feat: implement ps script analyzer fixes (#444)

* implement ps script analyzer fixes

* add script analyzer to build stage

* suppress warning

* $null should be on the left side of equality comparisons

* minor typo fixes

* don't use `Diagnostics.CodeAnalysis.SuppressMessageAttribute` but use `write-debug`

Author: pim-simons

build/ci-build.yml

@@ -82,6 +82,8 @@ stages:
           vmImage: '$(Vm.Linux.Image)'
         steps:
           - template: 'templates/replace-tokens.yml'
+          - powershell: Invoke-ScriptAnalyzer -Path ./src -Recurse -Settings ./powershell-psscriptanalyzer.psd1 -ReportSummary -EnableExit
+            displayName: 'Analyze scripts'
           - task: CopyFiles@2
             displayName: 'Copy build artifacts'
             inputs:

docs/preview/02-Guidelines/setting-arm-outputs-to-azure-devops-variable-group.md

@@ -9,7 +9,7 @@ In ARM and Bicep templates it is possible to specify [output parameters](https:/
 
 To enable maximum re-use of these output parameters within your environment we developed [this script](https://scripting.arcus-azure.net/Features/powershell/azure-devops#setting-arm-outputs-to-azure-devops-variable-group) which is available in the `Arcus.Scripting.DevOps` PowerShell module. It allows you to store those output parameters in an Azure DevOps variable group. This helps you in making sure certain parameters are available throughout your Azure DevOps environment.
 
-For example, think of a use-case where your vital infrastructure components are deployed in a seperate Azure DevOps pipeline and need to be referenced from other components. Storing the necessary information such as identifiers, locations or names of these components in an Azure DevOps variable group allows you to easily use these values from other components.
+For example, think of a use-case where your vital infrastructure components are deployed in a separate Azure DevOps pipeline and need to be referenced from other components. Storing the necessary information such as identifiers, locations or names of these components in an Azure DevOps variable group allows you to easily use these values from other components.
 
 ## Example
 ### Specify Output Parameters

docs/preview/03-Features/powershell/azure-api-management.md

@@ -108,7 +108,7 @@ Sign-up or invite a new user in an existing Azure API Management instance.
 | `UserId`            | no        | The UserId that will be used to create the user                                                                                                                     |
 | `Password`          | no        | The password that the user will be able to login with                                                                                                               |
 | `Note`              | no        | A note that will be added to the user                                                                                                                               |
-| `SendNotification`  | no        | Wether or not a notification will be sent to the email address of the user                                                                                          |
+| `SendNotification`  | no        | Whether or not a notification will be sent to the email address of the user                                                                                          |
 | `ConfirmationType`  | no        | The confirmation type that will be used when creating the user, this can be `invite` (default) or `signup`                                                          |
 | `ApiVersion`        | no        | The version of the management API to be used. (default: `2021-08-01`)                                                                                               |
 | `SubscriptionId`    | no        | The Id of the subscription containing the Azure API Management instance. When not provided, it will be retrieved from the current context (Get-AzContext).          |

powershell-psscriptanalyzer.psd1

@@ -0,0 +1,15 @@
+@{
+    Severity=@('Error','Warning')
+    ExcludeRules=@('PSAvoidUsingWriteHost', 
+                   'PSUseToExportFieldsInManifest', 
+                   'PSAvoidDefaultValueForMandatoryParameter', 
+                   'PSUseApprovedVerbs',
+                   'PSUseSingularNouns',
+                   'PSUseShouldProcessForStateChangingFunctions',
+                   'PSUseDeclaredVarsMoreThanAssignments',
+                   'PSAvoidUsingPlainTextForPassword',
+                   'PSAvoidUsingUsernameAndPasswordParams',
+                   'PSReviewUnusedParameter',
+                   'PSAvoidUsingConvertToSecureStringWithPlainText'
+                   'PSAvoidGlobalVars')
+}

src/Arcus.Scripting.ARM/Scripts/Inject-ArmContent.ps1

@@ -1,4 +1,4 @@
-<#
+<#
     Possible injection instructions in ARM templates or recursively referenced files:
     
     ${ fileToInject.xml }
@@ -40,7 +40,7 @@ function InjectFile {
         param($match)
 
         $completeInjectionInstruction = $match.Groups[1].Value;
-        $instructionParts = @($completeInjectionInstruction -split "," | foreach { $_.Trim() } )
+        $instructionParts = @($completeInjectionInstruction -split "," | ForEach-Object { $_.Trim() } )
 
