Releases: Azure/PSRule.Rules.Azure
Releases · Azure/PSRule.Rules.Azure
v1.34.0-B0022
What's changed since v1.33.2:
- New rules:
- Azure Kubernetes Service:
- Check that user mode pools have a minimum number of nodes by @BernieWhite.
#2683- Added configuration to support changing the minimum number of node and to exclude node pools.
- Set
AZURE_AKS_CLUSTER_USER_POOL_MINIMUM_NODES
to set the minimum number of user nodes. - Set
AZURE_AKS_CLUSTER_USER_POOL_EXCLUDED_FROM_MINIMUM_NODES
to exclude a specific node pool by name.
- Check that user mode pools have a minimum number of nodes by @BernieWhite.
- Azure Kubernetes Service:
- Updated rules:
- Azure Kubernetes Service:
- Updated
Azure.AKS.MinNodeCount
the count nodes system node pools by @BernieWhite.
#2683- Improved guidance and examples specifically for system node pools.
- Added configuration to support changing the minimum number of node.
- Set
AZURE_AKS_CLUSTER_MINIMUM_SYSTEM_NODES
to set the minimum number of system nodes.
- Updated
- Front Door:
- Updated
Azure.FrontDoor.Logs
to cover premium and standard profiles instead of just classic by @BernieWhite.
#2704- Added a selector for premium and standard profiles
Azure.FrontDoor.IsStandardOrPremium
. - Added a selector for classic profiles
Azure.FrontDoor.IsClassic
. - Updated rule set to
2024_03
.
- Added a selector for premium and standard profiles
- Updated
- Azure Kubernetes Service:
- General improvements:
- Moved
.bicepparam
file support to stable by @BernieWhite.
#2682- Bicep param files are now automatically expanded when found.
- To disable expansion, set the configuration option
AZURE_BICEP_PARAMS_FILE_EXPANSION
tofalse
.
- Documentation and metadata improvements by @BernieWhite.
#1772
#2570
- Moved
- Engineering:
- Bug fixes:
- Fixed missing zones property for public IP addresses by @BernieWhite.
#2698
- Fixed missing zones property for public IP addresses by @BernieWhite.
See change log.
v1.33.2
What's changed since v1.33.1:
- Bug fixes:
- Fixed false positive of
Azure.Resource.AllowedRegions
raised during assertion call by @BernieWhite.
#2687
- Fixed false positive of
See change log.
v1.33.1
What's changed since v1.33.0:
- Bug fixes:
- Fixed
Azure.AKS.AuthorizedIPs
is not valid for a private cluster by @BernieWhite.
#2677 - Fixed generating rule for VM extensions from policy is incorrect by @BernieWhite.
#2608
- Fixed
See change log.
v1.33.0
What's changed since v1.32.1:
- New features:
- Exporting policy as rules also generates a baseline by @BernieWhite.
#2482- A baseline is automatically generated that includes for all rules exported.
If a policy rule has been replaced by a built-in rule, the baseline will include the built-in rule instead. - The baseline is named
<Prefix>.PolicyBaseline.All
. i.e.Azure.PolicyBaseline.All
by default. - For details see Policy as rules.
- A baseline is automatically generated that includes for all rules exported.
- Exporting policy as rules also generates a baseline by @BernieWhite.
- New rules:
- Databricks:
- Check that Databricks workspaces use a non-trial SKU by @batemansogq.
#2646 - Check that Databricks workspaces require use of private endpoints by @batemansogq.
#2646
- Check that Databricks workspaces use a non-trial SKU by @batemansogq.
- Dev Box:
- Check that projects limit the number of Dev Boxes per user by @BernieWhite.
#2654
- Check that projects limit the number of Dev Boxes per user by @BernieWhite.
- Databricks:
- Updated rules:
- Application Gateway:
- Updated
Azure.AppGwWAF.RuleGroups
to use the rule sets by @BenjaminEngeset.
#2629- The latest Bot Manager rule set is now
1.0
. - The latest OWASP rule set is now
3.2
.
- The latest Bot Manager rule set is now
- Updated
- Cognitive Services:
- Relaxed
Azure.Cognitive.ManagedIdentity
to configurations that require managed identities by @BernieWhite.
#2559
- Relaxed
- Virtual Machine:
- Checks for Azure Hybrid Benefit
Azure.VM.UseHybridUseBenefit
are not enabled by default by @BernieWhite.
#2493- To enable, set the
AZURE_VM_USE_HYBRID_USE_BENEFIT
option totrue
.
- To enable, set the
- Checks for Azure Hybrid Benefit
- Virtual Network:
- Added option for excluding subnets to
Azure.VNET.UseNSGs
by @BernieWhite.
#2572- To add a subnet exclusion, set the
AZURE_VNET_SUBNET_EXCLUDED_FROM_NSG
option.
- To add a subnet exclusion, set the
- Added option for excluding subnets to
- Application Gateway:
- General improvements:
- Rules that are ignored during exporting policy as rules are now generate a verbose logs by @BernieWhite.
#2482- This is to improve transparency of why rules are not exported.
- To see details on why a rule is ignored, enable verbose logging with
-Verbose
.
- Policies that duplicate built-in rules can now be exported by using the
-KeepDuplicates
parameter by @BernieWhite.
#2482- For details see Policy as rules.
