# # PSRule for Azure configuration # # Please see the documentation for all configuration options: # https://aka.ms/ps-rule/options # https://aka.ms/ps-rule-azure/options # Configure binding for local rules. binding: preferTargetInfo: true targetType: - type - resourceType # Require minimum versions of modules. requires: PSRule: "@pre >=2.9.0" PSRule.Rules.Azure: "@pre >=1.38.0" # Use PSRule for Azure. include: module: - PSRule.Rules.Azure execution: ruleSuppressed: Debug unprocessedObject: Debug output: culture: - "en-US" input: pathIgnore: # Exclude all files. - "*" # Only process defaults and waf-aligned test files. - "!avm/**/defaults/*.test.bicep" - "!avm/**/waf-aligned/*.test.bicep" configuration: # Enable automatic expansion of Azure parameter files. AZURE_PARAMETER_FILE_EXPANSION: false # Enable automatic expansion of Azure Bicep source files. AZURE_BICEP_FILE_EXPANSION: true # Configures the number of seconds to wait for build Bicep files. AZURE_BICEP_FILE_EXPANSION_TIMEOUT: 20 # Custom non-sensitive parameters' names AZURE_DEPLOYMENT_NONSENSITIVE_PARAMETER_NAMES: [ "sasTokenValidityLength", "passwordlength", "secretname", "secreturl", "secreturi", "secretrotation", "secretinterval", "secretprovider", "secretsprovider", "secretref", "secretid", "disablepassword", "sync*passwords", "sqlAdministratorLogin", "tokenname", "ssoClientSecretKeyVaultPath", "ssoSecretType", "tokenValidityLength", "uniqueKeyPolicyKeys", ] rule: # Enable custom rules that don't exist in the baseline includeLocal: false exclude: # Ignore the following rules for all resources - Azure.KeyVault.PurgeProtect - Azure.VM.UseHybridUseBenefit - Azure.AppConfig.PurgeProtect - Azure.MySQL.MaintenanceWindow # Must be excluded until https://msdata.visualstudio.com/Database%20Systems/_workitems/edit/2788114 is fixed - Azure.AppService.AvailabilityZone # Must disable as the serverfarm premium skus are not available in the AVM subscription. The module is WAF-aligned, just the tests don't validate it