         $filePart = $instructionParts[0];
         # Regex uses non-capturing group for 'FileToInject' part, 
@@ -70,7 +70,7 @@ function InjectFile {
         $surroundContentWithDoubleQuotes = $match.Value.StartsWith('"') -and $match.Value.EndsWith('"')
 
         if ($instructionParts.Length -gt 1) {
-            $optionParts = $instructionParts | select -Skip 1
+            $optionParts = $instructionParts | Select-Object -Skip 1
 
             if ($optionParts.Contains("ReplaceSpecialChars")) {
                 Write-Verbose "`t Replacing special characters"

src/Arcus.Scripting.ActiveDirectory/Scripts/List-AzADAppRoleAssignments.ps1

@@ -39,7 +39,7 @@ try {
         if ($appRoleAssignments) {
             foreach ($serviceAppRoleAssignment in $appRoleAssignments) {
                 $servicePrincipal = Get-AzADServicePrincipal -ObjectId $serviceAppRoleAssignment.PrincipalId
-                if ($servicePrincipal -ne $null) {
+                if ($null -ne $servicePrincipal) {
                     Write-Host "Role '$($appRole.Value)' is assigned to the Active Directory Application '$($serviceAppRoleAssignment.PrincipalDisplayName)' with ID '$($servicePrincipal.AppId)'" -ForegroundColor Green
                 }
             }

src/Arcus.Scripting.ApiManagement/Arcus.Scripting.ApiManagement.psm1

@@ -52,9 +52,9 @@ function Backup-AzApiManagementService {
     )
 
     if ($PassThru) {
-        . $PSScriptRoot\Scripts\Backup-AzApiManagementService.ps1 -ResourceGroupName $ResourceGroupName -StorageAccountResourceGroupName $StorageAccountResourceGroupName -StorageAccountName $StorageAccountName -ServiceName $ServiceName -ContainerName $ContainerName -AccessType $AccessType -IdentityClientId $IdentityClientId -BlobName $BlobName -PassThru
+        . $PSScriptRoot\Scripts\Backup-AzApiManagementService.ps1 -ResourceGroupName $ResourceGroupName -StorageAccountResourceGroupName $StorageAccountResourceGroupName -StorageAccountName $StorageAccountName -ServiceName $ServiceName -ContainerName $ContainerName -AccessType $AccessType -IdentityClientId $IdentityClientId -BlobName $BlobName -DefaultProfile $DefaultProfile -PassThru
     } else {
-        . $PSScriptRoot\Scripts\Backup-AzApiManagementService.ps1 -ResourceGroupName $ResourceGroupName -StorageAccountResourceGroupName $StorageAccountResourceGroupName -StorageAccountName $StorageAccountName -ServiceName $ServiceName -ContainerName $ContainerName -AccessType $AccessType -IdentityClientId $IdentityClientId -BlobName $BlobName
+        . $PSScriptRoot\Scripts\Backup-AzApiManagementService.ps1 -ResourceGroupName $ResourceGroupName -StorageAccountResourceGroupName $StorageAccountResourceGroupName -StorageAccountName $StorageAccountName -ServiceName $ServiceName -ContainerName $ContainerName -AccessType $AccessType -IdentityClientId $IdentityClientId -BlobName $BlobName -DefaultProfile $DefaultProfile
     }
 }
 
@@ -264,7 +264,7 @@ function Remove-AzApiManagementUserAccount {
         [string][parameter(Mandatory = $false)] $AccessToken
     )
 
-    . $PSScriptRoot\Scripts\Remove-AzApiManagementUserAccount.ps1 -ResourceGroupName $ResourceGroupName -ServiceName $ServiceName -MailAddress $MailAddress
+    . $PSScriptRoot\Scripts\Remove-AzApiManagementUserAccount.ps1 -ResourceGroupName $ResourceGroupName -ServiceName $ServiceName -MailAddress $MailAddress -SubscriptionId $SubscriptionId -AccessToken $AccessToken
 
