PSRule fails to expand resources presumably if resource uses map() function in output

[AlexanderSehr]

Description of the issue

In AVM, I recently commited an update to a module (private endpoint) that returns an array of resource IDs in its output using the following function

output networkInterfaceResourceIds string[] = map(privateEndpoint.properties.networkInterfaces, nic => nic.id)

Following this, I started implementing this version in 2 modules (Key Vault & Storage Account), that not only uses this module, but also passes this output through to the user. For example:

@description('The private endpoints of the key vault.')
output privateEndpoints privateEndpointOutputType[] = [
  for (item, index) in (privateEndpoints ?? []): {
    (...)
    networkInterfaceResourceIds: keyVault_privateEndpoints[index].outputs.networkInterfaceResourceIds
  }
]

Now, in AVM, where we run PSRule tests both on files that deploy private endpoints and not, an error surfaced for the one that does deploy private endpoints, and in turn, uses the output (Key Vault test example, Storage Account test example). The error looks as follows:

Failed to expand bicep source '/home/runner/work/bicep-registry-modules/bicep-registry-modules/avm/res/key-vault/vault/tests/e2e/waf-aligned/main.test.bicep'. Exception calling "GetBicepResources" with "2" argument(s): "Unable to expand resources because the source file '/home/runner/work/bicep-registry-modules/bicep-registry-modules/avm/res/key-vault/vault/tests/e2e/waf-aligned/main.test.bicep' was not valid. An error occurred evaluating expression '[map(reference('privateEndpoint').networkInterfaces, lambda('nic', lambdaVariables('nic').id))]' line 3535. The arguments for 'Map' are not in the expected format or type."

I did do some investigation to ensure the output is not just broken, but it looks exactly like I'd exact it to:

[
    {
        "name": "pep-<short>ssawaf001-blob-0",
        "resourceId": "/subscriptions/<subscriptionId>/resourceGroups/dep-<short>-storage.storageaccounts-ssawaf-rg/providers/Microsoft.Network/privateEndpoints/pep-<short>ssawaf001-blob-0",
        "groupId": "blob",
        "customDnsConfigs": [
            {
                "fqdn": "<short>ssawaf001.blob.core.windows.net",
                "ipAddresses": [
                    "10.0.0.4"
                ]
            }
        ],
        "networkInterfaceResourceIds": [
            "/subscriptions/<subscriptionId>/resourceGroups/dep-<short>-storage.storageaccounts-ssawaf-rg/providers/Microsoft.Network/networkInterfaces/pep-<short>ssawaf001-blob-0.nic.0c73db37-6089-4ba7-9d31-86827a6ae489"
        ]
    }
]

and no deployment test, no matter if a private endpoint deployment nor without fails.

So, right now I'm not sure what to make of this, as the map() function in the output seems to work as intended, yet PSRule seems to stumble over it in this context. Any help would be greatly appreciated.

To Reproduce

Steps to reproduce the issue:

• Run the PSRule Reliability tests on either one of those to templates:
  • Key Vault - WAF test
  • Storage Account - WAF test

Note: We use a PSRule configuration file that e.g. excludes resources with dep in the name from validation.

• General config
• 'dep' config

Expected behaviour

Rather simple - I'd expect PSRule to successfully process the corresponding test file without an error.

Error output

Key Vault WAF module test example Failed to expand bicep source '/home/runner/work/bicep-registry-modules/bicep-registry-modules/avm/res/key-vault/vault/tests/e2e/waf-aligned/main.test.bicep'. Exception calling "GetBicepResources" with "2" argument(s): "Unable to expand resources because the source file '/home/runner/work/bicep-registry-modules/bicep-registry-modules/avm/res/key-vault/vault/tests/e2e/waf-aligned/main.test.bicep' was not valid. An error occurred evaluating expression '[map(reference('privateEndpoint').networkInterfaces, lambda('nic', lambdaVariables('nic').id))]' line 3535. The arguments for 'Map' are not in the expected format or type."

Storage Accont WAF module test example Error: Failed to expand bicep source '/home/runner/work/bicep-registry-modules/bicep-registry-modules/avm/res/storage/storage-account/tests/e2e/waf-aligned/main.test.bicep'. Exception calling "GetBicepResources" with "2" argument(s): "Unable to expand resources because the source file '/home/runner/work/bicep-registry-modules/bicep-registry-modules/avm/res/storage/storage-account/tests/e2e/waf-aligned/main.test.bicep' was not valid. An error occurred evaluating expression '[map(reference('privateEndpoint').networkInterfaces, lambda('nic', lambdaVariables('nic').id))]' line 2890. The arguments for 'Map' are not in the expected format or type."

Module in use and version:

• Module: PSRule
• Version: 2.9.0

Captured output from $PSVersionTable:

  Name                           Value
  ----                           -----
  PSVersion                      7.4.5
  PSEdition                      Core
  GitCommitId                    7.4.5
  OS                             Ubuntu 22.04.5 LTS
  Platform                       Unix
  PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
  PSRemotingProtocolVersion      2.3
  SerializationVersion           1.1.0.1
  WSManStackVersion              3.0

Additional context

[BernieWhite]

Thanks for reporting the issue @AlexanderSehr.