A cross-platform PowerShell module (Windows, Linux, and MacOS) with commands to validate objects on the pipeline using PowerShell syntax.
Features of PSRule include:
- Extensible - Use PowerShell, a flexible scripting language.
- Cross-platform - Run on MacOS, Linux and Windows.
- Reusable - Share rules across teams or organizations.
- Recommendations - Include detailed instructions to remediate issues.
This project is to be considered a proof-of-concept and not a supported product.
If you have any problems please check our GitHub issues page. If you do not see your problem captured, please file a new issue and follow the provided template.
You can download and install the PSRule module from the PowerShell Gallery.
Module | Description | Downloads / instructions |
PSRule | Validate objects using PowerShell rules | latest / instructions |
A companion extension for Visual Studio Code can be downloaded or installed from the Visual Studio Marketplace.
Extension | Description | Downloads / instructions |
PSRule | An extension for IT Pros using the PSRule PowerShell module | latest / instructions |
The following example shows basic PSRule usage. For specific use cases see scenarios.
To define a rule, use a Rule
block saved to a file with the .Rule.ps1
Rule 'NameOfRule' {
# Rule conditions
Within the body of the rule provide one or more conditions. A condition is valid PowerShell that results in $True
or $False
For example:
Rule 'isFruit' {
# Condition to determine if the object is fruit
$TargetObject.Name -in 'Apple', 'Orange', 'Pear'
An optional result message can be added to by using the Recommend
Rule 'isFruit' {
# An recommendation to display in output
Recommend 'Fruit is only Apple, Orange and Pear'
# Condition to determine if the object is fruit
$TargetObject.Name -in 'Apple', 'Orange', 'Pear'
The rule is saved to a file named isFruit.Rule.ps1
file. One or more rules can be defined within a single file.
To execute the rule use Invoke-PSRule
For example:
# Define objects to validate
$items = @();
$items += [PSCustomObject]@{ Name = 'Fridge' };
$items += [PSCustomObject]@{ Name = 'Apple' };
# Validate each item using rules saved in current working path
$items | Invoke-PSRule;
The output of this example is:
TargetName: Fridge
RuleName Outcome Recommendation
-------- ------- --------------
isFruit Fail Fruit is only Apple, Orange and Pear
TargetName: Apple
RuleName Outcome Recommendation
-------- ------- --------------
isFruit Pass Fruit is only Apple, Orange and Pear
To filter results to only non-fruit results, use Invoke-PSRule -Outcome Fail
. Passed, failed and error results are shown by default.
# Only show non-fruit results
$items | Invoke-PSRule -Outcome Fail;
For a summary of results for each rule use Invoke-PSRule -As Summary
For example:
# Show rule summary
$items | Invoke-PSRule -As Summary;
The output of this example is:
RuleName Pass Fail Outcome
-------- ---- ---- -------
isFruit 1 1 Fail
An optional failure reason can be added to the rule block by using the Reason
Rule 'isFruit' {
# An recommendation to display in output
Recommend 'Fruit is only Apple, Orange and Pear'
# An failure reason to display for non-fruit
Reason "$($Rule.TargetName) is not fruit."
# Condition to determine if the object is fruit
$TargetObject.Name -in 'Apple', 'Orange', 'Pear'
To include the reason with output use Invoke-PSRule -OutputFormat Wide
For example:
# Show failure reason for failing results
$items | Invoke-PSRule -OutputFormat Wide;
The output of this example is:
TargetName: Fridge
RuleName Outcome Reason Recommendation
-------- ------- ------ --------------
isFruit Fail Fridge is not fruit. Fruit is only Apple, Orange and Pear
TargetName: Apple
RuleName Outcome Reason Recommendation
-------- ------- ------ --------------
isFruit Pass Fruit is only Apple, Orange and Pear
The final rule is saved to isFruit.Rule.ps1
For walk through examples of PSRule usage see:
- Validate configuration of Azure resources
- Validate Azure resources tags
- Validate Kubernetes resources
- Using within continuous integration
PSRule extends PowerShell with domain specific language (DSL) keywords, cmdlets and automatic variables.
The following language keywords are used by the PSRule
- Rule - A rule definition.
- Exists - Assert that a field or property must exist.
- Match - Assert that the field must match any of the regular expressions.
- AnyOf - Assert that any of the child expressions must be true.
- AllOf - Assert that all of the child expressions must be true.
- Within - Assert that the field must match any of the values.
- TypeOf - Assert that the object must be of a specific type.
- Reason - Return a reason for why the rule failed.
- Recommend - Return a recommendation to resolve the issue and pass the rule.
The following commands exist in the PSRule
- Assert-PSRule - Evaluate objects against matching rules and assert any failures.
- Get-PSRule - Get a list of rule definitions.
- Get-PSRuleBaseline - Get a list of baselines.
- Get-PSRuleHelp - Get documentation for a rule.
- Invoke-PSRule - Evaluate objects against matching rules and output the results.
- New-PSRuleOption - Create options to configure PSRule execution.
- Set-PSRuleOption - Sets options that configure PSRule execution.
- Test-PSRuleTarget - Pass or fail objects against matching rules.
The following conceptual topics exist in the PSRule
- Assert
- Baselines
- Docs
- Options
- Binding.IgnoreCase
- Binding.TargetName
- Binding.TargetType
- Configuration
- Execution.LanguageMode
- Execution.InconclusiveWarning
- Execution.NotProcessedWarning
- Input.Format
- Input.ObjectPath
- Logging.LimitDebug
- Logging.LimitVerbose
- Logging.RuleFail
- Logging.RulePass
- Output.As
- Output.Encoding
- Output.Format
- Output.Path
- Output.Style
- Rule.Include
- Rule.Exclude
- Rule.Tag
- Suppression
- Variables
PSRule uses the following schemas:
- PSRuleOptions - Schema for PSRule YAML configuration file.
Modules in this repository will use the semantic versioning model to declare breaking changes from v1.0.0. Prior to v1.0.0, breaking changes may be introduced in minor (0.x.0) version increments. For a list of module changes please see the change log.
Pre-release module versions are created on major commits and can be installed from the PowerShell Gallery. Pre-release versions should be considered experimental. Modules and change log details for pre-releases will be removed as standard releases are made available.
This project is licensed under the MIT License.