 }
 
@@ -438,9 +438,9 @@ function Restore-AzApiManagementService {
     )
 
     if ($PassThru) {
-        . $PSScriptRoot\Scripts\Restore-AzApiManagementService.ps1 -ResourceGroupName $ResourceGroupName -StorageAccountResourceGroupName $StorageAccountResourceGroupName -StorageAccountName $StorageAccountName -ServiceName $ServiceName -ContainerName $ContainerName -BlobName $BlobName -PassThru
+        . $PSScriptRoot\Scripts\Restore-AzApiManagementService.ps1 -ResourceGroupName $ResourceGroupName -StorageAccountResourceGroupName $StorageAccountResourceGroupName -StorageAccountName $StorageAccountName -ServiceName $ServiceName -ContainerName $ContainerName -BlobName $BlobName -DefaultProfile $DefaultProfile -PassThru
     } else {
-        . $PSScriptRoot\Scripts\Restore-AzApiManagementService.ps1 -ResourceGroupName $ResourceGroupName -StorageAccountResourceGroupName $StorageAccountResourceGroupName -StorageAccountName $StorageAccountName -ServiceName $ServiceName -ContainerName $ContainerName -BlobName $BlobName
+        . $PSScriptRoot\Scripts\Restore-AzApiManagementService.ps1 -ResourceGroupName $ResourceGroupName -StorageAccountResourceGroupName $StorageAccountResourceGroupName -StorageAccountName $StorageAccountName -ServiceName $ServiceName -ContainerName $ContainerName -BlobName $BlobName -DefaultProfile $DefaultProfile
     }
 }
 

src/Arcus.Scripting.ApiManagement/Scripts/Backup-AzApiManagementService.ps1

@@ -1,4 +1,4 @@
-param(
+param(
     [Parameter(Mandatory = $true)][string] $ResourceGroupName = $(throw "Resource group name is required"),
     [Parameter(Mandatory = $true)][string] $StorageAccountResourceGroupName = $(throw = "Resource group for storage account is required"),
     [Parameter(Mandatory = $true)][string] $StorageAccountName = $(throw "Storage account name is required"),
@@ -18,7 +18,7 @@ if ($AccessType -eq 'UserAssignedManagedIdentity' -and $IdentityClientId -eq "")
 Write-Verbose "Getting Azure storage account key for storage account '$($StorageAccountName)' in resource group '$($StorageAccountResourceGroupName)'..."
 $storageKeys = Get-AzStorageAccountKey -ResourceGroupName $StorageAccountResourceGroupName -StorageAccountName $StorageAccountName
 
-if ($storageKeys -eq $null -or $storageKeys.count -eq 0) {
+if ($null -eq $storageKeys -or $storageKeys.count -eq 0) {
     Write-Error "Cannot backup API Management service because no access keys found for storage account '$StorageAccountName' in resource group '$($StorageAccountResourceGroupName)'"
 } else {
     Write-Host "Got Azure storage key for storage account '$($StorageAccountName)' in resource group '$($StorageAccountResourceGroupName)'!" -ForegroundColor Green

src/Arcus.Scripting.ApiManagement/Scripts/Create-AzApiManagementApiOperation.ps1

@@ -1,4 +1,4 @@
-param(
+param(
     [Parameter(Mandatory = $true)][string] $ResourceGroupName = $(throw "Resource group is required"),
     [Parameter(Mandatory = $true)][string] $ServiceName = $(throw "API management service name is required"),
     [Parameter(Mandatory = $true)][string] $ApiId = $(throw "API ID is required"),
@@ -11,7 +11,7 @@ param(
 )
 
 $apim = Get-AzApiManagement -ResourceGroupName $ResourceGroupName -Name $ServiceName
-if ($apim -eq $null) {
+if ($null -eq $apim) {
     throw "Unable to find the Azure API Management instance '$ServiceName' in resource group '$ResourceGroupName'"
 }
 $apimContext = New-AzApiManagementContext -ResourceGroupName $ResourceGroupName -ServiceName $ServiceName

src/Arcus.Scripting.ApiManagement/Scripts/Create-AzApiManagementUserAccount.ps1

@@ -1,4 +1,4 @@
-param(
+param(
     [string][Parameter(Mandatory = $true)] $ResourceGroupName = $(throw "Resource group name is required"),
     [string][parameter(Mandatory = $true)] $ServiceName = $(throw "API management service name is required"),
     [string][parameter(Mandatory = $true)] $FirstName = $(throw "The first name of the user is required"),
@@ -15,7 +15,7 @@ param(
 )
 
 $apim = Get-AzApiManagement -ResourceGroupName $ResourceGroupName -Name $ServiceName
-if ($apim -eq $null) {
+if ($null -eq $apim) {
     throw "Unable to find the Azure API Management instance '$ServiceName' in resource group '$ResourceGroupName'"
 }