en-AU/about_PSRule_Expressions.help.txt
TOPIC
about_psrule_expressions SHORT DESCRIPTION Describes PSRule expressions and how to use them. LONG DESCRIPTION PSRule expressions are used within YAML-based rules or selectors to evaluate an object. Expressions are comprised of nested conditions, operators, and comparison properties. The following conditions are available: - APIVersion - Contains - Count - Equals - EndsWith - Exists - Greater - GreaterOrEquals - HasDefault - HasSchema - HasValue - In - IsLower - IsString - IsArray - IsBoolean - IsDateTime - IsInteger - IsNumeric - IsUpper - Less - LessOrEquals - Like - Match - NotContains - NotCount - NotEndsWith - NotEquals - NotIn - NotLike - NotMatch - NotStartsWith - NotWithinPath - SetOf - StartsWith - Subset - WithinPath - Version The following operators are available: - AllOf - AnyOf - Not The following comparison properties are available: - Field - Name - Scope - Source - Type ALLOF The `allOf` operator is used to require all nested expressions to match. When any nested expression does not match, `allOf` does not match. This is similar to a logical and operation. Additionally sub-selectors can be used to modify the `allOf` operator. Sub-selectors allow filtering and looping through arrays of objects before the `allOf` operator is applied. See sub-selectors for more information. Syntax: allOf: <expression[]> For example: ```yaml apiVersion: github.com/microsoft/PSRule/v1 kind: Rule metadata: name: 'ExampleAllOf' spec: condition: allOf: # Both Name and Description must exist. - field: 'Name' exists: true - field: 'Description' exists: true --- apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: 'ExampleAllOf' spec: if: allOf: # Both Name and Description must exist. - field: 'Name' exists: true - field: 'Description' exists: true ### AnyOf The `anyOf` operator is used to require one or more nested expressions to match. When any nested expression matches, `allOf` matches. This is similar to a logical _or_ operation. Additionally sub-selectors can be used to modify the `anyOf` operator. Sub-selectors allow filtering and looping through arrays of objects before the `anyOf` operator is applied. See sub-selectors for more information. Syntax: yaml anyOf: <expression[]> For example: yaml apiVersion: github.com/microsoft/PSRule/v1 kind: Rule metadata: name: 'ExampleAnyOf' spec: condition: anyOf: # Name and/ or AlternativeName must exist. - field: 'Name' exists: true - field: 'AlternativeName' exists: true --- apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: 'ExampleAnyOf' spec: if: anyOf: # Name and/ or AlternativeName must exist. - field: 'Name' exists: true - field: 'AlternativeName' exists: true ### APIVersion The `apiVersion` condition determines if the operand is a valid date version. A constraint can optionally be provided to require the date version to be within a range. Supported version constraints for expression are the same as the `$Assert.APIVersion` assertion helper. Syntax: yaml apiVersion: <string> includePrerelease: <bool> For example: yaml apiVersion: github.com/microsoft/PSRule/v1 kind: Rule metadata: name: 'ExampleAPIVersion' spec: condition: field: 'engine.apiVersion' apiVersion: '>=2015-10-01' --- apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: 'ExampleAnyAPIVersion' spec: if: field: 'engine.apiVersion' apiVersion: '' --- apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: 'ExampleAPIVersionIncludingPrerelease' spec: if: field: 'engine.apiVersion' apiVersion: '>=2015-10-01' includePrerelease: true ### Contains The `contains` condition can be used to determine if the operand contains a specified sub-string. One or more strings to compare can be specified. - `caseSensitive` - Optionally, a case sensitive-comparison can be performed. By default, case-insensitive comparison is performed. - `convert` - Optionally, types can be converted to string type. By default `convert` is `false`. Syntax: yaml contains: <string | array> caseSensitive: <boolean> convert: <boolean> - If the operand is a field, and the field does not exist, _contains_ always returns `false`. For example: yaml apiVersion: github.com/microsoft/PSRule/v1 kind: Rule metadata: name: 'ExampleContains' spec: condition: anyOf: - field: 'url' contains: '/azure/' - field: 'url' contains: - 'github.io' - 'github.com' --- apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: 'ExampleContains' spec: if: anyOf: - field: 'url' contains: '/azure/' - field: 'url' contains: - 'github.io' - 'github.com' ### Count The `count` condition is used to determine if the operand contains a specified