search

microsoft / PSRule

Validate infrastructure as code (IaC) and objects using PowerShell rules.
https://microsoft.github.io/PSRule/v2/
MIT License
396 stars 49 forks source link

Problem with If, and getSecret function #1440

Closed PoborcaMaciej closed 1 year ago

PoborcaMaciej commented 1 year ago

Hello,

I have a problem with implementing tests for Bicep where I am using if conditions together with getSecret function. Do you know how I can solve it or if it is something that is not possible to omit?

Example of code that generates error image

Exception calling "GetBicepResources" with "3" argument(s): "Unable to expand resources because the source file 'd:\agents\agent_work\24\s/tests/environments/test.bicep' was not valid. The template parameter 'test' does not use the required format."

github-actions[bot] commented 1 year ago

Thanks for raising your first issue, the team appreciates the time you have taken 😉

BernieWhite commented 1 year ago

@PoborcaMaciej Thanks for raising the issue.

It may depend on what your goal is with the condition that either returning a secret or I assume a dummy value.

If you goal is to provide a test with a dummy value because you don't want to expose a secret in code then you shouldn't need to add the condition, you can just reference kv.getSecret() as you normally would where kv is an existing reference. For example:

// ----------
// REFERENCES
// ----------

resource kv 'Microsoft.KeyVault/vaults@2021-06-01-preview' existing = {
  name: 'kv-001'
}

resource ag 'Microsoft.Insights/actionGroups@2021-09-01' existing = {
  name: 'ag-001'
}

resource vnet 'Microsoft.Network/virtualNetworks@2021-05-01' existing = {
  name: 'vnet-001'
}

resource subnet 'Microsoft.Network/virtualNetworks/subnets@2021-05-01' existing = {
  parent: vnet
  name: 'subnet-001'
}

// ---------
// RESOURCES
// ---------

// Test a basic VM
module test_vm_with_no_disks '../main.bicep' = {
  name: 'test_vm_with_no_disks'
  params: {
    name: 'vm001'
    adminUsername: kv.getSecret('vm-username')
    adminPassword: kv.getSecret('vm-password')
    subnetId: subnet.id
    size: 'Standard_D2s_v3'
    imageSKU: '2019-Datacenter-Core'
    actionGroupId: ag.id
  }
}

PSRule for Azure will automatically use a placeholder value during expansion.

Since this is more a question, I'm going to move it to discussion so that it might help someone else in the community out.

I hope that helps.