From c1b430efc1e0fc81ca961812de91b537b28a1332 Mon Sep 17 00:00:00 2001 From: Mohammed Abdul Rahman <130785777+that-ar-guy@users.noreply.github.com> Date: Tue, 7 Jan 2025 22:30:22 +0530 Subject: [PATCH 1/8] Created `quickstart-for-ado.md` --- docs/quickstarts/quickstart-for-ado.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 docs/quickstarts/quickstart-for-ado.md diff --git a/docs/quickstarts/quickstart-for-ado.md b/docs/quickstarts/quickstart-for-ado.md new file mode 100644 index 0000000000..8b13789179 --- /dev/null +++ b/docs/quickstarts/quickstart-for-ado.md @@ -0,0 +1 @@ + From 5cfb6ec0345fe309cee87efe09ff49f3faa4720b Mon Sep 17 00:00:00 2001 From: Mohammed Abdul Rahman <130785777+that-ar-guy@users.noreply.github.com> Date: Tue, 7 Jan 2025 22:36:27 +0530 Subject: [PATCH 2/8] Updated `quickstart-for-ado.md` --- docs/quickstarts/quickstart-for-ado.md | 72 ++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) diff --git a/docs/quickstarts/quickstart-for-ado.md b/docs/quickstarts/quickstart-for-ado.md index 8b13789179..40743e010c 100644 --- a/docs/quickstarts/quickstart-for-ado.md +++ b/docs/quickstarts/quickstart-for-ado.md @@ -1 +1,73 @@ +# Quickstart: Use PSRule for Azure with Azure DevOps + +This quickstart guide will help you set up PSRule for Azure in an Azure DevOps pipeline to validate Infrastructure as Code (IaC) templates, such as ARM or Bicep files. By the end, you will have a pipeline that installs and runs PSRule, validates IaC templates, and publishes validation results in Azure DevOps Test Reports. + +## Prerequisites + +1. **Azure DevOps account:** You need an Azure DevOps organization with an active project. +2. **IaC templates:** Ensure you have ARM or Bicep templates in your repository for validation. +3. **Agent pool:** An agent pool must be configured to execute pipelines. Use a self-hosted agent if needed. +4. **PowerShell Core:** Your build agent should have PowerShell Core installed (v7 or later). +5. **PSRule module:** The PSRule module will be installed during pipeline execution. + +--- + +## Steps to Create the Pipeline + +### Step 1: Add a Pipeline YAML File + +Create a new file named `azure-pipeline.yml` in the root of your repository. This file defines the pipeline steps. + +### Step 2: Define the Pipeline + +Add the following content to your `azure-pipeline.yml` file: + +```yaml +trigger: +- main + +pool: + vmImage: 'ubuntu-latest' + +steps: +- task: UsePythonVersion@0 + inputs: + versionSpec: '3.x' + +- task: PowerShell@2 + inputs: + targetType: 'inline' + script: | + Install-Module -Name PSRule.Rules.Azure -Force -Scope CurrentUser + pwsh -Command "Invoke-PSRule -InputPath './templates'" + +- task: PublishTestResults@2 + inputs: + testResultsFormat: 'JUnit' + testResultsFiles: '**/psrule-results.xml' +``` + +### Step 3: Commit and Push + +1. Commit your changes to the repository: + ```bash + git add azure-pipeline.yml + git commit -m "Add Azure DevOps pipeline for PSRule validation" + git push origin main + ``` + +2. The pipeline will automatically trigger and validate your templates. + +--- + +## Reviewing Validation Results + +1. Go to your Azure DevOps project. +2. Open the **Pipelines** section and view the pipeline run. +3. Look for validation output in the logs and **Test Results**. +4. Fix any reported issues in your IaC templates to pass validation. + +--- + +For more information about PSRule for Azure, visit the [official documentation](https://azure.github.io/PSRule.Rules.Azure/). From f3390805303c1e6fc8044347fa358a9d8d1955f5 Mon Sep 17 00:00:00 2001 From: Mohammed Abdul Rahman <130785777+that-ar-guy@users.noreply.github.com> Date: Mon, 13 Jan 2025 21:16:53 +0530 Subject: [PATCH 3/8] Rename `quickstart-for-ado.md` to `test-bicep-with-azure-pipelines.md` --- .../{quickstart-for-ado.md => test-bicep-with-azure-pipelines.