In this post I will show you how to automate the Maester-Framework with Azure DevOps.
Please make sure, that you read my first blog post about Maester for being familiar with the basic function of the framework.
Requirements
- Azure DevOps Organization
- Azure DevOps Project
- Approved Parallelism Jobs
You can request them here
Set up the Maester Repo
In Azure DevOps open Repos in the Menu and select the Import button.
Enter the URL https://github.com/maester365/maester-tests and click Import to import the repo into your Azure DevOps project.
Set up the Azure Pipeline
In this post I will use workload identity federation for authentication on the tenant, for this way it’s required to have an Azure Subscription. Also I’m monitoring the same tenant as I’m using Azure DevOps. If you want to monitor another tenant, you have to choose manual at the 5th step.
- In the first step you can create a new resource group (e.q. mika-rg-maester-prod-001).
- After that in Azure DevOps go to Project Settings > Service Connections
- Click New Service Connection
- Choose Azure Resource Manager
- And then select Workload identity federation (automatic)
- Specify the required informations (Azure Subscription, Resource group and Service Connection Name)
- Then click save
In the next step you will grant the permissions to Microsoft Graph:
- Go under Project settings > Service connections and choose the previously created Service connections
- Unter Manage Service Principal and then in the new opened tab, select API Permissions > Add a permission
- Grant following permission for the service principal:
– Directory.Read.All
– Policy.Read.All
– Reports.Read.All
– DirectoryRecommendations.Read.All
– PrivilegedAccess.Read.AzureAD
At the end we will create the Azure Pipeline:
- Open the DevOps project
- Under pipelines, select New Pipeline
- As the location, select Azure Repos Git
- Select the previously imported repo
- Select Starter Pipeline
-
Then select any code with Ctrl+A and insert with Ctrl+V with the code below:
# Maester Daily Tests
trigger:
- main
schedules:
- cron: "0 0 * * *"
displayName: Daily midnight build
branches:
include:
- main
pool:
vmImage: ubuntu-latest
steps:
- task: AzurePowerShell@5
displayName: "Run Maester"
inputs:
azureSubscription: "Maester Service Connection"
pwsh: true
azurePowerShellVersion: LatestVersion
ScriptType: InlineScript
Inline: |
# Connect to Microsoft Graph
$accessToken = (Get-AzAccessToken -ResourceTypeName MSGraph).Token | ConvertTo-SecureString -AsPlainText -Force
Connect-MgGraph $accessToken
# Install Maester
Install-Module Maester -Force
# Configure test results
$PesterConfiguration = New-PesterConfiguration
$PesterConfiguration.TestResult.Enabled = $true
$PesterConfiguration.TestResult.OutputPath = '$(System.DefaultWorkingDirectory)/test-results/test-results.xml'
# Run Maester tests
Invoke-Maester -Path $(System.DefaultWorkingDirectory)/tests/Maester/ -PesterConfiguration $PesterConfiguration -OutputFolder '$(System.DefaultWorkingDirectory)/test-results'
- publish: $(System.DefaultWorkingDirectory)/test-results
displayName: Publish Maester Html Report
artifact: TestResults
- task: PublishTestResults@2
displayName: Publish Pester Test Results
inputs:
testResultsFormat: "NUnit"
testResultsFiles: "**/test-results.xml"
failTaskOnFailedTests: true
At the end you need to Save the pipeline and Run it.
Select the job to view the test result.
You probably need to permit the pipeline to access the service connection.
Open the pipeline log and click on permit and click on permit again:
In the summary you will see the status of the pipeline.
If you click on 1 published under related, you can view the results from the test.
Keeping your Maester tests up to date
- Clone your fork to you local machine
- Update the maester Powershell Module and import it
- Change the working directory to maester-tests\tests directory
- Run cmdlet Update-MaesterTests
