Describes PSRule configuration options specific to PSRule for Azure.
PSRule exposes configuration options that can be used to customize execution of PSRule.Rules.Azure.
This topic describes what configuration options are available.
PSRule configuration options can be specified by setting the configuration option in ps-rule.yaml.
Additionally, configuration options can be configured in a baseline or set at runtime.
For details of setting configuration options see PSRule options.
The following configurations options are available for use:
- Azure_AKSMinimumVersion
- Azure_AKSNodeMinimumMaxPods
- Azure_AllowedRegions
- Azure_MinimumCertificateLifetime
- AZURE_PARAMETER_FILE_EXPANSION
- AZURE_POLICY_WAIVER_MAX_EXPIRY
- AZURE_RESOURCE_GROUP
- AZURE_SUBSCRIPTION
This configuration option determines the minimum version of Kubernetes for AKS clusters and node pools. Rules that check the Kubernetes version fail when the version is older than the version specified.
Syntax:
configuration:
Azure_AKSMinimumVersion: string # A version stringDefault:
# YAML: The default Azure_AKSMinimumVersion configuration option
configuration:
Azure_AKSMinimumVersion: 1.20.5Example:
# YAML: Set the Azure_AKSMinimumVersion configuration option to 1.19.7
configuration:
Azure_AKSMinimumVersion: 1.19.7This configuration option determines the minimum allowed max pods setting per node pool.
When an AKS cluster node pool is created, a maxPods option is used to determine the maximum number of pods for each node in the node pool.
Syntax:
configuration:
Azure_AKSNodeMinimumMaxPods: integerDefault:
# YAML: The default Azure_AKSNodeMinimumMaxPods configuration option
configuration:
Azure_AKSNodeMinimumMaxPods: 50Example:
# YAML: Set the Azure_AKSNodeMinimumMaxPods configuration option to 30
configuration:
Azure_AKSNodeMinimumMaxPods: 30This configuration option specifies a list of allowed locations that resources can be deployed to. Rules that check the location of Azure resources fail when a resource or resource group is created in a different region.
By default, Azure_AllowedRegions is not configured.
The rule Azure.Resource.AllowedRegions is skipped when no allowed locations are configured.
Syntax:
configuration:
Azure_AllowedRegions: array # An array of regionsDefault:
# YAML: The default Azure_AllowedRegions configuration option
configuration:
Azure_AllowedRegions: []Example:
# YAML: Set the Azure_AllowedRegions configuration option to Australia East, Australia South East
configuration:
Azure_AllowedRegions:
- 'australiaeast'
- 'australiasoutheast'This configuration option determines the minimum number of days allowed before certificate expiry. Rules that check certificate lifetime fail when the days remaining before expiry drop below this number.
Syntax:
configuration:
Azure_MinimumCertificateLifetime: integerDefault:
# YAML: The default Azure_MinimumCertificateLifetime configuration option
configuration:
Azure_MinimumCertificateLifetime: 30Example:
# YAML: Set the Azure_MinimumCertificateLifetime configuration option to 90
configuration:
Azure_MinimumCertificateLifetime: 90This configuration option determines if Azure template parameter files will automatically be expanded. By default, parameter files will not be automatically expanded.
Parameter files are expanded when PSRule cmdlets with the -Format File parameter are used.
Syntax:
configuration:
AZURE_PARAMETER_FILE_EXPANSION: boolDefault:
# YAML: The default AZURE_PARAMETER_FILE_EXPANSION configuration option
configuration:
AZURE_PARAMETER_FILE_EXPANSION: falseExample:
# YAML: Set the AZURE_PARAMETER_FILE_EXPANSION configuration option to enable expansion
configuration:
AZURE_PARAMETER_FILE_EXPANSION: trueThis configuration option determines the maximum number of days in the future for a waiver policy exemption.
Syntax:
configuration:
AZURE_POLICY_WAIVER_MAX_EXPIRY: integerDefault:
# YAML: The default AZURE_POLICY_WAIVER_MAX_EXPIRY configuration option
configuration:
AZURE_POLICY_WAIVER_MAX_EXPIRY: 366Example:
# YAML: Set the AZURE_POLICY_WAIVER_MAX_EXPIRY configuration option to 90
configuration:
AZURE_POLICY_WAIVER_MAX_EXPIRY: 90This configuration option sets the resource group object used by the resourceGroup() function.
Configure this option to change the resource group object when using exporting templates for analysis.
Provided properties will override the default.
Any properties that are not provided with use the defaults as specified below.
This configuration option will be ignored when -ResourceGroup is used with Export-AzRuleTemplateData.
Syntax:
configuration:
AZURE_RESOURCE_GROUP:
name: string
location: string
tags: object
properties:
provisioningState: stringDefault:
# YAML: The default AZURE_RESOURCE_GROUP configuration option
configuration:
AZURE_RESOURCE_GROUP:
name: 'ps-rule-test-rg'
location: 'eastus'
tags: { }
properties:
provisioningState: 'Succeeded'Example:
# YAML: Override the location of the resource group object.
configuration:
AZURE_RESOURCE_GROUP:
location: 'australiasoutheast'This configuration option sets the subscription object used by the subscription() function.
Configure this option to change the subscription object when using exporting templates for analysis.
Provided properties will override the default.
Any properties that are not provided with use the defaults as specified below.
This configuration option will be ignored when -Subscription is used with Export-AzRuleTemplateData.
Syntax:
configuration:
AZURE_SUBSCRIPTION:
subscriptionId: string
tenantId: string
displayName: string
state: stringDefault:
# YAML: The default AZURE_SUBSCRIPTION configuration option
configuration:
AZURE_SUBSCRIPTION:
subscriptionId: 'ffffffff-ffff-ffff-ffff-ffffffffffff'
tenantId: 'ffffffff-ffff-ffff-ffff-ffffffffffff'
displayName: 'PSRule Test Subscription'
state: 'NotDefined'Example:
# YAML: Override the display name of the subscription object
AZURE_SUBSCRIPTION:
displayName: 'My test subscription'An online version of this document is available at https://github.com/Azure/PSRule.Rules.Azure/blob/main/docs/concepts/about_PSRule_Azure_Configuration.md.
- Configuration
- Rule