inputPath set to some.bicepparam file works, but throws warning has not been processed because no matching rules were found

[o-l-a-v]

Description of the issue

Setting inputPath to some.bicepparam file with PSRule.Rules.Azure seems to work as expected, but it throws a warning Target object 'some.bicepparam' has not been processed because no matching rules were found.

I do this because I want PSRule to only validate one environment in a repo; prod. So actual file name is prod.bicepparam. Ref:

• [BUG] Multiple <env>.bicepparam creates multiple issues for findings in main.bicep Azure/PSRule.Rules.Azure#2882

Output from GitHub Action we're we do not exclude any rules:

To Reproduce

Steps to reproduce the issue:

# Assets
$FilePath = [string] '.\some.bicepparam'

# Get all available rules and find the ones to exclude
$PSRuleRulesAvailable = [array](Get-PSRule -Module 'PSRule.Rules.Azure')
$PSRuleRulesExclude   = [string[]](
    $PSRuleRulesAvailable.Where{
        $_.'Tags'.'Release' -ne 'GA' -or
        $_.'Tags'.'Azure.WAF/pillar' -eq 'Reliability' -or
        $_.'Info'.'Annotations'.'severity' -eq 'Awareness'
    }.'Name' | Sort-Object
)

# Run PSRule
$PSRuleScan = [PSCustomObject[]](
    Invoke-PSRule -InputPath $FilePath -Module 'PSRule.Rules.Azure' -Outcome 'Fail','Error' -OutputFormat 'Json' -Option @{
        'AZURE_BICEP_CHECK_TOOL'             = [bool] $true
        'AZURE_BICEP_FILE_EXPANSION'         = [bool] $true
        'AZURE_BICEP_FILE_EXPANSION_TIMEOUT' = [uint16] 30
        'AZURE_BICEP_PARAMS_FILE_EXPANSION'  = [bool] $true
    } | ConvertFrom-Json | Where-Object -FilterScript {$_.'ruleName' -notin $PSRuleRulesExclude} | Sort-Object -Property 'ruleName'
)

Expected behaviour

Should not throw a warning?

Error output

No error.

Module in use and version:

• PowerShell v7.4.2 on Windows 11 x64 and GitHub Actions with ubuntu-latest.
• PSRule v2.9.0
• PSRule.Rules.Azure v1.36.0

Additional context

[BernieWhite]

Hi @o-l-a-v this is intended. The behaviour will change in PSRule v3, because it is a common cause for confusion.

---

Expanding my explanation, by default, PSRule will warn objects that are processed and no rules have run. Each file is treated as an independent object in addition to the Azure resources contained within.

Because you have no rules that check this object (PSRule for Azure doesn't ship with any) the warning is generated.

You can toggle of the warning by setting the Execution.UnprocessedObject option to Ignore.

See: https://microsoft.github.io/PSRule/v2/concepts/PSRule/en-US/about_PSRule_Options/#executionunprocessedobject

---

If there is no further issue, let's close this issue.

[o-l-a-v]

Thanks for the explaination @BernieWhite.

I wrongfully assumed PSRule analyzed the results of Bicep build.

[BernieWhite]

@o-l-a-v In part it does, but not by a rule.

If Bicep generates a Error either via a linter rule that is set to error or a general compile issue PSRule will propagate the error up and generate an error, which will result in breaking the build. But there is no rule that drives this, so a warning would still be generated.