diff --git a/.github/workflows/bicep-build-to-validate.yml b/.github/workflows/bicep-build-to-validate.yml index 3d29fd95d..ba98489cc 100644 --- a/.github/workflows/bicep-build-to-validate.yml +++ b/.github/workflows/bicep-build-to-validate.yml @@ -53,7 +53,7 @@ jobs: # Add pipeline tests for Azure Well-Architected Framework - name: Run PSRule analysis - uses: Microsoft/ps-rule@v2.0.0 + uses: Microsoft/ps-rule@v2.1.0 with: modules: PSRule.Rules.Azure baseline: Azure.GA_2022_03 diff --git a/.ps-rule/Minimum.Rule.yaml b/.ps-rule/Minimum.Rule.yaml new file mode 100644 index 000000000..c16ecbf47 --- /dev/null +++ b/.ps-rule/Minimum.Rule.yaml @@ -0,0 +1,23 @@ + +--- +# Synopsis: Ignore the minimum sample configuration. +apiVersion: github.com/microsoft/PSRule/v1 +kind: SuppressionGroup +metadata: + name: ALZ.MinimumSample +spec: + rule: + - Azure.Firewall.Mode + - Azure.VNG.VPNAvailabilityZoneSKU + - Azure.PublicIP.AvailabilityZone + - Azure.VNG.VPNActiveActive + - Azure.PublicIP.StandardSKU + if: + allOf: + - type: '.' + in: + - Microsoft.Network/azureFirewalls + - Microsoft.Network/publicIPAddresses + - source: 'Template' + endsWith: + - 'minimum.sample.bicep' diff --git a/.ps-rule/en/ALZ.MinimumSample.md b/.ps-rule/en/ALZ.MinimumSample.md new file mode 100644 index 000000000..39ea25dcd --- /dev/null +++ b/.ps-rule/en/ALZ.MinimumSample.md @@ -0,0 +1,15 @@ +# Ignore minimum sample + +## SYNOPSIS + +Ignore the minimum sample configuration that may not be WAF compliant. +See https://github.com/Azuure/ALZ-Bicep/blob/main/.ps-rule/en/ALZ.MinimumSample.md. + +## DESCRIPTION + +The _minimum_ sample provides a basic configuration. +It is typically less complex, and has requires fewer requirements. +This make is most suitable for early development and testing. + +The basic configuration may not have all the features required for alignment to the Well-Architected Framework. +Consider using the _baseline_ sample for enterprise environments. diff --git a/.vscode/bicep.code-snippets b/.vscode/bicep.code-snippets new file mode 100644 index 000000000..e58a487da --- /dev/null +++ b/.vscode/bicep.code-snippets @@ -0,0 +1,54 @@ +{ + "Bicep minimum sample": { + "scope": "bicep", + "prefix": "bicep-minimum-sample", + "description": "A minmum sample for testing and examples.", + "body": [ + "//", + "// Minimum deployment sample", + "//", + "", + "// Use this sample to deploy the minimum resource configuration.", + "", + "targetScope = 'resourceGroup'", + "", + "@description('The Azure location to deploy to.')", + "param location string = resourceGroup().location", + "", + "@description('Minimum resource configuration')", + "module ${1} '../${2}}.bicep' = {", + " name: '${1}'", + " params: {", + " parLocation: location", + " parTags: {}", + " }", + "}" + ] + }, + "Bicep baseline sample": { + "scope": "bicep", + "prefix": "bicep-baseline-sample", + "description": "A sample that aligned to WAF recommendations.", + "body": [ + "//", + "// Baseline deployment sample", + "//", + "", + "// Use this sample to deploy a Well-Architected aligned resource configuration.", + "", + "targetScope = 'resourceGroup'", + "", + "@description('The Azure location to deploy to.')", + "param location string = resourceGroup().location", + "", + "@description('Baseline resource configuration')", + "module ${1} '../${2}}.bicep' = {", + " name: '${1}'", + " params: {", + " parLocation: location", + " parTags: {}", + " }", + "}" + ] + } +} diff --git a/.vscode/extensions.json b/.vscode/extensions.json index c2a39a87a..b4418556e 100644 --- a/.vscode/extensions.json +++ b/.vscode/extensions.json @@ -1,6 +1,9 @@ { "recommendations": [ "ms-azuretools.vscode-bicep", + "vsls-contrib.codetour", + "msazurermtools.azurerm-vscode-tools", + "bencoleman.armview", "bewhite.psrule-vscode" ] } \ No newline at end of file diff --git a/infra-as-code/bicep/modules/hubNetworking/samples/baseline.sample.bicep