ArmaanMcleod
commented
2 years ago @BernieWhite I can probably help with this one. Should be able to use the JSON format from PSRule to make this easier to do.
Open BernieWhite opened 4 years ago
ArmaanMcleod
commented
2 years ago @BernieWhite I can probably help with this one. Should be able to use the JSON format from PSRule to make this easier to do.
BernieWhite
commented
2 years ago @ArmaanMcleod I've had quite a bit of time to think about this one. I think for the most part we should provide a way to export Azure Policy assignments and linked definitions into JSON based rules. I say assignments because there may be parameters like many of the built-in policies support. Customers would set these to different values based on their environment.
Maybe use the built-in "Allowed locations" policy as a sample case.
ArmaanMcleod
commented
2 years ago @BernieWhite Would we export Azure Policies with a cmdlet like Export-AzRulePolicyAssignmentData? I'd assume this could handle builtin and custom policies, and flags to filter by management groups/subscriptions(resource group as well for assignments). Also would make sense to export the full linked defintions along with the assignments to JSON based rules, and support pre and post validation.
Let me know what you think. Might need to figure out how we want to design this cmdlet.
BernieWhite
commented
2 years ago @ArmaanMcleod Yes. I was thinking:
PSRule can validate objects with custom PowerShell, YAML or JSON rules.
PSRule for Azure should be able to validate resources based on Azure Policies.
Migrated from Microsoft/PSRule#43