number of items. Syntax: yaml count: <int> For example: yaml apiVersion: github.com/microsoft/PSRule/v1 kind: Rule metadata: name: 'ExampleCount' spec: condition: field: 'items' count: 2 --- apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: 'ExampleCount' spec: if: field: 'items' count: 2 ### Equals The `equals` condition can be used to compare if the operand is equal to a supplied value. - `caseSensitive` - Optionally, a case sensitive-comparison can be performed. This only applies to string comparisons. By default, case-insensitive comparison is performed. - `convert` - Optionally, perform type conversion on operand type. By default `convert` is `false`. Syntax: yaml equals: <string | int | bool> caseSensitive: <boolean> convert: <boolean> For example: yaml apiVersion: github.com/microsoft/PSRule/v1 kind: Rule metadata: name: 'ExampleEquals' spec: condition: field: 'Name' equals: 'TargetObject1' --- apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: 'ExampleEquals' spec: if: field: 'Name' equals: 'TargetObject1' ### EndsWith The `endsWith` condition can be used to determine if the operand ends with a specified string. One or more strings to compare can be specified. - `caseSensitive` - Optionally, a case sensitive-comparison can be performed. By default, case-insensitive comparison is performed. - `convert` - Optionally, types can be converted to string type. By default `convert` is `false`. Syntax: yaml endsWith: <string | array> caseSensitive: <boolean> convert: <boolean> - If the operand is a field, and the field does not exist, _endsWith_ always returns `false`. For example: yaml apiVersion: github.com/microsoft/PSRule/v1 kind: Rule metadata: name: 'ExampleEndsWith' spec: condition: anyOf: - field: 'hostname' endsWith: '.com' - field: 'hostname' endsWith: - '.com.au' - '.com' --- apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: 'ExampleEndsWith' spec: if: anyOf: - field: 'hostname' endsWith: '.com' - field: 'hostname' endsWith: - '.com.au' - '.com' ### Exists The `exists` condition determines if the specified field exists. Syntax: yaml exists: <bool> - When `exists: true`, exists will return `true` if the field exists. - When `exists: false`, exists will return `true` if the field does not exist. For example: yaml apiVersion: github.com/microsoft/PSRule/v1 kind: Rule metadata: name: 'ExampleExists' spec: condition: field: 'Name' exists: true --- apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: 'ExampleExists' spec: if: field: 'Name' exists: true ### Field The comparison property `field` is used with a condition to determine field of the object to evaluate. A field can be: - A property name. - A key within a hashtable or dictionary. - An index in an array or collection. - A nested path through an object. Syntax: yaml field: <string> For example: yaml apiVersion: github.com/microsoft/PSRule/v1 kind: Rule metadata: name: 'ExampleField' spec: condition: field: 'Properties.securityRules[0].name' exists: true --- apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: 'ExampleField' spec: if: field: 'Properties.securityRules[0].name' exists: true ### Greater The `greater` condition determines if the operand is greater than a supplied value. The field value can either be an integer, float, array, or string. - `convert` - Optionally, perform type conversion on operand type. By default `convert` is `false`. When the field value is: - An integer or float, a numerical comparison is used. - An array, the number of elements is compared. - A string, the length of the string is compared. If `convert` is `true`, the string is converted a number instead. - A DateTime, the number of days from the current time is compared. Syntax: yaml greater: <int> convert: <boolean> For example: yaml apiVersion: github.com/microsoft/PSRule/v1 kind: Rule metadata: name: 'ExampleGreater' spec: condition: field: 'Name' greater: 3 --- apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: 'ExampleGreater' spec: if: field: 'Name' greater: 3 ### GreaterOrEquals The `greaterOrEquals` condition determines if the operand is greater or equal to the supplied value. The field value can either be an integer, float, array, or string. - `convert` - Optionally, perform type conversion on operand type. By default `convert` is `false`. When the field value is: - An integer or float, a numerical comparison is used. - An array, the number of elements is compared. - A string, the length of the string is compared. If `convert` is `true`, the string is converted a number instead. - A DateTime, the number of days from the current time