Support for more complex expressions

[BernieWhite]

Currently expressions support comparing any field, name, or type of an object with a predefined set of comparison expressions such as equals, contains, greater ...

While this handles many cases, advanced use cases may need to revert to PowerShell-based rules.

With PSRule for Azure, we would like to provide a mechanism to generate rules from Azure Policy.

Consider the following Azure Policy code samples from docs:

Example 1

{
    "mode": "indexed",
    "policyRule": {
        "if": {
            "value": "[less(length(field('tags')), 3)]",
            "equals": "true"
        },
        "then": {
            "effect": "deny"
        }
    }
}

This could be expressed as a rule such as the following. Currently less or count conditions do not count the properties of tags so this would not work. However this could be added.

---
apiVersion: github.com/microsoft/PSRule/v1
kind: Rule
metadata:
  name: Rule1
spec:
  condition:
    field: 'tags'
    less: 3

Example 2

{
    "policyRule": {
        "if": {
            "value": "[substring(field('name'), 0, 3)]",
            "equals": "abc"
        },
        "then": {
            "effect": "audit"
        }
    }
}

This one is a little more tricky, there isn't a PSRule option, the closest approximation would be the following.

---
apiVersion: github.com/microsoft/PSRule/v1
kind: Rule
metadata:
  name: Rule1
spec:
  condition:
    field: 'name'
    startsWith: 'abc'

---

The ARM option of using a embedded syntax such as "[function()]" is not ideal, part of which is the reason for Azure Bicep. An embedded syntax is hard for authors and has a steep learning curve.

Without developing a new language such as Bicep we want to make using complex expressions easier by taking advantage of existing schema support.

For example:

---
# Synopsis: An expression function example.
apiVersion: github.com/microsoft/PSRule/v1
kind: Selector
metadata:
  name: Fn.Example1
spec:
  if:
    where:
      equal:
        - substring:
            value:
              configuration: 'a'
            length: 4
            start: 0
        - string: 'Test'

---
# Synopsis: An expression function example.
apiVersion: github.com/microsoft/PSRule/v1
kind: Selector
metadata:
  name: Fn.Example2
spec:
  if:
    where:
      equal:
        - boolean: true
        - boolean:
            boolean: true

---
# Synopsis: An expression function example.
apiVersion: github.com/microsoft/PSRule/v1
kind: Selector
metadata:
  name: Fn.Example3
spec:
  if:
    allOf:
      - where:
          equal:
            - configuration: 'ConfigValue1'
            - boolean: true
      - where:
          equal:
            - configuration: ConfigValue1
            - path: 'Name'

---
# Synopsis: An expression function example.
apiVersion: github.com/microsoft/PSRule/v1
kind: Selector
metadata:
  name: Fn.Example4
spec:
  if:
    where:
      equal:
        - concat:
            - path: name
            - string: '-'
            - path: tags.env

        - string: Test-prod