From 60506bed7826804297871bb587a05ceb28f09ea3 Mon Sep 17 00:00:00 2001 From: Tim Carman Date: Sun, 13 Oct 2024 08:56:53 +1100 Subject: [PATCH 1/2] 0.1.7 release ### Added * Add support for Azure Policy definitions * Add Try/Catch blocks for improved error handling ### Fixed * Fix issue with Azure Subscription Lookup Hashtable * Fix issue with Azure Policy assignments (Fix [#16](https://github.com/AsBuiltReport/AsBuiltReport.Microsoft.Azure/issues/16)) ### Changed * Performance improvements * Improve reporting for Azure Tenant * Improve reporting for Azure Policy assignments * Improve reporting for Key Vaults * Improve reporting for Storage Accounts * Improve reporting for Network Security Groups --- AsBuiltReport.Microsoft.Azure.json | 12 +- AsBuiltReport.Microsoft.Azure.psd1 | 6 +- CHANGELOG.md | 50 ++-- README.md | 27 +- Src/Private/Get-AbrAsrProtectedItems.ps1 | 73 ++--- Src/Private/Get-AbrAzAvailabilitySet.ps1 | 76 ++--- Src/Private/Get-AbrAzBastion.ps1 | 123 ++++---- Src/Private/Get-AbrAzExpressRouteCircuit.ps1 | 132 +++++---- Src/Private/Get-AbrAzFirewall.ps1 | 147 +++++----- Src/Private/Get-AbrAzFirewallNatRule.ps1 | 102 +++---- Src/Private/Get-AbrAzFirewallNetworkRule.ps1 | 162 +++++------ Src/Private/Get-AbrAzIpGroup.ps1 | 109 +++---- Src/Private/Get-AbrAzKeyVault.ps1 | 142 ++++++---- Src/Private/Get-AbrAzLbBackendPool.ps1 | 44 +-- Src/Private/Get-AbrAzLbFrontendIpConfig.ps1 | 96 ++++--- Src/Private/Get-AbrAzLbHealthProbe.ps1 | 58 ++-- Src/Private/Get-AbrAzLbInboundNatPool.ps1 | 42 +-- Src/Private/Get-AbrAzLbLoadBalancingRule.ps1 | 65 +++-- Src/Private/Get-AbrAzLoadBalancer.ps1 | 149 +++++----- Src/Private/Get-AbrAzNetworkSecurityGroup.ps1 | 133 +++++---- .../Get-AbrAzNetworkSecurityGroupRule.ps1 | 185 ++++++++++++ Src/Private/Get-AbrAzPolicy.ps1 | 43 +++ Src/Private/Get-AbrAzPolicyAssignment.ps1 | 131 ++++++--- Src/Private/Get-AbrAzPolicyDefinition.ps1 | 85 ++++++ .../Get-AbrAzRecoveryServicesVault.ps1 | 102 +++---- Src/Private/Get-AbrAzRouteTable.ps1 | 165 +++++++---- .../Get-AbrAzSABlobServiceProperty.ps1 | 120 +++++--- Src/Private/Get-AbrAzSAContainer.ps1 | 65 +++-- .../Get-AbrAzSAFileServiceProperty.ps1 | 69 +++-- Src/Private/Get-AbrAzSAShare.ps1 | 82 +++--- Src/Private/Get-AbrAzStorageAccount.ps1 | 228 ++++++++------- Src/Private/Get-AbrAzSubscription.ps1 | 58 ++-- Src/Private/Get-AbrAzTenant.ps1 | 37 ++- Src/Private/Get-AbrAzVirtualMachine.ps1 | 239 ++++++++-------- Src/Private/Get-AbrAzVirtualNetwork.ps1 | 141 +++++----- .../Get-AbrAzVirtualNetworkPeering.ps1 | 81 +++--- Src/Private/Get-AzVirtualNetworkSubnet.ps1 | 64 +++-- Src/Private/Get-CountryName.ps1 | 266 ++++++++++++++++++ .../Invoke-AsBuiltReport.Microsoft.Azure.ps1 | 29 +- 39 files changed, 2472 insertions(+), 1466 deletions(-) create mode 100644 Src/Private/Get-AbrAzNetworkSecurityGroupRule.ps1 create mode 100644 Src/Private/Get-AbrAzPolicy.ps1 create mode 100644 Src/Private/Get-AbrAzPolicyDefinition.ps1 create mode 100644 Src/Private/Get-CountryName.ps1 diff --git a/AsBuiltReport.Microsoft.Azure.json b/AsBuiltReport.Microsoft.Azure.json index 7c5264e..68ada06 100644 --- a/AsBuiltReport.Microsoft.Azure.json +++ b/AsBuiltReport.Microsoft.Azure.json @@ -9,7 +9,8 @@ "ShowTableCaptions": true }, "Options": { - "ShowSectionInfo": true + "ShowSectionInfo": true, + "ShowTags": true }, "Filter": { "Subscription": ["*"] @@ -24,7 +25,10 @@ "KeyVault": 1, "LoadBalancer": 1, "NetworkSecurityGroup": 1, - "PolicyAssignment": 1, + "Policy": { + "Assignments": 1, + "Definitions": 0 + }, "RecoveryServicesVault": 1, "RouteTable": 1, "SiteRecovery": 1, @@ -42,7 +46,9 @@ }, "StorageAccount": { "ProvisioningState": true, - "EnableHttpsTrafficOnly": true, + "StorageAccountKeyAccess": true, + "SecureTransfer": true, + "BlobAnonymousAccess": true, "PublicNetworkAccess": true, "MinimumTlsVersion": true }, diff --git a/AsBuiltReport.Microsoft.Azure.psd1 b/AsBuiltReport.Microsoft.Azure.psd1 index c08b260..c3aff43 100644 --- a/AsBuiltReport.Microsoft.Azure.psd1 +++ b/AsBuiltReport.Microsoft.Azure.psd1 @@ -12,7 +12,7 @@ RootModule = 'AsBuiltReport.Microsoft.Azure.psm1' # Version number of this module. -ModuleVersion = '0.1.6' +ModuleVersion = '0.1.7' # Supported PSEditions # CompatiblePSEditions = @() @@ -27,7 +27,7 @@ Author = 'Tim Carman' # CompanyName = 'Unknown' # Copyright statement for this module -Copyright = '(c) 2023 Tim Carman. All rights reserved.' +Copyright = '(c) 2024 Tim Carman. All rights reserved.' # Description of the functionality provided by this module Description = 'A PowerShell module to generate an as built report on the configuration of Microsoft Azure.' @@ -54,7 +54,7 @@ Description = 'A PowerShell module to generate an as built report on the configu RequiredModules = @( @{ ModuleName = 'AsBuiltReport.Core'; - ModuleVersion = '1.3.0' + ModuleVersion = '1.4.0' } ) diff --git a/CHANGELOG.md b/CHANGELOG.md index 01f8f0a..549af5f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,48 +1,66 @@ # :arrows_clockwise: Microsoft Azure As Built Report Changelog +## [[0.1.7](https://github.com/AsBuiltReport/AsBuiltReport.Microsoft.Azure/releases/tag/v0.1.7)] - 2024-10-13 + +### Added +* Add support for Azure Policy definitions +* Add Try/Catch blocks for improved error handling + +### Fixed +* Fix issue with Azure Subscription Lookup Hashtable +* Fix issue with Azure Policy assignments (Fix [#16](https://github.com/AsBuiltReport/AsBuiltReport.Microsoft.Azure/issues/16)) + +### Changed +* Performance improvements +* Improve reporting for Azure Tenant +* Improve reporting for Azure Policy assignments +* Improve reporting for Key Vaults +* Improve reporting for Storage Accounts +* Improve reporting for Network Security Groups + ## [[0.1.6](https://github.com/AsBuiltReport/AsBuiltReport.Microsoft.Azure/releases/tag/v0.1.6)] - 2023-11-14 ### Added -* Added initial support for Route Tables (@howardhaooooo) +* Add initial support for Route Tables (@howardhaooooo) ## [[0.1.5](https://github.com/AsBuiltReport/AsBuiltReport.Microsoft.Azure/releases/tag/v0.1.5)] - 2023-05-24 ### Added -* Added initial support for Storage Account (@rebelinux) +* Add initial support for Storage Account (@rebelinux) ### Fixed -* Fixed issue with Az module version check (Fix [#10](https://github.com/AsBuiltReport/AsBuiltReport.Microsoft.Azure/issues/10)) +* Fix issue with Az module version check (Fix [#10](https://github.com/AsBuiltReport/AsBuiltReport.Microsoft.Azure/issues/10)) ## [[0.1.4](https://github.com/AsBuiltReport/AsBuiltReport.Microsoft.Azure/releases/tag/v0.1.4)] - 2023-03-19 ### Added -* Added function to check for Microsoft Azure PowerShell module -* Added `ShowSectionInfo` option to provide information about Azure resources +* Add function to check for Microsoft Azure PowerShell module +* Add `ShowSectionInfo` option to provide information about Azure resources ## [[0.1.3](https://github.com/AsBuiltReport/AsBuiltReport.Microsoft.Azure/releases/tag/v0.1.3)] - 2023-03-17 ### Added -* Added examples to `README.md` -* Added module information and version checks to verbose messaging +* Add examples to `README.md` +* Add module information and version checks to verbose messaging ### Changed * Further improvements to section headings & TOC structure -* Updated Required Privileges information in `README.md` +* Update Required Privileges information in `README.md` ### Fixed -* Fixes [#4](https://github.com/AsBuiltReport/AsBuiltReport.Microsoft.Azure/issues/4) -* Fixes [#5](https://github.com/AsBuiltReport/AsBuiltReport.Microsoft.Azure/issues/5) -* Fixes [#6](https://github.com/AsBuiltReport/AsBuiltReport.Microsoft.Azure/issues/6) +* Fix [#4](https://github.com/AsBuiltReport/AsBuiltReport.Microsoft.Azure/issues/4) +* Fix [#5](https://github.com/AsBuiltReport/AsBuiltReport.Microsoft.Azure/issues/5) +* Fix [#6](https://github.com/AsBuiltReport/AsBuiltReport.Microsoft.Azure/issues/6) ## [[0.1.2](https://github.com/AsBuiltReport/AsBuiltReport.Microsoft.Azure/releases/tag/v0.1.2)] - 2023-02-23 ### Changed -* Improved section heading & TOC structure -* Removed Microsoft logo from default report style due to [licensing requirements](https://www.microsoft.com/en-us/legal/intellectualproperty/trademarks) -* Changed default report style font to 'Segoe Ui' to align with [Microsoft guidelines](https://learn.microsoft.com/en-us/style-guide/a-z-word-list-term-collections/f/font-font-style) -* Improved bug and feature request templates +* Improve section heading & TOC structure +* Remove Microsoft logo from default report style due to [licensing requirements](https://www.microsoft.com/en-us/legal/intellectualproperty/trademarks) +* Change default report style font to 'Segoe Ui' to align with [Microsoft guidelines](https://learn.microsoft.com/en-us/style-guide/a-z-word-list-term-collections/f/font-font-style) +* Improve bug and feature request templates ### Fixed -* Fixes [#1](https://github.com/AsBuiltReport/AsBuiltReport.Microsoft.Azure/issues/1) +* Fix [#1](https://github.com/AsBuiltReport/AsBuiltReport.Microsoft.Azure/issues/1) ## [0.1.1] - 2022-02-14 diff --git a/README.md b/README.md index 36634fb..ec06526 100644 --- a/README.md +++ b/README.md @@ -87,10 +87,10 @@ The least privileged roles required to generate a Microsoft Azure As Built Repor Open a PowerShell terminal window and install each of the required modules. -:warning: Microsoft Az 9.4.0 or higher is required. Please ensure older Az modules have been uninstalled. +:warning: Microsoft Az 12.0.0 or higher is required. Please ensure older Az modules have been uninstalled. ```powershell -install-module Az -MinimumVersion 9.4.0 +install-module Az -MinimumVersion 12.0.0 install-module AsBuiltReport.Microsoft.Azure ``` @@ -143,6 +143,7 @@ The **Options** schema allows certain options within the report to be toggled on | Sub-Schema | Setting | Default | Description | |--------------------|--------------|---------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | ShowSectionInfo | true / false | true | Toggle to enable/disable information relating to Azure resources within each section. | +| ShowTags | true / false | true | Toggle to enable/disable the display of Azure resource tags.

_**Note:** Reporting of tags is not currently available on all Azure resources. Tags will only be displayed for Azure resources when the relevant section [InfoLevel](#infolevel) is configured to 2 or higher._ | ### Filter The **Filter** schema allows report content to be filtered to specific Azure subscriptions within a tenant. @@ -189,7 +190,9 @@ The table below outlines the default and maximum **InfoLevel** settings for each | IpGroup | 1 | 2 | | KeyVault | 1 | 1 | | LoadBalancer | 1 | 2 | -| PolicyAssignment | 1 | 1 | +| NetworkSecurityGroup | 1 | 2 | +| Policy > Assignments | 1 | 2 | +| Policy > Definitions | 0 | 1 | | RecoveryServicesVault | 1 | 2 | | RouteTable | 1 | 2 | | SiteRecovery | 1 | 1 | @@ -205,7 +208,7 @@ The **ExpressRoute** schema is used to configure health checks for Azure Express | Sub-Schema | Setting | Default | Description | Highlight | |---------------|--------------|---------|-------------|---------------------------------------------------------------------------------------------------| -| CircuitStatus | true / false | true | Highlights ExpressRoute circuits which are not enabled | ![Critical](https://via.placeholder.com/15/FEDDD7/FEDDD7.png) ExpressRoute circuit is not enabled | +| CircuitStatus | true / false | true | Highlights ExpressRoute circuits which are disabled | ![Critical](https://via.placeholder.com/15/FEDDD7/FEDDD7.png) ExpressRoute circuit is disabled | #### SiteRecovery The **SiteRecovery** schema is used to configure health checks for Azure Site Recovery. @@ -218,12 +221,14 @@ The **SiteRecovery** schema is used to configure health checks for Azure Site Re #### StorageAccount The **StorageAccount** schema is used to configure health checks for Azure Storage Account. -| Sub-Schema | Setting | Default | Description | Highlight | -|------------------------|--------------|---------|-------------|----------------------------------------------------------------------------------------------------| -| ProvisioningState | true / false | true | | ![Critical](https://via.placeholder.com/15/FEDDD7/FEDDD7.png) Provisioning is in a critical state | -| EnableHttpsTrafficOnly | true / false | true | | ![Warning](https://via.placeholder.com/15/FFF4C7/FFF4C7.png) | -| PublicNetworkAccess | true / false | true | | ![Warning](https://via.placeholder.com/15/FFF4C7/FFF4C7.png) | -| MinimumTlsVersion | true / false | true | | ![Warning](https://via.placeholder.com/15/FFF4C7/FFF4C7.png) | +| Sub-Schema | Setting | Default | Description | Highlight | +|-------------------------|--------------|---------|-------------|----------------------------------------------------------------------------------------------------| +| ProvisioningState | true / false | true | Highlights storage accounts which are in a critical state | ![Critical](https://via.placeholder.com/15/FEDDD7/FEDDD7.png) Provisioning is in a critical state | +| StorageAccountKeyAccess | true / false | true | Highlights storage accounts which have storage account key access enabled | ![Warning](https://via.placeholder.com/15/FFF4C7/FFF4C7.png) Storage account key access is enabled | +| SecureTransfer | true / false | true | Highlights storage accounts which do not have secure transfer enabled | ![Warning](https://via.placeholder.com/15/FFF4C7/FFF4C7.png) Secure transfer is disabled | +| BlobAnonymousAccess | true / false | true | Highlights storage accounts which have Blob anonymous read access enabled | ![Warning](https://via.placeholder.com/15/FFF4C7/FFF4C7.png) Anonymous read access is enabled | +| PublicNetworkAccess | true / false | true | Highlights storage accounts which have public network access enabled | ![Warning](https://via.placeholder.com/15/FFF4C7/FFF4C7.png) Public network access is enabled | +| MinimumTlsVersion | true / false | true | Highlights storage accounts which have TLS 1.0 or TLS 1.1 configured | ![Warning](https://via.placeholder.com/15/FFF4C7/FFF4C7.png) TLS version 1.0 or 1.1 configured | #### VirtualMachine The **VirtualMachine** schema is used to configure health checks for Azure Virtual Machines. @@ -231,7 +236,7 @@ The **VirtualMachine** schema is used to configure health checks for Azure Virtu | Sub-Schema | Setting | Default | Description | Highlight | |-----------------|--------------|---------|-----------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | Status | true / false | true | Highlights VMs which are not in a running state | ![Warning](https://via.placeholder.com/15/FFF4C7/FFF4C7.png) VM is in a deallocated state | -| DiskEncryption | true / false | true | Highlights VMs which do not have disk encryption enabled | ![Warning](https://via.placeholder.com/15/FFF4C7/FFF4C7.png) Disk encryption is not enabled | +| DiskEncryption | true / false | true | Highlights VMs which do not have disk encryption enabled | ![Warning](https://via.placeholder.com/15/FFF4C7/FFF4C7.png) Disk encryption is disabled | | BootDiagnostics | true / false | true | Highlights VMs which do not have boot diagnostics enabled with a custom storage account | ![Critical](https://via.placeholder.com/15/FEDDD7/FEDDD7.png) Boot diagnostics is disabled
![Warning](https://via.placeholder.com/15/FFF4C7/FFF4C7.png) Boot diagnostics is enabled with a managed storage account | | BackupEnabled | true / false | true | Highlights VMs which do not have Azure Backup enabled | ![Warning](https://via.placeholder.com/15/FFF4C7/FFF4C7.png) Backup is disabled | ## :computer: Examples diff --git a/Src/Private/Get-AbrAsrProtectedItems.ps1 b/Src/Private/Get-AbrAsrProtectedItems.ps1 index 35ab658..1157425 100644 --- a/Src/Private/Get-AbrAsrProtectedItems.ps1 +++ b/Src/Private/Get-AbrAsrProtectedItems.ps1 @@ -1,11 +1,11 @@ function Get-AbrAsrProtectedItems { <# .SYNOPSIS - Used by As Built Report to retrieve Azure Site Recovery Protected Items information + Used by As Built Report to retrieve Azure Site Recovery Protected Items information .DESCRIPTION .NOTES - Version: 0.1.0 + Version: 0.1.1 Author: Tim Carman Twitter: @tpcarman Github: tpcarman @@ -24,45 +24,52 @@ function Get-AbrAsrProtectedItems { } process { - $AzRsvs = Get-AzRecoveryServicesVault - if (($InfoLevel.SiteRecovery -gt 0) -and ($AzRsvs)) { - foreach ($AzRsv in $AzRsvs) { - $AsrVaultContext = Set-AzRecoveryServicesAsrVaultContext -Vault $AzRsv - $AsrPolicy = Get-AzRecoveryServicesAsrPolicy | Where-Object {$_.ReplicationProvider -eq 'A2A'} - $AsrFabrics = Get-AzRecoveryServicesAsrFabric - if ($AsrPolicy) { - Write-PscriboMessage "Collecting Azure Site Recovery Protected Items information." - Section -Style Heading4 'Site Recovery' { - foreach ($AsrFabric in $AsrFabrics) { - $AsrContainer = Get-AzRecoveryServicesAsrProtectionContainer -Fabric $AsrFabric - $AsrReplicationProtectedItems = Get-AzRecoveryServicesAsrReplicationProtectedItem -ProtectionContainer $AsrContainer | Sort-Object FriendlyName - if ($Healthcheck.SiteRecovery.ReplicationHealth) { - $AsrReplicationProtectedItems | Where-Object { $_.'replicationhealth' -eq 'Critical' } | Set-Style -Style Critical -Property 'replicationhealth' - } - if ($Healthcheck.SiteRecovery.FailoverHealth) { - $AsrReplicationProtectedItems | Where-Object { $_.'TestFailoverStateDescription' -ne 'None' } | Set-Style -Style Warning -Property 'TestFailoverStateDescription' - } - if ($AsrReplicationProtectedItems) { - Section -Style NOTOCHeading5 -ExcludeFromTOC 'Protected Items' { - Paragraph "The following tables provides information for the Azure Site Recovery protected items within the $($AzSubscription.Name) subscription." - BlankLine - $TableParams = @{ - Name = "Site Recovery Protectected Items - $($AzRsv.Name)" - List = $false - Headers = 'Virtual Machine', 'Replication Health', 'State', 'Active Location', 'Target Location', 'Failover Health' - Columns = 'friendlyname', 'replicationhealth', 'protectionstatedescription', 'PrimaryFabricFriendlyName', 'RecoveryFabricFriendlyName', 'TestFailoverStateDescription' - ColumnWidths = 21, 15, 15, 17, 17, 15 + Try { + if ($InfoLevel.SiteRecovery -gt 0) { + $AzRsvs = Get-AzRecoveryServicesVault | Sort-Object Name + if ($AzRsvs) { + foreach ($AzRsv in $AzRsvs) { + Write-PscriboMessage "Collecting Azure Site Recovery information [$($AzRsv.Name)]." + $AsrVaultContext = Set-AzRecoveryServicesAsrVaultContext -Vault $AzRsv -ErrorAction SilentlyContinue + $AsrPolicy = Get-AzRecoveryServicesAsrPolicy -ErrorAction SilentlyContinue | Where-Object {$_.ReplicationProvider -eq 'A2A'} + $AsrFabrics = Get-AzRecoveryServicesAsrFabric -ErrorAction SilentlyContinue + if ($AsrPolicy) { + Write-PscriboMessage "Collecting Azure Site Recovery Protected Items information." + Section -Style Heading4 'Site Recovery' { + foreach ($AsrFabric in $AsrFabrics) { + $AsrContainer = Get-AzRecoveryServicesAsrProtectionContainer -Fabric $AsrFabric -ErrorAction SilentlyContinue + $AsrReplicationProtectedItems = Get-AzRecoveryServicesAsrReplicationProtectedItem -ProtectionContainer $AsrContainer -ErrorAction SilentlyContinue | Sort-Object FriendlyName + if ($Healthcheck.SiteRecovery.ReplicationHealth) { + $AsrReplicationProtectedItems | Where-Object { $_.'replicationhealth' -eq 'Critical' } | Set-Style -Style Critical -Property 'replicationhealth' + } + if ($Healthcheck.SiteRecovery.FailoverHealth) { + $AsrReplicationProtectedItems | Where-Object { $_.'TestFailoverStateDescription' -ne 'None' } | Set-Style -Style Warning -Property 'TestFailoverStateDescription' } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" + if ($AsrReplicationProtectedItems) { + Section -Style NOTOCHeading5 -ExcludeFromTOC 'Protected Items' { + Paragraph "The following tables provides information for the Azure Site Recovery protected items within the $($AzSubscription.Name) subscription." + BlankLine + $TableParams = @{ + Name = "Site Recovery Protectected Items - $($AzRsv.Name)" + List = $false + Headers = 'Virtual Machine', 'Replication Health', 'State', 'Active Location', 'Target Location', 'Failover Health' + Columns = 'friendlyname', 'replicationhealth', 'protectionstatedescription', 'PrimaryFabricFriendlyName', 'RecoveryFabricFriendlyName', 'TestFailoverStateDescription' + ColumnWidths = 21, 15, 15, 17, 17, 15 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $AsrReplicationProtectedItems | Table @TableParams + } } - $AsrReplicationProtectedItems | Table @TableParams } } } } } } + } Catch { + Write-PScriboMessage -IsWarning $($_.Exception.Message) } } diff --git a/Src/Private/Get-AbrAzAvailabilitySet.ps1 b/Src/Private/Get-AbrAzAvailabilitySet.ps1 index 8cc39a2..9f01d9f 100644 --- a/Src/Private/Get-AbrAzAvailabilitySet.ps1 +++ b/Src/Private/Get-AbrAzAvailabilitySet.ps1 @@ -1,7 +1,7 @@ function Get-AbrAzAvailabilitySet { <# .SYNOPSIS - Used by As Built Report to retrieve Azure Availability Set information + Used by As Built Report to retrieve Azure Availability Set information .DESCRIPTION .NOTES @@ -23,46 +23,50 @@ function Get-AbrAzAvailabilitySet { } process { - $AzAvailabilitySets = Get-AzAvailabilitySet | Sort-Object Name - if (($InfoLevel.AvailabilitySet -gt 0) -and ($AzAvailabilitySets)) { - Write-PscriboMessage "Collecting Azure Availability Set information." - Section -Style Heading4 'Availability Sets' { - if ($Options.ShowSectionInfo) { - Paragraph "An Availability Set (AS) is a logical construct to inform Azure that it should distribute contained virtual machine instances across multiple fault and update domains within an Azure region." - BlankLine - } - Paragraph "The following table summarises the configuration of the availability sets within the $($AzSubscription.Name) subscription." - BlankLine - $AzAvailabilitySetInfo = @() - foreach ($AzAvailabilitySet in $AzAvailabilitySets) { - $InObj = [Ordered]@{ - 'Name' = $AzAvailabilitySet.Name - 'Resource Group' = $AzAvailabilitySet.ResourceGroupName - 'Location' = $AzLocationLookup."$($AzAvailabilitySet.Location)" - 'Subscription' = "$($AzSubscriptionLookup.