- Quality updates to rules and documentation by @BernieWhite.
#1772
#2570
- Rules that are ignored during exporting policy as rules are now generate a verbose logs by @BernieWhite.
- Engineering:
- Bug fixes:
- Fixed
dateTimeAdd
may fail with different localization by @BernieWhite.
#2631 - Fixed inconclusive result reported for
Azure.ACR.Usage
by @BernieWhite.
#2494 - Fixed export of Front Door resource data is incomplete by @BernieWhite.
#2668 - Fixed
Azure.Template.TemplateFile
to support withlanguageVersion
2.0 template properties by @MrRoundRobin.
#2660 - Fixed
Azure.VM.DiskSizeAlignment
does not handle smaller sizes and ultra disks by @BernieWhite.
#2656
- Fixed
What's changed since pre-release v1.33.0-B0169:
- No additional changes.
See change log.
v1.33.0-B0169
What's changed since pre-release v1.33.0-B0126:
- New features:
- Exporting policy as rules also generates a baseline by @BernieWhite.
#2482- A baseline is automatically generated that includes for all rules exported.
If a policy rule has been replaced by a built-in rule, the baseline will include the built-in rule instead. - The baseline is named
<Prefix>.PolicyBaseline.All
. i.e.Azure.PolicyBaseline.All
by default. - For details see Policy as rules.
- A baseline is automatically generated that includes for all rules exported.
- Exporting policy as rules also generates a baseline by @BernieWhite.
- General improvements:
- Rules that are ignored during exporting policy as rules are now generate a verbose logs by @BernieWhite.
#2482- This is to improve transparency of why rules are not exported.
- To see details on why a rule is ignored, enable verbose logging with
-Verbose
.
- Policies that duplicate built-in rules can now be exported by using the
-KeepDuplicates
parameter by @BernieWhite.
#2482- For details see Policy as rules.
- Rules that are ignored during exporting policy as rules are now generate a verbose logs by @BernieWhite.
- Bug fixes:
- Fixed inconclusive result reported for
Azure.ACR.Usage
by @BernieWhite.
#2494 - Fixed export of Front Door resource data is incomplete by @BernieWhite.
#2668
- Fixed inconclusive result reported for
See change log.
v1.33.0-B0126
What's changed since pre-release v1.33.0-B0088:
- Bug fixes:
- Fixed
Azure.Template.TemplateFile
to support withlanguageVersion
2.0 template properties by @MrRoundRobin.
#2660
- Fixed
See change log.
v1.33.0-B0088
What's changed since pre-release v1.33.0-B0053:
- New rules:
- Dev Box:
- Check that projects limit the number of Dev Boxes per user by @BernieWhite.
#2654
- Check that projects limit the number of Dev Boxes per user by @BernieWhite.
- Dev Box:
- Bug fixes:
- Fixed
Azure.VM.DiskSizeAlignment
does not handle smaller sizes and ultra disks by @BernieWhite.
#2656
- Fixed
See change log.
v1.33.0-B0053
What's changed since pre-release v1.33.0-B0023:
- New rules:
- Databricks:
- Check that Databricks workspaces use a non-trial SKU by @batemansogq.
#2646 - Check that Databricks workspaces require use of private endpoints by @batemansogq.
#2646
- Check that Databricks workspaces use a non-trial SKU by @batemansogq.
- Databricks:
- Engineering:
See change log.
v1.33.0-B0023
What's changed since v1.32.1:
- Updated rules:
- Application Gateway:
- Updated
Azure.AppGwWAF.RuleGroups
to use the rule sets by @BenjaminEngeset.
#2629- The latest Bot Manager rule set is now
1.0
. - The latest OWASP rule set is now
3.2
.
- The latest Bot Manager rule set is now
- Updated
- Cognitive Services:
- Relaxed
Azure.Cognitive.ManagedIdentity
to configurations that require managed identities by @BernieWhite.
#2559
- Relaxed
- Virtual Machine:
- Checks for Azure Hybrid Benefit
Azure.VM.UseHybridUseBenefit
are not enabled by default by @BernieWhite.
#2493- To enable, set the
AZURE_VM_USE_HYBRID_USE_BENEFIT
option totrue
.
- To enable, set the
- Checks for Azure Hybrid Benefit
- Virtual Network:
- Added option for excluding subnets to
Azure.VNET.UseNSGs
by @BernieWhite.
#2572- To add a subnet exclusion, set the
AZURE_VNET_SUBNET_EXCLUDED_FROM_NSG
option.
- To add a subnet exclusion, set the
- Added option for excluding subnets to
- Application Gateway:
- General improvements:
- Quality updates to rules and documentation by @BernieWhite.
#1772
#2570
- Quality updates to rules and documentation by @BernieWhite.
- Engineering:
- Bug fixes:
- Fixed
dateTimeAdd
may fail with different localization by @BernieWhite.
#2631
- Fixed
See change log.
v1.32.1
What's changed since v1.32.0:
- Bug fixes:
- Fixed quotes get incorrectly duplicated by @BernieWhite.
#2593 - Fixed failure to expand copy loop in a Azure Policy deployment by @BernieWhite.
#2605 - Fixed cast exception when expanding the union of an array and mock by @BernieWhite.
#2614
- Fixed quotes get incorrectly duplicated by @BernieWhite.
See change log.