is compared. Syntax: yaml greaterOrEquals: <int> convert: <boolean> For example: yaml apiVersion: github.com/microsoft/PSRule/v1 kind: Rule metadata: name: 'ExampleGreaterOrEquals' spec: condition: field: 'Name' greaterOrEquals: 3 --- apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: 'ExampleGreaterOrEquals' spec: if: field: 'Name' greaterOrEquals: 3 ### HasDefault The `hasDefault` condition determines if the field exists that it is set to the specified value. If the field does not exist, the condition will return `true`. The following properties are accepted: - `caseSensitive` - Optionally, a case-sensitive comparison can be performed for string values. By default, case-insensitive comparison is performed. Syntax: yaml hasDefault: <string | int | bool> caseSensitive: <bool> For example: yaml apiVersion: github.com/microsoft/PSRule/v1 kind: Rule metadata: name: 'ExampleHasDefault' spec: condition: field: 'enabled' hasDefault: true --- apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: 'ExampleHasDefault' spec: if: field: 'enabled' hasDefault: true ### HasSchema The `hasSchema` condition determines if the operand has a `$schema` property defined. If the `$schema` property is defined, it must match one of the specified schemas. If a trailing `#` is specified it is ignored. The following properties are accepted: - `caseSensitive` - Optionally, a case-sensitive comparison can be performed. By default, case-insensitive comparison is performed. - `ignoreScheme` - Optionally, the URI scheme is ignored in the comparison. By default, the scheme is compared. When `true`, the schema will match if either `http://` or `https://` is specified. Syntax: yaml hasSchema: <array> caseSensitive: <bool> ignoreScheme: <bool> - When `hasSchema: []`, hasSchema will return `true` if any non-empty `$schema` property is defined. For example: yaml apiVersion: github.com/microsoft/PSRule/v1 kind: Rule metadata: name: 'ExampleHasSchema' spec: condition: field: '.' hasSchema: - https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json# --- apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: 'ExampleHasSchema' spec: if: field: '.' hasSchema: - https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json# - https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json# ignoreScheme: true --- apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: 'ExampleHasAnySchema' spec: if: field: '.' hasSchema: [] ### HasValue The `hasValue` condition determines if the field exists and has a non-empty value. Syntax: yaml hasValue: <bool> - When `hasValue: true`, hasValue will return `true` if the field is not empty. - When `hasValue: false`, hasValue will return `true` if the field is empty. For example: yaml apiVersion: github.com/microsoft/PSRule/v1 kind: Rule metadata: name: 'ExampleHasValue' spec: condition: field: 'Name' hasValue: true --- apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: 'ExampleHasValue' spec: if: field: 'Name' hasValue: true ### In The `in` condition can be used to compare if a field contains one of the specified values. Syntax: yaml in: <array> For example: yaml apiVersion: github.com/microsoft/PSRule/v1 kind: Rule metadata: name: 'ExampleIn' spec: condition: field: 'Name' in: - 'Value1' - 'Value2' --- apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: 'ExampleIn' spec: if: field: 'Name' in: - 'Value1' - 'Value2' ### IsLower The `isLower` condition determines if the operand is a lowercase string. Syntax: yaml isLower: <bool> - When `isLower: true`, _isLower_ will return `true` if the operand is a lowercase string. Non-letter characters are ignored. - When `isLower: false`, _isLower_ will return `true` if the operand is not a lowercase string. - If the operand is a field, and the field does not exist _isLower_ always returns `false`. For example: yaml apiVersion: github.com/microsoft/PSRule/v1 kind: Rule metadata: name: 'ExampleIsLower' spec: condition: field: 'Name' isLower: true --- apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: 'ExampleIsLower' spec: if: field: 'Name' isLower: true ### IsString The `isString` condition determines if the operand is a string or other type. Syntax: yaml isString: <bool> - When `isString: true`, _isString_ will return `true` if the operand is a string. - When `isString: false`, _isString_ will return `true` if the operand is not a string or is null. - If the operand is a field, and the field does not exist _isString_ always returns `false`. For example: yaml apiVersion: github.com/microsoft/PSRule/v1 kind: Rule metadata: name: 'ExampleIsString' spec: condition: field: 'Name' isString: true --- apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: 'ExampleIsString' spec: if: field: 'Name' isString: true ### IsArray The `isArray` condition determines if the operand is an array or other type. Syntax: yaml isArray: <bool> - When `isArray: true`, _isArray_ will return `true` if the operand is an array. - When `isArray: false`, _isArray_ will return `true` if the operand is not an array or null. - If the operand is a field, and the field does not exist, _isArray_ always returns `false`. For example: yaml SYNOPSIS: USING ISARRAY apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: IsArrayExample spec: if: field: 'Value' isArray: true ### IsBoolean The `isBoolean` condition determines if the operand is a boolean or other type. - `convert` - Optionally, types can be converted to boolean type. E.g. `'true'` can be converted to `true`. By default `convert` is `false`. yaml isBoolean: <bool> convert: <bool> - When `isBoolean: true`, _isBoolean_ will return `true` if the operand is a boolean. - When `isBoolean: false`, _isBoolean_ will return `false` if the operand is not a boolean or null. - When `convert: true`, types will be converted to boolean before condition is evaluated. For example: yaml SYNOPSIS: USING ISBOOLEAN apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: IsBooleanExample spec: if: field: 'Value' isBoolean: true --- SYNOPSIS: USING ISBOOLEAN WITH CONVERSION apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: IsBooleanExampleWithConversion spec: if: field: 'Value' isBoolean: true convert: true ### IsDateTime The `isDateTime` condition determines if the operand is a datetime or other type. - `convert` - Optionally, types can be converted to datetime type. E.g. `'2021-04-03T15:00:00.00+10:00'` can be converted to a datetime. By default `convert` is `false`. yaml isDateTime: <bool> convert: <bool> - When `isDateTime: true`, _isDateTime_ will return `true` if the operand is a datetime. - When `isDateTime: false`, _isDateTime_ will return `false` if the operand is not a datetime or null. - When `convert: true`, types will be converted to datetime before condition is evaluated. For example: yaml SYNOPSIS: USING ISDATETIME apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: IsDateTimeExample spec: if: field: 'Value' isDateTime: true --- SYNOPSIS: USING ISDATETIME WITH CONVERSION apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: IsDateTimeExampleWithConversion spec: if: field: 'Value' isDateTime: true convert: true ### IsInteger The `isInteger` condition determines if the operand is a an integer or other type. The following types are considered integer types `int`, `long`, `byte`. - `convert` - Optionally, types can be converted to integer type. E.g. `'123'` can be converted to `123`. By default `convert` is `false`. yaml isInteger: <bool> convert: <bool> - When `isInteger: true`, _isInteger_ will return `true` if the operand is an integer. - When `isInteger: false`, _isInteger_ will return `false` if the operand is not an integer or null. - When `convert: true`, types will be converted to integer before condition is evaluated. For example: yaml SYNOPSIS: USING ISINTEGER apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: IsIntegerExample spec: if: field: 'Value' isInteger: true --- SYNOPSIS: USING ISINTEGER WITH CONVERSION apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: IsIntegerExampleWithConversion spec: if: field: 'Value' isInteger: true convert: true ### IsNumeric The `isNumeric` condition determines if the operand is a a numeric or other type. The following types are considered numeric types `int`, `long`, `float`, `byte`, `double`. - `convert` - Optionally, types can be converted to numeric type. E.g. `'123'` can be converted to `123`. By default `convert` is `false`. yaml isNumeric: <bool> convert: <bool> - When `isNumeric: true`, _isNumeric_ will return `true` if the operand is a numeric. - When `isNumeric: false`, _isNumeric_ will return `false` if the operand is not a numeric or null. - When `convert: true`, types will be converted to numeric before condition is evaluated. For example: yaml SYNOPSIS: USING ISNUMERIC apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: IsNumericExample spec: if: field: 'Value' isNumeric: true --- SYNOPSIS: USING ISNUMERIC WITH CONVERSION apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: IsNumercExampleWithConversion spec: if: field: 'Value' isNumeric: true convert: true ### IsUpper The `isUpper` condition determines if the operand is an uppercase string. Syntax: yaml isUpper: <bool> - When `isUpper: true`, _isUpper_ will return `true` if the operand is an uppercase string. Non-letter characters are ignored. - When `isUpper: false`, _isUpper_ will return `true` if the operand is not an uppercase string. - If the operand is a field, and the field does not exist _isUpper_ always returns `false`. For example: yaml apiVersion: github.com/microsoft/PSRule/v1 kind: Rule metadata: name: 'ExampleIsUpper' spec: condition: field: 'Name' isUpper: true --- apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: 'ExampleIsUpper' spec: if: field: 'Name' isUpper: true ### Less The `less` condition determines if the operand is less than a supplied value. The field value can either be an integer, float, array, or string. - `convert` - Optionally, perform type conversion on operand type. By default `convert` is `false`. When the field value is: - An integer or float, a numerical comparison is used. - An array, the number of elements is compared. - A string, the length of the string is compared. If `convert` is `true`, the string is converted a number instead. - A DateTime, the number of days from the current time is compared. Syntax: yaml less: <int> convert: <boolean> For example: yaml apiVersion: github.com/microsoft/PSRule/v1 kind: Rule metadata: name: 'ExampleLess' spec: condition: field: 'Name' less: 3 --- apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: 'ExampleLess' spec: if: field: 'Name' less: 3 ### LessOrEquals The `lessOrEquals` condition determines if the operand is less or equal to the supplied value. The field value can either be an integer, float, array, or string. - `convert` - Optionally, perform type conversion on operand type. By default `convert` is `false`. When the field value is: - An integer or float, a numerical comparison is used. - An array, the number of elements is compared. - A string, the length of the string is compared. If `convert` is `true`, the string is converted a number instead. - A DateTime, the number of days from the current time is compared. Syntax: yaml lessOrEquals: <int> convert: <boolean> For example: yaml apiVersion: github.com/microsoft/PSRule/v1 kind: Rule metadata: name: 'ExampleLessOrEquals' spec: condition: field: 'Name' lessOrEquals: 3 --- apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: 'ExampleLessOrEquals' spec: if: field: 'Name' lessOrEquals: 3 ### Like The `like` condition can be used to determine if the operand matches a wildcard pattern. One or more patterns to compare can be specified. - `caseSensitive` - Optionally, a case sensitive-comparison can be performed. By default, case-insensitive comparison is performed. - `convert` - Optionally, types can be converted to string type. By default `convert` is `false`. Syntax: yaml like: <string | array> caseSensitive: <boolean> convert: <boolean> - If the operand is a field, and the field does not exist, _like_ always returns `false`. For example: yaml apiVersion: github.com/microsoft/PSRule/v1 kind: Rule metadata: name: 'ExampleLike' spec: condition: anyOf: - field: 'url' like: 'http://*' - field: 'url' like: - 'http://*' - 'https://*' --- apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: 'ExampleLike' spec: if: anyOf: - field: 'url' like: 'http://*' - field: 'url' like: - 'http://*' - 'https://*' ### Match The `match` condition can be used to compare if a field matches a supplied regular expression. - `caseSensitive` - Optionally, a case sensitive-comparison can be performed. By default, case-insensitive comparison is performed. Syntax: yaml match: <string> caseSensitive: <boolean> For example: yaml apiVersion: github.com/microsoft/PSRule/v1 kind: Rule metadata: name: 'ExampleMatch' spec: condition: field: 'Name' match: '$(abc|efg)$' --- apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: 'ExampleMatch' spec: if: field: 'Name' match: '$(abc|efg)$' ### Name The comparison property `name` is used with a condition to evaluate the target name of the object. The `name` property must be set to `.`. Any other value will cause the condition to evaluate to `false`. Syntax: yaml name: '.' For example: yaml apiVersion: github.com/microsoft/PSRule/v1 kind: Rule metadata: name: 'ExampleName' spec: condition: name: '.' equals: 'TargetObject1' --- apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: 'ExampleName' spec: if: name: '.' in: - 'TargetObject1' - 'TargetObject2' ### Not The `any` operator is used to invert the result of the nested expression. When a nested expression matches, `not` does not match. When a nested expression does not match, `not` matches. Syntax: yaml not: <expression> For example: yaml apiVersion: github.com/microsoft/PSRule/v1 kind: Rule metadata: name: 'ExampleNot' spec: condition: not: # The AlternativeName field must not exist. field: 'AlternativeName' exists: true --- apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: 'ExampleNot' spec: if: not: # The AlternativeName field must not exist. field: 'AlternativeName' exists: true ### NotContains The `notContains` condition can be used to determine if the operand contains a specified sub-string. This condition fails when any of the specified sub-strings are found in the operand. One or more strings to compare can be specified. - `caseSensitive` - Optionally, a case sensitive-comparison can be performed. By default, case-insensitive comparison is performed. - `convert` - Optionally, types can be converted to string type. By default `convert` is `false`. Syntax: yaml notContains: <string | array> caseSensitive: <boolean> convert: <boolean> - If the operand is a field, and the field does not exist, _notContains_ always returns `false`. For example: yaml apiVersion: github.com/microsoft/PSRule/v1 kind: Rule metadata: name: 'ExampleNotContains' spec: condition: anyOf: - field: 'url' notContains: '/azure/' - field: 'url' notContains: - 'github.io' - 'github.com' --- apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: 'ExampleNotContains' spec: if: anyOf: - field: 'url' notContains: '/azure/' - field: 'url' notContains: - 'github.io' - 'github.com' ### NotCount The `notCount` condition is used to determine if the operand does not contain a specified number of items. Syntax: yaml notCount: <int> For example: yaml apiVersion: github.com/microsoft/PSRule/v1 kind: Rule metadata: name: 'ExampleNotCount' spec: condition: field: 'items' notCount: 2 --- apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: 'ExampleNotCount' spec: if: field: 'items' notCount: 2 ### NotEndsWith The `notEndsWith` condition can be used to determine if the operand ends with a specified string. This condition fails when any of the specified sub-strings are found at the end of the operand. One or more strings to compare can be specified. - `caseSensitive` - Optionally, a case sensitive-comparison can be performed. By default, case-insensitive comparison is performed. - `convert` - Optionally, types can be converted to string type. By default `convert` is `false`. Syntax: yaml notEndsWith: <string | array> caseSensitive: <boolean> convert: <boolean> - If the operand is a field, and the field does not exist, _notEndsWith_ always returns `false`. For example: yaml apiVersion: github.com/microsoft/PSRule/v1 kind: Rule metadata: name: 'ExampleNotEndsWith' spec: condition: anyOf: - field: 'hostname' notEndsWith: '.com' - field: 'hostname' notEndsWith: - '.com.au' - '.com' --- apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: 'ExampleNotEndsWith' spec: if: anyOf: - field: 'hostname' notEndsWith: '.com' - field: 'hostname' notEndsWith: - '.com.au' - '.com' ### NotEquals The `notEquals` condition can be used to compare if a field is equal to a supplied value. - `caseSensitive` - Optionally, a case sensitive-comparison can be performed. This only applies to string comparisons. By default, case-insensitive comparison is performed. - `convert` - Optionally, perform type conversion on operand type. By default `convert` is `false`. Syntax: yaml notEquals: <string | int | bool> caseSensitive: <boolean> convert: <boolean> For example: yaml apiVersion: github.com/microsoft/PSRule/v1 kind: Rule metadata: name: 'ExampleNotEquals' spec: condition: field: 'Name' notEquals: 'TargetObject1' --- apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: 'ExampleNotEquals' spec: if: field: 'Name' notEquals: 'TargetObject1' ### NotIn The `notIn` condition can be used to compare if a field does not contains one of the specified values. Syntax: yaml notIn: <array> For example: yaml apiVersion: github.com/microsoft/PSRule/v1 kind: Rule metadata: name: 'ExampleNotIn' spec: condition: field: 'Name' notIn: - 'Value1' - 'Value2' --- apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: 'ExampleNotIn' spec: if: field: 'Name' notIn: - 'Value1' - 'Value2' ### NotLike The `notLike` condition can be used to determine if the operand matches a wildcard pattern. This condition fails when any of the specified patterns match the operand. One or more patterns to compare can be specified. - `caseSensitive` - Optionally, a case sensitive-comparison can be performed. By default, case-insensitive comparison is performed. - `convert` - Optionally, types can be converted to string type. By default `convert` is `false`. Syntax: yaml notLike: <string | array> caseSensitive: <boolean> convert: <boolean> - If the operand is a field, and the field does not exist, _notLike_ always returns `false`. For example: yaml apiVersion: github.com/microsoft/PSRule/v1 kind: Rule metadata: name: 'ExampleNotLike' spec: condition: anyOf: - field: 'url' notLike: 'http://*' - field: 'url' notLike: - 'http://' - 'https://' --- apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: 'ExampleNotLike' spec: if: anyOf: - field: 'url' notLike: 'http://*' - field: 'url' notLike: - 'http://' - 'https://' ### NotMatch The `notMatch` condition can be used to compare if a field does not matches a supplied regular expression. - `caseSensitive` - Optionally, a case sensitive-comparison can be performed. By default, case-insensitive comparison is performed. Syntax: yaml notMatch: <string> caseSensitive: <boolean> For example: yaml apiVersion: github.com/microsoft/PSRule/v1 kind: Rule metadata: name: 'ExampleNotMatch' spec: condition: field: 'Name' notMatch: '$(abc|efg)$' --- apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: 'ExampleNotMatch' spec: if: field: 'Name' notMatch: '$(abc|efg)$' ### NotStartsWith The `notStartsWith` condition can be used to determine if the operand starts with a specified string. This condition fails when any of the specified sub-strings are found at the start of the operand. One or more strings to compare can be specified. - `caseSensitive` - Optionally, a case sensitive-comparison can be performed. By default, case-insensitive comparison is performed. - `convert` - Optionally, types can be converted to string type. By default `convert` is `false`. Syntax: yaml notStartsWith: <string | array> caseSensitive: <boolean> convert: <boolean> - If the operand is a field, and the field does not exist, _notStartsWith_ always returns `false`. For example: yaml apiVersion: github.com/microsoft/PSRule/v1 kind: Rule metadata: name: 'ExampleNotStartsWith' spec: condition: anyOf: - field: 'url' notStartsWith: 'http' - field: 'url' notStartsWith: - 'http://' - 'https://' --- apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: 'ExampleNotStartsWith' spec: if: anyOf: - field: 'url' notStartsWith: 'http' - field: 'url' notStartsWith: - 'http://' - 'https://' ### NotWithinPath The `notWithinPath` condition determines if a file path is not within a required path. If the path is not within the required path, the condition will return `true`. If the path is within the required path, the condition will return `false`. The following properties are accepted: - `caseSensitive` - Optionally, a case-sensitive comparison can be performed for string values. By default, case-insensitive comparison is performed. Syntax: yaml notWithinPath: <array> caseSensitive: <boolean> For example: yaml SYNOPSIS: TEST NOTWITHINPATH WITH SOURCE apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: YamlSourceNotWithinPath spec: if: source: 'Template' notWithinPath: - "deployments/path/" --- SYNOPSIS: TEST NOTWITHINPATH WITH SOURCE AND CASE SENSITIVE apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: YamlSourceNotWithinPathCaseSensitive spec: if: source: 'Template' notWithinPath: - "Deployments/Path/" caseSensitive: true ### Scope The comparison property `scope` is used with a condition to evaluate any scopes assigned to the object. The `scope` property must be set to `.`. Any other value will cause the condition to evaluate to `false`. Syntax: yaml scope: '.' For example: yaml apiVersion: github.com/microsoft/PSRule/v1 kind: Rule metadata: name: 'ExampleScope' spec: condition: scope: '.' startsWith: '/' --- apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: 'ExampleScope' spec: if: scope: '.' startsWith: '/' ### SetOf The `setOf` condition can be used to determine if the operand is a set of specified values. Additionally the following properties are accepted: - `caseSensitive` - Optionally, a case sensitive-comparison can be performed. By default, case-insensitive comparison is performed. Syntax: yaml setOf: <array> caseSensitive: <bool> For example: yaml apiVersion: github.com/microsoft/PSRule/v1 kind: Rule metadata: name: 'ExampleSetOf' spec: condition: field: 'zones' setOf: - 1 - 2 - 3 caseSensitive: false --- apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: 'ExampleSetOf' spec: if: field: 'zones' setOf: - 1 - 2 - 3 caseSensitive: false ### Source The comparison property `source` is used with a condition to expose the source path for the resource. The `source` property can be set to any value. The default is `file` when objects loaded from a file