(($AzAvailabilitySet.Id).split('/')[2]))" - 'SKU' = $AzAvailabilitySet.Sku - 'Virtual Machines' = & { - if ($AzAvailabilitySet.VirtualMachinesReferences.Id) { - ($AzAvailabilitySet.VirtualMachinesReferences.Id | ForEach-Object {$_.split('/')[-1]}) -join ', ' - } else { - 'None' + Try { + if ($InfoLevel.AvailabilitySet -gt 0) { + $AzAvailabilitySets = Get-AzAvailabilitySet | Sort-Object Name + if ($AzAvailabilitySets) { + Write-PscriboMessage "Collecting Azure Availability Set information." + Section -Style Heading4 'Availability Sets' { + if ($Options.ShowSectionInfo) { + Paragraph "An Availability Set (AS) is a logical construct to inform Azure that it should distribute contained virtual machine instances across multiple fault and update domains within an Azure region." + BlankLine + } + Paragraph "The following table summarises the configuration of the availability sets within the $($AzSubscription.Name) subscription." + BlankLine + $AzAvailabilitySetInfo = @() + foreach ($AzAvailabilitySet in $AzAvailabilitySets) { + $InObj = [Ordered]@{ + 'Name' = $AzAvailabilitySet.Name + 'Resource Group' = $AzAvailabilitySet.ResourceGroupName + 'Location' = $AzLocationLookup."$($AzAvailabilitySet.Location)" + 'Subscription' = "$($AzSubscriptionLookup.(($AzAvailabilitySet.Id).split('/')[2]))" + 'SKU' = $AzAvailabilitySet.Sku + 'Virtual Machines' = if ($AzAvailabilitySet.VirtualMachinesReferences.Id) { + ($AzAvailabilitySet.VirtualMachinesReferences.Id | ForEach-Object {$_.split('/')[-1]}) -join ', ' + } else { + 'None' + } } + $AzAvailabilitySetInfo += [PSCustomObject]$InObj } - } - $AzAvailabilitySetInfo += [PSCustomObject]$InObj - } - $TableParams = @{ - Name = "Availability Sets - $($AzSubscription.Name)" - List = $false - Columns = 'Name', 'Resource Group', 'Location', 'SKU', 'Virtual Machines' - ColumnWidths = 25, 20, 20, 15, 20 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" + $TableParams = @{ + Name = "Availability Sets - $($AzSubscription.Name)" + List = $false + Columns = 'Name', 'Resource Group', 'Location', 'SKU', 'Virtual Machines' + ColumnWidths = 25, 20, 20, 15, 20 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $AzAvailabilitySetInfo | Table @TableParams + } } - $AzAvailabilitySetInfo | Table @TableParams } + } Catch { + Write-PScriboMessage -IsWarning $($_.Exception.Message) } } diff --git a/Src/Private/Get-AbrAzBastion.ps1 b/Src/Private/Get-AbrAzBastion.ps1 index e9ffd0d..b66cbf3 100644 --- a/Src/Private/Get-AbrAzBastion.ps1 +++ b/Src/Private/Get-AbrAzBastion.ps1 @@ -1,11 +1,11 @@ function Get-AbrAzBastion { <# .SYNOPSIS - Used by As Built Report to retrieve Azure Bastion information + Used by As Built Report to retrieve Azure Bastion information .DESCRIPTION .NOTES - Version: 0.1.1 + Version: 0.1.2 Author: Tim Carman Twitter: @tpcarman Github: tpcarman @@ -23,68 +23,83 @@ function Get-AbrAzBastion { } process { - $AzBastions = Get-AzBastion | Sort-Object Name - if (($InfoLevel.Bastion -gt 0) -and ($AzBastions)) { - Write-PscriboMessage "Collecting Azure Bastion information." - Section -Style Heading4 'Bastion' { - if ($Options.ShowSectionInfo) { - Paragraph "Azure Bastion is a service you deploy that lets you connect to a virtual machine using your browser and the Azure portal, or via the native SSH or RDP client already installed on your local computer." - BlankLine - Paragraph "The Azure Bastion service is a fully platform-managed PaaS service that you provision inside your virtual network. It provides secure and seamless RDP/SSH connectivity to your virtual machines directly from the Azure portal over TLS. When you connect via Azure Bastion, your virtual machines don't need a public IP address, agent, or special client software." - BlankLine - Paragraph "Bastion provides secure RDP and SSH connectivity to all of the VMs in the virtual network in which it is provisioned. Using Azure Bastion protects your virtual machines from exposing RDP/SSH ports to the outside world, while still providing secure access using RDP/SSH." - BlankLine - Try { - Image -Text 'Bastion Architecture' -Align 'Center' -Percent 45 -Base64 "" - BlankLine - } Catch { - Write-PScriboMessage -IsWarning "Unable to display Bastion image." - } - } - $AzBastionInfo = @() - foreach ($AzBastion in $AzBastions) { - $InObj = [Ordered]@{ - 'Name' = $AzBastion.Name - 'Resource Group' = $AzBastion.ResourceGroupName - 'Location' = $AzLocationLookup."$($AzBastion.Location)" - 'Subscription' = "$($AzSubscriptionLookup.(($AzBastion.Id).split('/')[2]))" - 'Virtual Network / Subnet' = $AzBastion.IpConfigurations.subnet.id.split('/')[-1] - 'Public DNS Name' = $AzBastion.DnsName - 'Public IP Address' = $AzBastion.IpConfigurations.publicipaddress.id.split('/')[-1] - } - $AzBastionInfo += [PSCustomObject]$InObj - } + Try { + if ($InfoLevel.Bastion -gt 0) { + $AzBastions = Get-AzBastion | Sort-Object Name + if ($AzBastions) { + Write-PScriboMessage "Collecting Azure Bastion information." + Section -Style Heading4 'Bastion' { + if ($Options.ShowSectionInfo) { + Paragraph "Azure Bastion is a service you deploy that lets you connect to a virtual machine using your browser and the Azure portal, or via the native SSH or RDP client already installed on your local computer." + BlankLine + Paragraph "The Azure Bastion service is a fully platform-managed PaaS service that you provision inside your virtual network. It provides secure and seamless RDP/SSH connectivity to your virtual machines directly from the Azure portal over TLS. When you connect via Azure Bastion, your virtual machines don't need a public IP address, agent, or special client software." + BlankLine + Paragraph "Bastion provides secure RDP and SSH connectivity to all of the VMs in the virtual network in which it is provisioned. Using Azure Bastion protects your virtual machines from exposing RDP/SSH ports to the outside world, while still providing secure access using RDP/SSH." + BlankLine + Try { + Image -Text 'Bastion Architecture' -Align 'Center' -Percent 45 -Base64 "" + BlankLine + } Catch { + Write-PScriboMessage -IsWarning "Unable to display Bastion image." + } + } + $AzBastionInfo = @() + foreach ($AzBastion in $AzBastions) { + $InObj = [Ordered]@{ + 'Name' = $AzBastion.Name + 'Resource Group' = $AzBastion.ResourceGroupName + 'Location' = $AzLocationLookup."$($AzBastion.Location)" + 'Subscription' = "$($AzSubscriptionLookup.(($AzBastion.Id).split('/')[2]))" + 'Virtual Network / Subnet' = $AzBastion.IpConfigurations.subnet.id.split('/')[-1] + 'Public DNS Name' = $AzBastion.DnsName + 'Public IP Address' = $AzBastion.IpConfigurations.publicipaddress.id.split('/')[-1] + } - if ($InfoLevel.Bastion -ge 2) { - Paragraph "The following sections detail the configuration of the bastions within the $($AzSubscription.Name) subscription." - foreach ($AzBastion in $AzBastionInfo) { - Section -Style NOTOCHeading5 -ExcludeFromTOC "$($AzBastion.Name)" { + if ($Options.ShowTags) { + $InObj['Tags'] = If ([string]::IsNullOrEmpty($AzBastion.Tag)) { + 'None' + } else { + ($AzBastion.Tag.GetEnumerator() | ForEach-Object { "$($_.Name):`t$($_.Value)" }) -join [Environment]::NewLine + } + } + + $AzBastionInfo += [PSCustomObject]$InObj + } + + if ($InfoLevel.Bastion -ge 2) { + Paragraph "The following sections detail the configuration of the bastions within the $($AzSubscription.Name) subscription." + foreach ($AzBastion in $AzBastionInfo) { + Section -Style NOTOCHeading5 -ExcludeFromTOC "$($AzBastion.Name)" { + $TableParams = @{ + Name = "Bastion - $($AzBastion.Name)" + List = $true + ColumnWidths = 40, 60 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $AzBastion | Table @TableParams + } + } + } else { + Paragraph "The following table summarises the configuration of the bastions within the $($AzSubscription.Name) subscription." + BlankLine $TableParams = @{ - Name = "Bastion - $($AzBastion.Name)" - List = $true - ColumnWidths = 50, 50 + Name = "Bastions - $($AzSubscription.Name)" + List = $false + Columns = 'Name', 'Resource Group', 'Location', 'Public IP Address' + ColumnWidths = 25, 25, 25, 25 } if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $AzBastion | Table @TableParams + $AzBastionInfo | Table @TableParams } } - } else { - Paragraph "The following table summarises the configuration of the bastions within the $($AzSubscription.Name) subscription." - BlankLine - $TableParams = @{ - Name = "Bastions - $($AzSubscription.Name)" - List = $false - Columns = 'Name', 'Resource Group', 'Location', 'Public IP Address' - ColumnWidths = 25, 25, 25, 25 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - $AzBastionInfo | Table @TableParams } } + } Catch { + Write-PScriboMessage -IsWarning $($_.Exception.Message) } } diff --git a/Src/Private/Get-AbrAzExpressRouteCircuit.ps1 b/Src/Private/Get-AbrAzExpressRouteCircuit.ps1 index 70055f5..3e5d447 100644 --- a/Src/Private/Get-AbrAzExpressRouteCircuit.ps1 +++ b/Src/Private/Get-AbrAzExpressRouteCircuit.ps1 @@ -1,11 +1,11 @@ function Get-AbrAzExpressRouteCircuit { <# .SYNOPSIS - Used by As Built Report to retrieve Azure ExpressRoute Circuit information + Used by As Built Report to retrieve Azure ExpressRoute Circuit information .DESCRIPTION .NOTES - Version: 0.1.1 + Version: 0.1.2 Author: Tim Carman Twitter: @tpcarman Github: tpcarman @@ -23,74 +23,90 @@ function Get-AbrAzExpressRouteCircuit { } process { - $AzExpressRouteCircuits = Get-AzExpressRouteCircuit | Sort-Object Name - if (($InfoLevel.ExpressRoute -gt 0) -and ($AzExpressRouteCircuits)) { - Write-PscriboMessage "Collecting ExpressRoute Circuit information." - Section -Style Heading4 'ExpressRoute Circuit' { - if ($Options.ShowSectionInfo) { - Paragraph "An ExpressRoute circuit allows a private dedicated connection into Azure with the help of a connectivity provider." - BlankLine - } - $AzExpressRouteCircuitInfo = @() - foreach ($AzExpressRouteCircuit in $AzExpressRouteCircuits) { - $InObj = [Ordered]@{ - 'Name' = $AzExpressRouteCircuit.Name - 'Resource Group' = $AzExpressRouteCircuit.ResourceGroupName - 'Location' = $AzLocationLookup."$($AzExpressRouteCircuit.Location)" - 'Subscription' = "$($AzSubscriptionLookup.(($AzExpressRouteCircuit.Id).split('/')[2]))" - 'Circuit Status' = $AzExpressRouteCircuit.CircuitProvisioningState - 'Provider' = $AzExpressRouteCircuit.ServiceProviderProperties.ServiceProviderName - 'Provider Status' = $AzExpressRouteCircuit.ServiceProviderProvisioningState - 'Peering Location' = $AzExpressRouteCircuit.ServiceProviderProperties.PeeringLocation - 'Bandwidth' = "$($AzExpressRouteCircuit.ServiceProviderProperties.BandwidthInMbps) Mbps" - 'Service Key' = $AzExpressRouteCircuit.ServiceKey - 'SKU' = $AzExpressRouteCircuit.Sku.Tier - 'Billing Model' = Switch ($AzExpressRouteCircuit.Sku.Family) { - 'MeteredData' { 'Metered' } - default { $AzExpressRouteCircuit.Sku.Family } + Try { + if ($InfoLevel.ExpressRoute -gt 0) { + $AzExpressRouteCircuits = Get-AzExpressRouteCircuit | Sort-Object Name + if ($AzExpressRouteCircuits) { + Write-PScriboMessage "Collecting ExpressRoute Circuit information." + Section -Style Heading4 'ExpressRoute Circuit' { + if ($Options.ShowSectionInfo) { + Paragraph "An ExpressRoute circuit allows a private dedicated connection into Azure with the help of a connectivity provider." + BlankLine } - 'Allow Classic Operations' = Switch ($AzExpressRouteCircuit.AllowClassicOperations) { - $true { 'On' } - $false { 'Off' } + $AzExpressRouteCircuitInfo = @() + foreach ($AzExpressRouteCircuit in $AzExpressRouteCircuits) { + $InObj = [Ordered]@{ + 'Name' = $AzExpressRouteCircuit.Name + 'Resource Group' = $AzExpressRouteCircuit.ResourceGroupName + 'Location' = $AzLocationLookup."$($AzExpressRouteCircuit.Location)" + 'Subscription' = "$($AzSubscriptionLookup.(($AzExpressRouteCircuit.Id).split('/')[2]))" + 'Circuit Status' = $AzExpressRouteCircuit.CircuitProvisioningState + 'Provider' = $AzExpressRouteCircuit.ServiceProviderProperties.ServiceProviderName + 'Provider Status' = $AzExpressRouteCircuit.ServiceProviderProvisioningState + 'Peering Location' = $AzExpressRouteCircuit.ServiceProviderProperties.PeeringLocation + 'Bandwidth' = "$($AzExpressRouteCircuit.ServiceProviderProperties.BandwidthInMbps) Mbps" + 'Service Key' = $AzExpressRouteCircuit.ServiceKey + 'SKU' = $AzExpressRouteCircuit.Sku.Tier + 'Billing Model' = Switch ($AzExpressRouteCircuit.Sku.Family) { + 'MeteredData' { 'Metered' } + default { $AzExpressRouteCircuit.Sku.Family } + } + 'Allow Classic Operations' = if ($AzExpressRouteCircuit.AllowClassicOperations) { + 'On' + } else { + 'Off' + } + ##ToDo: Peerings + } + + if ($Options.ShowTags) { + $InObj['Tags'] = if ([string]::IsNullOrEmpty($AzExpressRouteCircuit.Tags)) { + 'None' + } else { + ($AzExpressRouteCircuit.Tags.GetEnumerator() | ForEach-Object { "$($_.Key):`t$($_.Value)" }) -join [Environment]::NewLine + } + } + + $AzExpressRouteCircuitInfo += [PSCustomObject]$InObj } - ##ToDo: Peerings - } - $AzExpressRouteCircuitInfo += [PSCustomObject]$InObj - } - if ($Healthcheck.ExpressRoute.CircuitStatus) { - $AzExpressRouteCircuitInfo | Where-Object { $_.'Circuit Status' -ne 'Enabled' } | Set-Style -Style Critical -Property 'Circuit Status' - } - if ($InfoLevel.ExpressRoute -ge 2) { - Paragraph "The following sections detail the configuration of the ExpressRoute circuits within the $($AzSubscription.Name) subscription." - foreach ($AzExpressRouteCircuit in $AzExpressRouteCircuitInfo) { - Section -Style NOTOCHeading5 -ExcludeFromTOC "$($AzExpressRouteCircuit.Name)" { + if ($Healthcheck.ExpressRoute.CircuitStatus) { + $AzExpressRouteCircuitInfo | Where-Object { $_.'Circuit Status' -ne 'Enabled' } | Set-Style -Style Critical -Property 'Circuit Status' + } + if ($InfoLevel.ExpressRoute -ge 2) { + Paragraph "The following sections detail the configuration of the ExpressRoute circuits within the $($AzSubscription.Name) subscription." + foreach ($AzExpressRouteCircuit in $AzExpressRouteCircuitInfo) { + Section -Style NOTOCHeading5 -ExcludeFromTOC "$($AzExpressRouteCircuit.Name)" { + $TableParams = @{ + Name = "ExpressRoute Circuit - $($AzExpressRouteCircuit.Name)" + List = $true + ColumnWidths = 40, 60 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $AzExpressRouteCircuit | Table @TableParams + } + } + } else { + Paragraph "The following table summarises the configuration of the ExpressRoute circuits within the $($AzSubscription.Name) subscription." + BlankLine $TableParams = @{ - Name = "ExpressRoute Circuit - $($AzExpressRouteCircuit.Name)" - List = $true - ColumnWidths = 50, 50 + Name = "ExpressRoute Circuits - $($AzSubscription.Name)" + List = $false + Columns = 'Name', 'Resource Group', 'Location', 'Circuit Status' + ColumnWidths = 25, 25, 25, 25 } if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $AzExpressRouteCircuit | Table @TableParams + $AzExpressRouteCircuitInfo | Table @TableParams } } - } else { - Paragraph "The following table summarises the configuration of the ExpressRoute circuits within the $($AzSubscription.Name) subscription." - BlankLine - $TableParams = @{ - Name = "ExpressRoute Circuits - $($AzSubscription.Name)" - List = $false - Columns = 'Name', 'Resource Group', 'Location', 'Circuit Status' - ColumnWidths = 25, 25, 25, 25 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - $AzExpressRouteCircuitInfo | Table @TableParams } } + } Catch { + Write-PScriboMessage -IsWarning $($_.Exception.Message) } } diff --git a/Src/Private/Get-AbrAzFirewall.ps1 b/Src/Private/Get-AbrAzFirewall.ps1 index cd50320..eade1ec 100644 --- a/Src/Private/Get-AbrAzFirewall.ps1 +++ b/Src/Private/Get-AbrAzFirewall.ps1 @@ -1,11 +1,11 @@ function Get-AbrAzFirewall { <# .SYNOPSIS - Used by As Built Report to retrieve Azure Firewall information + Used by As Built Report to retrieve Azure Firewall information .DESCRIPTION .NOTES - Version: 0.1.1 + Version: 0.1.2 Author: Tim Carman Twitter: @tpcarman Github: tpcarman @@ -23,81 +23,98 @@ function Get-AbrAzFirewall { } process { - $AzFirewalls = Get-AzFirewall | Sort-Object Name - if (($InfoLevel.Firewall -gt 0) -and ($AzFirewalls)) { - Write-PscriboMessage "Collecting Azure Firewall information." - Section -Style Heading4 'Firewalls' { - if ($Options.ShowSectionInfo) { - Paragraph "Azure Firewall is a cloud-native and intelligent network firewall security service that provides the best of breed threat protection for your cloud workloads running in Azure. It's a fully stateful, firewall as a service with built-in high availability and unrestricted cloud scalability. It provides both east-west and north-south traffic inspection." - BlankLine - } - $AzFirewallInfo = @() - foreach ($AzFirewall in $AzFirewalls) { - $InObj = [Ordered]@{ - 'Name' = $AzFirewall.Name - 'Resource Group' = $AzFirewall.ResourceGroupName - 'Location' = $AzLocationLookup."$($AzFirewall.Location)" - 'Subscription' = "$($AzSubscriptionLookup.(($AzFirewall.Id).split('/')[2]))" - 'Provisioning State' = $AzFirewall.ProvisioningState - <# - 'DNS Server' = Switch ($AzFirewall.DNSServer) { - $null { 'Default (Azure provided' } - default { ($AzFirewall.DNSServer) -join ', ' } + Try { + if ($InfoLevel.Firewall -gt 0) { + $AzFirewalls = Get-AzFirewall | Sort-Object Name + if ($AzFirewalls) { + Write-PScriboMessage "Collecting Azure Firewall information." + Section -Style Heading4 'Firewalls' { + if ($Options.ShowSectionInfo) { + Paragraph "Azure Firewall is a cloud-native and intelligent network firewall security service that provides the best of breed threat protection for your cloud workloads running in Azure. It's a fully stateful, firewall as a service with built-in high availability and unrestricted cloud scalability. It provides both east-west and north-south traffic inspection." + BlankLine } - 'DNS Proxy' = Switch ($AzFirewall.DNSEnableProxy) { - $true { 'Enabled' } - $false { 'Disabled' } + $AzFirewallInfo = @() + foreach ($AzFirewall in $AzFirewalls) { + $InObj = [Ordered]@{ + 'Name' = $AzFirewall.Name + 'Resource Group' = $AzFirewall.ResourceGroupName + 'Location' = $AzLocationLookup."$($AzFirewall.Location)" + 'Subscription' = "$($AzSubscriptionLookup.(($AzFirewall.Id).split('/')[2]))" + 'Provisioning State' = $AzFirewall.ProvisioningState + <# + 'DNS Server' = if ($AzFirewall.DNSServer) { + ($AzFirewall.DNSServer) -join ', ' + } else { + 'Default (Azure provided' + } + 'DNS Proxy' = if ($AzFirewall.DNSEnableProxy) { + 'Enabled' + } else { + 'Disabled' + } + 'Firewall Subnet' = ($AzFirewall.IpConfigurations | Where-Object {$_.Name -eq 'AzureFirewallIpConfiguration0'}).Subnet.Id.Split('/')[-1] + 'Firewall Public IP' = ($AzFirewall.IpConfigurations | Where-Object {$_.Name -eq 'AzureFirewallIpConfiguration0'}).PublicIpAddress.Id.Split('/')[-1] + 'Firewall Private IP' = ($AzFirewall.IpConfigurations | Where-Object {$_.Name -eq 'AzureFirewallIpConfiguration0'}).PrivateIpAddress + #> + 'Firewall SKU' = $AzFirewall.Sku.Tier + 'NAT Rule Collections' = $AzFirewall.NatkRuleCollections.Count + 'Network Rule Collections' = $AzFirewall.NetworkRuleCollections.Count + 'Application Rule Collections' = $AzFirewall.ApplicationRuleCollections.Count + ##ToDo: App Rules + } + + if ($Options.ShowTags) { + $InObj['Tags'] = if ([string]::IsNullOrEmpty($AzFirewall.Tag)) { + 'None' + } else { + ($AzFirewall.Tag.GetEnumerator() | ForEach-Object { "$($_.Name):`t$($_.Value)" }) -join [Environment]::NewLine + } + } + + $AzFirewallInfo += [PSCustomObject]$InObj } - 'Firewall Subnet' = ($AzFirewall.IpConfigurations | Where-Object {$_.Name -eq 'AzureFirewallIpConfiguration0'}).Subnet.Id.Split('/')[-1] - 'Firewall Public IP' = ($AzFirewall.IpConfigurations | Where-Object {$_.Name -eq 'AzureFirewallIpConfiguration0'}).PublicIpAddress.Id.Split('/')[-1] - 'Firewall Private IP' = ($AzFirewall.IpConfigurations | Where-Object {$_.Name -eq 'AzureFirewallIpConfiguration0'}).PrivateIpAddress - #> - 'Firewall SKU' = $AzFirewall.Sku.Tier - 'NAT Rule Collections' = $AzFirewall.NatkRuleCollections.Count - 'Network Rule Collections' = $AzFirewall.NetworkRuleCollections.Count - 'Application Rule Collections' = $AzFirewall.ApplicationRuleCollections.Count - ##ToDo: App Rules - } - $AzFirewallInfo += [PSCustomObject]$InObj - } - if ($InfoLevel.Firewall -ge 2) { - Paragraph "The following sections detail the configuration of the firewalls within the $($AzSubscription.Name) subscription." - foreach ($AzFirewall in $AzFirewallInfo) { - Section -Style NOTOCHeading5 -ExcludeFromTOC "$($AzFirewall.Name)" { + if ($InfoLevel.Firewall -ge 2) { + Paragraph "The following sections detail the configuration of the firewalls within the $($AzSubscription.Name) subscription." + foreach ($AzFirewall in $AzFirewallInfo) { + Section -Style NOTOCHeading5 -ExcludeFromTOC "$($AzFirewall.Name)" { + $TableParams = @{ + Name = "Firewall - $($AzFirewall.Name)" + List = $true + ColumnWidths = 40, 60 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $AzFirewall | Table @TableParams + + # Get NAT Collection Rules + Get-AbrAzFirewallNatRule -Name $AzFirewall.Name + + # Get Network Collection Rules + Get-AbrAzFirewallNetworkRule -Name $AzFirewall.Name + } + } + } else { + Paragraph "The following table summarises the configuration of the firewalls within the $($AzSubscription.Name) subscription." + BlankLine $TableParams = @{ - Name = "Firewall - $($AzFirewall.Name)" - List = $true - ColumnWidths = 50, 50 + Name = "Firewalls - $($AzSubscription.Name)" + List = $false + Headers = 'Name', 'Resource Group', 'Location', 'NAT Rules', 'Network Rules', 'App Rules' + Columns = 'Name', 'Resource Group', 'Location', 'NAT Rule Collections', 'Network Rule Collections', 'Application Rule Collections' + ColumnWidths = 25, 21, 21, 11, 11, 11 } if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $AzFirewall | Table @TableParams - - # Get NAT Collection Rules - Get-AbrAzFirewallNatRule -Name $AzFirewall.Name - - # Get Network Collection Rules - Get-AbrAzFirewallNetworkRule -Name $AzFirewall.Name + $AzFirewallInfo | Table @TableParams } } - } else { - Paragraph "The following table summarises the configuration of the firewalls within the $($AzSubscription.Name) subscription." - BlankLine - $TableParams = @{ - Name = "Firewalls - $($AzSubscription.Name)" - List = $false - Headers = 'Name', 'Resource Group', 'Location', 'NAT Rules', 'Network Rules', 'App Rules' - Columns = 'Name', 'Resource Group', 'Location', 'NAT Rule Collections', 'Network Rule Collections', 'Application Rule Collections' - ColumnWidths = 25, 21, 21, 11, 11, 11 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - $AzFirewallInfo | Table @TableParams } } + } Catch { + Write-PScriboMessage -IsWarning $($_.Exception.Message) } } diff --git a/Src/Private/Get-AbrAzFirewallNatRule.ps1 b/Src/Private/Get-AbrAzFirewallNatRule.ps1 index e5c9a50..e93a87e 100644 --- a/Src/Private/Get-AbrAzFirewallNatRule.ps1 +++ b/Src/Private/Get-AbrAzFirewallNatRule.ps1 @@ -1,7 +1,7 @@ function Get-AbrAzFirewallNatRule { <# .SYNOPSIS - Used by As