Closed LaurentDardenne closed 5 years ago
@LaurentDardenne Modules are designed to be discrete. So something like this should be able to be done with a fully qualified rule Id. In your DependsOn
use <modules>/<file>/<ruleName>
so in this case -DependsOn 'TestModule/Test.Rule.ps1/M1.Rule1'
should work, but untested.
That said, I have been thinking about:
In point 2 the idea was to allow a new rule set to incorporate rules from an existing rule set, as a new combined rules set.
The following syntax works (bravo !):
Rule Test -dependsOn 'TestModule/Test.Rule.ps1/M1.Rule2'
but not this one
Rule Test -dependsOn 'TestModule\Test.Rule.ps1\M1.Rule2'
In addition, the module must be loaded BEFORE the Invoke-PSRule call, the -Module parameter is only a reference on a loaded module. This variable does not affect behavior.
$PSModuleAutoLoadingPreference='All'
@LaurentDardenne Yes that is correct.
I have been thinking on these two points for a little while.
Packaging rules in module was not originally possible, so /
made more sense then. Now that packaging rules is possible it makes sense to rework how RuleId
is used to make it consistent with the fully qualified referencing that exists in PowerShell for cmdlets.
i.e. ModuleName\RuleName
so TestModule\M1.Rule2
.
This would be a breaking change that would drop supports for duplicate rule names in the same path.
Also agreed, -Module
should auto-load modules based on the preference variable and currently doesn't.
Let me add these features for tracking separately.
@LaurentDardenne Also curious on your intended usage of these features. If you can provide any more context, that would help.
Also curious on your intended usage of these features. If you can provide any more context, that would help.
I'm looking at how PSRule works. I worked on a technical validation automaton of package standards before publishing them via SCCM. The use would have been to add or remove rules by configuration or type of package, some rules may be common, others specific. In short, have a parametric rule engine.
I do not know if reuse rules would use -Tag would be enough, if it is better to create many modules with few rules or insert dependencies. For now I'm thinking about how to use PSRule :-)
I have another question about rule dependencies, The definition can carry this information, but the class PSRule.Rules.Rule does not offer them. How to find them to create a graph of dependencies ?
@LaurentDardenne
I do not know if reuse rules would use -Tag would be enough, if it is better to create many modules with few rules or insert dependencies.
You could consider using the baseline configuration options in descrete config files config1.yaml
, config2.yaml
...
Then Invoke-PSRule -Option .\config1.yaml
In the future I'd like to expand the capabilities to allow named baselines to be defined and shipped in modules. Currently that is not possible, but separate PSRule options configuration files can be used.
How to find them to create a graph of dependencies?
Currently the dependency graph is built internally but not exposed. It should be fairly easy to expose this through to the PSRule.Rules.Rule
class if it is important.
You could consider using the baseline configuration options in descrete config files
I have not yet taken the time to look at this feature, thank you.
It should be fairly easy to expose this through to the PSRule.Rules.Rule class if it is important.
It would be useful I think, but may not be used by everyone.
A simple Get-Graph cmdlet can suffice to create the data needed for this type of rendering or DGML
Get-PSRule
results.@LaurentDardenne I'll release this soon.
Building a dependency graph with mermaid.
function Get-Graph {
"graph TD;"
Get-PSRule .\tests\PSRule.Tests\TestModule2\ -Name M2.Rule2 -IncludeDependencies | ForEach-Object {
foreach ($dep in $_.DependsOn) {
[String]::Concat($_.RuleId, "-->", $dep, ";")
}
}
}
Thank you.
I try to build, in a script, a rule dependent on a second rule which is located in a module:
According to the exception message, should a rule dependency be in the same module / script? If yes, the next line :
does not create a 'single set' of rules, but merely follows the execution of rules defined in several places, is that it?