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename docs/quickstarts/{quickstart-for-ado.md => test-bicep-with-azure-pipelines.md} (100%) diff --git a/docs/quickstarts/quickstart-for-ado.md b/docs/quickstarts/test-bicep-with-azure-pipelines.md similarity index 100% rename from docs/quickstarts/quickstart-for-ado.md rename to docs/quickstarts/test-bicep-with-azure-pipelines.md From adcdd30e56d2d0419d0dcb86566fe403f4968c24 Mon Sep 17 00:00:00 2001 From: Mohammed Abdul Rahman <130785777+that-ar-guy@users.noreply.github.com> Date: Mon, 13 Jan 2025 21:38:24 +0530 Subject: [PATCH 4/8] Add `test-bicep-with-azure-pipelines` to `mkdocs.yml` --- mkdocs.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/mkdocs.yml b/mkdocs.yml index 8d46765d69..dd9891abd5 100755 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -52,6 +52,7 @@ nav: - Quickstarts: - Test a Bicep deployment: - With GitHub Actions: quickstarts/test-bicep-with-github.md + - With Azure Pipelines: quickstarts/test-bicep-with-azure-pipelines.md # - With Visual Studio Code: quickstarts/test-bicep-with-vscode.md # - Tutorials: - Testing infrastructure code: From b6d39ed227927773abde85db5dbb4f4e7fd47124 Mon Sep 17 00:00:00 2001 From: Mohammed Abdul Rahman <130785777+that-ar-guy@users.noreply.github.com> Date: Mon, 13 Jan 2025 21:52:57 +0530 Subject: [PATCH 5/8] Update `CHANGELOG-v1.md` --- docs/CHANGELOG-v1.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/CHANGELOG-v1.md b/docs/CHANGELOG-v1.md index 71cb09e1b5..01a0fffb14 100644 --- a/docs/CHANGELOG-v1.md +++ b/docs/CHANGELOG-v1.md @@ -47,6 +47,10 @@ What's changed since v1.40.0: - Engineering: - Updated resource providers and policy aliases by @BernieWhite. [#3166](https://github.com/Azure/PSRule.Rules.Azure/pull/3166) +- Documentation: + - Added a new quickstart guide for using Azure Pipelines with PSRule by @that-ar-guy. + [#3220](https://github.com/Azure/PSRule.Rules.Azure/pull/3220) + ## v1.40.0 From b6cd71109920ef7357f48ea5ce30c30536f3ab3f Mon Sep 17 00:00:00 2001 From: Mohammed Abdul Rahman <130785777+that-ar-guy@users.noreply.github.com> Date: Mon, 13 Jan 2025 21:56:22 +0530 Subject: [PATCH 6/8] Update test-bicep-with-azure-pipelines.md --- docs/quickstarts/test-bicep-with-azure-pipelines.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/quickstarts/test-bicep-with-azure-pipelines.md b/docs/quickstarts/test-bicep-with-azure-pipelines.md index 40743e010c..8ec54d4310 100644 --- a/docs/quickstarts/test-bicep-with-azure-pipelines.md +++ b/docs/quickstarts/test-bicep-with-azure-pipelines.md @@ -2,7 +2,7 @@ This quickstart guide will help you set up PSRule for Azure in an Azure DevOps pipeline to validate Infrastructure as Code (IaC) templates, such as ARM or Bicep files. By the end, you will have a pipeline that installs and runs PSRule, validates IaC templates, and publishes validation results in Azure DevOps Test Reports. -## Prerequisites +## Before you begin 1. **Azure DevOps account:** You need an Azure DevOps organization with an active project. 