Built Report to retrieve Azure Firewall NAT Colletion Rule information + Used by As Built Report to retrieve Azure Firewall NAT Colletion Rule information .DESCRIPTION .NOTES @@ -27,75 +27,75 @@ function Get-AbrAzFirewallNatRule { begin {} process { - $AzFirewall = Get-AzFirewall -Name $Name - $NatRuleCollections = $AzFirewall.NatRuleCollections - if ($NatRuleCollections) { - Write-PScriboMessage "Collecting Azure Firewall NAT Rule Collections information." - Section -Style NOTOCHeading6 -ExcludeFromTOC 'NAT Rule Collections' { - $NatRuleCollectionInfo = @() - foreach ($NatRuleCollection in ($NatRuleCollections | Sort-Object Priority)) { - $InObj = [Ordered]@{ - 'Priority' = $NatRuleCollection.Priority - 'Name' = $NatRuleCollection.Name - 'Action' = $NatRuleCollection.Action.Type - 'Rules' = ($NatRuleCollection.Rules).Count + Try { + $AzFirewall = Get-AzFirewall -Name $Name + $NatRuleCollections = $AzFirewall.NatRuleCollections + if ($NatRuleCollections) { + Write-PScriboMessage "Collecting Azure Firewall NAT Rule Collections information." + Section -Style NOTOCHeading6 -ExcludeFromTOC 'NAT Rule Collections' { + $NatRuleCollectionInfo = @() + foreach ($NatRuleCollection in ($NatRuleCollections | Sort-Object Priority)) { + $InObj = [Ordered]@{ + 'Priority' = $NatRuleCollection.Priority + 'Name' = $NatRuleCollection.Name + 'Action' = $NatRuleCollection.Action.Type + 'Rules' = ($NatRuleCollection.Rules).Count + } + $NatRuleCollectionInfo += [PSCustomObject]$InObj } - $NatRuleCollectionInfo += [PSCustomObject]$InObj - } - $TableParams = @{ - Name = "NAT Rule Collections" - List = $false - ColumnWidths = 15, 55, 15, 15 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name) - $($Name)" - } - $NatRuleCollectionInfo | Table @TableParams + $TableParams = @{ + Name = "NAT Rule Collections" + List = $false + ColumnWidths = 15, 55, 15, 15 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name) - $($Name)" + } + $NatRuleCollectionInfo | Table @TableParams - if ($InfoLevel.Firewall -ge 3) { - foreach ($NatRuleCollection in ($NatRuleCollections | Sort-Object Name)) { - Section -Style NOTOCHeading7 -ExcludeFromTOC $($NatRuleCollection.Name) { - $NatRuleInfo = @() - foreach ($NatRule in $($NatRuleCollection.Rules)) { - $InObj = [Ordered]@{ - 'Name' = $NatRule.Name - 'Protocols' = $NatRule.Protocols -join ', ' - 'Source Type' = & { - if ($NatRule.SourceAddresses) { + if ($InfoLevel.Firewall -ge 3) { + foreach ($NatRuleCollection in ($NatRuleCollections | Sort-Object Name)) { + Section -Style NOTOCHeading7 -ExcludeFromTOC $($NatRuleCollection.Name) { + $NatRuleInfo = @() + foreach ($NatRule in $($NatRuleCollection.Rules)) { + $InObj = [Ordered]@{ + 'Name' = $NatRule.Name + 'Protocols' = $NatRule.Protocols -join ', ' + 'Source Type' = if ($NatRule.SourceAddresses) { 'IP Address' } else { 'IP Group' } - } - 'Source' = & { - if ($NatRule.SourceAddresses) { + 'Source' = if ($NatRule.SourceAddresses) { $NatRule.SourceAddresses -join ', ' } elseif ($NatRule.SourceIpGroups) { ($NatRule.SourceIpGroups | ForEach-Object {$_.split('/')[-1]}) -join ', ' } + 'Destination Addresses' = $NatRule.DestinationAddresses -join ', ' + 'Destination Ports' = $NatRule.DestinationPorts -join ', ' + 'Translated Address' = $NatRule.TranslatedAddress + 'Translated Port' = $NatRule.TranslatedPort } - 'Destination Addresses' = $NatRule.DestinationAddresses -join ', ' - 'Destination Ports' = $NatRule.DestinationPorts -join ', ' - 'Translated Address' = $NatRule.TranslatedAddress - 'Translated Port' = $NatRule.TranslatedPort + $NatRuleInfo += [PSCustomObject]$InObj } - $NatRuleInfo += [PSCustomObject]$InObj - } - $TableParams = @{ - Name = "NAT Rule $($NatRuleCollection.Name) - $($Name)" - List = $false - ColumnWidths = 16, 12, 12, 12, 12, 12, 12, 12 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" + $TableParams = @{ + Name = "NAT Rule $($NatRuleCollection.Name) - $($Name)" + List = $false + ColumnWidths = 16, 12, 12, 12, 12, 12, 12, 12 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $NatRuleInfo | Table @TableParams } - $NatRuleInfo | Table @TableParams } } } } + } Catch { + Write-PScriboMessage -IsWarning $($_.Exception.Message) } } diff --git a/Src/Private/Get-AbrAzFirewallNetworkRule.ps1 b/Src/Private/Get-AbrAzFirewallNetworkRule.ps1 index d066063..fb96d1a 100644 --- a/Src/Private/Get-AbrAzFirewallNetworkRule.ps1 +++ b/Src/Private/Get-AbrAzFirewallNetworkRule.ps1 @@ -1,7 +1,7 @@ function Get-AbrAzFirewallNetworkRule { <# .SYNOPSIS - Used by As Built Report to retrieve Azure Firewall Network Collection Rule information + Used by As Built Report to retrieve Azure Firewall Network Collection Rule information .DESCRIPTION .NOTES @@ -27,145 +27,133 @@ function Get-AbrAzFirewallNetworkRule { begin {} process { - $AzFirewall = Get-AzFirewall -Name $Name - $NetworkRuleCollections = $AzFirewall.NetworkRuleCollections - if ($NetworkRuleCollections) { - Write-PScriboMessage "Collecting Azure Firewall Network Rule Collections information." - Section -Style NOTOCHeading5 -ExcludeFromTOC 'Network Rule Collections' { - $NetworkRuleCollectionInfo = @() - foreach ($NetworkRuleCollection in ($NetworkRuleCollections | Sort-Object Priority)) { - $InObj = [Ordered]@{ - 'Priority' = $NetworkRuleCollection.Priority - 'Name' = $NetworkRuleCollection.Name - 'Action' = $NetworkRuleCollection.Action.Type - 'Rules' = ($NetworkRuleCollection.Rules).Count + Try { + $AzFirewall = Get-AzFirewall -Name $Name + $NetworkRuleCollections = $AzFirewall.NetworkRuleCollections + if ($NetworkRuleCollections) { + Write-PScriboMessage "Collecting Azure Firewall Network Rule Collections information." + Section -Style NOTOCHeading5 -ExcludeFromTOC 'Network Rule Collections' { + $NetworkRuleCollectionInfo = @() + foreach ($NetworkRuleCollection in ($NetworkRuleCollections | Sort-Object Priority)) { + $InObj = [Ordered]@{ + 'Priority' = $NetworkRuleCollection.Priority + 'Name' = $NetworkRuleCollection.Name + 'Action' = $NetworkRuleCollection.Action.Type + 'Rules' = ($NetworkRuleCollection.Rules).Count + } + $NetworkRuleCollectionInfo += [PSCustomObject]$InObj } - $NetworkRuleCollectionInfo += [PSCustomObject]$InObj - } - $TableParams = @{ - Name = "Network Rule Collections" - List = $false - ColumnWidths = 15, 55, 15, 15 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name) - $($Name)" - } - $NetworkRuleCollectionInfo | Table @TableParams + $TableParams = @{ + Name = "Network Rule Collections" + List = $false + ColumnWidths = 15, 55, 15, 15 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name) - $($Name)" + } + $NetworkRuleCollectionInfo | Table @TableParams - if ($InfoLevel.Firewall -ge 3) { - foreach ($NetworkRuleCollection in ($NetworkRuleCollections | Sort-Object Name)) { - if ($NetworkRuleCollection.Action.Type -eq 'Allow') { - Section -Style NOTOCHeading6 -ExcludeFromTOC $($NetworkRuleCollection.Name) { - $NetworkAllowRules = $NetworkRuleCollection.Rules | Where-Object {$NetworkRuleCollection.Action.Type -eq 'Allow'} - $AllowRuleInfo = @() - foreach ($AllowRule in $NetworkAllowRules) { - $InObj = [Ordered]@{ - 'Name' = $AllowRule.Name - 'Protocols' = $AllowRule.Protocols -join ', ' - 'Source Type' = & { - if ($AllowRule.SourceAddresses) { + if ($InfoLevel.Firewall -ge 3) { + foreach ($NetworkRuleCollection in ($NetworkRuleCollections | Sort-Object Name)) { + if ($NetworkRuleCollection.Action.Type -eq 'Allow') { + Section -Style NOTOCHeading6 -ExcludeFromTOC $($NetworkRuleCollection.Name) { + $NetworkAllowRules = $NetworkRuleCollection.Rules | Where-Object {$NetworkRuleCollection.Action.Type -eq 'Allow'} + $AllowRuleInfo = @() + foreach ($AllowRule in $NetworkAllowRules) { + $InObj = [Ordered]@{ + 'Name' = $AllowRule.Name + 'Protocols' = $AllowRule.Protocols -join ', ' + 'Source Type' = if ($AllowRule.SourceAddresses) { 'IP Address' } else { 'IP Group' } - } - 'Source' = & { - if ($AllowRule.SourceAddresses) { + 'Source' = if ($AllowRule.SourceAddresses) { $AllowRule.SourceAddresses -join ', ' } elseif ($AllowRule.SourceIpGroups) { ($AllowRule.SourceIpGroups | ForEach-Object {$_.split('/')[-1]}) -join ', ' } - } - 'Destination Type' = & { - if ($AllowRule.DestinationAddresses) { + 'Destination Type' = if ($AllowRule.DestinationAddresses) { 'IP Address' } else { 'IP Group' } - } - 'Destination' = & { - if ($AllowRule.DestinationAddresses) { + 'Destination' = if ($AllowRule.DestinationAddresses) { $AllowRule.DestinationAddresses -join ', ' } elseif ($AllowRule.DestinationIpGroups) { ($AllowRule.DestinationIpGroups | ForEach-Object {$_.split('/')[-1]}) -join ', ' } elseif ($AllowRule.DestinationFqdns) { ($AllowRule.DestinationFqdns | ForEach-Object {$_.split('/')[-1]}) -join ', ' } + 'Destination Ports' = $AllowRule.DestinationPorts -join ', ' } - 'Destination Ports' = $AllowRule.DestinationPorts -join ', ' + $AllowRuleInfo += [PSCustomObject]$InObj } - $AllowRuleInfo += [PSCustomObject]$InObj - } - $TableParams = @{ - Name = "Network Allow Rule $($NetworkRuleCollection.Name) - $($Name)" - List = $false - ColumnWidths = 15, 12, 10, 19, 10, 19, 15 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" + $TableParams = @{ + Name = "Network Allow Rule $($NetworkRuleCollection.Name) - $($Name)" + List = $false + ColumnWidths = 15, 12, 10, 19, 10, 19, 15 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $AllowRuleInfo | Table @TableParams } - $AllowRuleInfo | Table @TableParams } - } - if ($NetworkRuleCollection.Action.Type -eq 'Deny') { - Section -Style NOTOCHeading6 -ExcludeFromTOC $($NetworkRuleCollection.Name) { - $NetworkDenyRules = $NetworkRuleCollection.Rules | Where-Object {$NetworkRuleCollection.Action.Type -eq 'Deny'} - $DenyRuleInfo = @() - foreach ($DenyRule in $NetworkDenyRules) { - $InObj = [Ordered]@{ - 'Name' = $DenyRule.Name - 'Protocols' = $DenyRule.Protocols -join ', ' - 'Source Type' = & { - if ($DenyRule.SourceAddresses) { + if ($NetworkRuleCollection.Action.Type -eq 'Deny') { + Section -Style NOTOCHeading6 -ExcludeFromTOC $($NetworkRuleCollection.Name) { + $NetworkDenyRules = $NetworkRuleCollection.Rules | Where-Object {$NetworkRuleCollection.Action.Type -eq 'Deny'} + $DenyRuleInfo = @() + foreach ($DenyRule in $NetworkDenyRules) { + $InObj = [Ordered]@{ + 'Name' = $DenyRule.Name + 'Protocols' = $DenyRule.Protocols -join ', ' + 'Source Type' = if ($DenyRule.SourceAddresses) { 'IP Address' } else { 'IP Group' } - } - 'Source' = & { - if ($DenyRule.SourceAddresses) { + 'Source' = if ($DenyRule.SourceAddresses) { $DenyRule.SourceAddresses -join ', ' } elseif ($DenyRule.SourceIpGroups) { ($DenyRule.SourceIpGroups | ForEach-Object {$_.split('/')[-1]}) -join ', ' } - } - 'Destination Type' = & { - if ($DenyRule.DestinationAddresses) { + 'Destination Type' = if ($DenyRule.DestinationAddresses) { 'IP Address' } else { 'IP Group' } - } - 'Destination' = & { - if ($DenyRule.DestinationAddresses) { + 'Destination' = if ($DenyRule.DestinationAddresses) { $DenyRule.DestinationAddresses -join ', ' } elseif ($DenyRule.DestinationIpGroups) { ($DenyRule.DestinationIpGroups | ForEach-Object {$_.split('/')[-1]}) -join ', ' } elseif ($DenyRule.DestinationFqdns) { ($DenyRule.DestinationFqdns | ForEach-Object {$_.split('/')[-1]}) -join ', ' } + 'Destination Ports' = $DenyRule.DestinationPorts -join ', ' } - 'Destination Ports' = $DenyRule.DestinationPorts -join ', ' + $DenyRuleInfo += [PSCustomObject]$InObj } - $DenyRuleInfo += [PSCustomObject]$InObj - } - $TableParams = @{ - Name = "Network Deny Rule $($NetworkRuleCollection.Name) - $($Name)" - List = $false - ColumnWidths = 15, 12, 10, 19, 10, 19, 15 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" + $TableParams = @{ + Name = "Network Deny Rule $($NetworkRuleCollection.Name) - $($Name)" + List = $false + ColumnWidths = 15, 12, 10, 19, 10, 19, 15 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $DenyRuleInfo | Table @TableParams } - $DenyRuleInfo | Table @TableParams } } } } } + } Catch { + Write-PScriboMessage -IsWarning $($_.Exception.Message) } } diff --git a/Src/Private/Get-AbrAzIpGroup.ps1 b/Src/Private/Get-AbrAzIpGroup.ps1 index 4e1d2ef..275abe3 100644 --- a/Src/Private/Get-AbrAzIpGroup.ps1 +++ b/Src/Private/Get-AbrAzIpGroup.ps1 @@ -1,11 +1,11 @@ function Get-AbrAzIpGroup { <# .SYNOPSIS - Used by As Built Report to retrieve Azure IP Group information + Used by As Built Report to retrieve Azure IP Group information .DESCRIPTION .NOTES - Version: 0.1.0 + Version: 0.1.1 Author: Tim Carman Twitter: @tpcarman Github: tpcarman @@ -23,66 +23,77 @@ function Get-AbrAzIpGroup { } process { - $AzIpGroups = Get-AzIpGroup | Sort-Object Name - if (($InfoLevel.IpGroup -gt 0) -and ($AzIpGroups)) { - Write-PscriboMessage "Collecting Azure IP Group information." - Section -Style Heading4 'IP Groups' { - $AzIpGroupInfo = @() - foreach ($AzIpGroup in $AzIpGroups) { - $InObj = [Ordered]@{ - 'Name' = $AzIpGroup.Name - 'Resource Group' = $AzIpGroup.ResourceGroupName - 'Location' = $AzLocationLookup."$($AzIpGroup.Location)" - 'Subscription' = "$($AzSubscriptionLookup.(($AzIpGroup.Id).split('/')[2]))" - 'Provisioning State' = $AzIpGroup.ProvisioningState - 'Firewalls' = & { - if ($AzIpGroup.Firewalls.id) { - ($AzIpGroup.Firewalls.id | ForEach-Object {$_.split('/')[-1]}) -join ', ' - } else { - 'None' + Try { + if ($InfoLevel.IpGroup -gt 0) { + $AzIpGroups = Get-AzIpGroup | Sort-Object Name + if ($AzIpGroups) { + Write-PScriboMessage "Collecting Azure IP Group information." + Section -Style Heading4 'IP Groups' { + $AzIpGroupInfo = @() + foreach ($AzIpGroup in $AzIpGroups) { + $InObj = [Ordered]@{ + 'Name' = $AzIpGroup.Name + 'Resource Group' = $AzIpGroup.ResourceGroupName + 'Location' = $AzLocationLookup."$($AzIpGroup.Location)" + 'Subscription' = "$($AzSubscriptionLookup.(($AzIpGroup.Id).split('/')[2]))" + 'Provisioning State' = $AzIpGroup.ProvisioningState + 'Firewalls' = if ($AzIpGroup.Firewalls.id) { + ($AzIpGroup.Firewalls.id | ForEach-Object { $_.split('/')[-1] }) -join ', ' + } else { + 'None' + } + 'IP Addresses' = if ($AzIpGroup.IpAddresses) { + $AzIpGroup.IpAddresses -join ', ' + } else { + 'None' + } } - } - 'IP Addresses' = & { - if ($AzIpGroup.IpAddresses) { - $AzIpGroup.IpAddresses -join ', ' - } else { - 'None' + + if ($Options.ShowTags) { + $InObj['Tags'] = if ([string]::IsNullOrEmpty($AzIpGroup.Tag)) { + 'None' + } else { + ($AzIpGroup.Tag.GetEnumerator() | ForEach-Object { "$($_.Name):`t$($_.Value)" }) -join [Environment]::NewLine + } } + + $AzIpGroupInfo += [PSCustomObject]$InObj } - } - $AzIpGroupInfo += [PSCustomObject]$InObj - } - if ($InfoLevel.IPGroup -ge 2) { - Paragraph "The following sections detail the configuration of the IP groups within the $($AzSubscription.Name) subscription." - foreach ($AzIpGroup in $AzIpGroupInfo) { - Section -Style NOTOCHeading5 -ExcludeFromTOC "$($AzIpGroup.Name)" { + if ($InfoLevel.IPGroup -ge 2) { + Paragraph "The following sections detail the configuration of the IP groups within the $($AzSubscription.Name) subscription." + foreach ($AzIpGroup in $AzIpGroupInfo) { + Section -Style NOTOCHeading5 -ExcludeFromTOC "$($AzIpGroup.Name)" { + $TableParams = @{ + Name = "IP Group - $($AzIpGroup.Name)" + List = $true + ColumnWidths = 40, 60 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $AzIpGroup | Table @TableParams + } + } + } else { + Paragraph "The following table summarises the configuration of the IP groups within the $($AzSubscription.Name) subscription." + BlankLine $TableParams = @{ - Name = "IP Group - $($AzIpGroup.Name)" - List = $true - ColumnWidths = 50, 50 + Name = "IP Groups - $($AzSubscription.Name)" + List = $false + Columns = 'Name', 'Resource Group', 'Location', 'IP Addresses' + ColumnWidths = 25, 25, 25, 25 } if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $AzIpGroup | Table @TableParams + $AzIpGroupInfo | Table @TableParams } } - } else { - Paragraph "The following table summarises the configuration of the IP groups within the $($AzSubscription.Name) subscription." - BlankLine - $TableParams = @{ - Name = "IP Groups - $($AzSubscription.Name)" - List = $false - Columns = 'Name', 'Resource Group', 'Location', 'IP Addresses' - ColumnWidths = 25, 25, 25, 25 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - $AzIpGroupInfo | Table @TableParams } } + } Catch { + Write-PScriboMessage -IsWarning $($_.Exception.Message) } } diff --git a/Src/Private/Get-AbrAzKeyVault.ps1 b/Src/Private/Get-AbrAzKeyVault.ps1 index 94846f2..a694d1a 100644 --- a/Src/Private/Get-AbrAzKeyVault.ps1 +++ b/Src/Private/Get-AbrAzKeyVault.ps1 @@ -1,7 +1,7 @@ function Get-AbrAzKeyVault { <# .SYNOPSIS - Used by As Built Report to retrieve Azure Key Vault information + Used by As Built Report to retrieve Azure Key Vault information .DESCRIPTION .NOTES @@ -23,65 +23,107 @@ function Get-AbrAzKeyVault { } process { - $AzKeyVaults = Get-AzKeyVault | Sort-Object VaultName - if (($InfoLevel.KeyVault -gt 0) -and ($AzKeyVaults)) { - Write-PscriboMessage "Collecting Azure Key Vault information." - Section -Style Heading4 'Key Vaults' { - if ($Options.ShowSectionInfo) { - Paragraph "Azure Key Vault is a key management solution which enables Azure users and applications to securely store and access keys, secrets, and certificates." - BlankLine - } - Paragraph "The following table summarises the configuration of the key vaults within the $($AzSubscription.Name) subscription." - BlankLine - $AzKeyVaultInfo = @() - foreach ($AzKeyVault in $AzKeyVaults) { - $InObj = [Ordered]@{ - 'Name' = $AzKeyVault.VaultName - 'Resource Group' = $AzKeyVault.ResourceGroupName - 'Location' = $AzLocationLookup."$($AzKeyVault.Location)" - 'Subscription' = "$($AzSubscriptionLookup.(($AzKeyVault.ResourceId).split('/')[2]))" - } - $AzKeyVaultInfo += [PSCustomObject]$InObj - } + Try { + if ($InfoLevel.KeyVault -gt 0) { + $AzKeyVaults = Get-AzKeyVault | Sort-Object VaultName + if ($AzKeyVaults) { + Write-PscriboMessage "Collecting Azure Key Vault information." + Section -Style Heading4 'Key Vaults' { + if ($Options.ShowSectionInfo) { + Paragraph "Azure Key Vault is a key management solution which enables Azure users and applications to securely store and access keys, secrets, and certificates." + BlankLine + } + Paragraph "The following table summarises the configuration of the key vaults within the $($AzSubscription.Name) subscription." + BlankLine + $AzKeyVaultInfo = @() + foreach ($AzKeyVault in $AzKeyVaults) { + $AzKeyVault = Get-AzKeyVault -Name $AzKeyVault.VaultName + $AzKeyVaultResourceAccess = @() + if ($AzKeyVault.EnabledForDeployment) { + $AzKeyVaultResourceAccess += 'Azure Virtual Machines for Deployment' + } + if ($AzKeyVault.EnabledForTemplateDeployment) { + $AzKeyVaultResourceAccess += 'Azure Resource Manager for Template Deployment' + } + if ($AzKeyVault.EnabledForDiskEncryption) { + $AzKeyVaultResourceAccess += 'Azure Disk Encryption for Volume Encryption' + } + $InObj = [Ordered]@{ + 'Name' = $AzKeyVault.VaultName + 'Resource Group' = $AzKeyVault.ResourceGroupName + 'Location' = $AzLocationLookup."$($AzKeyVault.Location)" + 'Subscription' = "$($AzSubscriptionLookup.(($AzKeyVault.ResourceId).split('/')[2]))" + 'Vault URI' = $AzKeyVault.VaultUri + 'Sku (Pricing Tier)' = $AzKeyVault.SKU + 'Resource Access' = if ($AzKeyVaultResourceAccess) { + $AzKeyVaultResourceAccess + } else { + 'No access enabled' + } + 'RBAC Authorization' = if ($AzKeyVault.EnableRbacAuthorization) { + 'Enabled' + } else { + 'Disabled' + } + 'Soft Delete' = if ($AzKeyVault.EnableSoftDelete) { + "Enabled ($($AzKeyVault.SoftDeleteRetentionInDays) days)" + } else { + 'Disabled' + } + 'Purge Protection' = if ($AzKeyVault.EnablePurgeProtection) { + 'Enabled' + } else { + 'Disabled' + } + 'Public Network Access' = if ($AzKeyVault.PublicNetworkAccess) { + 'Enabled' + } else { + 'Disabled' + } + } - <# - ##TODO: More info required use `Get-AzKeyVault -VaultName xxxx` to get more properties - SKU - Enabled for RBAC - Enabled for Disk Encryption - Enabled for Template Deployment - Soft Delete Enabled - Soft Delete Retention Period (days) - Purge Protection + if ($Options.ShowTags) { + $InObj['Tags'] = if ([string]::IsNullOrEmpty($AzKeyVault.Tags)) { + 'None' + } else { + ($AzKeyVault.Tags.GetEnumerator() | ForEach-Object { "$($_.Key):`t$($_.Value)" }) -join [Environment]::NewLine + } + } + + $AzKeyVaultInfo += [PSCustomObject]$InObj + } - if ($InfoLevel.KeyVault -ge 2) { - foreach ($AzKeyVault in $AzKeyVaultInfo) { - Section -Style Heading4 -ExcludeFromTOC "$($AzKeyVault.Name)" { + if ($InfoLevel.KeyVault -ge 2) { + foreach ($AzKeyVault in $AzKeyVaultInfo) { + Section -Style Heading4 -ExcludeFromTOC "$($AzKeyVault.Name)" { + $TableParams = @{ + Name = "Key Vault - $($AzKeyVault.Name)" + List = $true + ColumnWidths = 40, 60 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $AzKeyVault | Table @TableParams + } + } + } else { $TableParams = @{ - Name = "Key Vault - $($AzKeyVault.Name)" - List = $true - ColumnWidths = 50, 50 + Name = "Key Vaults - $($AzSubscription.Name)" + List = $false + Columns = 'Name', 'Resource Group', 'Location' + ColumnWidths = 33, 34, 33 } if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $AzKeyVault | Table @TableParams + $AzKeyVaultInfo | Table @TableParams } } - } else { - #> - $TableParams = @{ - Name = "Key Vaults - $($AzSubscription.Name)" - List = $false - Columns = 'Name', 'Resource Group', 'Location' - ColumnWidths = 33, 34, 33 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - $AzKeyVaultInfo | Table @TableParams - #} + } } + } Catch { + Write-PScriboMessage -IsWarning $($_.Exception.Message) } } diff --git a/Src/Private/Get-AbrAzLbBackendPool.ps1 b/Src/Private/Get-AbrAzLbBackendPool.ps1 index d8a8104..fed3cc6 100644 --- a/Src/Private/Get-AbrAzLbBackendPool.ps1 +++ b/Src/Private/Get-AbrAzLbBackendPool.ps1 @@ -1,7 +1,7 @@ function Get-AbrAzLbBackendPool { <# .SYNOPSIS - Used by As Built Report to retrieve Azure Load Balancer Backend Pool information + Used by As Built Report to retrieve Azure Load Balancer Backend Pool information .DESCRIPTION .NOTES @@ -27,34 +27,36 @@ function Get-AbrAzLbBackendPool { begin {} process { - $AzLbBackendPools = (Get-AzLoadBalancer -Name $Name).BackendAddressPools | Sort-Object Name - if ($AzLbBackendPools) { - Write-PscriboMessage "Collecting Azure Load Balancer Backend Pool information." - Section -Style NOTOCHeading6 -ExcludeFromTOC 'Backend Pools' { - $AzLbBackendPoolInfo = @() - foreach ($AzLbBackendPool in $AzLbBackendPools) { - $InObj = [Ordered]@{ - 'Name' = $AzLbBackendPool.Name - 'Load Balancing Rules' = & { - if ($AzLbBackendPool.LoadBalancingRules.Id) { + Try { + $AzLbBackendPools = (Get-AzLoadBalancer -Name $Name).BackendAddressPools | Sort-Object Name + if ($AzLbBackendPools) { + Write-PscriboMessage "Collecting Azure Load Balancer Backend Pool information." + Section -Style NOTOCHeading6 -ExcludeFromTOC 'Backend Pools' { + $AzLbBackendPoolInfo = @() + foreach ($AzLbBackendPool in $AzLbBackendPools) { + $InObj = [Ordered]@{ + 'Name' = $AzLbBackendPool.Name + 'Load Balancing Rules' = if ($AzLbBackendPool.LoadBalancingRules.Id) { ($AzLbBackendPool.LoadBalancingRules.Id | ForEach-Object {$_.split('/')[-1]}) -join ', ' } else { 'None' } } + $AzLbBackendPoolInfo = [PSCustomObject]$InObj } - $AzLbBackendPoolInfo = [PSCustomObject]$InObj - } - $TableParams = @{ - Name = "Backend Pools - $($Name)" - List = $false - ColumnWidths = 50, 50 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" + $TableParams = @{ + Name = "Backend Pools - $($Name)" + List = $false + ColumnWidths = 40, 60 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $AzLbBackendPoolInfo | Table @TableParams } - $AzLbBackendPoolInfo | Table @TableParams } + } Catch { + Write-PScriboMessage -IsWarning $($_.Exception.Message) } } diff --git a/Src/Private/Get-AbrAzLbFrontendIpConfig.ps1 b/Src/Private/Get-AbrAzLbFrontendIpConfig.ps1 index 4bcfd94..471f638 100644 --- a/Src/Private/Get-AbrAzLbFrontendIpConfig.ps1 +++ b/Src/Private/Get-AbrAzLbFrontendIpConfig.ps1 @@ -1,11 +1,11 @@ function Get-AbrAzLbFrontendIpConfig { <# .SYNOPSIS - Used by As Built Report to retrieve Azure Load Balancer Frontend IP Configuration information + Used by As Built Report to retrieve Azure Load Balancer Frontend IP Configuration information .DESCRIPTION .NOTES - Version: 0.1.0 + Version: 0.1.1 Author: Tim Carman Twitter: @tpcarman Github: tpcarman @@ -27,54 +27,64 @@ function Get-AbrAzLbFrontendIpConfig { begin {} process { - $AzLbFrontendIpConfigs = (Get-AzLoadBalancer -Name $Name).FrontendIpConfigurations | Sort-Object Name - if ($AzLbFrontendIpConfigs) { - Write-PscriboMessage "Collecting Azure Load Balancer Frontend IP Configuration information." - Section -Style NOTOCHeading6 -ExcludeFromTOC 'Frontend IP Configuration' { - foreach ($AzLbFrontendIpConfig in $AzLbFrontendIpConfigs) { - Section -Style NOTOCHeading7 -ExcludeFromTOC $($AzLbFrontendIpConfig.Name) { - $AzLbFrontendIpConfigInfo = @() - $InObj = [Ordered]@{ - 'Name' = $AzLbFrontendIpConfig.Name - 'Private IP Address' = Switch ($AzLbFrontendIpConfig.PrivateIpAddress) { - $null { '--' } - default { $AzLbFrontendIpConfig.PrivateIpAddress } + Try { + $AzLbFrontendIpConfigs = (Get-AzLoadBalancer -Name $Name).FrontendIpConfigurations | Sort-Object Name + if ($AzLbFrontendIpConfigs) { + Write-PscriboMessage "Collecting Azure Load Balancer Frontend IP Configuration information." + Section -Style NOTOCHeading6 -ExcludeFromTOC 'Frontend IP Configuration' { + foreach ($AzLbFrontendIpConfig in $AzLbFrontendIpConfigs) { + Section -Style NOTOCHeading7 -ExcludeFromTOC $($AzLbFrontendIpConfig.Name) { + $AzLbFrontendIpConfigInfo = @() + $InObj = [Ordered]@{ + 'Name' = $AzLbFrontendIpConfig.Name + 'Private IP Address' = if ($AzLbFrontendIpConfig.PrivateIpAddress) { + $AzLbFrontendIpConfig.PrivateIpAddress + } else { + 'None' + } + 'Private IP Allocation Method' = if ($AzLbFrontendIpConfig.PrivateIpAllocationMethod) { + $AzLbFrontendIpConfig.PrivateIpAllocationMethod + } else { + 'Unknown' + } + 'Public IP Address' = if ($AzLbFrontendIpConfig.PublicIpAddress) { + $AzLbFrontendIpConfig.PublicIpAddress + } else { + 'None' + } + 'Subnet' = iCloudFirefox.exe ($AzLbFrontendIpConfig.Subnet.Id) { + ($AzLbFrontendIpConfig.Subnet.Id).split('/')[-1] + } else { + 'None' + } + 'Load Balancing Rules' = if ($AzLbFrontendIpConfig.LoadBalancingRules.Id) { + ($AzLbFrontendIpConfig.LoadBalancingRules.Id).split('/')[-1] + } else { + 'None' + } + 'Inbound NAT Rules' = if ($AzLbFrontendIpConfig.InboundNatRules.Id) { + ($AzLbFrontendIpConfig.InboundNatRules.Id).split('/')[-1] + } else { + 'None' + } } - 'Private IP Allocation Method' = Switch ($AzLbFrontendIpConfig.PrivateIpAllocationMethod) { - $null { '--' } - default { $AzLbFrontendIpConfig.PrivateIpAllocationMethod } - } - 'Public IP Address' = Switch ($AzLbFrontendIpConfig.PublicIpAddress) { - $null { '--' } - default { $AzLbFrontendIpConfig.PublicIpAddress } - } - 'Subnet' = Switch ($AzLbFrontendIpConfig.Subnet.Id) { - $null { '--' } - default { ($AzLbFrontendIpConfig.Subnet.Id).split('/')[-1] } - } - 'Load Balancing Rules' = Switch ($AzLbFrontendIpConfig.LoadBalancingRules.Id) { - $null { 'None' } - default { ($AzLbFrontendIpConfig.LoadBalancingRules.Id).split('/')[-1] } + $AzLbFrontendIpConfigInfo += [PSCustomObject]$InObj + + $TableParams = @{ + Name = "Frontend IP Configuration - $($AzLbFrontendIpConfig.Name)" + List = $true + ColumnWidths = 40, 60 } - 'Inbound NAT Rules' = Switch ($AzLbFrontendIpConfig.InboundNatRules.Id) { - $null { 'None' } - default { ($AzLbFrontendIpConfig.InboundNatRules.Id).split('/')[-1] } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" } + $AzLbFrontendIpConfigInfo | Table @TableParams } - $AzLbFrontendIpConfigInfo += [PSCustomObject]$InObj - - $TableParams = @{ - Name = "Frontend IP Configuration - $($AzLbFrontendIpConfig.Name)" - List = $true - ColumnWidths = 50, 50 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - $AzLbFrontendIpConfigInfo | Table @TableParams } } } + } Catch { + Write-PScriboMessage -IsWarning $($_.Exception.Message) } } diff --git a/Src/Private/Get-AbrAzLbHealthProbe.ps1 b/Src/Private/Get-AbrAzLbHealthProbe.ps1 index e964666..e6e8a5e 100644 --- a/Src/Private/Get-AbrAzLbHealthProbe.ps1 +++ b/Src/Private/Get-AbrAzLbHealthProbe.ps1 @@ -1,7 +1,7 @@ function Get-AbrAzLbHealthProbe { <# .SYNOPSIS - Used by As Built Report to retrieve Azure Load Balancer Health Probe information + Used by As Built Report to retrieve Azure Load Balancer Health Probe information .DESCRIPTION .NOTES @@ -27,37 +27,41 @@ function Get-AbrAzLbHealthProbe { begin {} process { - $AzLbHealthProbes = (Get-AzLoadBalancer -Name $Name).Probes | Sort-Object Name - if ($AzLbHealthProbes) { - Write-PscriboMessage "Collecting Azure Load Balancer Health Probe information." - Section -Style NOTOCHeading6 -ExcludeFromTOC 'Health Probes' { - $AzLbHealthProbeInfo = @() - foreach ($AzLbHealthProbe in $AzLbHealthProbes) { - $InObj = [Ordered]@{ - 'Name' = $AzLbHealthProbe.Name - 'Protocol' = $AzLbHealthProbe.Protocol - 'Port' = $AzLbHealthProbe.Port - 'Interval' = "$($AzLbHealthProbe.IntervalInSeconds) secs" - 'Used By' = & { - if ($AzLbHealthProbe.LoadBalancingRules.Id) { - ($AzLbHealthProbe.LoadBalancingRules.Id | ForEach-Object {$_.split('/')[-1]}) -join ', ' - } else { - '--' + Try { + $AzLbHealthProbes = (Get-AzLoadBalancer -Name $Name).Probes | Sort-Object Name + if ($AzLbHealthProbes) { + Write-PscriboMessage "Collecting Azure Load Balancer Health Probe information." + Section -Style NOTOCHeading6 -ExcludeFromTOC 'Health Probes' { + $AzLbHealthProbeInfo = @() + foreach ($AzLbHealthProbe in $AzLbHealthProbes) { + $InObj = [Ordered]@{ + 'Name' = $AzLbHealthProbe.Name + 'Protocol' = $AzLbHealthProbe.Protocol + 'Port' = $AzLbHealthProbe.Port + 'Interval' = "$($AzLbHealthProbe.IntervalInSeconds) secs" + 'Used By' = & { + if ($AzLbHealthProbe.LoadBalancingRules.Id) { + ($AzLbHealthProbe.LoadBalancingRules.Id | ForEach-Object {$_.split('/')[-1]}) -join ', ' + } else { + '--' + } } } + $AzLbHealthProbeInfo += [PSCustomObject]$InObj } - $AzLbHealthProbeInfo += [PSCustomObject]$InObj - } - $TableParams = @{ - Name = "Health Probes - $($Name)" - List = $false - ColumnWidths = 20, 20, 20, 20, 20 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" + $TableParams = @{ + Name = "Health Probes - $($Name)" + List = $false + ColumnWidths = 20, 20, 20, 20, 20 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $AzLbHealthProbeInfo | Table @TableParams } - $AzLbHealthProbeInfo | Table @TableParams } + } Catch { + Write-PScriboMessage -IsWarning $($_.Exception.Message) } } diff --git a/Src/Private/Get-AbrAzLbInboundNatPool.ps1 b/Src/Private/Get-AbrAzLbInboundNatPool.ps1 index 1160273..87733cd 100644 --- a/Src/Private/Get-AbrAzLbInboundNatPool.ps1 +++ b/Src/Private/Get-AbrAzLbInboundNatPool.ps1 @@ -1,7 +1,7 @@ function Get-AbrAzLbInboundNatPool { <# .SYNOPSIS - Used by As Built Report to retrieve Azure Load Balancer Inbound NAT Pool information + Used by As Built Report to retrieve Azure Load Balancer Inbound NAT Pool information .DESCRIPTION .NOTES @@ -27,27 +27,31 @@ function Get-AbrAzLbInboundNatPool { begin {} process { - $AzLbInboundNatPools = (Get-AzLoadBalancer -Name $Name).InboundNatPools | Sort-Object Name - if ($AzLbInboundNatPools) { - Write-PscriboMessage "Collecting Azure Load Balancer Inbound NAT Pool information." - Section -Style NOTOCHeading6 -ExcludeFromTOC 'Inbound NAT Pools' { - $AzLbInboundNatPoolInfo = @() - foreach ($AzLbInboundNatPool in $AzLbInboundNatPools) { - $InObj = [Ordered]@{ - 'Name' = $AzLbInboundNatPool.Name + try { + $AzLbInboundNatPools = (Get-AzLoadBalancer -Name $Name).InboundNatPools | Sort-Object Name + if ($AzLbInboundNatPools) { + Write-PscriboMessage "Collecting Azure Load Balancer Inbound NAT Pool information." + Section -Style NOTOCHeading6 -ExcludeFromTOC 'Inbound NAT Pools' { + $AzLbInboundNatPoolInfo = @() + foreach ($AzLbInboundNatPool in $AzLbInboundNatPools) { + $InObj = [Ordered]@{ + 'Name' = $AzLbInboundNatPool.Name + } + $AzLbInboundNatPoolInfo += [PSCustomObject]$InObj } - $AzLbInboundNatPoolInfo += [PSCustomObject]$InObj - } - $TableParams = @{ - Name = "Inbound NAT Pools - $($Name)" - List = $false - ColumnWidths = 50, 50 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" + $TableParams = @{ + Name = "Inbound NAT Pools - $($Name)" + List = $false + ColumnWidths = 40, 60 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $AzLbInboundNatPoolInfo | Table @TableParams } - $AzLbInboundNatPoolInfo | Table @TableParams } + } Catch { + Write-PScriboMessage -IsWarning $($_.Exception.Message) } } diff --git a/Src/Private/Get-AbrAzLbLoadBalancingRule.ps1 b/Src/Private/Get-AbrAzLbLoadBalancingRule.ps1 index a2e3d0e..145f253 100644 --- a/Src/Private/Get-AbrAzLbLoadBalancingRule.ps1 +++ b/Src/Private/Get-AbrAzLbLoadBalancingRule.ps1 @@ -1,7 +1,7 @@ function Get-AbrAzLbLoadBalancingRule { <# .SYNOPSIS - Used by As Built Report to retrieve Azure Load Balancer Load Balancing Rules information + Used by As Built Report to retrieve Azure Load Balancer Load Balancing Rules information .DESCRIPTION .NOTES @@ -27,41 +27,46 @@ function Get-AbrAzLbLoadBalancingRule { begin {} process { - $AzLbLoadBalancingRules = (Get-AzLoadBalancer -Name $Name).LoadBalancingRules | Sort-Object Name - if ($AzLbLoadBalancingRules) { - Write-PscriboMessage "Collecting Azure Load Balancer Load Balancing Rules information." - Section -Style NOTOCHeading6 -ExcludeFromTOC 'Load Balancing Rules' { - foreach ($AzLbLoadBalancingRule in $AzLbLoadBalancingRules) { - Section -Style NOTOCHeading7 -ExcludeFromTOC $($AzLbLoadBalancingRule.Name) { - $AzLbLoadBalancingRuleInfo = @() - $InObj = [Ordered]@{ - 'Name' = $AzLbLoadBalancingRule.Name - 'Frontend IP Address' = ($AzLbLoadBalancingRule.FrontendIPConfiguration.Id).split('/')[-1] - 'Backend Pool' = ($AzLbLoadBalancingRule.BackendAddressPool.Id).split('/')[-1] - 'Protocol' = $AzLbLoadBalancingRule.Protocol - 'Port' = $AzLbLoadBalancingRule.FrontendPort - 'Backend Port' = $AzLbLoadBalancingRule.BackendPort - 'Health Probe' = ($AzLbLoadBalancingRule.Probe.Id).split('/')[-1] - 'Idle Timeout' = "$($AzLbLoadBalancingRule.IdleTimeoutInMinutes) mins" - 'Floating IP' = Switch ($AzLbLoadBalancingRule.EnableFloatingIP) { - $true { 'Enabled' } - $false { 'Disabled' } + Try { + $AzLbLoadBalancingRules = (Get-AzLoadBalancer -Name $Name).LoadBalancingRules | Sort-Object Name + if ($AzLbLoadBalancingRules) { + Write-PscriboMessage "Collecting Azure Load Balancer Load Balancing Rules information." + Section -Style NOTOCHeading6 -ExcludeFromTOC 'Load Balancing Rules' { + foreach ($AzLbLoadBalancingRule in $AzLbLoadBalancingRules) { + Section -Style NOTOCHeading7 -ExcludeFromTOC $($AzLbLoadBalancingRule.Name) { + $AzLbLoadBalancingRuleInfo = @() + $InObj = [Ordered]@{ + 'Name' = $AzLbLoadBalancingRule.Name + 'Frontend IP Address' = ($AzLbLoadBalancingRule.FrontendIPConfiguration.Id).split('/')[-1] + 'Backend Pool' = ($AzLbLoadBalancingRule.BackendAddressPool.Id).split('/')[-1] + 'Protocol' = $AzLbLoadBalancingRule.Protocol + 'Port' = $AzLbLoadBalancingRule.FrontendPort + 'Backend Port' = $AzLbLoadBalancingRule.BackendPort + 'Health Probe' = ($AzLbLoadBalancingRule.Probe.Id).split('/')[-1] + 'Idle Timeout' = "$($AzLbLoadBalancingRule.IdleTimeoutInMinutes) mins" + 'Floating IP' = if ($AzLbLoadBalancingRule.EnableFloatingIP) { + 'Enabled' + } else { + 'Disabled' + } } - } - $AzLbLoadBalancingRuleInfo += [PSCustomObject]$InObj + $AzLbLoadBalancingRuleInfo += [PSCustomObject]$InObj - $TableParams = @{ - Name = "Load Balancing Rule - $($AzLbLoadBalancingRule.Name)" - List = $true - ColumnWidths = 50, 50 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" + $TableParams = @{ + Name = "Load Balancing Rule - $($AzLbLoadBalancingRule.Name)" + List = $true + ColumnWidths = 40, 60 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $AzLbLoadBalancingRuleInfo | Table @TableParams } - $AzLbLoadBalancingRuleInfo | Table @TableParams } } } + } Catch { + Write-PScriboMessage -IsWarning $($_.Exception.Message) } } diff --git a/Src/Private/Get-AbrAzLoadBalancer.ps1 b/Src/Private/Get-AbrAzLoadBalancer.ps1 index ca66ace..6d39f7d 100644 --- a/Src/Private/Get-AbrAzLoadBalancer.ps1 +++ b/Src/Private/Get-AbrAzLoadBalancer.ps1 @@ -1,11 +1,11 @@ function Get-AbrAzLoadBalancer { <# .SYNOPSIS - Used by As Built Report to retrieve Azure Load Balancer information + Used by As Built Report to retrieve Azure Load Balancer information .DESCRIPTION .NOTES - Version: 0.1.1 + Version: 0.1.2 Author: Tim Carman Twitter: @tpcarman Github: tpcarman @@ -23,81 +23,96 @@ function Get-AbrAzLoadBalancer { } process { - $AzLoadBalancers = Get-AzLoadBalancer | Sort-Object Name - if (($InfoLevel.LoadBalancer -gt 0) -and ($AzLoadBalancers)) { - Write-PscriboMessage "Collecting Azure Load Balancer information." - Section -Style Heading4 'Load Balancers' { - if ($Options.ShowSectionInfo) { - Paragraph "Azure Load Balancer operates at layer 4 of the Open Systems Interconnection (OSI) model. It's the single point of contact for clients. Load balancer distributes inbound flows that arrive at the load balancer's front end to backend pool instances. These flows are according to configured load-balancing rules and health probes. The backend pool instances can be Azure Virtual Machines or instances in a Virtual Machine Scale Set." - BlankLine - Paragraph "A public load balancer can provide outbound connections for virtual machines (VMs) inside your virtual network. These connections are accomplished by translating their private IP addresses to public IP addresses. Public Load Balancers are used to load balance internet traffic to your VMs." - BlankLine - Paragraph "An internal (or private) load balancer is used where private IPs are needed at the frontend only. Internal load balancers are used to load balance traffic inside a virtual network. A load balancer frontend can be accessed from an on-premises network in a hybrid scenario." - BlankLine - Try { - Image -Text 'Load Balancer' -Align 'Center' -Percent 35 -Base64 "" - BlankLine - } Catch { - Write-PScriboMessage -IsWarning "Unable to display Load Balancer image." - } - } - $AzLoadBalancerInfo = @() - foreach ($AzLoadBalancer in $AzLoadBalancers) { - $InObj = [Ordered]@{ - 'Name' = $AzLoadBalancer.Name - 'Resource Group' = $AzLoadBalancer.ResourceGroupName - 'Location' = $AzLocationLookup."$($AzLoadBalancer.Location)" - 'Subscription' = "$($AzSubscriptionLookup.(($AzLoadBalancer.Id).split('/')[2]))" - 'Provisioning State' = $AzLoadBalancer.ProvisioningState - 'SKU' = $AzLoadBalancer.Sku.Name - 'Tier' = $AzLoadBalancer.Sku.Tier - ##ToDo: NAT Rules - } - $AzLoadBalancerInfo += [PSCustomObject]$InObj - } - - if ($InfoLevel.LoadBalancer -ge 2) { - Paragraph "The following sections detail the configuration of the load balancers within the $($AzSubscription.Name) subscription." - foreach ($AzLoadBalancer in $AzLoadBalancerInfo) { - Section -Style NOTOCHeading5 -ExcludeFromTOC "$($AzLoadBalancer.Name)" { - $TableParams = @{ - Name = "Load Balancer - $($AzLoadBalancer.Name)" - List = $true - ColumnWidths = 50, 50 + Try { + if ($InfoLevel.LoadBalancer -gt 0) { + $AzLoadBalancers = Get-AzLoadBalancer | Sort-Object Name + if ($AzLoadBalancers) { + Write-PScriboMessage "Collecting Azure Load Balancer information." + Section -Style Heading4 'Load Balancers' { + if ($Options.ShowSectionInfo) { + Paragraph "Azure Load Balancer operates at layer 4 of the Open Systems Interconnection (OSI) model. It's the single point of contact for clients. Load balancer distributes inbound flows that arrive at the load balancer's front end to backend pool instances. These flows are according to configured load-balancing rules and health probes. The backend pool instances can be Azure Virtual Machines or instances in a Virtual Machine Scale Set." + BlankLine + Paragraph "A public load balancer can provide outbound connections for virtual machines (VMs) inside your virtual network. These connections are accomplished by translating their private IP addresses to public IP addresses. Public Load Balancers are used to load balance internet traffic to your VMs." + BlankLine + Paragraph "An internal (or private) load balancer is used where private IPs are needed at the frontend only. Internal load balancers are used to load balance traffic inside a virtual network. A load balancer frontend can be accessed from an on-premises network in a hybrid scenario." + BlankLine + Try { + Image -Text 'Load Balancer' -Align 'Center' -Percent 35 -Base64 "" + BlankLine + } Catch { + Write-PScriboMessage -IsWarning "Unable to display Load Balancer image." } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" + } + $AzLoadBalancerInfo = @() + foreach ($AzLoadBalancer in $AzLoadBalancers) { + $InObj = [Ordered]@{ + 'Name' = $AzLoadBalancer.Name + 'Resource Group' = $AzLoadBalancer.ResourceGroupName + 'Location' = $AzLocationLookup."$($AzLoadBalancer.Location)" + 'Subscription' = "$($AzSubscriptionLookup.(($AzLoadBalancer.Id).split('/')[2]))" + 'Provisioning State' = $AzLoadBalancer.ProvisioningState + 'SKU' = $AzLoadBalancer.Sku.Name + 'Tier' = $AzLoadBalancer.Sku.Tier + ##ToDo: NAT Rules + } + + if ($Options.ShowTags) { + $InObj['Tags'] = if ([string]::IsNullOrEmpty($AzLoadBalancer.Tag)) { + 'None' + } else { + ($AzLoadBalancer.Tag.GetEnumerator() | ForEach-Object { "$($_.Name):`t$($_.Value)" }) -join [Environment]::NewLine + } } - $AzLoadBalancer | Table @TableParams - # Get Frontend IP Configuration - Get-AbrAzLbFrontendIpConfig -Name $($AzLoadBalancer.Name) + $AzLoadBalancerInfo += [PSCustomObject]$InObj + } + + if ($InfoLevel.LoadBalancer -ge 2) { + Paragraph "The following sections detail the configuration of the load balancers within the $($AzSubscription.Name) subscription." + foreach ($AzLoadBalancer in $AzLoadBalancerInfo) { + Section -Style NOTOCHeading5 -ExcludeFromTOC "$($AzLoadBalancer.Name)" { + $TableParams = @{ + Name = "Load Balancer - $($AzLoadBalancer.Name)" + List = $true + ColumnWidths = 40, 60 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $AzLoadBalancer | Table @TableParams + + # Get Frontend IP Configuration + Get-AbrAzLbFrontendIpConfig -Name $($AzLoadBalancer.Name) - # Get Backend Pool Configuration - Get-AbrAzLbBackendPool -Name $($AzLoadBalancer.Name) + # Get Backend Pool Configuration + Get-AbrAzLbBackendPool -Name $($AzLoadBalancer.Name) - # Get Health Probe Configuration - Get-AbrAzLbHealthProbe -Name $($AzLoadBalancer.Name) + # Get Health Probe Configuration + Get-AbrAzLbHealthProbe -Name $($AzLoadBalancer.Name) - # Get Load Balancing Rules - Get-AbrAzLbLoadBalancingRule -Name $($AzLoadBalancer.Name) + # Get Load Balancing Rules + Get-AbrAzLbLoadBalancingRule -Name $($AzLoadBalancer.Name) + } + } + } else { + Paragraph "The following table summarises the configuration of the load balancers within the $($AzSubscription.Name) subscription." + BlankLine + $TableParams = @{ + Name = "Load Balancers - $($AzSubscription.Name)" + List = $false + Columns = 'Name', 'Resource Group', 'Location', 'SKU', 'Tier' + ColumnWidths = 20, 20, 20, 20, 20 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $AzLoadBalancerInfo | Table @TableParams } } - } else { - Paragraph "The following table summarises the configuration of the load balancers within the $($AzSubscription.Name) subscription." - BlankLine - $TableParams = @{ - Name = "Load Balancers - $($AzSubscription.Name)" - List = $false - Columns = 'Name', 'Resource Group', 'Location', 'SKU', 'Tier' - ColumnWidths = 20, 20, 20, 20, 20 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - $AzLoadBalancerInfo | Table @TableParams } } + } Catch { + Write-PScriboMessage -IsWarning $($_.Exception.Message) } } diff --git a/Src/Private/Get-AbrAzNetworkSecurityGroup.ps1 b/Src/Private/Get-AbrAzNetworkSecurityGroup.ps1 index 988f3c0..dfa8827 100644 --- a/Src/Private/Get-AbrAzNetworkSecurityGroup.ps1 +++ b/Src/Private/Get-AbrAzNetworkSecurityGroup.ps1 @@ -1,11 +1,11 @@ function Get-AbrAzNetworkSecurityGroup { <# .SYNOPSIS - Used by As Built Report to retrieve Azure Availability Set information + Used by As Built Report to retrieve Azure Network Security Group information .DESCRIPTION .NOTES - Version: 0.1.1 + Version: 0.1.2 Author: Tim Carman Twitter: @tpcarman Github: tpcarman @@ -23,76 +23,93 @@ function Get-AbrAzNetworkSecurityGroup { } process { - $AzNetworkSecurityGroups = Get-AzNetworkSecurityGroup | Sort-Object Name - if (($InfoLevel.NetworkSecurityGroup -gt 0) -and ($AzNetworkSecurityGroups)) { - Write-PscriboMessage "Collecting Azure Network Security Group information." - Section -Style Heading4 'Network Security Groups' { - if ($Options.ShowSectionInfo) { - Paragraph "An Azure Network Security Group (NSG) is used to filter network traffic to and from Azure resources in an Azure virtual network. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. For each rule, you can specify source and destination, port, and protocol." - BlankLine - Try { - Image -Text 'Network Security Group' -Align 'Center' -Percent 100 -Base64 "" - BlankLine - } Catch { - Write-PScriboMessage -IsWarning "Unable to display Network Security Group image." - } - } - $AzNsgInfo = @() - foreach ($AzNetworkSecurityGroup in $AzNetworkSecurityGroups) { - $InObj = [Ordered]@{ - 'Name' = $AzNetworkSecurityGroup.Name - 'Resource Group' = $AzNetworkSecurityGroup.ResourceGroupName - 'Location' = $AzLocationLookup."$($AzNetworkSecurityGroup.Location)" - 'Subscription' = "$($AzSubscriptionLookup.(($AzNetworkSecurityGroup.Id).split('/')[2]))" - 'Associated With' = "$(($AzNetworkSecurityGroup.Subnets.Id).Count) subnets, $(($AzNetworkSecurityGroup.NetworkInterfaces.Id).Count) NICs" - 'Network Interfaces' = & { - if ($AzNetworkSecurityGroup.NetworkInterfaces.Id) { - ($AzNetworkSecurityGroup.NetworkInterfaces.Id | ForEach-Object {$_.split('/')[-1]}) -join ', ' - } else { - 'None' + Try { + if ($InfoLevel.NetworkSecurityGroup -gt 0) { + $AzNetworkSecurityGroups = Get-AzNetworkSecurityGroup | Sort-Object Name + if ($AzNetworkSecurityGroups) { + Write-PscriboMessage "Collecting Azure Network Security Group information." + Section -Style Heading4 'Network Security Groups' { + if ($Options.ShowSectionInfo) { + Paragraph "An Azure Network Security Group (NSG) is used to filter network traffic to and from Azure resources in an Azure virtual network. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. For each rule, you can specify source and destination, port, and protocol." + BlankLine + Try { + Image -Text 'Network Security Group' -Align 'Center' -Percent 100 -Base64 "" + BlankLine + } Catch { + Write-PScriboMessage -IsWarning "Unable to display Network Security Group image." } } - 'Subnets' = & { - if ($AzNetworkSecurityGroup.Subnets.Id) { - ($AzNetworkSecurityGroup.Subnets.Id | ForEach-Object {$_.split('/')[-1]}) -join ', ' - } else { - 'None' + $AzNsgInfo = @() + foreach ($AzNetworkSecurityGroup in $AzNetworkSecurityGroups) { + $NsgSecurityRules = @() + $NsgSecurityRules += $AzNetworkSecurityGroup.SecurityRules + $NsgSecurityRules += $AzNetworkSecurityGroup.DefaultSecurityRules + + $InObj = [Ordered]@{ + 'Name' = $AzNetworkSecurityGroup.Name + 'Resource Group' = $AzNetworkSecurityGroup.ResourceGroupName + 'Location' = $AzLocationLookup."$($AzNetworkSecurityGroup.Location)" + 'Subscription' = "$($AzSubscriptionLookup.(($AzNetworkSecurityGroup.Id).split('/')[2]))" + 'Associated With' = "$(($AzNetworkSecurityGroup.Subnets.Id).Count) subnets, $(($AzNetworkSecurityGroup.NetworkInterfaces.Id).Count) NICs" + 'Network Interfaces' = if ($AzNetworkSecurityGroup.NetworkInterfaces.Id) { + ($AzNetworkSecurityGroup.NetworkInterfaces.Id | ForEach-Object {$_.split('/')[-1]}) -join ', ' + } else { + 'None' + } + 'Subnets' = if ($AzNetworkSecurityGroup.Subnets.Id) { + ($AzNetworkSecurityGroup.Subnets.Id | ForEach-Object {$_.split('/')[-1]}) -join ', ' + } else { + 'None' + } } + + if ($Options.ShowTags) { + $InObj['Tags'] = if ([string]::IsNullOrEmpty($AzNetworkSecurityGroup.Tag)) { + 'None' + } else { + ($AzNetworkSecurityGroup.Tag.GetEnumerator() | ForEach-Object { "$($_.Name):`t$($_.Value)" }) -join [Environment]::NewLine + } + } + + $AzNsgInfo += [PSCustomObject]$InObj } - } - $AzNsgInfo += [PSCustomObject]$InObj - } - if ($InfoLevel.NetworkSecurityGroup -ge 2) { - Paragraph "The following sections detail the configuration of the network security groups within the $($AzSubscription.Name) subscription." - foreach ($AzNetworkSecurityGroup in $AzNsgInfo) { - Section -Style NOTOCHeading5 -ExcludeFromTOC "$($AzNetworkSecurityGroup.Name)" { + if ($InfoLevel.NetworkSecurityGroup -ge 2) { + Paragraph "The following sections detail the configuration of the network security groups within the $($AzSubscription.Name) subscription." + foreach ($AzNetworkSecurityGroup in $AzNsgInfo) { + Section -Style NOTOCHeading5 -ExcludeFromTOC "$($AzNetworkSecurityGroup.Name)" { + $TableParams = @{ + Name = "Network Security Group - $($AzNetworkSecurityGroup.Name)" + List = $true + ColumnWidths = 40, 60 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $AzNetworkSecurityGroup | Table @TableParams + + Get-AbrAzNetworkSecurityGroupRule -Name $($AzNetworkSecurityGroup.Name) + } + } + } else { + Paragraph "The following table summarises the configuration of the network security groups within the $($AzSubscription.Name) subscription." + BlankLine $TableParams = @{ - Name = "Network Security Group - $($AzNetworkSecurityGroup.Name)" - List = $true - ColumnWidths = 50, 50 + Name = "Network Security Groups - $($AzSubscription.Name)" + List = $false + Columns = 'Name', 'Resource Group', 'Location', 'Associated With' + ColumnWidths = 25, 25, 25, 25 } if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $AzNetworkSecurityGroup | Table @TableParams + $AzNsgInfo | Table @TableParams } } - } else { - Paragraph "The following table summarises the configuration of the network security groups within the $($AzSubscription.Name) subscription." - BlankLine - $TableParams = @{ - Name = "Network Security Groups - $($AzSubscription.Name)" - List = $false - Columns = 'Name', 'Resource Group', 'Location', 'Associated With' - ColumnWidths = 25, 25, 25, 25 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - $AzNsgInfo | Table @TableParams } } + } Catch { + Write-PScriboMessage -IsWarning $($_.Exception.Message) } } diff --git a/Src/Private/Get-AbrAzNetworkSecurityGroupRule.ps1 b/Src/Private/Get-AbrAzNetworkSecurityGroupRule.ps1 new file mode 100644 index 0000000..b35fe46 --- /dev/null +++ b/Src/Private/Get-AbrAzNetworkSecurityGroupRule.ps1 @@ -0,0 +1,185 @@ +function Get-AbrAzNetworkSecurityGroupRule { + <# + .SYNOPSIS + Used by As Built Report to retrieve Azure Network Security Group Security Rules information + .DESCRIPTION + + .NOTES + Version: 0.1.0 + Author: Tim Carman + Twitter: @tpcarman + Github: tpcarman + .EXAMPLE + + .LINK + + #> + [CmdletBinding()] + param ( + [Parameter( + Position = 0, + Mandatory = $true + )] + [ValidateNotNullOrEmpty()] + [String] $Name + ) + + begin {} + + process { + Try { + $AzNetworkSecurityGroup = Get-AzNetworkSecurityGroup -Name $Name + $AzNetworkSecurityGroupRules = @() + $AzNetworkSecurityGroupRules += $AzNetworkSecurityGroup.SecurityRules + $AzNetworkSecurityGroupRules += $AzNetworkSecurityGroup.DefaultSecurityRules + + if ($AzNetworkSecurityGroupRules) { + Write-PscriboMessage "Collecting Azure NSG Security Rules information." + $InboundNsgSecurityRules = $AzNetworkSecurityGroupRules | Where-Object {$_.Direction -eq 'Inbound'} | Sort-Object Priority + + if ($InboundNsgSecurityRules) { + Section -Style NOTOCHeading6 -ExcludeFromTOC "Inbound Security Rules" { + $InboundRuleInfo = @() + foreach ($InboundNsgSecurityRule in $InboundNsgSecurityRules) { + Try { + $SourceApplicationSecurityGroups = @() + $jsonstring = $InboundNsgSecurityRule.SourceApplicationSecurityGroupsText -join "`n" + $SourceApplicationSecurityGroups = (($jsonstring | ConvertFrom-Json).id).Split('/')[-1] + } Catch { + + } + Try { + $DestinationApplicationSecurityGroups = @() + $jsonstring = $InboundNsgSecurityRule.DestinationApplicationSecurityGroupsText -join "`n" + $DestinationApplicationSecurityGroups = (($jsonstring | ConvertFrom-Json).id).Split('/')[-1] + } Catch { + + } + $InObj = [Ordered] @{ + 'Priority' = $InboundNsgSecurityRule.Priority + 'Name' = $InboundNsgSecurityRule.Name + 'Port' = if ($InboundNsgSecurityRule.DestinationPortRange -eq '*') { + 'Any' + } else { + $InboundNsgSecurityRule.DestinationPortRange -join ',' + } + 'Protocol' = if ($InboundNsgSecurityRule.Protocol -eq '*') { + 'Any' + } else { + $InboundNsgSecurityRule.Protocol + } + 'Source' = & { + if ($SourceApplicationSecurityGroups) { + $SourceApplicationSecurityGroups + } else { + if ($InboundNsgSecurityRule.SourceAddressPrefix -eq '*') { + 'Any' + } else { + $InboundNsgSecurityRule.SourceAddressPrefix + } + } + } + 'Destination' = & { + if ($DestinationApplicationSecurityGroups) { + $DestinationApplicationSecurityGroups + } else { + if ($InboundNsgSecurityRule.DestinationAddressPrefix -eq '*') { + 'Any' + } else { + $InboundNsgSecurityRule.DestinationAddressPrefix + } + } + } + 'Action' = $InboundNsgSecurityRule.Access + } + $InboundRuleInfo += [PSCustomObject]$InObj + } + $TableParams = @{ + Name = "Inbound Security Rules - $($AzNetworkSecurityGroup.Name)" + List = $false + ColumnWidths = 10, 20, 10, 10, 20, 20, 10 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $InboundRuleInfo | Table @TableParams + } + } + + $OutboundNsgSecurityRules = $AzNetworkSecurityGroupRules | Where-Object {$_.Direction -eq 'Outbound'} | Sort-Object Priority + if ($OutboundNsgSecurityRules) { + Section -Style NOTOCHeading6 -ExcludeFromTOC "Outbound Security Rules" { + $OutboundRuleInfo = @() + foreach ($OutboundNsgSecurityRule in $OutboundNsgSecurityRules) { + Try { + $SourceApplicationSecurityGroups = @() + $jsonstring = $OutboundNsgSecurityRule.SourceApplicationSecurityGroupsText -join "`n" + $SourceApplicationSecurityGroups = (($jsonstring | ConvertFrom-Json).id).Split('/')[-1] + } Catch { + + } + Try { + $DestinationApplicationSecurityGroups = @() + $jsonstring = $OutboundNsgSecurityRule.DestinationApplicationSecurityGroupsText -join "`n" + $DestinationApplicationSecurityGroups = (($jsonstring | ConvertFrom-Json).id).Split('/')[-1] + } Catch { + + } + $InObj = [Ordered] @{ + 'Priority' = $OutboundNsgSecurityRule.Priority + 'Name' = $OutboundNsgSecurityRule.Name + 'Port' = if ($OutboundNsgSecurityRule.DestinationPortRange -eq '*') { + 'Any' + } else { + $OutboundNsgSecurityRule.DestinationPortRange -join ',' + } + 'Protocol' = if ($OutboundNsgSecurityRule.Protocol -eq '*') { + 'Any' + } else { + $OutboundNsgSecurityRule.Protocol + } + 'Source' = & { + if ($SourceApplicationSecurityGroups) { + $SourceApplicationSecurityGroups + } else { + if ($OutboundNsgSecurityRule.SourceAddressPrefix -eq '*') { + 'Any' + } else { + $OutboundNsgSecurityRule.SourceAddressPrefix + } + } + } + 'Destination' = & { + if ($DestinationApplicationSecurityGroups) { + $DestinationApplicationSecurityGroups + } else { + if ($OutboundNsgSecurityRule.DestinationAddressPrefix -eq '*') { + 'Any' + } else { + $OutboundNsgSecurityRule.DestinationAddressPrefix + } + } + } + 'Action' = $OutboundNsgSecurityRule.Access + } + $OutboundRuleInfo += [PSCustomObject]$InObj + } + $TableParams = @{ + Name = "Outbound Security Rules - $($AzNetworkSecurityGroup.Name)" + List = $false + ColumnWidths = 10, 20, 10, 10, 20, 20, 10 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutboundRuleInfo | Table @TableParams + } + } + } + } Catch { + Write-PScriboMessage -IsWarning $($_.Exception.Message) + } + } + + end {} +} \ No newline at end of file diff --git a/Src/Private/Get-AbrAzPolicy.ps1 b/Src/Private/Get-AbrAzPolicy.ps1 new file mode 100644 index 0000000..1b39198 --- /dev/null +++ b/Src/Private/Get-AbrAzPolicy.ps1 @@ -0,0 +1,43 @@ +function Get-AbrAzPolicy { + <# + .SYNOPSIS + Used by As Built Report to retrieve Azure Policy information + .DESCRIPTION + + .NOTES + Version: 0.1.0 + Author: Tim Carman + Twitter: @tpcarman + Github: tpcarman + .EXAMPLE + + .LINK + + #> + [CmdletBinding()] + param ( + ) + + begin {} + + process { + Try { + if ($InfoLevel.Policy.PSObject.Properties.Value -ne 0) { + Write-PscriboMessage "Collecting Azure Policy information." + Section -Style Heading4 'Policy' { + if ($Options.ShowSectionInfo) { + Paragraph "Azure Policy helps to enforce organisational standards and to assess compliance at-scale. Through its compliance dashboard, it provides an aggregated view to evaluate the overall state of the environment, with the ability to drill down to the per-resource, per-policy granularity. It also helps to bring your resources to compliance through bulk remediation for existing resources and automatic remediation for new resources." + } + Get-AbrAzPolicyAssignment + Get-AbrAzPolicyDefinition + } + } else { + Write-PScriboMessage "Policy InfoLevel set at 0." + } + } Catch { + Write-PScriboMessage -IsWarning $($_.Exception.Message) + } + } + + end {} +} \ No newline at end of file diff --git a/Src/Private/Get-AbrAzPolicyAssignment.ps1 b/Src/Private/Get-AbrAzPolicyAssignment.ps1 index 8c83a88..db12298 100644 --- a/Src/Private/Get-AbrAzPolicyAssignment.ps1 +++ b/Src/Private/Get-AbrAzPolicyAssignment.ps1 @@ -1,11 +1,11 @@ function Get-AbrAzPolicyAssignment { <# .SYNOPSIS - Used by As Built Report to retrieve Azure Policy Assignment information + Used by As Built Report to retrieve Azure Policy Assignment information .DESCRIPTION .NOTES - Version: 0.1.0 + Version: 0.1.1 Author: Tim Carman Twitter: @tpcarman Github: tpcarman @@ -19,49 +19,110 @@ function Get-AbrAzPolicyAssignment { ) begin { - Write-PscriboMessage "Collecting Azure Policy Assignment information." + Write-PScriboMessage "Policy Assignments InfoLevel set at $($InfoLevel.Policy.Assignments)." } process { - $AzPolicyAssignments = Get-AzPolicyAssignment - if (($InfoLevel.PolicyAssignment -gt 0) -and ($AzPolicyAssignments)) { - Section -Style Heading4 'Policy Assignments' { - $AzPolicyAssignmentInfo = @() - foreach ($AzPolicyAssignment in $AzPolicyAssignments) { - $InObj = [Ordered]@{ - 'Name' = $AzPolicyAssignment.Properties.DisplayName - 'Description' = Switch ($AzPolicyAssignment.Properties.Description) { - $null { '--' } - default { $AzPolicyAssignment.Properties.Description } - } - 'Scope' = ($AzPolicyAssignment.Properties.Scope).Split('/')[-1] - 'Location' = Switch ($AzPolicyAssignment.Location) { - $null { '--' } - default {$AzLocationLookup."$($AzPolicyAssignment.Location)"} + Try { + if ($InfoLevel.Policy.Assignments -gt 0) { + Write-PScriboMessage "Collecting Azure Policy Assignment information." + $AzPolicyAssignments = Get-AzPolicyAssignment | Sort-Object DisplayName + if ($AzPolicyAssignments) { + Section -Style NOTOCHeading5 -ExcludeFromTOC 'Assignments' { + $AzPolicyDefinitions = Get-AzPolicyDefinition + $AzInitiativeDefinitions = Get-AzPolicySetDefinition + $AzPolicyAssignmentInfo = @() + foreach ($AzPolicyAssignment in $AzPolicyAssignments) { + $AzPolicyDefId = $AzPolicyAssignment.PolicyDefinitionId + $AzPolicyDef = $AzPolicyDefinitions | Where-Object { $_.Id -eq $AzPolicyDefId } + $AzInitiativeDef = $AzInitiativeDefinitions | Where-Object { $_.Id -eq $AzPolicyDefId } + $InObj = [Ordered]@{ + 'Name' = $AzPolicyAssignment.DisplayName + 'Description' = if ($AzPolicyAssignment.Description) { + $AzPolicyAssignment.Description + } else { + '--' + } + 'Location' = if ($AzPolicyAssignment.Location) { + $AzLocationLookup."$($AzPolicyAssignment.Location)" + } else { + '--' + } + 'Scope' = Switch -Wildcard ($AzPolicyAssignment.Scope) { + "*subscriptions*" { "$($AzSubscriptionLookup.(($AzPolicyAssignment.Scope).split('/')[-1]))" } + default { $AzPolicyAssignment.Scope } + } + + 'Excluded Scopes' = Switch -Wildcard ($AzPolicyAssignment.NotScope | Where-Object { $_ -ne $null -and $_ -ne "" }) { + $null { '--' } + "*subscriptions*" { + ($AzPolicyAssignment.NotScope | ForEach-Object { + $SubscriptionId = $_.split('/')[-1] + $AzSubscriptionLookup[$SubscriptionId] + }) -join ', ' + } + default { $AzPolicyAssignment.NotScope } + } + <# + 'Excluded Scopes' = if ($AzPolicyAssignment.NotScope) { + ($AzPolicyAssignment.NotScope | Where-Object { $_ -ne $null -and $_ -ne "" }) -join ', ' + } else { + '--' + } + #> + 'Definition Type' = if ($AzPolicyDef) { + 'Policy' + } elseif ($AzInitiativeDef) { + 'Initiative' + } else { + 'Unknown' + } + 'Policy Enforcement' = if ($AzPolicyAssignment.EnforcementMode -eq 'Default') { + 'Enforce' + } else { + 'Do Not Enforce' + } + } + $AzPolicyAssignmentInfo += [PSCustomObject]$InObj } - 'Excluded Scopes' = Switch ($AzPolicyAssignment.Properties.NotScopes) { - $null { '--' } - default { ($AzPolicyAssignment.Properties.NotScopes).Split('/')[-1] } + + if ($InfoLevel.Policy.Assignments -ge 2) { + Paragraph "The following sections detail the policy assignments within the $($AzSubscription.Name) subscription." + foreach ($AzPolicy in $AzPolicyAssignmentInfo) { + Section -Style NOTOCHeading6 -ExcludeFromTOC "$($AzPolicy.Name)" { + $TableParams = @{ + Name = "Policy Assignment - $($AzPolicy.Name)" + List = $true + ColumnWidths = 40, 60 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $AzPolicy | Table @TableParams + } + } + } else { + Paragraph "The following table summarises the configuration of the policy assignments within the $($AzSubscription.Name) subscription." + BlankLine + $TableParams = @{ + Name = "Policy Assignments - $($AzSubscription.Name)" + List = $false + Columns = 'Name', 'Scope', 'Definition Type' + Headers = 'Name', 'Scope', 'Type' + ColumnWidths = 55, 30, 15 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $AzPolicyAssignmentInfo | Table @TableParams } } - $AzPolicyAssignmentInfo += [PSCustomObject]$InObj } - - Paragraph "The following table summarises the policy assignments within the $($AzSubscription.Name) subscription." - BlankLine - $TableParams = @{ - Name = "Policy Assignments - $($AzSubscription.Name)" - List = $false - ColumnWidths = 20, 20, 20, 20, 20 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - $AzPolicyAssignmentInfo | Sort-Object Name | Table @TableParams } + } Catch { + Write-PScriboMessage -IsWarning $($_.Exception.Message) } } end {} - } \ No newline at end of file diff --git a/Src/Private/Get-AbrAzPolicyDefinition.ps1 b/Src/Private/Get-AbrAzPolicyDefinition.ps1 new file mode 100644 index 0000000..78348a1 --- /dev/null +++ b/Src/Private/Get-AbrAzPolicyDefinition.ps1 @@ -0,0 +1,85 @@ +function Get-AbrAzPolicyDefinition { + <# + .SYNOPSIS + Used by As Built Report to retrieve Azure Policy Definition information + .DESCRIPTION + + .NOTES + Version: 0.1.0 + Author: Tim Carman + Twitter: @tpcarman + Github: tpcarman + .EXAMPLE + + .LINK + + #> + [CmdletBinding()] + param ( + ) + + begin { + Write-PScriboMessage "Policy Definitions InfoLevel set at $($InfoLevel.Policy.Definitions)." + } + + process { + Try { + if ($InfoLevel.Policy.Definitions -gt 0) { + Write-PScriboMessage "Collecting Azure Policy Definition information." + $AzPolicyDefinitions = Get-AzPolicyDefinition | Sort-Object DisplayName + $AzInitiativeDefinitions = Get-AzPolicySetDefinition | Sort-Object DisplayName + if ($AzPolicyDefinitions -or $AzInitiativeDefinitions) { + Section -Style NOTOCHeading5 -ExcludeFromTOC 'Definitions' { + $AzPolicyDefinitionInfo = @() + foreach ($Definition in $AzInitiativeDefinitions) { + $InObj = [ordered]@{ + 'Name' = $Definition.DisplayName + 'Version' = $Definition.Version + 'Policies' = $Definition.PolicyDefinition.count + 'Type' = $Definition.PolicyType + 'Definition Type' = 'Initiative' + 'Category' = if ($Definition.Metadata.Category) { + $Definition.Metadata.Category + } else { + '--' + } + } + $AzPolicyDefinitionInfo += [pscustomobject]$InObj + } + foreach ($Definition in $AzPolicyDefinitions) { + $InObj = [ordered]@{ + 'Name' = $Definition.DisplayName + 'Version' = $Definition.Version + 'Policies' = $Definition.PolicyDefinition.count + 'Type' = $Definition.PolicyType + 'Definition Type' = 'Policy' + 'Category' = if ($Definition.Metadata.Category) { + $Definition.Metadata.Category + } else { + '--' + } + } + $AzPolicyDefinitionInfo += [pscustomobject]$InObj + } + + Paragraph "The following table summarises the policy definitions within the $($AzSubscription.Name) subscription." + BlankLine + $TableParams = @{ + Name = "Policy Definitions - $($AzSubscription.Name)" + List = $false + ColumnWidths = 40, 10, 10, 12, 12, 16 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $AzPolicyDefinitionInfo | Sort-Object Name | Table @TableParams + } + } + } + } Catch { + Write-PScriboMessage -IsWarning $($_.Exception.Message) + } + } + + end {} +} \ No newline at end of file diff --git a/Src/Private/Get-AbrAzRecoveryServicesVault.ps1 b/Src/Private/Get-AbrAzRecoveryServicesVault.ps1 index 696d623..0c642fa 100644 --- a/Src/Private/Get-AbrAzRecoveryServicesVault.ps1 +++ b/Src/Private/Get-AbrAzRecoveryServicesVault.ps1 @@ -1,11 +1,11 @@ function Get-AbrAzRecoveryServicesVault { <# .SYNOPSIS - Used by As Built Report to retrieve Azure Recovery Services Vault information + Used by As Built Report to retrieve Azure Recovery Services Vault information .DESCRIPTION .NOTES - Version: 0.1.1 + Version: 0.1.2 Author: Tim Carman Twitter: @tpcarman Github: tpcarman @@ -23,64 +23,70 @@ function Get-AbrAzRecoveryServicesVault { } process { - $AzRsvs = Get-AzRecoveryServicesVault | Sort-Object Name - if (($InfoLevel.RecoveryServicesVault -gt 0) -and ($AzRsvs)) { - Write-PscriboMessage "Collecting Azure Recovery Services Vault information." - Section -Style Heading4 'Recovery Services Vaults' { - if ($Options.ShowSectionInfo) { - Paragraph "A Recovery Services vault is a storage entity in Azure that houses data. The data is typically copies of data, or configuration information for virtual machines (VMs), workloads, servers, or workstations. You can use Recovery Services vaults to hold backup data for various Azure services such as IaaS VMs (Linux or Windows) and SQL Server in Azure VMs. Recovery Services vaults support System Center DPM, Windows Server, Azure Backup Server, and more. Recovery Services vaults make it easy to organize your backup data, while minimizing management overhead." - BlankLine - } - $AzRsvInfo = @() - foreach ($AzRsv in $AzRsvs) { - $InObj = [Ordered]@{ - 'Name' = $AzRsv.Name - 'Resource Group' = $AzRsv.ResourceGroupName - 'Location' = $AzLocationLookup."$($AzRsv.Location)" - 'Subscription' = "$($AzSubscriptionLookup.(($AzRsv.Id).split('/')[2]))" - 'Provisioning State' = $AzRsv.Properties.ProvisioningState - 'Private Endpoint State for Backup' = Switch ($AzRsv.Properties.PrivateEndpointStateForBackup) { - $null { '--' } - default { $AzRsv.Properties.PrivateEndpointStateForBackup } + Try { + if ($InfoLevel.RecoveryServicesVault -gt 0) { + $AzRsvs = Get-AzRecoveryServicesVault | Sort-Object Name + if ($AzRsvs) { + Write-PscriboMessage "Collecting Azure Recovery Services Vault information." + Section -Style Heading4 'Recovery Services Vaults' { + if ($Options.ShowSectionInfo) { + Paragraph "A Recovery Services vault is a storage entity in Azure that houses data. The data is typically copies of data, or configuration information for virtual machines (VMs), workloads, servers, or workstations. You can use Recovery Services vaults to hold backup data for various Azure services such as IaaS VMs (Linux or Windows) and SQL Server in Azure VMs. Recovery Services vaults support System Center DPM, Windows Server, Azure Backup Server, and more. Recovery Services vaults make it easy to organize your backup data, while minimizing management overhead." + BlankLine } - 'Private Endpoint State for Site Recovery' = Switch ($AzRsv.Properties.PrivateEndpointStateForSiteRecovery) { - $null { '--' } - default { $AzRsv.Properties.PrivateEndpointStateForSiteRecovery } + $AzRsvInfo = @() + foreach ($AzRsv in $AzRsvs) { + $InObj = [Ordered]@{ + 'Name' = $AzRsv.Name + 'Resource Group' = $AzRsv.ResourceGroupName + 'Location' = $AzLocationLookup."$($AzRsv.Location)" + 'Subscription' = "$($AzSubscriptionLookup.(($AzRsv.Id).split('/')[2]))" + 'Provisioning State' = $AzRsv.Properties.ProvisioningState + 'Private Endpoint State for Backup' = Switch ($AzRsv.Properties.PrivateEndpointStateForBackup) { + $null { '--' } + default { $AzRsv.Properties.PrivateEndpointStateForBackup } + } + 'Private Endpoint State for Site Recovery' = Switch ($AzRsv.Properties.PrivateEndpointStateForSiteRecovery) { + $null { '--' } + default { $AzRsv.Properties.PrivateEndpointStateForSiteRecovery } + } + } + $AzRsvInfo += [PSCustomObject]$InObj } - } - $AzRsvInfo += [PSCustomObject]$InObj - } - if ($InfoLevel.RecoveryServicesVault -ge 2) { - Paragraph "The following sections detail the configuration of the recovery services vault within the $($AzSubscription.Name) subscription." - foreach ($AzRsv in $AzRsvInfo) { - Section -Style NOTOCHeading5 -ExcludeFromTOC "$($AzRsv.Name)" { + if ($InfoLevel.RecoveryServicesVault -ge 2) { + Paragraph "The following sections detail the configuration of the recovery services vault within the $($AzSubscription.Name) subscription." + foreach ($AzRsv in $AzRsvInfo) { + Section -Style NOTOCHeading5 -ExcludeFromTOC "$($AzRsv.Name)" { + $TableParams = @{ + Name = "Recovery Services Vault - $($AzRsv.Name)" + List = $true + ColumnWidths = 40, 60 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $AzRsv | Table @TableParams + } + } + } else { + Paragraph "The following table summarises the configuration of the recovery services vault within the $($AzSubscription.Name) subscription." + BlankLine $TableParams = @{ - Name = "Recovery Services Vault - $($AzRsv.Name)" - List = $true - ColumnWidths = 50, 50 + Name = "Recovery Services Vaults - $($AzSubscription.Name)" + List = $false + Columns = 'Name', 'Resource Group', 'Location' + ColumnWidths = 33, 34, 33 } if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $AzRsv | Table @TableParams + $AzRsvinfo | Table @TableParams } } - } else { - Paragraph "The following table summarises the configuration of the recovery services vault within the $($AzSubscription.Name) subscription." - BlankLine - $TableParams = @{ - Name = "Recovery Services Vaults - $($AzSubscription.Name)" - List = $false - Columns = 'Name', 'Resource Group', 'Location' - ColumnWidths = 33, 34, 33 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - $AzRsvinfo | Table @TableParams } } + } Catch { + Write-PScriboMessage -IsWarning $($_.Exception.Message) } } diff --git a/Src/Private/Get-AbrAzRouteTable.ps1 b/Src/Private/Get-AbrAzRouteTable.ps1 index ef875aa..e7c2510 100644 --- a/Src/Private/Get-AbrAzRouteTable.ps1 +++ b/Src/Private/Get-AbrAzRouteTable.ps1 @@ -1,13 +1,13 @@ function Get-AbrAzRouteTable { <# .SYNOPSIS - Used by As Built Report to retrieve Azure Route Table and Routes information + Used by As Built Report to retrieve Azure Route Table and Routes information .DESCRIPTION .NOTES - Version: 0.2 + Version: 0.3.0 Author: Howard Hao & Tim Carman - Twitter: tpcarman + Twitter: @tpcarman Github: howardhaooooo / tpcarman .EXAMPLE @@ -23,78 +23,119 @@ function Get-AbrAzRouteTable { } process { - $AzRouteTables = Get-AzRouteTable | Sort-Object Name - if (($InfoLevel.RouteTable -gt 0) -and ($AzRouteTables)) { - Write-PscriboMessage "Collecting Azure Route Table information." - Section -Style Heading4 'Route Tables' { - if ($Options.ShowSectionInfo) { - Paragraph "Azure Route Tables are a set of custom routes that dictate how network traffic should move within a virtual network (VNet). They offer a way to control the flow of data, ensuring it reaches the correct endpoint. For instance, if a subnet in a VNet needs to communicate with a virtual appliance, an Azure Route Table can direct the traffic accordingly." - BlankLine - } - $AzRouteTableInfo = @() - foreach ($AzRouteTable in $AzRouteTables) { - $InObj = [Ordered]@{ - 'Name' = $AzRouteTable.Name - 'Resource Group' = $AzRouteTable.ResourceGroupName - 'Location' = $AzLocationLookup."$($AzRouteTable.Location)" - 'Subscription' = "$($AzSubscriptionLookup.(($AzRouteTable.Id).split('/')[2]))" - 'Provisioning State' = $AzRouteTable.ProvisioningState - } - $AzRouteTableInfo += [PSCustomObject]$InObj - } + Try { + if ($InfoLevel.RouteTable -gt 0) { + $AzRouteTables = Get-AzRouteTable | Sort-Object Name + if ($AzRouteTables) { + Write-PscriboMessage "Collecting Azure Route Table information." + Section -Style Heading4 'Route Tables' { + if ($Options.ShowSectionInfo) { + Paragraph "Azure Route Tables are a set of custom routes that dictate how network traffic should move within a virtual network (VNet). They offer a way to control the flow of data, ensuring it reaches the correct endpoint. For instance, if a subnet in a VNet needs to communicate with a virtual appliance, an Azure Route Table can direct the traffic accordingly." + BlankLine + } - if ($InfoLevel.RouteTable -eq 1) { - Paragraph "The following table summarises the configuration of the Route Table within the $($AzSubscription.Name) subscription." - BlankLine - } else { - Paragraph "The following sections detail the configuration of the Route Tables within the $($AzSubscription.Name) subscription." - BlankLine - } - $TableParams = @{ - Name = "Route Tables - $($AzSubscription.Name)" - List = $false - Columns = 'Name', 'Resource Group', 'Location', 'Subscription' - ColumnWidths = 25, 25, 25, 25 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - $AzRouteTableInfo | Table @TableParams - - if ($InfoLevel.RouteTable -ge 2) { - foreach ($AzRouteTable in $AzRouteTables) { - $AzRoutes = $AzRouteTable.Routes | Sort-Object Name - if ($AzRoutes) { - Section -Style NOTOCHeading5 -ExcludeFromTOC "$($AzRouteTable.Name)" { - Section -Style NOTOCHeading6 -ExcludeFromTOC "Routes" { - $AzRouteInfo = @() - foreach ($AzRoute in $AzRoutes){ - $InObj = [Ordered]@{ - 'Name' = $AzRoute.Name - 'Address Prefix' = $AzRoute.AddressPrefix - 'Next Hop Type' = $AzRoute.NextHopType - 'Next Hop IP Address' = Switch ($AzRoute.NextHopIpAddress) { - "" { '--' } - default { $AzRoute.NextHopIpAddress } - } - } - $AzRouteInfo += [PSCustomObject]$InObj + if ($InfoLevel.RouteTable -ge 3) { + Paragraph "The following sections detail the configuration of the Route Tables within the $($AzSubscription.Name) subscription." + BlankLine + + foreach ($AzRouteTable in $AzRouteTables) { + Section -Style NOTOCHeading5 -ExcludeFromTOC "$($AzRouteTable.Name)" { + $AzRouteTableInfo = @() + $InObj = [Ordered]@{ + 'Name' = $AzRouteTable.Name + 'Resource Group' = $AzRouteTable.ResourceGroupName + 'Location' = $AzLocationLookup."$($AzRouteTable.Location)" + 'Subscription' = "$($AzSubscriptionLookup.(($AzRouteTable.Id).split('/')[2]))" + 'Provisioning State' = $AzRouteTable.ProvisioningState } + $TableParams = @{ - Name = "Routes - $($AzRouteTable.Name)" - List = $false - ColumnWidths = 25, 25, 25, 25 + Name = "Route Table - $($AzRouteTable.Name)" + List = $true + ColumnWidths = 40, 60 + } + + if ($Options.ShowTags) { + $InObj['Tags'] = if ([string]::IsNullOrEmpty($AzRouteTable.Tag)) { + 'None' + } else { + ($AzRouteTable.Tag.GetEnumerator() | ForEach-Object { "$($_.Name):`t$($_.Value)" }) -join [Environment]::NewLine + } + $TableParams['Columns'] = 'Name', 'Resource Group', 'Location', 'Subscription', 'Tags' + } else { + $TableParams['Columns'] = 'Name', 'Resource Group', 'Location', 'Subscription' } + if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $AzRouteInfo | Table @TableParams + + $AzRouteTableInfo += [PSCustomObject]$InObj + $AzRouteTableInfo | Table @TableParams + } + + $AzRoutes = $AzRouteTable.Routes | Sort-Object Name + if ($AzRoutes) { + Section -Style NOTOCHeading6 -ExcludeFromTOC "Routes" { + $AzRouteInfo = @() + foreach ($AzRoute in $AzRoutes){ + $InObj = [Ordered]@{ + 'Name' = $AzRoute.Name + 'Address Prefix' = $AzRoute.AddressPrefix + 'Next Hop Type' = $AzRoute.NextHopType + 'Next Hop IP Address' = Switch ($AzRoute.NextHopIpAddress) { + "" { '--' } + default { $AzRoute.NextHopIpAddress } + } + } + $AzRouteInfo += [PSCustomObject]$InObj + } + $TableParams = @{ + Name = "Routes - $($AzRouteTable.Name)" + List = $false + ColumnWidths = 25, 25, 25, 25 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $AzRouteInfo | Table @TableParams + } } } + } else { + Paragraph "The following table summarises the configuration of the Route Table within the $($AzSubscription.Name) subscription." + BlankLine + + $AzRouteTableInfo = @() + foreach ($AzRouteTable in $AzRouteTables) { + $InObj = [Ordered]@{ + 'Name' = $AzRouteTable.Name + 'Resource Group' = $AzRouteTable.ResourceGroupName + 'Location' = $AzLocationLookup."$($AzRouteTable.Location)" + 'Subscription' = "$($AzSubscriptionLookup.(($AzRouteTable.Id).split('/')[2]))" + 'Provisioning State' = $AzRouteTable.ProvisioningState + } + $AzRouteTableInfo += [PSCustomObject]$InObj + } + + $TableParams = @{ + Name = "Route Tables - $($AzSubscription.Name)" + List = $false + Columns = 'Name', 'Resource Group', 'Location', 'Subscription' + ColumnWidths = 25, 25, 25, 25 + } + + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + + $AzRouteTableInfo | Table @TableParams } } } } + } Catch { + Write-PScriboMessage -IsWarning $($_.Exception.Message) } } diff --git a/Src/Private/Get-AbrAzSABlobServiceProperty.ps1 b/Src/Private/Get-AbrAzSABlobServiceProperty.ps1 index 1501170..6f9b5da 100644 --- a/Src/Private/Get-AbrAzSABlobServiceProperty.ps1 +++ b/Src/Private/Get-AbrAzSABlobServiceProperty.ps1 @@ -1,14 +1,14 @@ function Get-AbrAzSABlobServiceProperty { <# .SYNOPSIS - Used by As Built Report to retrieve Azure Storage Account Blob Service Property information + Used by As Built Report to retrieve Azure Storage Account Blob Service Property information .DESCRIPTION .NOTES - Version: 0.1.5 - Author: Jonathan Colon - Twitter: @jcolonfzenpr - Github: rebelinux + Version: 0.1.6 + Author: Jonathan Colon / Tim Carman + Twitter: @jcolonfzenpr / @tpcarman + Github: rebelinux / tpcarman .EXAMPLE .LINK @@ -30,48 +30,88 @@ function Get-AbrAzSABlobServiceProperty { [String] $StorageAccountName ) - begin { - Write-PScriboMessage "StorageAccount InfoLevel set at $($InfoLevel.StorageAccount)." - } + begin {} process { - $AzSABlobServiceProperties = Get-AzStorageBlobServiceProperty -ResourceGroupName $ResourceGroupName -StorageAccountName $StorageAccountName - if (($InfoLevel.StorageAccount -gt 0) -and ($AzSABlobServiceProperties)) { - Write-PscriboMessage "Collecting Azure Storage Account Blob Service Property information." - Section -Style NOTOCHeading6 -ExcludeFromTOC 'Blob Service Property' { - $AzSASrvPrtyInfo = @() - foreach ($AzSABlobServiceProperty in $AzSABlobServiceProperties) { - $InObj = [Ordered]@{ - 'Blob Soft Delete Status' = Switch ($AzSABlobServiceProperty.DeleteRetentionPolicy.Enabled) { - $true { 'Enabled' } - $false { 'Not Enabled' } - $null { 'Not Enabled' } - } - 'Blob Soft Delete Days' = "$($AzSABlobServiceProperty.DeleteRetentionPolicy.Days) days" - 'Container Soft Delete Status' = Switch ($AzSABlobServiceProperty.ContainerDeleteRetentionPolicy.Enabled) { - $true { 'Enabled' } - $false { 'Not Enabled' } - $null { 'Not Enabled' } + Try { + $AzSABlobServiceProperty = Get-AzStorageBlobServiceProperty -ResourceGroupName $ResourceGroupName -StorageAccountName $StorageAccountName + $AzStorageAccount = Get-AzStorageAccount -Name $AzSABlobServiceProperty.StorageAccountName -ResourceGroupName $AzSABlobServiceProperty.ResourceGroupName + if ($AzSABlobServiceProperty -and $AzStorageAccount) { + Write-PScriboMessage "Collecting Azure Storage Account Blob Service information [$($AzStorageAccount.StorageAccountName)]." + Section -Style NOTOCHeading6 -ExcludeFromTOC 'Blob Service' { + $AzSABlobServicePropertyInfo = @() + foreach ($AzSABlobService in $AzSABlobServiceProperty) { + $InObj = [Ordered]@{ + 'Hierarchical Namespace' = if ($AzStorageAccount.EnableHierarchicalNamespace) { + 'Enabled' + } else { + 'Disabled' + } + 'Default Access Tier' = if ($null -ne $AzStorageAccount.AccessTier) { + $AzStorageAccount.AccessTier + } else { + 'Not Applicable' + } + 'Blob Anonymous Access' = if ($AzStorageAccount.AllowBlobPublicAccess) { + 'Enabled' + } else { + 'Disabled' + } + 'Blob Soft Delete' = If ($AzSABlobService.DeleteRetentionPolicy.Enabled -and $AzSABlobService.DeleteRetentionPolicy.Days) { + "Enabled ($($AzSABlobService.DeleteRetentionPolicy.Days) days)" + } else { + 'Disabled' + } + 'Container Soft Delete' = If ($AzSABlobService.ContainerDeleteRetentionPolicy.Enabled -and $AzSABlobService.ContainerDeleteRetentionPolicy.Days) { + "Enabled ($($AzSABlobService.ContainerDeleteRetentionPolicy.Days) days)" + } else { + 'Disabled' + } + 'Versioning' = if ($AzSABlobService.IsVersioningEnabled) { + 'Enabled' + } else { + 'Disabled' + } + 'Change Feed' = if ($AzSABlobService.ChangeFeed.Enabled -and $AzSABlobService.ChangeFeed.RetentionInDays) { + "Enabled ($($AzSABlobService.ChangeFeed.RetentionInDays) days)" + } else { + 'Disabled' + } + 'NFS v3' = if ($AzStorageAccount.EnableNfsV3) { + 'Enabled' + } else { + 'Disabled' + } + 'SFTP' = if ($AzStorageAccount.EnableSftp) { + 'Enabled' + } else { + 'Disabled' + } + 'Allow Cross-Tenant Replication' = if ($AzStorageAccount.AllowCrossTenantReplication) { + 'Enabled' + } else { + 'Disabled' + } } - 'Container Soft Delete Days' = "$($AzSABlobServiceProperty.ContainerDeleteRetentionPolicy.Days) days" - 'Is Versioning Enabled' = Switch ($AzSABlobServiceProperty.IsVersioningEnabled) { - $true { 'Enabled' } - $false { 'Not Enabled' } - $null { 'Not Enabled' } + $AzSABlobServicePropertyInfo += [PSCustomObject]$InObj + + if ($Healthcheck.StorageAccount.BlobAnonymousAccess) { + $AzSABlobServicePropertyInfo | Where-Object { $_.'Blob Anonymous Access' -eq 'Enabled' } | Set-Style -Style Warning -Property 'Blob Anonymous Access' } } - $AzSASrvPrtyInfo = [PSCustomObject]$InObj - } - $TableParams = @{ - Name = "Blob Service Property - $($AzSABlobServiceProperty.StorageAccountName)" - List = $true - ColumnWidths = 50, 50 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" + $TableParams = @{ + Name = "Blob Service - $($AzSABlobService.StorageAccountName)" + List = $true + ColumnWidths = 40, 60 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $AzSABlobServicePropertyInfo | Table @TableParams } - $AzSASrvPrtyInfo | Table @TableParams } + } Catch { + Write-PScriboMessage -IsWarning $($_.Exception.Message) } } diff --git a/Src/Private/Get-AbrAzSAContainer.ps1 b/Src/Private/Get-AbrAzSAContainer.ps1 index 7612936..225d464 100644 --- a/Src/Private/Get-AbrAzSAContainer.ps1 +++ b/Src/Private/Get-AbrAzSAContainer.ps1 @@ -1,14 +1,14 @@ function Get-AbrAzSAContainer { <# .SYNOPSIS - Used by As Built Report to retrieve Azure Storage Account Container information + Used by As Built Report to retrieve Azure Storage Account Container information .DESCRIPTION .NOTES - Version: 0.1.5 - Author: Jonathan Colon - Twitter: @jcolonfzenpr - Github: rebelinux + Version: 0.1.6 + Author: Jonathan Colon / Tim Carman + Twitter: @jcolonfzenpr / @tpcarman + Github: rebelinux / tpcarman .EXAMPLE .LINK @@ -31,40 +31,43 @@ function Get-AbrAzSAContainer { ) begin { - Write-PScriboMessage "StorageAccount InfoLevel set at $($InfoLevel.StorageAccount)." } process { - $AzSAContainers = Get-AzStorageAccount -ResourceGroupName $ResourceGroupName -StorageAccountName $StorageAccountName | Get-AzStorageContainer | Sort-Object Name - if (($InfoLevel.StorageAccount -gt 0) -and ($AzSAContainers)) { - Write-PscriboMessage "Collecting Azure Storage Account Containers information." - Section -Style NOTOCHeading6 -ExcludeFromTOC 'Containers' { - $AzSAContInfo = @() - foreach ($AzSAContainer in $AzSAContainers) { - $InObj = [Ordered]@{ - 'Name' = $AzSAContainer.Name - 'Public Access' = Switch ($AzSAContainer.PublicAccess) { - 'Off' { 'Not Enabled' } - $null { 'Not Enabled' } - default {$AzSAContainer.PublicAccess} - } - 'Last Modified' = $AzSAContainer.LastModified.UtcDateTime.ToShortDateString() + Try { + $AzSAContainers = Get-AzStorageAccount -ResourceGroupName $ResourceGroupName -StorageAccountName $StorageAccountName | Get-AzStorageContainer -ErrorAction SilentlyContinue | Sort-Object Name + if ($AzSAContainers) { + Write-PscriboMessage "Collecting Azure Storage Account Containers information." + Section -Style NOTOCHeading6 -ExcludeFromTOC 'Containers' { + $AzSAContInfo = @() + foreach ($AzSAContainer in $AzSAContainers) { + $InObj = [Ordered]@{ + 'Name' = $AzSAContainer.Name + 'Public Access' = if ($AzSAContainer.PublicAccess) { + $AzSAContainer.PublicAccess + } else { + 'Disabled' + } + 'Last Modified' = $AzSAContainer.LastModified.UtcDateTime.ToShortDateString() + } + $AzSAContInfo += [PSCustomObject]$InObj } - $AzSAContInfo += [PSCustomObject]$InObj - } - $TableParams = @{ - Name = "Container - $($StorageAccountName)" - List = $false - Columns = 'Name', 'Public Access', 'Last Modified' - ColumnWidths = 50, 25, 25 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" + $TableParams = @{ + Name = "Container - $($StorageAccountName)" + List = $false + Columns = 'Name', 'Public Access', 'Last Modified' + ColumnWidths = 50, 25, 25 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $AzSAContInfo | Table @TableParams } - $AzSAContInfo | Table @TableParams } + } Catch { + Write-PScriboMessage -IsWarning $($_.Exception.Message) } } diff --git a/Src/Private/Get-AbrAzSAFileServiceProperty.ps1 b/Src/Private/Get-AbrAzSAFileServiceProperty.ps1 index b8f3fcc..fb9338b 100644 --- a/Src/Private/Get-AbrAzSAFileServiceProperty.ps1 +++ b/Src/Private/Get-AbrAzSAFileServiceProperty.ps1 @@ -1,14 +1,14 @@ function Get-AbrAzSAFileServiceProperty { <# .SYNOPSIS - Used by As Built Report to retrieve Azure Storage Account File Service Property information + Used by As Built Report to retrieve Azure Storage Account File Service Property information .DESCRIPTION .NOTES - Version: 0.1.5 - Author: Jonathan Colon - Twitter: @jcolonfzenpr - Github: rebelinux + Version: 0.1.6 + Author: Jonathan Colon / Tim Carman + Twitter: @jcolonfzenpr / @tpcarman + Github: rebelinux / tpcarman .EXAMPLE .LINK @@ -31,36 +31,49 @@ function Get-AbrAzSAFileServiceProperty { ) begin { - Write-PScriboMessage "StorageAccount InfoLevel set at $($InfoLevel.StorageAccount)." } process { - $AzSAFileServiceProperties = Get-AzStorageFileServiceProperty -ResourceGroupName $ResourceGroupName -StorageAccountName $StorageAccountName - if (($InfoLevel.StorageAccount -gt 0) -and ($AzSAFileServiceProperties)) { - Write-PscriboMessage "Collecting Azure Storage Account File Service Property information." - Section -Style NOTOCHeading6 -ExcludeFromTOC 'File Service Property' { - $AzSASrvPrtyInfo = @() - foreach ($AzSAFileServiceProperty in $AzSAFileServiceProperties) { - $InObj = [Ordered]@{ - 'Soft Delete' = Switch ($AzSAFileServiceProperty.ShareDeleteRetentionPolicy.Enabled) { - $true { 'Enabled' } - $false { 'Not Enabled' } - $null { 'Not Enabled' } + Try { + $AzSAFileServiceProperty = Get-AzStorageFileServiceProperty -ResourceGroupName $ResourceGroupName -StorageAccountName $StorageAccountName + $AzStorageAccount = Get-AzStorageAccount -Name $AzSAFileServiceProperty.StorageAccountName -ResourceGroupName $AzSAFileServiceProperty.ResourceGroupName + if ($AzSAFileServiceProperty -and $AzStorageAccount) { + Write-PscriboMessage "Collecting Azure Storage Account File Service information [$($AzStorageAccount.StorageAccountName)]." + Section -Style NOTOCHeading6 -ExcludeFromTOC 'File Service' { + $AzSAFileServicePropertyInfo = @() + foreach ($AzSAFileService in $AzSAFileServiceProperty) { + $InObj = [Ordered]@{ + 'Large File Share' = If ($AzStorageAccount.LargeFileSharesState) { + 'Enabled' + } else { + 'Disabled' + } + 'Identity-based Access' = If ($AzStorageAccount.AzureFilesIdentityBasedAuth) { + 'Enabled' + } else { + 'Disabled' + } + 'Soft Delete' = if ($AzSAFileService.ShareDeleteRetentionPolicy.Enabled -and $AzSAFileService.ShareDeleteRetentionPolicy.Days) { + "Enabled ($($AzSAFileService.ShareDeleteRetentionPolicy.Days) days)" + } else { + 'Disabled' + } } - 'Soft Delete Days' = "$($AzSAFileServiceProperty.ShareDeleteRetentionPolicy.Days) days" + $AzSAFileServicePropertyInfo = [PSCustomObject]$InObj } - $AzSASrvPrtyInfo = [PSCustomObject]$InObj - } - $TableParams = @{ - Name = "File Service Property - $($AzSAFileServiceProperty.StorageAccountName)" - List = $true - ColumnWidths = 50, 50 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" + $TableParams = @{ + Name = "File Service - $($AzSAFileServiceProperty.StorageAccountName)" + List = $true + ColumnWidths = 40, 60 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $AzSAFileServicePropertyInfo | Table @TableParams } - $AzSASrvPrtyInfo | Table @TableParams } + } Catch { + Write-PScriboMessage -IsWarning $($_.Exception.Message) } } diff --git a/Src/Private/Get-AbrAzSAShare.ps1 b/Src/Private/Get-AbrAzSAShare.ps1 index 98e90ac..49d7e2d 100644 --- a/Src/Private/Get-AbrAzSAShare.ps1 +++ b/Src/Private/Get-AbrAzSAShare.ps1 @@ -1,14 +1,14 @@ function Get-AbrAzSAShare { <# .SYNOPSIS - Used by As Built Report to retrieve Azure Storage Account Share information + Used by As Built Report to retrieve Azure Storage Account Share information .DESCRIPTION .NOTES - Version: 0.1.5 - Author: Jonathan Colon - Twitter: @jcolonfzenpr - Github: rebelinux + Version: 0.1.6 + Author: Jonathan Colon / Tim Carman + Twitter: @jcolonfzenpr / @tpcarman + Github: rebelinux / tpcarman .EXAMPLE .LINK @@ -31,48 +31,52 @@ function Get-AbrAzSAShare { ) begin { - Write-PScriboMessage "StorageAccount InfoLevel set at $($InfoLevel.StorageAccount)." } process { - $AzSAShares = Get-AzStorageAccount -ResourceGroupName $ResourceGroupName -StorageAccountName $StorageAccountName | Get-AzStorageShare | Sort-Object Name - if (($InfoLevel.StorageAccount -gt 0) -and ($AzSAShares)) { - Write-PscriboMessage "Collecting Azure Storage Account Shares information." - Section -Style NOTOCHeading6 -ExcludeFromTOC 'Shares' { - $AzSAShareInfo = @() - foreach ($AzSAShare in $AzSAShares) { - $InObj = [Ordered]@{ - 'Name' = $AzSAShare.Name - 'Quota' = Switch ([string]::IsNullOrEmpty($AzSAShare.ShareProperties.QuotaInGB)) { - $null { 'Unknown' } - default {"$($AzSAShare.ShareProperties.QuotaInGB / 1024) Tib"} + Try { + $AzSAShares = Get-AzStorageAccount -ResourceGroupName $ResourceGroupName -StorageAccountName $StorageAccountName | Get-AzStorageShare -ErrorAction SilentlyContinue | Sort-Object Name + if ($AzSAShares) { + Write-PscriboMessage "Collecting Azure Storage Account Shares information." + Section -Style NOTOCHeading6 -ExcludeFromTOC 'Shares' { + $AzSAShareInfo = @() + foreach ($AzSAShare in $AzSAShares) { + $InObj = [Ordered]@{ + 'Name' = $AzSAShare.Name + 'Share URL' = $AzSAShare.CloudFileShare.Uri.AbsoluteUri + 'Quota' = if ([string]::IsNullOrEmpty($AzSAShare.ShareProperties.QuotaInGB)) { + 'Unknown' + } else { + "$($AzSAShare.ShareProperties.QuotaInGB / 1024) Tib" + } + 'Access Tier' = Switch ($AzSAShare.ShareProperties.AccessTier) { + 'TransactionOptimized' { 'Transaction Optimized' } + default {$AzSAShare.ShareProperties.AccessTier} + } + 'Last Modified' = $AzSAShare.LastModified.UtcDateTime.ToShortDateString() + 'Snapshot' = if ($AzSAShare.IsSnapshot) { + 'Enabled' + } else { + 'Disabled' + } } - 'Access Tier' = Switch ($AzSAShare.ShareProperties.AccessTier) { - 'TransactionOptimized' { 'Transaction Optimized' } - default {$AzSAShare.ShareProperties.AccessTier} - } - 'Last Modified' = $AzSAShare.LastModified.UtcDateTime.ToShortDateString() - 'Is Snapshot' = Switch ($AzSAShare.IsSnapshot) { - 'False' { 'Not Enabled' } - 'True' { 'Enabled' } - default {$AzSAShare.IsSnapshot} - } - + $AzSAShareInfo += [PSCustomObject]$InObj } - $AzSAShareInfo += [PSCustomObject]$InObj - } - $TableParams = @{ - Name = "Shares - $($StorageAccountName)" - List = $false - Columns = 'Name', 'Access Tier', 'Quota', 'Last Modified', 'Is Snapshot' - ColumnWidths = 28, 27, 15, 15, 15 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" + $TableParams = @{ + Name = "Shares - $($StorageAccountName)" + List = $false + Columns = 'Name', 'Access Tier', 'Quota', 'Last Modified', 'Snapshot' + ColumnWidths = 28, 27, 15, 15, 15 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $AzSAShareInfo | Table @TableParams } - $AzSAShareInfo | Table @TableParams } + } Catch { + Write-PScriboMessage -IsWarning $($_.Exception.Message) } } diff --git a/Src/Private/Get-AbrAzStorageAccount.ps1 b/Src/Private/Get-AbrAzStorageAccount.ps1 index 8b000ed..e29506e 100644 --- a/Src/Private/Get-AbrAzStorageAccount.ps1 +++ b/Src/Private/Get-AbrAzStorageAccount.ps1 @@ -1,14 +1,14 @@ function Get-AbrAzStorageAccount { <# .SYNOPSIS - Used by As Built Report to retrieve Azure Storage Account information + Used by As Built Report to retrieve Azure Storage Account information .DESCRIPTION .NOTES - Version: 0.1.5 - Author: Jonathan Colon - Twitter: @jcolonfzenpr - Github: rebelinux + Version: 0.1.6 + Author: Jonathan Colon / Tim Carman + Twitter: @jcolonfzenpr / @tpcarman + Github: rebelinux / tpcarman .EXAMPLE .LINK @@ -23,121 +23,143 @@ function Get-AbrAzStorageAccount { } process { - $AzStorageAccounts = Get-AzStorageAccount | Sort-Object StorageAccountName - if (($InfoLevel.StorageAccount -gt 0) -and ($AzStorageAccounts)) { - Write-PscriboMessage "Collecting Azure Storage Account information." - Section -Style Heading4 'Storage Account' { - if ($Options.ShowSectionInfo) { - Paragraph "Azure storage account contains all of your Azure Storage data objects, including blobs, file shares, queues, tables, and disks. The storage account provides a unique namespace for your Azure Storage data that's accessible from anywhere in the world over HTTP or HTTPS. Data in your storage account is durable and highly available, secure, and massively scalable." - BlankLine - } - $AzSAInfo = @() - foreach ($AzStorageAccount in $AzStorageAccounts) { - $InObj = [Ordered]@{ - 'Name' = $AzStorageAccount.StorageAccountName - 'Resource Group' = $AzStorageAccount.ResourceGroupName - 'Location' = $AzLocationLookup."$($AzStorageAccount.Location)" - 'Primary/Secondary Location' = "Primary: $($AzLocationLookup."$($AzStorageAccount.PrimaryLocation)") / Secondary: $($AzLocationLookup."$($AzStorageAccount.SecondaryLocation)")" - 'Disk state' = "Primary: $($AzStorageAccount.StatusOfPrimary) / Secondary: $($AzStorageAccount.StatusOfSecondary)" - 'Sku Name' = Switch ($AzStorageAccount.Sku.Name) { - 'Standard_LRS' { 'Locally-redundant storage.' } - 'Standard_ZRS' { 'Zone-redundant storage' } - 'Standard_GRS' { 'Geo-redundant storage' } - 'Standard_RAGRS' { 'Read access geo-redundant storage' } - 'Premium_LRS' { 'Premium locally-redundant storage' } - 'Premium_ZRS' { 'Premium zone-redundant storage' } - 'Standard_GZRS' { 'Geo-redundant zone-redundant storage' } - 'Standard_RAGZRS' { 'Read access geo-redundant zone-redundant storage' } - default {'Unknown'} - } - 'Sku Tier' = $AzStorageAccount.Sku.Tier - 'Account Kind' = Switch ($AzStorageAccount.Kind) { - 'Storage' {'General Purpose Version'} - 'StorageV2' {'General Purpose Version 2'} - 'BlobStorage' {'Blob Storage'} - 'BlockBlobStorage' {'Block Blob Storage'} - 'FileStorage' {'File Storage'} - default {'Unknown'} - } - 'Provisioning State' = $AzStorageAccount.ProvisioningState - 'Enable Https Traffic Only' = Switch ($AzStorageAccount.EnableHttpsTrafficOnly) { - $true { 'Enabled' } - $false { 'Not Enabled' } - $null { 'Not Enabled' } + Try { + if ($InfoLevel.StorageAccount -gt 0) { + $AzStorageAccounts = Get-AzStorageAccount | Sort-Object StorageAccountName + if ($AzStorageAccounts) { + Write-PscriboMessage "Collecting Azure Storage Account information." + Section -Style Heading4 'Storage Account' { + if ($Options.ShowSectionInfo) { + Paragraph "Azure storage account contains all of your Azure Storage data objects, including blobs, file shares, queues, tables, and disks. The storage account provides a unique namespace for your Azure Storage data that's accessible from anywhere in the world over HTTP or HTTPS. Data in your storage account is durable and highly available, secure, and massively scalable." + BlankLine } - 'Allow Blob Public Access' = Switch ($AzStorageAccount.AllowBlobPublicAccess) { - $true { 'Enabled' } - $false { 'Not Enabled' } - $null { 'Not Enabled' } - } - 'Allow Shared Key Access' = Switch ($AzStorageAccount.AllowSharedKeyAccess) { - $true { 'Enabled' } - $false { 'Not Enabled' } - $null { 'Not Enabled' } + $AzStorageAccountInfo = @() + foreach ($AzStorageAccount in $AzStorageAccounts) { + $InObj = [Ordered]@{ + 'Name' = $AzStorageAccount.StorageAccountName + 'Resource Group' = $AzStorageAccount.ResourceGroupName + 'Location' = $AzLocationLookup."$($AzStorageAccount.Location)" + 'Subscription' = "$($AzSubscriptionLookup.(($AzStorageAccount.Id).split('/')[2]))" + 'Primary/Secondary Location' = "Primary: $($AzLocationLookup."$($AzStorageAccount.PrimaryLocation)"), Secondary: $($AzLocationLookup."$($AzStorageAccount.SecondaryLocation)")" + 'Disk state' = "Primary: $($AzStorageAccount.StatusOfPrimary), Secondary: $($AzStorageAccount.StatusOfSecondary)" + 'Performance' = $AzStorageAccount.Sku.Tier + 'Replication' = Switch ($AzStorageAccount.Sku.Name) { + 'Standard_LRS' { 'Locally-redundant storage (LRS)' } + 'Standard_ZRS' { 'Zone-redundant storage (ZRS)' } + 'Standard_GRS' { 'Geo-redundant storage (GRS)' } + 'Standard_RAGRS' { 'Read access geo-redundant storage (RA-GRS)' } + 'Premium_LRS' { 'Premium locally-redundant storage (Premium LRS)' } + 'Premium_ZRS' { 'Premium zone-redundant storage (Premium ZRS)' } + 'Standard_GZRS' { 'Geo-redundant zone-redundant storage (GZRS)' } + 'Standard_RAGZRS' { 'Read access geo-redundant zone-redundant storage (RA-GZRS)' } + default {'Unknown'} + } + 'Account Kind' = Switch ($AzStorageAccount.Kind) { + 'Storage' {'Storage (General Purpose v1)'} + 'StorageV2' {'Storage (General Purpose v2)'} + 'BlobStorage' {'Blob Storage'} + 'BlockBlobStorage' {'Block Blob Storage'} + 'FileStorage' {'File Storage'} + default {'Unknown'} + } + 'Provisioning State' = $AzStorageAccount.ProvisioningState + 'Secure Transfer' = if ($AzStorageAccount.EnableHttpsTrafficOnly) { + 'Enabled' + } else { + 'Disabled' + } + 'Storage Account Key Access' = if ($AzStorageAccount.AllowSharedKeyAccess) { + 'Enabled' + } else { + 'Disabled' + } + 'Public Network Access' = if ($AzStorageAccount.PublicNetworkAccess) { + 'Enabled' + } else { + 'Disabled' + } + 'Minimum TLS Version' = ($AzStorageAccount.MinimumTlsVersion).Replace('_','.') + 'Infrastructure Encryption' = if ($AzStorageAccount.RequireInfrastructureEncryption) { + 'Enabled' + } else { + 'Disabled' + } + 'Created' = $AzStorageAccount.CreationTime + } + + if ($Options.ShowTags) { + $InObj['Tags'] = if ([string]::IsNullOrEmpty($AzStorageAccount.Tags)) { + 'None' + } else { + ($AzStorageAccount.Tags.GetEnumerator() | ForEach-Object {"$($_.Key):`t$($_.Value)"}) -join [Environment]::NewLine + } + } + + $AzStorageAccountInfo += [PSCustomObject]$InObj } - 'Public Network Access' = $AzStorageAccount.PublicNetworkAccess - 'Minimum TLS Version' = $AzStorageAccount.MinimumTlsVersion - 'Default Access Tier' = $AzStorageAccount.AccessTier - 'Creation Time' = $AzStorageAccount.CreationTime - 'Tags' = Switch ([string]::IsNullOrEmpty($AzStorageAccount.Tags)) { - $true {"--"} - default {($AzStorageAccount.Tags.GetEnumerator() | ForEach-Object {"$($_.Key):$($_.Value)"}) -join ", "} + + if ($Healthcheck.StorageAccount.ProvisioningState) { + $AzStorageAccountInfo | Where-Object { $_.'Provisioning State' -ne 'Succeeded' } | Set-Style -Style Critical -Property 'Provisioning State' } - } - $AzSAInfo += [PSCustomObject]$InObj - } - if ($Healthcheck.StorageAccount.ProvisioningState) { - $AzSAInfo | Where-Object { $_.'Provisioning State' -ne 'Succeeded' } | Set-Style -Style Critical -Property 'Provisioning State' - } + if ($Healthcheck.StorageAccount.StorageAccountKeyAccess) { + $AzStorageAccountInfo | Where-Object { $_.'Storage Account Key Access' -eq 'Enabled' } | Set-Style -Style Warning -Property 'Storage Account Key Access' + } - if ($Healthcheck.StorageAccount.EnableHttpsTrafficOnly) { - $AzSAInfo | Where-Object { $_.'Enable Https Traffic Only' -ne 'Enabled' } | Set-Style -Style Warning -Property 'Enable Https Traffic Only' - } + if ($Healthcheck.StorageAccount.SecureTransfer) { + $AzStorageAccountInfo | Where-Object { $_.'Secure Transfer' -ne 'Enabled' } | Set-Style -Style Warning -Property 'Secure Transfer' + } - if ($Healthcheck.StorageAccount.PublicNetworkAccess) { - $AzSAInfo | Where-Object { $_.'Public Network Access' -eq 'Enabled' } | Set-Style -Style Warning -Property 'Public Network Access' - } + if ($Healthcheck.StorageAccount.PublicNetworkAccess) { + $AzStorageAccountInfo | Where-Object { $_.'Public Network Access' -eq 'Enabled' } | Set-Style -Style Warning -Property 'Public Network Access' + } - if ($Healthcheck.StorageAccount.MinimumTlsVersion) { - $AzSAInfo | Where-Object { $_.'Minimum TLS Version' -ne 'TLS1_2' } | Set-Style -Style Warning -Property 'Minimum TLS Version' - } + if ($Healthcheck.StorageAccount.MinimumTlsVersion) { + $AzStorageAccountInfo | Where-Object { $_.'Minimum TLS Version' -ne 'TLS1.2' } | Set-Style -Style Warning -Property 'Minimum TLS Version' + } - if ($InfoLevel.StorageAccount -ge 2) { - Paragraph "The following sections detail the configuration of the storage account within the $($AzSubscription.Name) subscription." - foreach ($AzStorageAccount in $AzSAInfo) { - Section -Style Heading5 "$($AzStorageAccount.Name)" { + if ($InfoLevel.StorageAccount -ge 2) { + Paragraph "The following sections detail the configuration of the storage account within the $($AzSubscription.Name) subscription." + foreach ($AzStorageAccount in $AzStorageAccountInfo) { + Section -Style NOTOCHeading5 -ExcludeFromTOC "$($AzStorageAccount.Name)" { + $TableParams = @{ + Name = "Storage Account - $($AzStorageAccount.Name)" + List = $true + ColumnWidths = 40, 60 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $AzStorageAccount | Table @TableParams + # Blob Service Properties + Get-AbrAzSABlobServiceProperty -ResourceGroupName $AzStorageAccount.'Resource Group' -StorageAccountName $AzStorageAccount.Name + # Container Service Properties + Get-AbrAzSAContainer -ResourceGroupName $AzStorageAccount.'Resource Group' -StorageAccountName $AzStorageAccount.Name + # File Service Properties + Get-AbrAzSAFileServiceProperty -ResourceGroupName $AzStorageAccount.'Resource Group' -StorageAccountName $AzStorageAccount.Name + # Share Service Properties + Get-AbrAzSAShare -ResourceGroupName $AzStorageAccount.'Resource Group' -StorageAccountName $AzStorageAccount.Name + } + } + } else { + Paragraph "The following table summarises the configuration of the storage account within the $($AzSubscription.Name) subscription." + BlankLine $TableParams = @{ - Name = "Storage Account - $($AzStorageAccount.Name)" - List = $true - ColumnWidths = 50, 50 + Name = "Storage Account - $($AzSubscription.Name)" + List = $false + Columns = 'Name', 'Resource Group', 'Location', 'Replication', 'Account Kind' + ColumnWidths = 20, 20, 20, 20, 20 } if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $AzStorageAccount | Table @TableParams - # Blob Service Properties - Get-AbrAzSABlobServiceProperty -ResourceGroupName $AzStorageAccount.'Resource Group' -StorageAccountName $AzStorageAccount.Name - Get-AbrAzSAFileServiceProperty -ResourceGroupName $AzStorageAccount.'Resource Group' -StorageAccountName $AzStorageAccount.Name - Get-AbrAzSAContainer -ResourceGroupName $AzStorageAccount.'Resource Group' -StorageAccountName $AzStorageAccount.Name - Get-AbrAzSAShare -ResourceGroupName $AzStorageAccount.'Resource Group' -StorageAccountName $AzStorageAccount.Name + $AzStorageAccountInfo | Table @TableParams } } - } else { - Paragraph "The following table summarises the configuration of the storage account within the $($AzSubscription.Name) subscription." - BlankLine - $TableParams = @{ - Name = "Storage Account - $($AzSubscription.Name)" - List = $false - Columns = 'Name', 'Resource Group', 'Location', 'Sku Name', 'Account Kind' - ColumnWidths = 20, 20, 20, 20, 20 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - $AzSAInfo | Table @TableParams } } + } Catch { + Write-PScriboMessage -IsWarning $($_.Exception.Message) } } diff --git a/Src/Private/Get-AbrAzSubscription.ps1 b/Src/Private/Get-AbrAzSubscription.ps1 index c6aff80..30c2870 100644 --- a/Src/Private/Get-AbrAzSubscription.ps1 +++ b/Src/Private/Get-AbrAzSubscription.ps1 @@ -1,11 +1,11 @@ function Get-AbrAzSubscription { <# .SYNOPSIS - Used by As Built Report to retrieve Azure Subscription information + Used by As Built Report to retrieve Azure Subscription information .DESCRIPTION .NOTES - Version: 0.1.1 + Version: 0.1.2 Author: Tim Carman Twitter: @tpcarman Github: tpcarman @@ -23,35 +23,39 @@ function Get-AbrAzSubscription { } process { - if ($AzSubscriptions) { - if ($Options.ShowSectionInfo) { - Paragraph "An Azure subscription is a logical container used to provision resources in Azure. It holds the details of all your resources like virtual machines (VMs), databases, and more. When you create an Azure resource like a VM, you must identify the subscription it belongs to." + Try { + if ($AzSubscriptions) { + if ($Options.ShowSectionInfo) { + Paragraph "An Azure subscription is a logical container used to provision resources in Azure. It holds the details of all your resources like virtual machines (VMs), databases, and more. When you create an Azure resource like a VM, you must identify the subscription it belongs to." + BlankLine + } + Paragraph "The following table summarises the subscription information within the $($AzTenant.Name) tenant." BlankLine - } - Paragraph "The following table summarises the subscription information within the $($AzTenant.Name) tenant." - BlankLine - $AzSubscriptionInfo = @() - foreach ($AzSubscription in $AzSubscriptions) { - $InObj = [Ordered]@{ - 'Name' = $AzSubscription.Name - 'Subscription ID' = $AzSubscription.SubscriptionId - 'State' = $AzSubscription.State + $AzSubscriptionInfo = @() + foreach ($AzSubscription in $AzSubscriptions) { + $InObj = [Ordered]@{ + 'Name' = $AzSubscription.Name + 'Subscription ID' = $AzSubscription.SubscriptionId + 'State' = $AzSubscription.State + } + $AzSubscriptionInfo += [pscustomobject]$InObj } - $AzSubscriptionInfo += [pscustomobject]$InObj - } - $TableParams = @{ - Name = "Subscriptions - $($AzTenant.Name)" - List = $false - ColumnWidths = 35, 50, 15 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" + $TableParams = @{ + Name = "Subscriptions - $($AzTenant.Name)" + List = $false + ColumnWidths = 35, 50, 15 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $AzSubscriptionInfo | Table @TableParams + } else { + Write-PScriboMessage -IsWarning 'No subscriptions found.' + Break } - $AzSubscriptionInfo | Table @TableParams - } else { - Write-PScriboMessage -IsWarning 'No subscriptions found.' - Break + } Catch { + Write-PScriboMessage -IsWarning $($_.Exception.Message) } } diff --git a/Src/Private/Get-AbrAzTenant.ps1 b/Src/Private/Get-AbrAzTenant.ps1 index 44483e1..2c0077c 100644 --- a/Src/Private/Get-AbrAzTenant.ps1 +++ b/Src/Private/Get-AbrAzTenant.ps1 @@ -1,11 +1,11 @@ function Get-AbrAzTenant { <# .SYNOPSIS - Used by As Built Report to retrieve Azure Tenant information + Used by As Built Report to retrieve Azure Tenant information .DESCRIPTION .NOTES - Version: 0.1.0 + Version: 0.1.1 Author: Tim Carman Twitter: @tpcarman Github: tpcarman @@ -23,21 +23,28 @@ function Get-AbrAzTenant { } process { - $AzTenantInfo = [PSCustomObject]@{ - 'Tenant Name' = $AzTenant.Name - 'Tenant ID' = $AzTenant.TenantId - 'Domains' = $AzTenant.Domains - } + Try { + $AzTenantInfo = [PSCustomObject]@{ + 'Tenant Name' = $AzTenant.Name + 'Tenant ID' = $AzTenant.TenantId + 'Tenant Type' = $AzTenant.TenantType + 'Country ' = (Get-CountryName $AzTenant.CountryCode) + 'Domains' = $AzTenant.Domains -join ', ' + 'Default Domain' = $AzTenant.DefaultDomain + } - $TableParams = @{ - Name = "Tenant - $($AzTenant.Name)" - List = $true - ColumnWidths = 50, 50 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" + $TableParams = @{ + Name = "Tenant - $($AzTenant.Name)" + List = $true + ColumnWidths = 40, 60 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $AzTenantInfo | Table @TableParams + } Catch { + Write-PScriboMessage -IsWarning $($_.Exception.Message) } - $AzTenantInfo | Table @TableParams } end {} diff --git a/Src/Private/Get-AbrAzVirtualMachine.ps1 b/Src/Private/Get-AbrAzVirtualMachine.ps1 index c63e0d1..f5ba9e2 100644 --- a/Src/Private/Get-AbrAzVirtualMachine.ps1 +++ b/Src/Private/Get-AbrAzVirtualMachine.ps1 @@ -1,11 +1,11 @@ function Get-AbrAzVirtualMachine { <# .SYNOPSIS - Used by As Built Report to retrieve Azure Virtual Machine information from the Azure subscription + Used by As Built Report to retrieve Azure Virtual Machine information from the Azure subscription .DESCRIPTION .NOTES - Version: 0.1.0 + Version: 0.1.1 Author: Tim Carman Twitter: @tpcarman Github: tpcarman @@ -19,133 +19,150 @@ function Get-AbrAzVirtualMachine { ) begin { - Write-PScriboMessage "VM InfoLevel set at $($InfoLevel.VirtualMachine)." + Write-PScriboMessage "VirtualMachine InfoLevel set at $($InfoLevel.VirtualMachine)." } process { - $AzVMs = Get-AzVM -Status | Where-Object {$_.id.split('/')[2] -eq $AzSubscription.Id} | Sort-Object Name - if (($InfoLevel.VirtualMachine -gt 0) -and ($AzVMs)) { - Write-PscriboMessage "Collecting Azure VM information." - Section -Style Heading4 'Virtual Machines' { - if ($Options.ShowSectionInfo) { - Paragraph "Azure virtual machines are one of several types of on-demand, scalable computing resources that Azure offers. Typically, you choose a virtual machine when you need more control over the computing environment than the other choices offer. An Azure virtual machine gives you the flexibility of virtualization without having to buy and maintain the physical hardware that runs it. However, you still need to maintain the virtual machine by performing tasks, such as configuring, patching, and installing the software that runs on it." - BlankLine - } - $AzVMInfo = @() - foreach ($AzVM in $AzVMs) { - $AzVMSize = Get-AzVMSize -Location $AzVm.Location | Where-Object {$_.Name -eq $AzVm.HardwareProfile.VmSize} - $AzVmNic = Get-AzNetworkInterface | Where-Object {$_.VirtualMachine.Id -eq $AzVm.id} - $AzVmBackupStatus = Get-AzRecoveryServicesBackupStatus -Name $AzVm.Name -ResourceGroupName $AzVm.ResourceGroupName -Type "AzureVM" - $AzVmExtensions = Get-AzVMExtension -VMName $AzVm.Name -ResourceGroupName $AzVm.ResourceGroupName | Sort-Object Name - $AzVmDiskEncryption = Get-AzVMDiskEncryptionStatus -ResourceGroupName $AzVm.ResourceGroupName -VMName $AzVm.Name - $InObj = [Ordered]@{ - 'Name' = $AzVM.Name - 'Resource Group' = $AzVM.ResourceGroupName - 'Location' = $AzLocationLookup."$($AzVm.Location)" - 'Subscription' = "$($AzSubscriptionLookup.