From 10fb7bbb9143beaf9510018d29b7f0d55a4cd742 Mon Sep 17 00:00:00 2001 From: Bernie White Date: Thu, 27 Aug 2020 23:44:42 +1000 Subject: [PATCH] Fixed coexistence with PSRule.Rules.Azure #20 --- CHANGELOG.md | 3 +++ .../rules/CAF.Common.Rule.ps1 | 20 +++++++++++++++---- src/PSRule.Rules.CAF/rules/CAF.Name.Rule.ps1 | 4 ++-- src/PSRule.Rules.CAF/rules/CAF.Tag.Rule.ps1 | 4 ++-- 4 files changed, 23 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5a1780d..f16686a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,9 @@ ## Unreleased +- Bug fixes: + - Fixed coexistence with PSRule.Rules.Azure. [#20](https://github.com/microsoft/PSRule.Rules.CAF/issues/20) + ## v0.1.0-B2001009 (pre-release) - Initial pre-release. diff --git a/src/PSRule.Rules.CAF/rules/CAF.Common.Rule.ps1 b/src/PSRule.Rules.CAF/rules/CAF.Common.Rule.ps1 index a3a4958..e8bfab1 100644 --- a/src/PSRule.Rules.CAF/rules/CAF.Common.Rule.ps1 +++ b/src/PSRule.Rules.CAF/rules/CAF.Common.Rule.ps1 @@ -2,22 +2,29 @@ # Licensed under the MIT License. # Determines if the object supports tags -function global:SupportsTags { +function global:CAF_SupportsTags { [CmdletBinding()] [OutputType([System.Boolean])] param () process { if ( ($PSRule.TargetType -eq 'Microsoft.Subscription') -or + ($PSRule.TargetType -notlike 'Microsoft.*/*') -or + ($PSRule.TargetType -like 'Microsoft.Addons/*') -or + ($PSRule.TargetType -like 'Microsoft.Advisor/*') -or ($PSRule.TargetType -like 'Microsoft.Authorization/*') -or ($PSRule.TargetType -like 'Microsoft.Billing/*') -or + ($PSRule.TargetType -like 'Microsoft.Blueprint/*') -or + ($PSRule.TargetType -like 'Microsoft.Capacity/*') -or ($PSRule.TargetType -like 'Microsoft.Classic*') -or ($PSRule.TargetType -like 'Microsoft.Consumption/*') -or ($PSRule.TargetType -like 'Microsoft.Gallery/*') -or ($PSRule.TargetType -like 'Microsoft.Security/*') -or ($PSRule.TargetType -like 'microsoft.support/*') -or + ($PSRule.TargetType -like 'microsoft.insights/diagnosticSettings') -or ($PSRule.TargetType -like 'Microsoft.WorkloadMonitor/*') -or ($PSRule.TargetType -like '*/providers/roleAssignments') -or + ($PSRule.TargetType -like '*/providers/diagnosticSettings') -or # Exclude sub-resources by default ($PSRule.TargetType -like 'Microsoft.*/*/*' -and !( @@ -35,6 +42,11 @@ function global:SupportsTags { $PSRule.TargetType -eq 'Microsoft.Resources/deployments' -or $PSRule.TargetType -eq 'Microsoft.Resources/deploymentScripts' -or $PSRule.TargetType -eq 'Microsoft.Resources/resourceGroups' + )) -or + + # Some exceptions to resources (https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/tag-support#microsoftcostmanagement) + ($PSRule.TargetType -like 'Microsoft.CostManagement/*' -and !( + $PSRule.TargetType -eq 'Microsoft.CostManagement/Connectors' )) ) { return $False; @@ -44,7 +56,7 @@ function global:SupportsTags { } # Determines if the object is a Resource Group -function global:IsResourceGroup { +function global:CAF_IsResourceGroup { [CmdletBinding()] [OutputType([System.Boolean])] param () @@ -54,7 +66,7 @@ function global:IsResourceGroup { } # Determines if the object is a managed resource group created by Azure -function global:IsManagedRG { +function global:CAF_IsManagedRG { [CmdletBinding()] [OutputType([System.Boolean])] param () @@ -75,7 +87,7 @@ function global:IsManagedRG { } # Determines if the object is a managed load balancer created by Azure -function global:IsManagedLB { +function global:CAF_IsManagedLB { [CmdletBinding()] [OutputType([System.Boolean])] param () diff --git a/src/PSRule.Rules.CAF/rules/CAF.Name.Rule.ps1 b/src/PSRule.Rules.CAF/rules/CAF.Name.Rule.ps1 index d560320..6227a20 100644 --- a/src/PSRule.Rules.CAF/rules/CAF.Name.Rule.ps1 +++ b/src/PSRule.Rules.CAF/rules/CAF.Name.Rule.ps1 @@ -7,7 +7,7 @@ # https://docs.microsoft.com/en-us/azure/architecture/best-practices/resource-naming # Synopsis: Use standard resource groups names -Rule 'CAF.Name.RG' -Type 'Microsoft.Resources/resourceGroups' -If { !(IsManagedRG) } { +Rule 'CAF.Name.RG' -Type 'Microsoft.Resources/resourceGroups' -If { !(CAF_IsManagedRG) } { $Assert.StartsWith($TargetObject, 'Name', $Configuration.CAF_ResourceGroupPrefix) # Name requirements @@ -124,7 +124,7 @@ Rule 'CAF.Name.PublicIP' -Type 'Microsoft.Network/publicIPAddresses' { } # Synopsis: Use standard load balancer names -Rule 'CAF.Name.LoadBalancer' -Type 'Microsoft.Network/loadBalancers' -If { !(IsManagedLB) } { +Rule 'CAF.Name.LoadBalancer' -Type 'Microsoft.Network/loadBalancers' -If { !(CAF_IsManagedLB) } { $Assert.StartsWith($TargetObject, 'Name', $Configuration.CAF_LoadBalancerPrefix) # Name requirements diff --git a/src/PSRule.Rules.CAF/rules/CAF.Tag.Rule.ps1 b/src/PSRule.Rules.CAF/rules/CAF.Tag.Rule.ps1 index 8e284f2..c9450cf 100644 --- a/src/PSRule.Rules.CAF/rules/CAF.Tag.Rule.ps1 +++ b/src/PSRule.Rules.CAF/rules/CAF.Tag.Rule.ps1 @@ -6,7 +6,7 @@ # https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/naming-and-tagging # Synopsis: Tag resources and resource groups with mandatory tags -Rule 'CAF.Tag.Required' -If { (SupportsTags) } { +Rule 'CAF.Tag.Required' -If { (CAF_SupportsTags) } { # Use resource or resource group mandatory tags $required = $Configuration.GetStringValues('CAF_ResourceMandatoryTags') if ($PSRule.TargetType -eq 'Microsoft.Resources/resourceGroups') { @@ -25,6 +25,6 @@ Rule 'CAF.Tag.Required' -If { (SupportsTags) } { } # Synopsis: Use standard environment tag values -Rule 'CAF.Tag.Environment' -If { (SupportsTags) -and (Exists "Tags.$($Configuration.CAF_EnvironmentTag)") } { +Rule 'CAF.Tag.Environment' -If { (CAF_SupportsTags) -and (Exists "Tags.$($Configuration.CAF_EnvironmentTag)") } { Within "Tags.$($Configuration.CAF_EnvironmentTag)" $Configuration.CAF_Environments }