Created
July 8, 2020 07:49
-
-
Save MarkWarneke/b2ced31cf105da992b7c200cb3b892a3 to your computer and use it in GitHub Desktop.
Testing the presence of the template, validate that adls file can be read and convert it from a JSON string to a PowerShell object. https://markwarneke.me/2019-08-21-static-code-analysis-for-infrastructure-as-code/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# azuredeploy.adls.Tests.ps1 | |
param ( | |
$Path = (Join-Path $PSScriptRoot "azuredeploy.json") | |
) | |
# Test for template presence | |
$null = Test-Path $Path -ErrorAction Stop | |
# Test if arm template content is readable | |
$text = Get-Content $Path -Raw -ErrorAction Stop | |
# Convert the ARM template to an Object | |
$json = ConvertFrom-Json $text -ErrorAction Stop | |
# Query naively all resources for type that match type storageAccounts | |
# Might need to be adjusted based on the actual resource manager template | |
$resource = $json.resources | Where-Object -Property "type" -eq "Microsoft.Storage/storageAccounts" | |
Describe "Azure Data Lake Generation 2 Resource Manager Template" { | |
# Mandatory requirement of ADLS Gen 2 are: | |
# - Resource Type is Microsoft.Storage/storageAccounts | |
# - Kind is StorageV2 | |
# - Hierarchical namespace is enabled | |
# https://docs.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-quickstart-create-account?toc=%2fazure%2fstorage%2fblobs%2ftoc.json | |
it "should have resource properties present" { | |
$resource | Should -Not -BeNullOrEmpty | |
} | |
it "should be of type Microsoft.Storage/storageAccounts" { | |
$resource.type | Should -Be "Microsoft.Storage/storageAccounts" | |
} | |
it "should be of kind StorageV2" { | |
$resource.kind | Should -Be "StorageV2" | |
} | |
it "should have Hns enabled" { | |
$resource.properties.isHnsEnabled | Should -Be $true | |
} | |
# Optional validation tests: | |
# - Ensure encryption is as specified | |
# - Secure Transfer by enforcing HTTPS | |
it "should have encryption key source set to Storage " { | |
$resource.properties.encryption.keySource | Should -Be "Microsoft.Storage" | |
} | |
it "should have blob encryption enabled" { | |
$resource.properties.encryption.services.blob.enabled | Should -Be $true | |
} | |
it "should have file encryption enabled" { | |
$resource.properties.encryption.services.blob.enabled | Should -Be $true | |
} | |
it "should enforce Https Traffic Only" { | |
$resource.properties.supportsHttpsTrafficOnly | Should -Be $true | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment