Azure Resource Manager (ARM) templates let you define your Azure infrastructure as code. Because it's in code, you can run tests against this code, and I've spoken about using Pester, the PowerShell testing framework to test ARM templates before. By testing your templates, you can attempt to catch errors before you deploy.
The ARM Template Tool Kit is a new static code analyser for ARM templates created by Microsoft. It's an open-source PowerShell library that you can use to validate your templates against a series of test cases. These test cases are generic and designed to validate that your templates are following best practice, a little like the PowerShell PSScriptAnalyzer tool. The ARM TTK tests for:
- Templates are using a valid schema
- Locations are not hardcoded
- Outputs don't contain secrets
- ID's are derived from resource ID's
- Templates do not contain blanks
Currently, there are around 21 tests that run against your templates; I'm sure this will grow over time as we build up a library of useful tests. This project is open-source, so if you have tests you think should be added, then this is an excellent opportunity to add them yourself, visit the GitHub repo.
Installing the TTK
Unfortunately, the TTK hasn't yet made it to the PowerShell gallery as a module, so you need to install it manually from GitHub. To make it more difficult, it's also not stored in its own repo but is part of the Azure Quick Start templates repository. Git makes it very difficult to check out a single folder, so you will probably end up checking out the whole repo to get this. The QuickStart repo is quite large, so if you are only checking this out to get hold of the TTK (rather than planning to commit back), you use the git shallow clone command to limit the download.
git clone --depth 1 https://github.com/Azure/azure-quickstart-templates.git
Once you have cloned this, you will find the TTK inside the test\arm-ttk folder.
Running the TTK
There are 3 ways you can run the TTK:
- From the Windows command line using Test-AzTemplate.cmd
- From the Linux Terminal using Test-AzTemplate.sh
- From the PowerShell library
Test-AzTemplate.cmd and .sh are both just wrappers calling the PowerShell library, so we will look at using the PowerShell library directly, as this will provide more options for automating the tests.
Note that if you are planning on running these tests on Linux, you need to have PowerShell core installed.
To run the tests, we first need to import the library, which you can do either from where you checked out the files, or copying the module into your PowerShell modules folder.
import-module <path to ttks module folder>\arm-ttk.psd1
Now the module is imported we can use the “Test-AzTemplate” command to run the test. There is only 1 required parameter, which is the path the template file or folder containing the template file you want to test.
To test a single file called azuredeploy.json, we can run:
Test-AzTemplate <path to template file>\azuredeploy.json
This command runs all of the tests against that file and outputs the results to the console using the standard Pester format.
If you want to run tests against multiple files in a folder, you can pass in the name of a folder. However, there is a limitation here; this command will only run tests against files called “azuredeploy.json” or “maintemplate.json”. If you want to run tests against any Json file in the folder then you could do something like this:
get-childitem <path to folder> *.json | Test-AzTemplate
This command runs tests against all Json files in that folder. If you also have parameter files in the folder, which shouldn't be tested, then we can amend the command to exclude those based on a naming convention. I generally name my parameter files as “tempalteName.parameters.json”, so we can exclude them like this:
get-childitem <path to folder> *.json -exclude *.parameters.json| Test-AzTemplate
The Test-AzTemplate command also has some optional parameters that allow you to specify the specific test cases you wish to run, or to skip specific test cases, to tailor the tests to your needs.
Contributing to the TTK
While this is a Microsoft created project, it is open-source and available on GitHub. If you have tests you think would be useful, ideas for improvements or issues, please do consider contributing or raising an issue on GitHub to help improve this tool. Hopefully, we can make this the source for validating ARM Template best practice.