Add support for more complex rule pre-conditions #649

BernieWhite · 2021-03-01T00:36:46Z

Currently pre-conditions for rules can be written in script and/ or based on type binding. Type binding is effective in many simple scenarios however often needs to be combined with script pre-conditions for complex matching such as schema.

For example:

Rule 'Azure.Template.TemplateFile' -Type '.json' -If { (IsTemplateFile) } {
    # Rule body
}

# Determines if the object is a Azure Resource Manager template file
function global:IsTemplateFile {
    [CmdletBinding()]
    [OutputType([System.Boolean])]
    param (
        [Parameter(Mandatory = $False)]
        [String]$Suffix
    )
    process {
        if ($TargetObject.Extension -ne '.json') {
            return $False;
        }
        try {
            $jsonObject = $PSRule.GetContent($TargetObject)[0];
            [String]$targetSchema = $jsonObject.'$schema';
            $schemas = @(
                # Https
                "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json`#"
                "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json`#"
                "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json`#"
                "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json`#"
                "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json`#"

                # Http
                "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json`#"
                "http://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json`#"
                "http://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json`#"
                "http://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json`#"
                "http://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json`#"
            )
            return $targetSchema -in $schemas -and ([String]::IsNullOrEmpty($Suffix) -or $targetSchema.Trim("`#").EndsWith($Suffix));
        }
        catch {
            return $False;
        }
    }
}

While this approach works, it would be helpful to:

Allow for more complex matching without using scripts.
Increase reusability of matching by allowing use within dependant modules.

* Added selectors and strong apiVersion #649 #647 * Update schema and docs

BernieWhite added enhancement New feature or request feature: language Issues that affect language such keywords and variables labels Mar 1, 2021

BernieWhite added a commit to BernieWhite/PSRule that referenced this issue Mar 30, 2021

Added selectors and strong apiVersion microsoft#649 microsoft#647

edf6581

BernieWhite mentioned this issue Mar 30, 2021

Added selectors and strong apiVersion #649 #647 #675

Merged

7 tasks

BernieWhite self-assigned this Mar 30, 2021

BernieWhite added this to the v1.2.0 milestone Mar 30, 2021

BernieWhite closed this as completed in #675 Mar 30, 2021

BernieWhite added a commit that referenced this issue Mar 30, 2021

Added selectors and strong apiVersion #649 #647 (#675)

545f0fd

* Added selectors and strong apiVersion #649 #647 * Update schema and docs

This was referenced Mar 30, 2021

Pre-release v1.2.0-B2103043 #676

Merged

Release v1.2.0 #678

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add support for more complex rule pre-conditions #649

Add support for more complex rule pre-conditions #649

BernieWhite commented Mar 1, 2021

Add support for more complex rule pre-conditions #649

Add support for more complex rule pre-conditions #649

Comments

BernieWhite commented Mar 1, 2021