2. **IaC templates:** Ensure you have ARM or Bicep templates in your repository for validation. From 1540d7a16e4d8f0d821f9713ac06c3a44b0d0202 Mon Sep 17 00:00:00 2001 From: Mohammed Abdul Rahman <130785777+that-ar-guy@users.noreply.github.com> Date: Mon, 13 Jan 2025 22:09:08 +0530 Subject: [PATCH 7/8] Add sample Bicep deployment to quickstart guide --- .../test-bicep-with-azure-pipelines.md | 76 ++++++++++++++++++- 1 file changed, 75 insertions(+), 1 deletion(-) diff --git a/docs/quickstarts/test-bicep-with-azure-pipelines.md b/docs/quickstarts/test-bicep-with-azure-pipelines.md index 8ec54d4310..9279ec0f91 100644 --- a/docs/quickstarts/test-bicep-with-azure-pipelines.md +++ b/docs/quickstarts/test-bicep-with-azure-pipelines.md @@ -10,7 +10,81 @@ This quickstart guide will help you set up PSRule for Azure in an Azure DevOps p 4. **PowerShell Core:** Your build agent should have PowerShell Core installed (v7 or later). 5. **PSRule module:** The PSRule module will be installed during pipeline execution. ---- + ## Add a sample Bicep deployment + + If you don't already have a Bicep deployment in your repository, add a sample deployment. + + 1. In the root of your repository, create a new folder called `deployments`. + 2. In the `deployments` folder, create a new file called `dev.bicepparam`. + 3. In the `deployments` folder, create a new file called `main.bicep`. + + ??? Example "Example parameter file" + + ```bicep title="deployments/dev.bicepparam" + using 'main.bicep' + + param environment = 'dev' + param name = 'kv-example-001' + param defaultAction = 'Deny' + param workspaceId = '/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg-test/providers/microsoft.operationalinsights/workspaces/workspace-001' + ``` + + ??? Example "Example deployment module" + + ```bicep title="deployments/main.bicep" + targetScope = 'resourceGroup' + + param name string + param location string = resourceGroup().location + + @allowed([ + 'Allow' + 'Deny' + ]) + param defaultAction string = 'Deny' + param environment string + param workspaceId string = '' + + resource vault 'Microsoft.KeyVault/vaults@2023-02-01' = { + name: name + location: location + properties: { + sku: { + family: 'A' + name: 'standard' + } + tenantId: tenant().tenantId + enableSoftDelete: true + enablePurgeProtection: true + enableRbacAuthorization: true + networkAcls: { + defaultAction: defaultAction + } + } + tags: { + env: environment + } + } + + @sys.description('Configure auditing for Key Vault.') + resource logs 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(workspaceId)) { + name: 'service' + scope: vault + properties: { + workspaceId: workspaceId + logs: [ + { + category: 'AuditEvent' + enabled: true + } + ] + } + } + ``` + + You can also find a copy of these files in the [quickstart sample repository][6]. + + [6]: https://github.com/Azure/PSRule.Rules.Azure-quickstart/tree/main/deployments/contoso/landing-zones/subscription-1/rg-app-001 ## Steps to Create the Pipeline From 47ea576b62e6a13dacc411abd0de257cc2e8d03b Mon Sep 17 00:00:00 2001 From: Mohammed Abdul Rahman <130785777+that-ar-guy@users.noreply.github.com> Date: Mon, 13 Jan 2025 22:23:10 +0530 Subject: [PATCH 8/8] Update pipeline steps with extension and PowerShell syntax using Assert-PSRule --- docs/quickstarts/test-bicep-with-azure-pipelines.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/docs/quickstarts/test-bicep-with-azure-pipelines.md b/docs/quickstarts/test-bicep-with-azure-pipelines.md index 9279ec0f91..b2220320a1 100644 --- a/docs/quickstarts/test-bicep-with-azure-pipelines.md +++ b/docs/quickstarts/test-bicep-with-azure-pipelines.md @@ -108,12 +108,18 @@ steps: inputs: versionSpec: '3.x' +- task: PSRule@1 + inputs: + module: 'PSRule.Rules.Azure' + inputPath: './templates' + options: './ps-rule.yaml' + - task: PowerShell@2 inputs: targetType: 'inline' script: | Install-Module -Name PSRule.Rules.Azure -Force -Scope CurrentUser - pwsh -Command "Invoke-PSRule -InputPath './templates'" + pwsh -Command "Assert-PSRule -InputPath './templates' -Option './ps-rule.yaml'" - task: PublishTestResults@2 inputs: