Validate Infrastructure as Code using PSRule - Jan Egil Ring - PSConfEU 2023

In this session, Jan, a cloud solution architect at Microsoft Norway, introduces PSRule, a tool for testing infrastructure as code. Jan starts by engaging with the audience and asking about their experience with deploying to Azure and using infrastructure as code. He explains that PSRule is designed to help test and validate deployments in Azure, aligning with the Azure Cloud Adoption Framework and the Well-Architected Framework.

Jan emphasizes that PSRule provides a set of rules for testing and documentation specifically for Azure Infrastructure as Code, supporting ARM templates and Bicep templates. He also mentions TF-Lint for Terraform users. Jan highlights the importance of integrating PSRule into CI/CD pipelines to test infrastructure before it goes live, allowing developers to identify and fix issues earlier in the development process.

To get started with PSRule, Jan explains that users need to install the module "psrule" and create a standalone rule to test file types. He demonstrates an example of testing image files on the local file system and setting up rules using file info from the system IO to check the file extension. Tests can be filtered to display only the failed tests, and in a CI/CD scenario, the command "assert psrule" can be used to format the output for human consumption. Jan also mentions the availability of a VS Code extension and pre-made tasks for easier integration with CI/CD workflows.

Moving on to testing infrastructure templates, Jan explains the steps for testing Bicep templates. He showcases a pre-created main.bicep resource with inline PSRule recommendations, offering guidance while editing the template. To use PSRule with Bicep files, users must install the PSRule module and the rules module for the well-architected framework. PSRule offers flexible output formats such as NUnit3 and Sarif, which are useful in CI/CD scenarios. Jan points out that pre-made repositories with examples and setups are available for testing PSRule with Bicep Templates, Arm Templates, Azure DevOps pipelines, and GitHub Actions.

Jan then dives into using PSRule with Azure DevOps, demonstrating how to push a repository into a DevOps organization and set up a pipeline called "PS rule demo." He explains that the PSRule extension for Azure DevOps is installed to provide necessary tasks in the pipeline. Jan walks through inputting options and running the pipeline, showcasing the organization settings and extensions where the PSRule and Sarif tasks are located. The PSRule extension outputs a summary in a readable format, facilitating easy access to documentation. Jan briefly mentions GitHub Actions and provides a high-level overview of the YAML file setup, showcasing the output of a pipeline run.

In the next segment, Jan discusses testing existing infrastructure using in-flight analysis and demonstrates the export and scanning process using PSRule. They also touch on the capabilities of PSRule for analyzing files in an offline environment and explain how users can exclude or suppress rules that are not applicable to their specific situation. Jan mentions that PSRule for Azure Monitor allows users to upload analysis results to Log Analytics or Azure Monitor and set up alert rules. They point out that PSRule can be combined with Pester for testing PowerShell code and provide various resources, including demos, notebooks, documentation, and links to configure different options.

Throughout the episode, Jan invites questions from the audience and addresses inquiries about exporting multiple formats simultaneously, default parameters, testing Azure policies, and using PSRule for on-premises infrastructure. They encourage users to contribute to the community by open-sourcing their custom rules for PSRule.

Chapters:
00:00:00 Validate Infrastructure as Code using PSRule - Jan Egil Ring - PSConfEU 2023
00:00:07 Introduction and Acknowledgment of Sponsors
00:02:15 Overview of Azure Landing Zones and Subscription V…