",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/networkInterfaces/nic-A/ipConfigurations/ipconfig1",
"type": "Microsoft.Network/networkInterfaces/ipConfigurations",
"properties": {
"provisioningState": "Succeeded",
"privateIPAddress": "10.0.0.4",
"privateIPAllocationMethod": "Static",
"publicIPAddress": {
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/publicIPAddresses/nic-A-pip"
},
"subnet": {
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-A/subnets/subnet-A"
},
"primary": true,
"privateIPAddressVersion": "IPv4"
}
}
],
"dnsSettings": {
"dnsServers": [
"8.8.8.8"
],
"appliedDnsServers": [
"8.8.8.8"
],
"internalDomainNameSuffix": "example.nn.internal.cloudapp.net"
},
"macAddress": "00-00-00-00-00-00",
"enableAcceleratedNetworking": false,
"enableIPForwarding": false,
"primary": true,
"virtualMachine": {
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Compute/virtualMachines/bvm"
},
"hostedWorkloads": [],
"tapConfigurations": []
},
"ResourceGroupName": "test-rg",
"Type": "Microsoft.Network/networkInterfaces",
"ResourceType": "Microsoft.Network/networkInterfaces",
"Tags": null,
"SubscriptionId": "00000000-0000-0000-0000-000000000000"
}
]
}
]

273
tests/PSRule.Rules.CAF.Tests/Resources.VNG.json
Просмотреть файл

@ -1,273 +0,0 @@
[
{
"ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworkGateways/vng-A",
"Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworkGateways/vng-A",
"Identity": null,
"Kind": null,
"Location": "region",
"ManagedBy": null,
"ResourceName": "vng-A",
"Name": "vng-A",
"ExtensionResourceName": null,
"ParentResource": null,
"Plan": null,
"Properties": {
"provisioningState": "Succeeded",
"ipConfigurations": [
{
"name": "default",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworkGateways/vng-A/ipConfigurations/default",
"type": "Microsoft.Network/virtualNetworkGateways/ipConfigurations",
"properties": {
"provisioningState": "Succeeded",
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/publicIPAddresses/vng-A-pip"
},
"subnet": {
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/test-rg/subnets/GatewaySubnet"
}
}
}
],
"sku": {
"name": "VpnGw1",
"tier": "VpnGw1",
"capacity": 2
},
"gatewayType": "Vpn",
"vpnType": "RouteBased",
"enableBgp": false,
"activeActive": false,
"bgpSettings": {
"asn": 65515,
"bgpPeeringAddress": "10.64.0.4",
"peerWeight": 0
}
},
"ResourceGroupName": "test-rg",
"Type": "Microsoft.Network/virtualNetworkGateways",
"ResourceType": "Microsoft.Network/virtualNetworkGateways",
"ExtensionResourceType": null,
"Sku": null,
"Tags": {},
"SubscriptionId": "00000000-0000-0000-0000-000000000000"
},
{
"ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworkGateways/vgw-B",
"Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworkGateways/vgw-B",
"Identity": null,
"Kind": null,
"Location": "region",
"ManagedBy": null,
"ResourceName": "vgw-B",
"Name": "vgw-B",
"ExtensionResourceName": null,
"ParentResource": null,
"Plan": null,
"Properties": {
"provisioningState": "Succeeded",
"ipConfigurations": [
{
"name": "default",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworkGateways/vgw-B/ipConfigurations/default",
"type": "Microsoft.Network/virtualNetworkGateways/ipConfigurations",
"properties": {
"provisioningState": "Succeeded",
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/publicIPAddresses/vgw-B-pip"
},
"subnet": {
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/test-rg/subnets/GatewaySubnet"
}
}
}
],
"sku": {
"name": "VpnGw1",
"tier": "VpnGw1",
"capacity": 2
},
"gatewayType": "Vpn",
"vpnType": "RouteBased",
"enableBgp": false,
"activeActive": false,
"bgpSettings": {
"asn": 65515,
"bgpPeeringAddress": "10.64.0.4",
"peerWeight": 0
}
},
"ResourceGroupName": "test-rg",
"Type": "Microsoft.Network/virtualNetworkGateways",
"ResourceType": "Microsoft.Network/virtualNetworkGateways",
"ExtensionResourceType": null,
"Sku": null,
"Tags": {},
"SubscriptionId": "00000000-0000-0000-0000-000000000000"
},
{
"ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/connections/cn-A",
"Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/connections/cn-A",
"Identity": null,
"Kind": null,
"Location": "region",
"ManagedBy": null,
"ResourceName": "cn-A",
"Name": "cn-A",
"Properties": {
"provisioningState": "Succeeded",
"resourceGuid": "00000000-0000-0000-0000-000000000000",
"virtualNetworkGateway1": {
