A little bit about the tests… These are the tests that are used to validate templates for the Azure QuickStart Repo and the Azure Marketplace. The purpose is to ensure a standard or consistent set of coding practices to make it easier to develop expertise using the template language (easy to read, write, debug).
As for the type, number and nature of the tests a test should check for something in the following categories (add more as you think of them :))
- Validating the author’s intent (unused parameters or variables)
- Security practices for the language (outputting secrets in plain text)
- Using the appropriate language construct for the task at hand (using environmental functions instead of hard-coding values)
Not everything is appropriate for a universal set of tests and not every test will apply to every scenario, so the framework allows for easy expansion and individual selection of tests.
Build Pipeline
Before any code will be deployed the ARM fiels need to be checked for best practices. This option to check files takes a long time. And this is worth the waiting if you have ARM files present in your solution. But this is not always the case, so i created to files to speed up this process when files are not present.
Exclusions
Within the script you now have the option to exclude files or controls. This is done with the help of two files:
- ARMTTKSkipFiles.csv
- ARMTTKSkipByFile.csv
When using these files, you will be able to skip checks specified during deployment. This can be done for regulation requirements or other reasons to make sure that the build finishes.
ARMTTKSkipFiles.csv
This file needs to be stored in the directory the ARM files are stored in. When the files are configured here these files will not be checked by the script.
The file content needs to look like this, the following files will not be scanned that are present in the directory.
host.json local.settings.json proxies.json
ARMTTKSkipByFile.csv
The second file that can be used is to exclude checks on file level. To do this you need to add the file ARMTTKSkipByFile.csv to the directory of the ARM template.Example : **ARMTTKSkipByFile.csv**
The file content needs to contain the name of the arm file separated with an **=** following with the tests that needs to be excluded. It is possible to use the wildcard for the files or for the checks but it is recommended to specified everything.
The file content needs to look like this:
@{
'[Filename].json' = 'Location Should Not Be Hardcoded','Secure String Parameters Cannot Have Default' , 'apiVersions Should Be Recent' , 'DeploymentTemplate Must Not Contain Hardcoded Uri'
}
A list of exclusion that can be configured can be found here. The second way to retrieve this information is to run the build once and filter the results to see where it is failing.
Code
- task: PowerShell@2
displayName: Start checking ARM files for ARM-TTK
inputs:
targetType: "inline"
pwsh: true
failOnStderr: false
script: Invoke-Build -Task TestARMTTK -ModuleName $(module.Name)
workingDirectory: $(System.DefaultWorkingDirectory)