Awesome Open Source
Awesome Open Source

PSRule

A cross-platform module to validate infrastructure as code (IaC) and objects using PowerShell rules. PSRule works great and integrates with popular continuous integration (CI) systems.

ci-badge

Features of PSRule include:

  • Extensible - Use PowerShell, a flexible scripting language.
  • Cross-platform - Run on MacOS, Linux, and Windows.
  • Reusable - Share rules across teams or organizations.
  • Recommendations - Include detailed instructions to remediate issues.

Support

This project uses GitHub Issues to track bugs and feature requests. Please search the existing issues before filing new issues to avoid duplicates.

  • For new issues, file your bug or feature request as a new issue.
  • For help, discussion, and support questions about using this project, join or start a discussion.

Support for this project/ product is limited to the resources listed above.

Getting the module

You can download and install the PSRule module from the PowerShell Gallery.

Module Description Downloads / instructions
PSRule Validate infrastructure as code (IaC) and objects using PowerShell rules. latest / instructions

For rule and integration modules see related projects.

Getting extensions

Companion extensions are available for the following platforms.

Platform Description Downloads / instructions
Azure Pipelines Validate infrastructure as code (IaC) and DevOps repositories using Azure Pipelines. latest / instructions
GitHub Actions Validate infrastructure as code (IaC) and DevOps repositories using GitHub Actions. latest / instructions
Visual Studio Code Visual Studio Code extension for PSRule. latest / instructions

Getting started

The following example shows basic PSRule usage for validating PowerShell objects. For specific use cases see scenarios.

For frequently asked questions, see the FAQ.

Define a rule

To define a rule, use a Rule block saved to a file with the .Rule.ps1 extension.

Rule 'NameOfRule' {
    # Rule conditions
}

Within the body of the rule provide one or more conditions. A condition is valid PowerShell that results in $True or $False.

For example:

Rule 'isFruit' {
    # Condition to determine if the object is fruit
    $TargetObject.Name -in 'Apple', 'Orange', 'Pear'
}

An optional result message can be added to by using the Recommend keyword.

Rule 'isFruit' {
    # An recommendation to display in output
    Recommend 'Fruit is only Apple, Orange and Pear'

    # Condition to determine if the object is fruit
    $TargetObject.Name -in 'Apple', 'Orange', 'Pear'
}

The rule is saved to a file named isFruit.Rule.ps1 file. One or more rules can be defined within a single file.

Execute a rule

To execute the rule use Invoke-PSRule.

For example:

# Define objects to validate
$items = @();
$items += [PSCustomObject]@{ Name = 'Fridge' };
$items += [PSCustomObject]@{ Name = 'Apple' };

# Validate each item using rules saved in current working path
$items | Invoke-PSRule;

The output of this example is:

   TargetName: Fridge

RuleName                            Outcome    Recommendation
--------                            -------    --------------
isFruit                             Fail       Fruit is only Apple, Orange and Pear


   TargetName: Apple

RuleName                            Outcome    Recommendation
--------                            -------    --------------
isFruit                             Pass       Fruit is only Apple, Orange and Pear

Additional options

To filter results to only non-fruit results, use Invoke-PSRule -Outcome Fail. Passed, failed and error results are shown by default.

# Only show non-fruit results
$items | Invoke-PSRule -Outcome Fail;

For a summary of results for each rule use Invoke-PSRule -As Summary.

For example:

# Show rule summary
$items | Invoke-PSRule -As Summary;

The output of this example is:

RuleName                            Pass  Fail  Outcome
--------                            ----  ----  -------
isFruit                             1     1     Fail

An optional failure reason can be added to the rule block by using the Reason keyword.

Rule 'isFruit' {
    # An recommendation to display in output
    Recommend 'Fruit is only Apple, Orange and Pear'

    # An failure reason to display for non-fruit
    Reason "$($PSRule.TargetName) is not fruit."

    # Condition to determine if the object is fruit
    $TargetObject.Name -in 'Apple', 'Orange', 'Pear'
}

To include the reason with output use Invoke-PSRule -OutputFormat Wide.

For example:

# Show failure reason for failing results
$items | Invoke-PSRule -OutputFormat Wide;

The output of this example is:

   TargetName: Fridge

RuleName                            Outcome    Reason                              Recommendation
--------                            -------    ------                              --------------
isFruit                             Fail       Fridge is not fruit.                Fruit is only Apple, Orange and Pear


   TargetName: Apple

RuleName                            Outcome    Reason                              Recommendation
--------                            -------    ------                              --------------
isFruit                             Pass                                           Fruit is only Apple, Orange and Pear

The final rule is saved to isFruit.Rule.ps1.

Scenarios

For walk through examples of PSRule usage see:

Language reference

PSRule extends PowerShell with domain specific language (DSL) keywords, cmdlets and automatic variables.

Keywords

The following language keywords are used by the PSRule module:

  • Rule - A rule definition.
  • Exists - Assert that a field or property must exist.
  • Match - Assert that the field must match any of the regular expressions.
  • AnyOf - Assert that any of the child expressions must be true.
  • AllOf - Assert that all of the child expressions must be true.
  • Within - Assert that the field must match any of the values.
  • TypeOf - Assert that the object must be of a specific type.
  • Reason - Return a reason for why the rule failed.
  • Recommend - Return a recommendation to resolve the issue and pass the rule.

Commands

The following commands exist in the PSRule module:

Concepts

The following conceptual topics exist in the PSRule module:

Schemas

PSRule uses the following schemas:

  • Options - Schema for PSRule YAML options file.
  • Resources - Schema for PSRule YAML resources such as baselines.

Related projects

The following projects use or integrate with PSRule.

Name Description
PSRule.Rules.Azure A suite of rules to validate Azure resources and infrastructure as code (IaC) using PSRule.
PSRule.Rules.Kubernetes A suite of rules to validate Kubernetes resources using PSRule.
PSRule.Rules.CAF A suite of rules to validate Azure resources against the Cloud Adoption Framework (CAF) using PSRule.
PSRule.Rules.GitHub A suite of rules to validate GitHub repositories using PSRule.
PSRule.Rules.MSFT.OSS A suite of rules to validate repositories against Microsoft Open Source Software (OSS) requirements.
PSRule.Monitor Send and query PSRule analysis results in Azure Monitor.
PSRule-pipelines Validate infrastructure as code (IaC) and DevOps repositories using Azure Pipelines.
ps-rule Validate infrastructure as code (IaC) and DevOps repositories using GitHub Actions.
PSRule-vscode Visual Studio Code extension for PSRule.

Changes and versioning

Modules in this repository use semantic versioning to declare breaking changes. For a list of module changes please see the change log.

Pre-release module versions are created on major commits and can be installed from the PowerShell Gallery. Pre-release versions should be considered experimental. Modules and change log details for pre-releases will be removed as stable releases are made available.

Contributing

This project welcomes contributions and suggestions. If you are ready to contribute, please visit the contribution guide.

Code of Conduct

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.

Maintainers

License

This project is licensed under the MIT License.


Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
c-sharp (11,742
powershell (1,259
devops (548
testing-tools (197
devops-tools (83
infrastructure-as-code (83
rule-engine (23
rule (16
powershell-module (15

Find Open Source By Browsing 7,000 Topics Across 59 Categories