don't identify a source. Syntax: yaml source: 'file' For example: yaml apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: IgnoreTestFiles spec: if: source: 'file' withinPath: 'tests/PSRule.Tests/' ### StartsWith The `startsWith` condition can be used to determine if the operand starts with a specified string. One or more strings to compare can be specified. - `caseSensitive` - Optionally, a case sensitive-comparison can be performed. By default, case-insensitive comparison is performed. - `convert` - Optionally, types can be converted to string type. By default `convert` is `false`. Syntax: yaml startsWith: <string | array> caseSensitive: <boolean> convert: <boolean> - If the operand is a field, and the field does not exist, _startsWith_ always returns `false`. For example: yaml apiVersion: github.com/microsoft/PSRule/v1 kind: Rule metadata: name: 'ExampleStartsWith' spec: condition: anyOf: - field: 'url' startsWith: 'http' - field: 'url' startsWith: - 'http://' - 'https://' --- apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: 'ExampleStartsWith' spec: if: anyOf: - field: 'url' startsWith: 'http' - field: 'url' startsWith: - 'http://' - 'https://' ### Subset The `subset` condition can be used to determine if the operand is a set of specified values. The following properties are accepted: - `caseSensitive` - Optionally, a case-sensitive comparison can be performed. By default, case-insensitive comparison is performed. - `unique` - Optionally, the operand must not contain duplicates. By default, duplicates are allowed. Syntax: yaml subset: <array> caseSensitive: <bool> unique: <bool> For example: yaml apiVersion: github.com/microsoft/PSRule/v1 kind: Rule metadata: name: 'ExampleSubset' spec: condition: field: 'logs' subset: - 'cluster-autoscaler' - 'kube-apiserver' - 'kube-scheduler' caseSensitive: true unique: true --- apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: 'ExampleSubset' spec: if: field: 'logs' subset: - 'cluster-autoscaler' - 'kube-apiserver' - 'kube-scheduler' caseSensitive: true unique: true ### Type The comparison property `type` is used with a condition to evaluate the target type of the object. The `type` property must be set to `.`. Any other value will cause the condition to evaluate to `false`. Syntax: yaml type: '.' For example: yaml apiVersion: github.com/microsoft/PSRule/v1 kind: Rule metadata: name: 'ExampleType' spec: condition: type: '.' equals: 'CustomType' --- apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: 'ExampleType' spec: if: type: '.' in: - 'Microsoft.Storage/storageAccounts' - 'Microsoft.Storage/storageAccounts/blobServices' ### Version The `version` condition determines if the operand is a valid semantic version. A constraint can optionally be provided to require the semantic version to be within a range. Supported version constraints for expression are the same as the `$Assert.Version` assertion helper. Syntax: yaml version: <string> includePrerelease: <bool> For example: yaml apiVersion: github.com/microsoft/PSRule/v1 kind: Rule metadata: name: 'ExampleVersion' spec: condition: field: 'engine.version' version: '^1.2.3' --- apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: 'ExampleAnyVersion' spec: if: field: 'engine.version' version: '' --- apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: 'ExampleVersionIncludingPrerelease' spec: if: field: 'engine.version' version: '>=1.5.0' includePrerelease: true ### WithinPath The `withinPath` condition determines if a file path is within a required path. If the path is within the required path, the condition will return `true`. If the path is not within the required path, the condition will return `false`. The following properties are accepted: - `caseSensitive` - Optionally, a case-sensitive comparison can be performed for string values. By default, case-insensitive comparison is performed. Syntax: yaml withinPath: <array> caseSensitive: <boolean> For example: yaml SYNOPSIS: TEST WITHINPATH WITH SOURCE apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: YamlSourceWithinPath spec: if: source: 'Template' withinPath: - "deployments/path/" --- SYNOPSIS: TEST WITHINPATH WITH SOURCE AND CASE SENSITIVE apiVersion: github.com/microsoft/PSRule/v1 kind: Selector metadata: name: YamlSourceWithinPathCaseSensitive spec: if: source: 'Template' withinPath: - "Deployments/Path/" caseSensitive: true ``` NOTE An online version of this document is available at <https://microsoft.github.io/PSRule/v2/concepts/PSRule/en-US/about_PSRule_Expressions/>. SEE ALSO - Invoke-PSRule KEYWORDS - Rules - Expressions - PSRule |