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworkGateways/vng-A"
},
"localNetworkGateway2": {
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/localNetworkGateways/lng-A"
},
"connectionType": "IPsec",
"connectionProtocol": "IKEv2",
"routingWeight": 0,
"sharedKey": "00000000-0000-0000-0000-000000000000",
"enableBgp": false,
"usePolicyBasedTrafficSelectors": false,
"ipsecPolicies": [],
"connectionStatus": "Connecting",
"ingressBytesTransferred": 0,
"egressBytesTransferred": 0,
"expressRouteGatewayBypass": false
},
"ResourceGroupName": "test-rg",
"Type": "Microsoft.Network/connections",
"ResourceType": "Microsoft.Network/connections",
"ExtensionResourceType": null,
"Sku": null,
"Tags": null,
"SubscriptionId": "00000000-0000-0000-0000-000000000000"
},
{
"ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/localNetworkGateways/lng-A",
"Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/localNetworkGateways/lng-A",
"Identity": null,
"Kind": null,
"Location": "region",
"ManagedBy": null,
"ResourceName": "lng-A",
"Name": "lng-A",
"Properties": {
"provisioningState": "Succeeded",
"resourceGuid": "00000000-0000-0000-0000-000000000000",
"localNetworkAddressSpace": {
"addressPrefixes": [
"10.1.0.0/16"
]
},
"gatewayIpAddress": "10.1.0.0"
},
"ResourceGroupName": "test-rg",
"Type": "Microsoft.Network/localNetworkGateways",
"ResourceType": "Microsoft.Network/localNetworkGateways",
"ExtensionResourceType": null,
"Sku": null,
"Tags": null,
"SubscriptionId": "00000000-0000-0000-0000-000000000000"
},
{
"ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/connections/connection-B",
"Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/connections/connection-B",
"Identity": null,
"Kind": null,
"Location": "region",
"ManagedBy": null,
"ResourceName": "connection-B",
"Name": "connection-B",
"Properties": {
"provisioningState": "Succeeded",
"resourceGuid": "00000000-0000-0000-0000-000000000000",
"virtualNetworkGateway1": {
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworkGateways/vgw-B"
},
"localNetworkGateway2": {
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/localNetworkGateways/lng-A"
},
"connectionType": "IPsec",
"connectionProtocol": "IKEv2",
"routingWeight": 0,
"sharedKey": "00000000-0000-0000-0000-000000000000",
"enableBgp": false,
"usePolicyBasedTrafficSelectors": false,
"ipsecPolicies": [
{
"saLifeTimeSeconds": 27000,
"saDataSizeKilobytes": 102400000,
"ipsecEncryption": "AES256",
"ipsecIntegrity": "SHA256",
"ikeEncryption": "AES256",
"ikeIntegrity": "SHA1",
"dhGroup": "DHGroup24",
"pfsGroup": "None"
}
],
"connectionStatus": "Connecting",
"ingressBytesTransferred": 0,
"egressBytesTransferred": 0,
"expressRouteGatewayBypass": false
},
"ResourceGroupName": "test-rg",
"Type": "Microsoft.Network/connections",
"ResourceType": "Microsoft.Network/connections",
"ExtensionResourceType": null,
"Sku": null,
"Tags": null,
"SubscriptionId": "00000000-0000-0000-0000-000000000000"
},
{
"ResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/connections/cn-C",
"Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/connections/cn-C",
"Identity": null,
"Kind": null,
"Location": "region",
"ManagedBy": null,
"ResourceName": "cn-C",
"Name": "cn-C",
"Properties": {
"provisioningState": "Succeeded",
"resourceGuid": "00000000-0000-0000-0000-000000000000",
"virtualNetworkGateway1": {
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworkGateways/vgw-B"
},
"localNetworkGateway2": {
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/localNetworkGateways/lng-A"
},
"connectionType": "IPsec",
"connectionProtocol": "IKEv2",
"routingWeight": 0,
"sharedKey": "00000000-0000-0000-0000-000000000000",
"enableBgp": false,
"usePolicyBasedTrafficSelectors": false,
"ipsecPolicies": [
{
"saLifeTimeSeconds": 14400,
"saDataSizeKilobytes": 102400000,
"ipsecEncryption": "AES256",
"ipsecIntegrity": "SHA256",
"ikeEncryption": "AES256",
"ikeIntegrity": "SHA384",
"dhGroup": "DHGroup24",
"pfsGroup": "PFS2"
}
],
"connectionStatus": "Connecting",
"ingressBytesTransferred": 0,
"egressBytesTransferred": 0,
"expressRouteGatewayBypass": false
},
"ResourceGroupName": "test-rg",
"Type": "Microsoft.Network/connections",
"ResourceType": "Microsoft.Network/connections",
"ExtensionResourceType": null,
"Sku": null,
"Tags": null,
"SubscriptionId": "00000000-0000-0000-0000-000000000000"
}
]