Created
June 24, 2025 12:13
-
-
Save andrewmatveychuk/d51229079bbe33be9e917b3e85ea620e to your computer and use it in GitHub Desktop.
A sample Pester test to validate your Azure Policy behavior
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # [Redacted] Importing required modules... | |
| Describe "Testing policy 'Require a minimum TLS version for a Storage account...'" { | |
| Context 'When a Storage account is created or updated' { | |
| It 'Should deny incompliant TLS version settings' { | |
| AzTest -ResourceGroup { | |
| param($ResourceGroup) | |
| #region Arrange | |
| # You can use PowerShell parameter splatting to setup the input for your test | |
| $Params = @{ | |
| ResourceGroupName = $ResourceGroup.ResourceGroupName | |
| Name = 'mystorageaccount' # Ideally this should be randomized to avoid resource name conflicts | |
| Location = $ResourceGroup.Location | |
| SkuName = 'Standard_LRS' | |
| Kind = 'StorageV2' | |
| MinimumTlsVersion = 'TLS1_0' # This should be different from what is required by the policy | |
| ErrorAction = 'Stop' # This is to generate an exception on error to be caught during the assertion | |
| } | |
| #endregion Arrange | |
| #region Act & Assert | |
| # The following deployment should be disallowed by policy. | |
| # You need to explicitly check for you policy name to avoid false positives. | |
| New-AzStorageAccount @Params | Should -Throw '*RequestDisallowedByPolicy*Deny-Storage-Account-Incorrect_TLS*' | |
| #endregion Act & Assert | |
| } | |
| } | |
| } | |
| # Any other test cases | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment