Fixed coexistence with PSRule.Rules.Azure #20

BernieWhite · Aug 27, 2020 · 10fb7bb · 10fb7bb
1 parent 78abfd8
commit 10fb7bb
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 8 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,9 @@
 
 ## Unreleased
 
+- Bug fixes:
+  - Fixed coexistence with PSRule.Rules.Azure. [#20](https://github.com/microsoft/PSRule.Rules.CAF/issues/20)
+
 ## v0.1.0-B2001009 (pre-release)
 
 - Initial pre-release.
diff --git a/src/PSRule.Rules.CAF/rules/CAF.Common.Rule.ps1 b/src/PSRule.Rules.CAF/rules/CAF.Common.Rule.ps1
@@ -2,22 +2,29 @@
 # Licensed under the MIT License.
 
 # Determines if the object supports tags
-function global:SupportsTags {
+function global:CAF_SupportsTags {
     [CmdletBinding()]
     [OutputType([System.Boolean])]
     param ()
     process {
         if (
             ($PSRule.TargetType -eq 'Microsoft.Subscription') -or
+            ($PSRule.TargetType -notlike 'Microsoft.*/*') -or
+            ($PSRule.TargetType -like 'Microsoft.Addons/*') -or
+            ($PSRule.TargetType -like 'Microsoft.Advisor/*') -or
             ($PSRule.TargetType -like 'Microsoft.Authorization/*') -or
             ($PSRule.TargetType -like 'Microsoft.Billing/*') -or
+            ($PSRule.TargetType -like 'Microsoft.Blueprint/*') -or
+            ($PSRule.TargetType -like 'Microsoft.Capacity/*') -or
             ($PSRule.TargetType -like 'Microsoft.Classic*') -or
             ($PSRule.TargetType -like 'Microsoft.Consumption/*') -or
             ($PSRule.TargetType -like 'Microsoft.Gallery/*') -or
             ($PSRule.TargetType -like 'Microsoft.Security/*') -or
             ($PSRule.TargetType -like 'microsoft.support/*') -or
+            ($PSRule.TargetType -like 'microsoft.insights/diagnosticSettings') -or
             ($PSRule.TargetType -like 'Microsoft.WorkloadMonitor/*') -or
             ($PSRule.TargetType -like '*/providers/roleAssignments') -or
+            ($PSRule.TargetType -like '*/providers/diagnosticSettings') -or
 
             # Exclude sub-resources by default
             ($PSRule.TargetType -like 'Microsoft.*/*/*' -and !(
@@ -35,6 +42,11 @@ function global:SupportsTags {
                 $PSRule.TargetType -eq 'Microsoft.Resources/deployments' -or
                 $PSRule.TargetType -eq 'Microsoft.Resources/deploymentScripts' -or
                 $PSRule.TargetType -eq 'Microsoft.Resources/resourceGroups'
+            )) -or
+
+            # Some exceptions to resources (https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/tag-support#microsoftcostmanagement)
+            ($PSRule.TargetType -like 'Microsoft.CostManagement/*' -and !(
+                $PSRule.TargetType -eq 'Microsoft.CostManagement/Connectors'
             ))
         ) {
             return $False;
@@ -44,7 +56,7 @@ function global:SupportsTags {
 }
 
 # Determines if the object is a Resource Group
-function global:IsResourceGroup {
+function global:CAF_IsResourceGroup {
     [CmdletBinding()]
     [OutputType([System.Boolean])]
     param ()
@@ -54,7 +66,7 @@ function global:IsResourceGroup {
 }
 
 # Determines if the object is a managed resource group created by Azure
-function global:IsManagedRG {
+function global:CAF_IsManagedRG {
     [CmdletBinding()]
     [OutputType([System.Boolean])]
     param ()
@@ -75,7 +87,7 @@ function global:IsManagedRG {
 }
 
 # Determines if the object is a managed load balancer created by Azure
-function global:IsManagedLB {
+function global:CAF_IsManagedLB {
     [CmdletBinding()]
     [OutputType([System.Boolean])]
     param ()

diff --git a/src/PSRule.Rules.CAF/rules/CAF.Name.Rule.ps1 b/src/PSRule.Rules.CAF/rules/CAF.Name.Rule.ps1
@@ -7,7 +7,7 @@
 # https://docs.microsoft.com/en-us/azure/architecture/best-practices/resource-naming
 
 # Synopsis: Use standard resource groups names
-Rule 'CAF.Name.RG' -Type 'Microsoft.Resources/resourceGroups' -If { !(IsManagedRG) } {
+Rule 'CAF.Name.RG' -Type 'Microsoft.Resources/resourceGroups' -If { !(CAF_IsManagedRG) } {
     $Assert.StartsWith($TargetObject, 'Name', $Configuration.CAF_ResourceGroupPrefix)
 
     # Name requirements
@@ -124,7 +124,7 @@ Rule 'CAF.Name.PublicIP' -Type 'Microsoft.Network/publicIPAddresses' {
 }
 
 # Synopsis: Use standard load balancer names
-Rule 'CAF.Name.LoadBalancer' -Type 'Microsoft.Network/loadBalancers' -If { !(IsManagedLB) } {
+Rule 'CAF.Name.LoadBalancer' -Type 'Microsoft.Network/loadBalancers' -If { !(CAF_IsManagedLB) } {
     $Assert.StartsWith($TargetObject, 'Name', $Configuration.CAF_LoadBalancerPrefix)
 
     # Name requirements

diff --git a/src/PSRule.Rules.CAF/rules/CAF.Tag.Rule.ps1 b/src/PSRule.Rules.CAF/rules/CAF.Tag.Rule.ps1
@@ -6,7 +6,7 @@
 # https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/naming-and-tagging
 
 # Synopsis: Tag resources and resource groups with mandatory tags
-Rule 'CAF.Tag.Required' -If { (SupportsTags) } {
+Rule 'CAF.Tag.Required' -If { (CAF_SupportsTags) } {
     # Use resource or resource group mandatory tags
     $required = $Configuration.GetStringValues('CAF_ResourceMandatoryTags')
     if ($PSRule.TargetType -eq 'Microsoft.Resources/resourceGroups') {
@@ -25,6 +25,6 @@ Rule 'CAF.Tag.Required' -If { (SupportsTags) } {
 }
 
 # Synopsis: Use standard environment tag values
-Rule 'CAF.Tag.Environment' -If { (SupportsTags) -and (Exists "Tags.$($Configuration.CAF_EnvironmentTag)") } {
+Rule 'CAF.Tag.Environment' -If { (CAF_SupportsTags) -and (Exists "Tags.$($Configuration.CAF_EnvironmentTag)") } {
     Within "Tags.$($Configuration.CAF_EnvironmentTag)" $Configuration.CAF_Environments
 }