The following sections describe key features of PSRule for Cloud Adoption Framework (CAF).
The CAF is a set of opinionated recommendations for implementing Azure that can scale to large organizations. PSRule for CAF provides rules to validate resources and infrastructure as code (IaC) against these recommendations. Currently PSRule for CAF includes rules for:
Use the built-in rules to start enforcing release processes quickly. Configure built-in rules to align to organization requirements. Then layer on your own rules as your organization's requirements mature. Custom rules can be implemented quickly and work side-by-side with built-in rules.
As new built-in rules are added and improved, download the latest PowerShell module to start using them.
Azure resources can be validated throughout their lifecycle to support a DevOps culture.
From as early as authoring a Azure Resource Manager (ARM) template, resources can be validated offline. Pre-flight validation can be integrated into a continuous integration (CI) processes to:
- Shift-left: Identify configuration issues and provide fast feedback in pull requests.
- Add quality gates: Implement quality gates between environments such as development, test and production.
- Monitor continuously: Perform ongoing checks for configuration optimization opportunities.
PSRule uses modern PowerShell libraries at its core, allowing it to go anywhere PowerShell can go. PSRule runs on MacOS, Linux and Windows.
To install PSRule for CAF use the Install-Module
cmdlet within PowerShell.
Install-Module -Name PSRule.Rules.CAF -Scope CurrentUser;
For additional installation options see install instructions.
Continue reading for FAQ relating to PSRule for CAF. For general FAQ see PSRule - Frequently Asked Questions (FAQ), including:
PSRule for CAF uses cmdlets from the PSRule.Rules.Azure module. To export rule data from an Azure subscription the built-in Reader role is required. For additional details see the PSRule for Azure FAQ.
No access to Azure is required after data has been exported to JSON.
You may already be using a unit test framework such as Pester to test infrastructure code. If you are, then you may have encountered the following challenges.
For a general PSRule/ Pester comparison see How is PSRule different to Pester?
Unit tests are unable to effectively test resources contained within Azure templates. Templates should be reusable, but this creates problems for testing when functions, conditions and copy loops are used. Template parameters could completely change the type, number of, or configuration of resources.
PSRule resolves templates to allow analysis of the resources that would be deployed based on provided parameters.
When building unit tests for Azure resources, starting with an empty repository can be a daunting experience. While there are several open source repositories and samples around to get you started, you need to integrate these yourself.
PSRule for CAF is distributed as a PowerShell module using the PowerShell Gallery. Using a PowerShell module makes it easy to install and update. The built-in rules allow you starting testing resources quickly, with minimal integration.