-
Notifications
You must be signed in to change notification settings - Fork 31
Expand file tree
/
Copy pathps-rule.yaml
More file actions
96 lines (76 loc) · 2.01 KB
/
ps-rule.yaml
File metadata and controls
96 lines (76 loc) · 2.01 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
#
# PSRule for Azure configuration
#
# Please see the documentation for all configuration options:
# https://aka.ms/ps-rule/options
# https://aka.ms/ps-rule-azure/options
# Configure binding for local rules.
binding:
preferTargetInfo: true
targetType:
- type
- resourceType
# Do not warn if an Azure resource or related object has no rules.
execution:
unprocessedObject: Ignore
# Require minimum versions of modules.
requires:
PSRule.Rules.Azure: '@pre >=1.34.2'
# Add PSRule v3 format configuration
format:
bicep:
type:
- '.bicep'
enabled: true
bicepparam:
type:
- '.bicepparam'
enabled: true
# Use PSRule for Azure.
include:
module:
- PSRule.Rules.Azure
# Configure the output culture for recommendations.
output:
culture:
- 'en-US'
input:
fileObjects: true
pathIgnore:
# Ignore other files in the repository.
- '**'
# Include deployments.
- '!deployments/**/*.bicepparam'
- '!deployments/**/deploy.bicep'
# Include module tests.
- '!modules/**/*.tests.bicep'
configuration:
# Enable automatic expansion of Azure parameter files.
AZURE_PARAMETER_FILE_EXPANSION: true
# Enable automatic expansion of Azure Bicep source files.
AZURE_BICEP_FILE_EXPANSION: true
AZURE_BICEP_PARAMS_FILE_EXPANSION: true
# Configures the number of seconds to wait for build Bicep files.
AZURE_BICEP_FILE_EXPANSION_TIMEOUT: 10
# Enable Bicep CLI checks.
AZURE_BICEP_CHECK_TOOL: true
# Configure the minimum version of the Bicep CLI.
AZURE_BICEP_MINIMUM_VERSION: '0.39.26'
AZURE_PARAMETER_DEFAULTS:
adminPassword: $CREDENTIAL_PLACEHOLDER$
AZURE_DEPLOYMENT_NONSENSITIVE_PARAMETER_NAMES:
- keys
AZURE_RESOURCE_GROUP:
tags: {}
# Suppression ignores rules for a specific Azure resource by name.
suppression:
Azure.KeyVault.Logs:
- kvtest001
Azure.Storage.BlobPublicAccess:
- sttest001
# Disable the following rules by name.
rule:
exclude:
- Azure.VM.AMA
- Azure.VM.MaintenanceConfig
- Azure.VM.MigrateAMA