Module in module support

[Dylan-Prins]

Is your feature request related to a problem? Please describe.

Supporting moduleception (modules in modules). We have the following set-up:

main.bicep -> local modules with resource group deployments -> acr modules.

This means the resources are not getting evaluated, because only deployments in deployments are tested.

This is what works: (Get-Content template.json | ConvertFrom-Json -Depth 99).resources[0].properties.template.resources | Assert-PSRule -Format Json

But I was hoping to use the azure pipeline task:

  - task: ps-rule-assert@2
    displayName: Analyze Azure template files
    inputs:
      inputType: repository
      modules: "PSRule.Rules.Azure"
      outputFormat: NUnit3
      outputPath: reports/ps-rule-results.xml

Describe the solution you'd like

Describe alternatives you've considered

Additional context

[BernieWhite]

@Dylan-Prins Thanks for the feature request. I'm not sure I understand the request entirely.

Currently PSRule for Azure will expand resources in nested deployments in the following cases:

• Parameter file (JSON) -> Template (JSON) -> Nested deployment within the same file
• Parameter file (JSON) -> Bicep module/ deployment > Bicep module
• Bicep tests/ deployment -> Bicep module -> Bicep module

Bicep modules will be restored from a Bicep registry (ACR) automatically, however a private registry requires authorization. See Restoring modules from a private registry for details on how to configure this within a pipeline.

Also consider setting the AZURE_BICEP_FILE_EXPANSION_TIMEOUT option as restores from a registry can take longer particularly when you are referencing several modules. Start with 15 or 30 seconds and tune as required if you still see timeouts.

---

Are you after a different option? or are the above options not working (bug)?

[BenjaminEngeset]

@Dylan-Prins

You can use the AzurePowerShell@5 task.

I am using private ACRs for Bicep repositories (modules) and using this configuration currently.

  - task: AzurePowerShell@5
        displayName: "Validate module files with Well-Architected Framework"
        condition: contains(variables['diff'], 'module')
        inputs:
          azureSubscription: $(serviceConnectionName)
          scriptType: "inlineScript"
          inline: |
            Install-Module PSRule.Rules.Azure -Scope CurrentUser -Force;
            git diff --diff-filter=d HEAD^ HEAD --name-only | ForEach-Object { Get-ChildItem $_ } | Assert-PSRule -Format File - 
            Module 'PSRule.Rules.Azure' -Baseline 'Azure.GA_2022_06' -OutputFormat NUnit3 -OutputPath 'reports/ps-rule- 
            results.xml'
          azurePowerShellVersion: latestVersion