b/infra-as-code/bicep/modules/hubNetworking/samples/baseline.sample.bicep new file mode 100644 index 000000000..02ec20a88 --- /dev/null +++ b/infra-as-code/bicep/modules/hubNetworking/samples/baseline.sample.bicep @@ -0,0 +1,19 @@ +// +// Baseline deployment sample +// + +// Use this sample to deploy a Well-Architected aligned resource configuration. + +targetScope = 'resourceGroup' + +@description('The Azure location to deploy to.') +param location string = resourceGroup().location + +@description('Baseline resource configuration') +module baseline_hub_network '../hubNetworking.bicep' = { + name: 'baseline_hub_network' + params: { + parLocation: location + parPublicIPSku: 'Standard' + } +} diff --git a/infra-as-code/bicep/modules/hubNetworking/samples/minimum.sample.bicep b/infra-as-code/bicep/modules/hubNetworking/samples/minimum.sample.bicep new file mode 100644 index 000000000..925590896 --- /dev/null +++ b/infra-as-code/bicep/modules/hubNetworking/samples/minimum.sample.bicep @@ -0,0 +1,18 @@ +// +// Minimum deployment sample +// + +// Use this sample to deploy the minimum resource configuration. + +targetScope = 'resourceGroup' + +@description('The Azure location to deploy to.') +param location string = resourceGroup().location + +@description('Minimum resource configuration') +module minimum_hub_network '../hubNetworking.bicep' = { + name: 'minimum_hub_network' + params: { + parLocation: location + } +} diff --git a/infra-as-code/bicep/modules/publicIp/samples/baseline.sample.bicep b/infra-as-code/bicep/modules/publicIp/samples/baseline.sample.bicep new file mode 100644 index 000000000..9bf517937 --- /dev/null +++ b/infra-as-code/bicep/modules/publicIp/samples/baseline.sample.bicep @@ -0,0 +1,25 @@ +// +// Baseline deployment sample +// + +// Use this sample to deploy a Well-Architected aligned resource configuration. + +targetScope = 'resourceGroup' + +@description('The Azure location to deploy to.') +param location string = resourceGroup().location + +@description('Baseline resource configuration') +module baseline_public_ip '../publicIp.bicep' = { + name: 'baseline_public_ip' + params: { + parPublicIPName: 'pip-baseline-ip' + parLocation: location + parPublicIPProperties: { } + parPublicIPSku: { + name: 'Standard' + tier: 'Regional' + } + parTags: {} + } +} diff --git a/infra-as-code/bicep/modules/publicIp/samples/minimum.sample.bicep b/infra-as-code/bicep/modules/publicIp/samples/minimum.sample.bicep new file mode 100644 index 000000000..d46fccb9a --- /dev/null +++ b/infra-as-code/bicep/modules/publicIp/samples/minimum.sample.bicep @@ -0,0 +1,25 @@ +// +// Minimum deployment sample +// + +// Use this sample to deploy the minimum resource configuration. + +targetScope = 'resourceGroup' + +@description('The Azure location to deploy to.') +param location string = resourceGroup().location + +@description('Minimum resource configuration') +module minimum_public_ip '../publicIp.bicep' = { + name: 'minimum_public_ip' + params: { + parPublicIPName: 'pip-minimum-ip' + parLocation: location + parPublicIPProperties: { } + parPublicIPSku: { + name: 'Basic' + tier: 'Regional' + } + parTags: {} + } +} diff --git a/ps-rule.yaml b/ps-rule.yaml index 386802715..245691181 100644 --- a/ps-rule.yaml +++ b/ps-rule.yaml @@ -12,7 +12,8 @@ include: # Require a minimum version of modules that include referenced baseline. requires: - PSRule.Rules.Azure: '@pre >=1.14.2' + PSRule: '@pre >=2.1.0' + PSRule.Rules.Azure: '@pre >=1.15.2' # Reference the repository in output. repository: @@ -50,6 +51,12 @@ input: # Include samples/ test files from modules - '!infra-as-code/bicep/modules/**/samples/*.bicep' +binding: + preferTargetInfo: true + targetType: + - resourceType + - type + rule: exclude: # Ignore these recommendations for this repo. @@ -57,3 +64,6 @@ rule: - Azure.ACR.MinSku - Azure.ACR.ContentTrust - Azure.Policy.AssignmentAssignedBy + + # Currently a bug as of v1.15.2. Review in the next release. + - Azure.PublicIP.Name