Improve discovery of rule tags

[LaurentDardenne]

Rules can be found with the 'Tag' parameter, but for a series of rules such as these we do not know, via a command, the list of the keys and values which are declared in the code of these rules.
And the existing documentation does not specify them.

My note is about discoverability under PowerShell, something is missing to accomplish this task.

We can quickly write something like this:

Function New-TagRule{
  param(
      [Parameter(Mandatory=$True,position=0)]
    $Name,

      [Parameter(Mandatory=$True,position=1)]
    $Key,

      [Parameter(Mandatory=$True,position=2)]
    $Value
 )

  [pscustomobject]@{
    PSTypeName='TagRule';
    Name=$Name;
    Key=$Key;
    Value=$Value;
  }
}
$t=Get-PSrule
$List=foreach ($rule in $T)
{
    $h=$Rule.Tag.ToHashTable()
    foreach ( $Entry in $H.GetEnumerator())
    {
        New-TagRule $Rule.RuleName $Entry.Key $Entry.Value
    }
}

#Now I can retrieve an 'overview' of the possibilities
$list|group key,value

# Count Name                      Group
# ----- ----                      -----
#    10 severity, Critical        {@{Name=Azure.ACR.AdminUser; Key=severity; Value=Critical}, @{Name=Azure.MySQL.UseSS...
#    19 category, Security con... {@{Name=Azure.ACR.AdminUser; Key=category; Value=Security configuration}, @{Name=Azu...
#    20 severity, Important       {@{Name=Azure.ACR.MinSku; Key=severity; Value=Important}, @{Name=Azure.AKS.MinNodeCo...
#     5 category, Performance     {@{Name=Azure.ACR.MinSku; Key=category; Value=Performance}, @{Name=Azure.AppService....
#     9 category, Reliability     {@{Name=Azure.AKS.MinNodeCount; Key=category; Value=Reliability}, @{Name=Azure.AppSe...
#    10 category, Operations m... {@{Name=Azure.AKS.Version; Key=category; Value=Operations management}, @{Name=Azure....
#     7 severity, Single point... {@{Name=Azure.AppService.PlanInstanceCount; Key=severity; Value=Single point of fail...
#    12 severity, Awareness       {@{Name=Azure.AppService.ARRAffinity; Key=severity; Value=Awareness}, @{Name=Azure.D...
#     1 category, Data recovery   {@{Name=Azure.Storage.SoftDelete; Key=category; Value=Data recovery}}
#     2 category, Security ope... {@{Name=Azure.Subscription.SecurityCenterContact; Key=category; Value=Security opera...
#     2 category, Cost optimis... {@{Name=Azure.VirtualMachine.DiskSizeAlignment; Key=category; Value=Cost optimisatio...
#     1 category, Performance ... {@{Name=Azure.VirtualMachine.AcceleratedNetworking; Key=category; Value=Performance ...

#Which Key can I use with the hashtable passed to Get-PsRule -Tag ?
$RuleKeys=$list.key|Sort-object|get-unique
# category
# severity

#Which Value can I use with the hashtable passed to Get-PsRule -Tag @{Category=} ?
$list|Where-Object {$_.key -eq 'category'}|Select-Object -ExpandProperty value|Sort-Object|get-unique
# Cost optimisation
# Data recovery
# Operations management
# Performance
# Performance optimisation
# Reliability
# Security configuration
# Security operations

#Which Value can I use with the hashtable passed to Get-PsRule -Tag @{Severity=} ?
$list|Where-Object {$_.key -eq 'severity'}|Select-Object -ExpandProperty value|Sort-Object|get-unique
# Awareness
# Critical
# Important
# Single point of failure

#Retrieve the rules associated with the tags of one rule
get-psrule -tag (get-psrule -name 'Azure.ACR.AdminUser').Tag.ToHashtable()
# AVERTISSEMENT : The azureAllowedRegions option is not configured
# AVERTISSEMENT : The azureAllowedRegions option is not configured

# RuleName                            Synopsis                                  ModuleName
# --------                            --------                                  ----------
# Azure.ACR.AdminUser                 Use RBAC for delegating access to ACR ...
# Azure.MySQL.UseSSL                  Use encrypted MySQL connections
# Azure.PostgreSQL.UseSSL             Use encrypted PostgreSQL connections
# Azure.Redis.NonSslPort              Redis Cache should only accept secure ...
# Azure.Redis.MinTLS                  Redis Cache should reject TLS versions...
# Azure.VirtualNetwork.UseNSGs        Subnets should have NSGs assigned, exc...
# Azure.VirtualNetwork.NSGAnyInbou... Network security groups should avoid a...
# Azure.VirtualNetwork.AppGwUseWAF    Internet accessible Application Gatewa...
# Azure.VirtualNetwork.AppGwSSLPolicy Application Gateway should only accept...
# Azure.VirtualNetwork.AppGwPreven... Internet exposed Application Gateways ...

Of course this does not list all possible groups of calls.

[BernieWhite]

@LaurentDardenne How about something like the following:

Get-PSRule -Module PSRule.Rules.Azure -OutputFormat Wide

RuleName                            ModuleName                 Synopsis                                                Tag
--------                            ----------                 --------                                                ---
Azure.ACR.AdminUser                 PSRule.Rules.Azure         Use Azure AD accounts instead of using the registry     severity='Critical'
                                                               admin user.                                             category='Security configuration'
Azure.ACR.MinSku                    PSRule.Rules.Azure         ACR should use the Premium or Standard SKU for          severity='Important'
                                                               production deployments.                                 category='Performance'
Azure.AKS.MinNodeCount              PSRule.Rules.Azure         AKS clusters should have minimum number of nodes for    severity='Important'
                                                               failover and updates.                                   category='Reliability'

Would this address tag discovery for rules?

[LaurentDardenne]

Where can I find the new package to test this version ?
I have not found a link to the CI.

[BernieWhite]

@LaurentDardenne https://www.powershellgallery.com/packages/PSRule/0.7.0-B190652

[LaurentDardenne]

The method Tag.ToviewString() facilitates grouping and find the list of categories.
Thanks.