Open o-l-a-v opened 4 months ago
Thanks for reporting the issue @o-l-a-v. Seems like you're hitting the timeout window which by default is 5 seconds, but this can be changed to a different value.
https://azure.github.io/PSRule.Rules.Azure/setup/configuring-expansion/#bicep-compilation-timeout
To clarify, do you feel you are getting the Bicep compilation hasn't completed within the timeout window. This can be caused by errors or warnings. Check the Bicep output by running bicep build and addressing any issues.
message incorrectly i.e. the timeout is already set to a high value.
Or is it more that the message is not helpful to diagnose the root cause?
How long did the separate bicep restore
task take?
The timeout is currently set to prevent cases when running in a CI pipeline are hard to troubleshoot and massively blow out runtime, which could easily occur if you have a large repository of files.
When a timeout occurs, PSRule moves on and doesn't wait for Bicep to complete.
Although possibly we can make this experience better.
Should've included the command I used for this to happen:
## Get all available rules and find the ones to exclude
$PSRuleRulesAvailable = [array](Get-PSRule -Module 'PSRule.Rules.Azure')
$PSRuleRulesExclude = [string[]](
$PSRuleRulesAvailable.Where{
$_.'Tags'.'Release' -ne 'GA' -or
$_.'Tags'.'Azure.WAF/pillar' -eq 'Reliability' -or
$_.'Info'.'Annotations'.'severity' -eq 'Awareness'
}.'Name' | Sort-Object
)
## Run PSRule
$PSRuleScan = [PSCustomObject[]](
Invoke-PSRule -InputPath $FilePath -Module 'PSRule.Rules.Azure' -Outcome 'Fail','Error' -OutputFormat 'None' -Option @{
'AZURE_BICEP_CHECK_TOOL' = [bool] $true
'AZURE_BICEP_FILE_EXPANSION' = [bool] $true
'AZURE_BICEP_FILE_EXPANSION_TIMEOUT' = [uint16] 30
'AZURE_BICEP_PARAMS_FILE_EXPANSION' = [bool] $true
'Execution.UnprocessedObject' = [string] 'Ignore'
'RULE.EXCLUDE' = [string[]]($PSRuleRulesExclude)
} | Sort-Object -Property 'RuleName'
)
So I had the timeout set to 30.
To clarify, do you feel you are getting the Bicep compilation hasn't completed within the timeout window. This can be caused by errors or warnings. Check the Bicep output by running bicep build and addressing any issues. message incorrectly i.e. the timeout is already set to a high value.
Exactly. Would be good to also include whatever error message Bicep might throw, not just a hardcoded error message.
Existing rule
No response
Description of the issue
Running PSRule with PSRule.Rules.Azure throws an error
Bicep compilation hasn't completed within the timeout window. This can be caused by errors or warnings. Check the Bicep output by running bicep build and addressing any issues.
when the actual cause is that the context it runs from isn't authorized to get the external Bicep modules from a private ACR. I noticed it because I addedbicep restore <file>.bicep
to my workflow before running PSRule, and it threw following error:Request: Expose the error thrown by Azure CLI (if using
az bicep
) or Bicep (if usingbicep
directly).Error messages
No response
Reproduction
Run PSRule on Bicep that references Bicep modules in a private ACR, without being authenticated and authorized to get those modules.
Version of PSRule
2.9.0
Version of PSRule for Azure
1.36.0
Additional context
No response