(($AzVm.Id).split('/')[2]))" - 'Status' = Switch ($AzVm.PowerState) { - 'Vm deallocated' { 'Deallocated'} - 'Vm running' { 'Running' } - default { $AzVm.PowerState } - } - 'Private IP Address' = $AzVmNic.IpConfigurations.PrivateIpAddress - 'Private IP Assignment' = $AzVmNic.IpConfigurations.PrivateIpAllocationMethod - 'Virtual Network / Subnet' = ($AzVmNic.IpConfigurations.Subnet.Id).split('/')[4] + " / " + ($AzVmNic.IpConfigurations.Subnet.Id).split('/')[-1] - 'OS Type' = $AzVm.StorageProfile.OsDisk.OsType - 'Size' = $AzVm.HardwareProfile.VmSize - 'vCPUs' = $AzVMSize.NumberOfCores - 'RAM' = "$($AzVMSize.MemoryInMB / 1024) GiB" - #'Operating System' = '' - 'OS Disk' = ($AzVm.StorageProfile.OsDisk.Name) - 'OS Disk Size' = Switch ($AzVm.StorageProfile.OsDisk.DiskSizeGB) { - $null { '--' } - default { "$($AzVm.StorageProfile.OsDisk.DiskSizeGB) GiB" } - } - 'OS Disk Type' = Switch ($AzVm.StorageProfile.OsDisk.ManagedDisk.StorageAccountType) { - $null { '--' } - 'Standard_LRS' { 'Standard LRS' } - 'Premium_LRS' { 'Premium LRS' } - 'Premium_ZRS' { 'Premium ZRS' } - 'StandardSSD_LRS' { 'Standard SSD LRS' } - 'StandardSSD_ZRS' { 'Standard SSD ZRS' } - 'UltraSSD_LRS' { 'Ultra SSD LRS' } + Try { + if ($InfoLevel.VirtualMachine -gt 0) { + $AzVMs = Get-AzVM -Status | Where-Object { $_.id.split('/')[2] -eq $AzSubscription.Id } | Sort-Object Name + if ($AzVMs) { + Write-PScriboMessage "Collecting Azure VM information." + Section -Style Heading4 'Virtual Machines' { + if ($Options.ShowSectionInfo) { + Paragraph "Azure virtual machines are one of several types of on-demand, scalable computing resources that Azure offers. Typically, you choose a virtual machine when you need more control over the computing environment than the other choices offer. An Azure virtual machine gives you the flexibility of virtualization without having to buy and maintain the physical hardware that runs it. However, you still need to maintain the virtual machine by performing tasks, such as configuring, patching, and installing the software that runs on it." + BlankLine } - 'No. of Data Disks' = ($AzVm.StorageProfile.DataDisks).Count - 'Azure Disk Encryption' = Switch ($AzVmDiskEncryption.OsVolumeEncryptionSettings.Enabled) { - $true { 'Enabled' } - $false { 'Not Enabled' } - $null { 'Not Enabled' } - } - 'Boot Diagnostics' = & { - if (($AzVM.DiagnosticsProfile.BootDiagnostics.Enabled) -and ($null -eq $AzVM.DiagnosticsProfile.BootDiagnostics.StorageUri)) { - "Enabled with managed storage account" - } elseif (($AzVM.DiagnosticsProfile.BootDiagnostics.Enabled) -and ($AzVM.DiagnosticsProfile.BootDiagnostics.StorageUri)) { - "Enabled with custom storage account" - } else { - "Disabled" + $AzVMInfo = @() + foreach ($AzVM in $AzVMs) { + $AzVMSize = Get-AzVMSize -Location $AzVm.Location | Where-Object { $_.Name -eq $AzVm.HardwareProfile.VmSize } + $AzVmNic = Get-AzNetworkInterface | Where-Object { $_.VirtualMachine.Id -eq $AzVm.id } + $AzVmBackupStatus = Get-AzRecoveryServicesBackupStatus -Name $AzVm.Name -ResourceGroupName $AzVm.ResourceGroupName -Type "AzureVM" -ErrorAction SilentlyContinue + $AzVmExtensions = Get-AzVMExtension -VMName $AzVm.Name -ResourceGroupName $AzVm.ResourceGroupName | Sort-Object Name + $AzVmDiskEncryption = Get-AzVMDiskEncryptionStatus -ResourceGroupName $AzVm.ResourceGroupName -VMName $AzVm.Name + $InObj = [Ordered]@{ + 'Name' = $AzVM.Name + 'Resource Group' = $AzVM.ResourceGroupName + 'Location' = $AzLocationLookup."$($AzVm.Location)" + 'Subscription' = "$($AzSubscriptionLookup.(($AzVm.Id).split('/')[2]))" + 'Status' = Switch ($AzVm.PowerState) { + 'Vm deallocated' { 'Deallocated' } + 'Vm running' { 'Running' } + default { $AzVm.PowerState } + } + 'Private IP Address' = $AzVmNic.IpConfigurations.PrivateIpAddress + 'Private IP Assignment' = $AzVmNic.IpConfigurations.PrivateIpAllocationMethod + 'Virtual Network / Subnet' = ($AzVmNic.IpConfigurations.Subnet.Id).split('/')[4] + " / " + ($AzVmNic.IpConfigurations.Subnet.Id).split('/')[-1] + 'OS Type' = $AzVm.StorageProfile.OsDisk.OsType + 'Size' = $AzVm.HardwareProfile.VmSize + 'vCPUs' = $AzVMSize.NumberOfCores + 'RAM' = "$($AzVMSize.MemoryInMB / 1024) GiB" + #'Operating System' = '' + 'OS Disk' = ($AzVm.StorageProfile.OsDisk.Name) + 'OS Disk Size' = if ($AzVm.StorageProfile.OsDisk.DiskSizeGB) { + "$($AzVm.StorageProfile.OsDisk.DiskSizeGB) GiB" + } else { + 'Unknown' + } + 'OS Disk Type' = Switch ($AzVm.StorageProfile.OsDisk.ManagedDisk.StorageAccountType) { + $null { '--' } + 'Standard_LRS' { 'Standard LRS' } + 'Premium_LRS' { 'Premium LRS' } + 'Premium_ZRS' { 'Premium ZRS' } + 'StandardSSD_LRS' { 'Standard SSD LRS' } + 'StandardSSD_ZRS' { 'Standard SSD ZRS' } + 'UltraSSD_LRS' { 'Ultra SSD LRS' } + } + 'No. of Data Disks' = ($AzVm.StorageProfile.DataDisks).Count + 'Azure Disk Encryption' = if ($AzVmDiskEncryption.OsVolumeEncryptionSettings.Enabled) { + 'Enabled' + } else { + 'Disabled' + } + 'Boot Diagnostics' = & { + if (($AzVM.DiagnosticsProfile.BootDiagnostics.Enabled) -and ($null -eq $AzVM.DiagnosticsProfile.BootDiagnostics.StorageUri)) { + 'Enabled with managed storage account' + } elseif (($AzVM.DiagnosticsProfile.BootDiagnostics.Enabled) -and ($AzVM.DiagnosticsProfile.BootDiagnostics.StorageUri)) { + 'Enabled with custom storage account' + } else { + 'Disabled' + } + } + 'Boot Diagnostics Storage Account' = if ($AzVM.DiagnosticsProfile.BootDiagnostics.StorageUri) { + $AzVM.DiagnosticsProfile.BootDiagnostics.StorageUri.split('.')[0].trimstart('https://') + } else { + 'None' + } + 'Azure Backup' = if ($AzVmBackupStatus.BackedUp) { + 'Enabled' + } else { + 'Disabled' + } + 'Extensions' = & { + if ($null -eq $AzVmExtensions.Name) { + 'None' + } else { $AzVmExtensions.Name -join ', ' } + } + } + + if ($Options.ShowTags) { + $InObj['Tags'] = if ([string]::IsNullOrEmpty($AzVm.Tags)) { + 'None' + } else { + ($AzVm.Tags.GetEnumerator() | ForEach-Object { "$($_.Key):`t$($_.Value)" }) -join [Environment]::NewLine + } } + + $AzVMInfo += [PSCustomObject]$InObj } - 'Boot Diagnostics Storage Account' = Switch ($AzVM.DiagnosticsProfile.BootDiagnostics.StorageUri) { - $null { '--' } - default { $AzVM.DiagnosticsProfile.BootDiagnostics.StorageUri.split('.')[0].trimstart('https://') } + + if ($Healthcheck.VirtualMachine.Status) { + $AzVMInfo | Where-Object { $_.'Status' -ne 'Running' } | Set-Style -Style Warning -Property 'Status' } - 'Azure Backup' = Switch ($AzVmBackupStatus.BackedUp) { - $true { 'Enabled' } - $false { 'Not Enabled' } - $null { 'Not Enabled' } + if ($Healthcheck.VirtualMachine.BootDiagnostics) { + $AzVMInfo | Where-Object { $_.'Boot Diagnostics' -ne 'Enabled with custom storage account' } | Set-Style -Style Warning -Property 'Boot Diagnostics' + $AzVMInfo | Where-Object { $_.'Boot Diagnostics' -eq 'Disabled' } | Set-Style -Style Critical -Property 'Boot Diagnostics' } - 'Extensions' = & { - if ($null -eq $AzVmExtensions.Name) { - '--' - } else { $AzVmExtensions.Name -join ', ' } + if ($Healthcheck.VirtualMachine.BackupEnabled) { + $AzVMInfo | Where-Object { $_.'Azure Backup' -ne 'Enabled' } | Set-Style -Style Warning -Property 'Azure Backup' } - } - $AzVMInfo += [PSCustomObject]$InObj - } - - if ($Healthcheck.VirtualMachine.Status) { - $AzVMInfo | Where-Object { $_.'Status' -ne 'Running' } | Set-Style -Style Warning -Property 'Status' - } - if ($Healthcheck.VirtualMachine.BootDiagnostics) { - $AzVMInfo | Where-Object { $_.'Boot Diagnostics' -ne 'Enabled with custom storage account' } | Set-Style -Style Warning -Property 'Boot Diagnostics' - $AzVMInfo | Where-Object { $_.'Boot Diagnostics' -eq 'Disabled' } | Set-Style -Style Critical -Property 'Boot Diagnostics' - } - if ($Healthcheck.VirtualMachine.BackupEnabled) { - $AzVMInfo | Where-Object { $_.'Azure Backup' -ne 'Enabled' } | Set-Style -Style Warning -Property 'Azure Backup' - } - if ($Healthcheck.VirtualMachine.DiskEncryption) { - $AzVMInfo | Where-Object { $_.'Azure Disk Encryption' -ne 'Enabled' } | Set-Style -Style Warning -Property 'Azure Disk Encryption' - } - if ($InfoLevel.VirtualMachine -ge 2) { - Paragraph "The following sections detail the configuration of the virtual machines within the $($AzSubscription.Name) subscription." - foreach ($AzVM in $AzVMInfo) { - Section -Style NOTOCHeading5 -ExcludeFromTOC "$($AzVM.Name)" { + if ($Healthcheck.VirtualMachine.DiskEncryption) { + $AzVMInfo | Where-Object { $_.'Azure Disk Encryption' -ne 'Enabled' } | Set-Style -Style Warning -Property 'Azure Disk Encryption' + } + if ($InfoLevel.VirtualMachine -ge 2) { + Paragraph "The following sections detail the configuration of the virtual machines within the $($AzSubscription.Name) subscription." + foreach ($AzVM in $AzVMInfo) { + Section -Style NOTOCHeading5 -ExcludeFromTOC "$($AzVM.Name)" { + $TableParams = @{ + Name = "Virtual Machine - $($AzVM.Name)" + List = $true + ColumnWidths = 40, 60 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $AzVM | Table @TableParams + } + } + } else { + Paragraph "The following table summarises the configuration of the virtual machines within the $($AzSubscription.Name) subscription." + BlankLine $TableParams = @{ - Name = "Virtual Machine - $($AzVM.Name)" - List = $true - ColumnWidths = 50, 50 + Name = "Virtual Machines - $($AzSubscription.Name)" + List = $false + Columns = 'Name', 'Resource Group', 'Location', 'Status', 'Private IP Address', 'OS Type' + ColumnWidths = 21, 23, 15, 13, 15, 13 } if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $AzVM | Table @TableParams + $AzVMInfo | Table @TableParams } } - } else { - Paragraph "The following table summarises the configuration of the virtual machines within the $($AzSubscription.Name) subscription." - BlankLine - $TableParams = @{ - Name = "Virtual Machines - $($AzSubscription.Name)" - List = $false - Columns = 'Name', 'Resource Group', 'Location', 'Status', 'Private IP Address', 'OS Type' - ColumnWidths = 21, 23, 15, 13, 15, 13 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - $AzVMInfo | Table @TableParams } } + } Catch { + Write-PScriboMessage -IsWarning $($_.Exception.Message) } } diff --git a/Src/Private/Get-AbrAzVirtualNetwork.ps1 b/Src/Private/Get-AbrAzVirtualNetwork.ps1 index 7ec009d..ecdef30 100644 --- a/Src/Private/Get-AbrAzVirtualNetwork.ps1 +++ b/Src/Private/Get-AbrAzVirtualNetwork.ps1 @@ -1,11 +1,11 @@ function Get-AbrAzVirtualNetwork { <# .SYNOPSIS - Used by As Built Report to retrieve Azure Virtual Network information + Used by As Built Report to retrieve Azure Virtual Network information .DESCRIPTION .NOTES - Version: 0.1.1 + Version: 0.1.2 Author: Tim Carman Twitter: @tpcarman Github: tpcarman @@ -23,83 +23,94 @@ function Get-AbrAzVirtualNetwork { } process { - $AzVirtualNetworks = Get-AzVirtualNetwork | Sort-Object Name - if (($InfoLevel.VirtualNetwork -gt 0) -and ($AzVirtualNetworks)) { - Write-PscriboMessage "Collecting Azure Virtual Network information." - Section -Style Heading4 'Virtual Networks' { - if ($Options.ShowSectionInfo) { - Paragraph "Azure Virtual Network (VNet) is the fundamental building block for a private network in Azure. VNet enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other, the internet, and on-premises networks. VNet is similar to a traditional network that would operate in a traditonal data center, but brings with it additional benefits of Azure's infrastructure such as scale, availability, and isolation." - BlankLine - if ($InfoLevel.VirtualNetwork -ge 2) { - Paragraph -Bold "Peerings" - Paragraph "Virtual network peering enables you to seamlessly connect two or more Virtual Networks in Azure. The virtual networks appear as one for connectivity purposes. The traffic between virtual machines in peered virtual networks uses the Microsoft backbone infrastructure. Like traffic between virtual machines in the same network, traffic is routed through Microsoft's private network only." - BlankLine - Paragraph -Bold "Subnets" - Paragraph "Subnets enable you to segment the virtual network into one or more sub-networks and allocate a portion of the virtual network's address space to each subnet. You can then deploy Azure resources in a specific subnet. Just like in a traditional network, subnets allow you to segment your VNet address space into segments that are appropriate for the organization's internal network. This also improves address allocation efficiency. You can secure resources within subnets using Network Security Groups." - BlankLine - } - } - $AzVirtualNetworkInfo = @() - foreach ($AzVirtualNetwork in $AzVirtualNetworks) { - $InObj = [Ordered]@{ - 'Name' = $AzVirtualNetwork.Name - 'Resource Group' = $AzVirtualNetwork.ResourceGroupName - 'Location' = $AzLocationLookup."$($AzVirtualNetwork.Location)" - 'Subscription' = "$($AzSubscriptionLookup.(($AzVirtualNetwork.Id).split('/')[2]))" - 'Provisioning State' = $AzVirtualNetwork.ProvisioningState - 'Address Space' = & { - if ($AzVirtualNetwork.AddressSpace.AddressPrefixes) { - $AzVirtualNetwork.AddressSpace.AddressPrefixes -join ', ' - } else { - 'None' + Try { + if ($InfoLevel.VirtualNetwork -gt 0) { + $AzVirtualNetworks = Get-AzVirtualNetwork | Sort-Object Name + if ($AzVirtualNetworks) { + Write-PscriboMessage "Collecting Azure Virtual Network information." + Section -Style Heading4 'Virtual Networks' { + if ($Options.ShowSectionInfo) { + Paragraph "Azure Virtual Network (VNet) is the fundamental building block for a private network in Azure. VNet enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other, the internet, and on-premises networks. VNet is similar to a traditional network that would operate in a traditonal data center, but brings with it additional benefits of Azure's infrastructure such as scale, availability, and isolation." + BlankLine + if ($InfoLevel.VirtualNetwork -ge 2) { + Paragraph -Bold "Peerings" + Paragraph "Virtual network peering enables you to seamlessly connect two or more Virtual Networks in Azure. The virtual networks appear as one for connectivity purposes. The traffic between virtual machines in peered virtual networks uses the Microsoft backbone infrastructure. Like traffic between virtual machines in the same network, traffic is routed through Microsoft's private network only." + BlankLine + Paragraph -Bold "Subnets" + Paragraph "Subnets enable you to segment the virtual network into one or more sub-networks and allocate a portion of the virtual network's address space to each subnet. You can then deploy Azure resources in a specific subnet. Just like in a traditional network, subnets allow you to segment your VNet address space into segments that are appropriate for the organization's internal network. This also improves address allocation efficiency. You can secure resources within subnets using Network Security Groups." + BlankLine } } - 'DNS Servers' = & { - if ($AzVirtualNetwork.DhcpOptions.DnsServers) { - $AzVirtualNetwork.DhcpOptions.DnsServers -join ', ' - } else { - 'None' + $AzVirtualNetworkInfo = @() + foreach ($AzVirtualNetwork in $AzVirtualNetworks) { + $InObj = [Ordered]@{ + 'Name' = $AzVirtualNetwork.Name + 'Resource Group' = $AzVirtualNetwork.ResourceGroupName + 'Location' = $AzLocationLookup."$($AzVirtualNetwork.Location)" + 'Subscription' = "$($AzSubscriptionLookup.(($AzVirtualNetwork.Id).split('/')[2]))" + 'Provisioning State' = $AzVirtualNetwork.ProvisioningState + 'Address Space' = if ($AzVirtualNetwork.AddressSpace.AddressPrefixes) { + $AzVirtualNetwork.AddressSpace.AddressPrefixes -join ', ' + } else { + 'Unknown' + } + 'DNS Servers' = if ($AzVirtualNetwork.DhcpOptions.DnsServers) { + $AzVirtualNetwork.DhcpOptions.DnsServers -join ', ' + } else { + 'Default (Azure-provided)' + } + } + + if ($Options.ShowTags) { + $InObj['Tags'] = if ([string]::IsNullOrEmpty($AzVirtualNetwork.Tag)) { + 'None' + } else { + ($AzVirtualNetwork.Tag.GetEnumerator() | ForEach-Object { "$($_.Name):`t$($_.Value)" }) -join [Environment]::NewLine + } } + + $AzVirtualNetworkInfo += [PSCustomObject]$InObj } - } - $AzVirtualNetworkInfo += [PSCustomObject]$InObj - } - if ($InfoLevel.VirtualNetwork -ge 2) { - Paragraph "The following sections detail the configuration of the virtual networks within the $($AzSubscription.Name) subscription." - foreach ($AzVirtualNetwork in $AzVirtualNetworkInfo) { - Section -Style NOTOCHeading5 -ExcludeFromTOC "$($AzVirtualNetwork.Name)" { + if ($InfoLevel.VirtualNetwork -ge 2) { + Paragraph "The following sections detail the configuration of the virtual networks within the $($AzSubscription.Name) subscription." + foreach ($AzVirtualNetwork in $AzVirtualNetworkInfo) { + Section -Style NOTOCHeading5 -ExcludeFromTOC "$($AzVirtualNetwork.Name)" { + $TableParams = @{ + Name = "Virtual Network - $($AzVirtualNetwork.Name)" + List = $true + ColumnWidths = 40, 60 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $AzVirtualNetwork | Table @TableParams + + # Virtual Network Peering + Get-AbrAzVirtualNetworkPeering -Name $AzVirtualNetwork.Name + # Virtual Network Subnets + Get-AbrAzVirtualNetworkSubnet -Name $AzVirtualNetwork.Name + } + } + } else { + Paragraph "The following table summarises the configuration of the virtual networks within the $($AzSubscription.Name) subscription." + BlankLine $TableParams = @{ - Name = "Virtual Network - $($AzVirtualNetwork.Name)" - List = $true - ColumnWidths = 50, 50 + Name = "Virtual Networks - $($AzSubscription.Name)" + List = $false + Columns = 'Name', 'Resource Group', 'Location', 'Address Space' + ColumnWidths = 25, 25, 25, 25 } if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $AzVirtualNetwork | Table @TableParams - - # Virtual Network Peering - Get-AbrAzVirtualNetworkPeering -Name $AzVirtualNetwork.Name - # Virtual Network Subnets - Get-AbrAzVirtualNetworkSubnet -Name $AzVirtualNetwork.Name + $AzVirtualNetworkInfo | Table @TableParams } } - } else { - Paragraph "The following table summarises the configuration of the virtual networks within the $($AzSubscription.Name) subscription." - BlankLine - $TableParams = @{ - Name = "Virtual Networks - $($AzSubscription.Name)" - List = $false - Columns = 'Name', 'Resource Group', 'Location', 'Address Space' - ColumnWidths = 25, 25, 25, 25 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - $AzVirtualNetworkInfo | Table @TableParams } } + } Catch { + Write-PScriboMessage -IsWarning $($_.Exception.Message) } } diff --git a/Src/Private/Get-AbrAzVirtualNetworkPeering.ps1 b/Src/Private/Get-AbrAzVirtualNetworkPeering.ps1 index ca7bb90..983a174 100644 --- a/Src/Private/Get-AbrAzVirtualNetworkPeering.ps1 +++ b/Src/Private/Get-AbrAzVirtualNetworkPeering.ps1 @@ -1,11 +1,11 @@ function Get-AbrAzVirtualNetworkPeering { <# .SYNOPSIS - Used by As Built Report to retrieve Azure Virtual Network Peering information + Used by As Built Report to retrieve Azure Virtual Network Peering information .DESCRIPTION .NOTES - Version: 0.1.1 + Version: 0.1.2 Author: Tim Carman Twitter: @tpcarman Github: tpcarman @@ -27,53 +27,58 @@ function Get-AbrAzVirtualNetworkPeering { begin {} process { - $AzVirtualNetworkPeerings = (Get-AzVirtualNetwork -Name $Name).VirtualNetworkPeerings | Sort-Object Name - if ($AzVirtualNetworkPeerings) { - Write-PscriboMessage "Collecting Azure Virtual Network Peering information." - Section -Style NOTOCHeading6 -ExcludeFromTOC 'Peerings' { - foreach ($AzVirtualNetworkPeering in $AzVirtualNetworkPeerings) { - Section -Style NOTOCHeading7 -ExcludeFromTOC $($AzVirtualNetworkPeering.Name) { - $AzVirtualNetworkPeeringInfo = [PSCustomObject]@{ - 'Name' = $AzVirtualNetworkPeering.Name - 'Peering Status' = $AzVirtualNetworkPeering.PeeringSyncLevel - 'Peering State' = $AzVirtualNetworkPeering.PeeringState - 'Peer' = ($AzVirtualNetworkPeering.RemoteVirtualNetwork.Id).split('/')[-1] - 'Address Space' = $AzVirtualNetworkPeering.RemoteVirtualNetworkAddressSpace.AddressPrefixes -join ', ' - 'Gateway Transit' = Switch ($AzVirtualNetworkPeering.AllowGatewayTransit) { - $true { 'Enabled' } - $false { 'Disabled' } - } - 'Traffic to Remote VNet' = Switch ($AzVirtualNetworkPeering.AllowVirtualNetworkAccess) { - $true { 'Allow' } - $false { 'Block all traffic to the remote virtual network' } - } - 'Traffic forwarded from Remote VNet' = Switch ($AzVirtualNetworkPeering.AllowForwardedTraffic) { - $true { 'Allow' } - $false { 'Block traffic that originates from outside this network' } - } - 'VNet Gateway or Route Server' = & { - if ($AzVirtualNetworkPeering.UseRemoteGateways) { + Try { + $AzVirtualNetworkPeerings = (Get-AzVirtualNetwork -Name $Name).VirtualNetworkPeerings | Sort-Object Name + if ($AzVirtualNetworkPeerings) { + Write-PscriboMessage "Collecting Azure Virtual Network Peering information." + Section -Style NOTOCHeading6 -ExcludeFromTOC 'Peerings' { + foreach ($AzVirtualNetworkPeering in $AzVirtualNetworkPeerings) { + Section -Style NOTOCHeading7 -ExcludeFromTOC $($AzVirtualNetworkPeering.Name) { + $AzVirtualNetworkPeeringInfo = [PSCustomObject]@{ + 'Name' = $AzVirtualNetworkPeering.Name + 'Peering Status' = $AzVirtualNetworkPeering.PeeringSyncLevel + 'Peering State' = $AzVirtualNetworkPeering.PeeringState + 'Peer' = ($AzVirtualNetworkPeering.RemoteVirtualNetwork.Id).split('/')[-1] + 'Address Space' = $AzVirtualNetworkPeering.RemoteVirtualNetworkAddressSpace.AddressPrefixes -join ', ' + 'Gateway Transit' = if ($AzVirtualNetworkPeering.AllowGatewayTransit) { + 'Enabled' + } else { + 'Disabled' + } + 'Traffic to Remote VNet' = if ($AzVirtualNetworkPeering.AllowVirtualNetworkAccess) { + 'Allow' + } else { + 'Block all traffic to the remote virtual network' + } + 'Traffic forwarded from Remote VNet' = if ($AzVirtualNetworkPeering.AllowForwardedTraffic) { + 'Allow' + } else { + 'Block traffic that originates from outside this network' + } + 'VNet Gateway or Route Server' = if ($AzVirtualNetworkPeering.UseRemoteGateways) { "Use the remote virtual network's gateway or Route Server" } elseif ($AzVirtualNetworkPeering.UseRemoteGateways -eq $false) { "Use this virtual network's gateway or Route Server" } elseif (($AzVirtualNetworkPeering.UseRemoteGateways -eq $false) -and ($null -eq $AzVirtualNetworkPeering.RemoteGateways)) { 'None' } - } + } + $TableParams = @{ + Name = "Peering - $($AzVirtualNetworkPeering.Name)" + List = $true + ColumnWidths = 40, 60 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $AzVirtualNetworkPeeringInfo | Table @TableParams } - $TableParams = @{ - Name = "Peering - $($AzVirtualNetworkPeering.Name)" - List = $true - ColumnWidths = 50, 50 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - $AzVirtualNetworkPeeringInfo | Table @TableParams } } } + } Catch { + Write-PScriboMessage -IsWarning $($_.Exception.Message) } } diff --git a/Src/Private/Get-AzVirtualNetworkSubnet.ps1 b/Src/Private/Get-AzVirtualNetworkSubnet.ps1 index 1f8df8d..0992af9 100644 --- a/Src/Private/Get-AzVirtualNetworkSubnet.ps1 +++ b/Src/Private/Get-AzVirtualNetworkSubnet.ps1 @@ -1,11 +1,11 @@ function Get-AbrAzVirtualNetworkSubnet { <# .SYNOPSIS - Used by As Built Report to retrieve Azure Virtual Network Subnet information + Used by As Built Report to retrieve Azure Virtual Network Subnet information .DESCRIPTION .NOTES - Version: 0.1.0 + Version: 0.1.1 Author: Tim Carman Twitter: @tpcarman Github: tpcarman @@ -27,25 +27,27 @@ function Get-AbrAzVirtualNetworkSubnet { begin {} process { - $AzVirtualNetworkSubnets = (Get-AzVirtualNetwork -Name $Name).Subnets | Sort-Object Name - if ($AzVirtualNetworkSubnets) { - Write-PscriboMessage "Collecting Azure Virtual Network Subnet information." - Section -Style NOTOCHeading6 -ExcludeFromTOC 'Subnets' { - foreach ($AzVirtualNetworkSubnet in $AzVirtualNetworkSubnets) { - Section -Style NOTOCHeading7 -ExcludeFromTOC $($AzVirtualNetworkSubnet.Name) { - $AzVirtualNetworkSubnetInfo = [PSCustomObject]@{ - 'Name' = $AzVirtualNetworkSubnet.Name - 'Address Range' = $AzVirtualNetworkSubnet.AddressPrefix - 'NAT Gateway' = Switch ($AzVirtualNetworkSubnet.NatGateway) { - $null { 'None' } - default { $AzVirtualNetworkSubnet.NatGateway } - } - 'Network Security Group' = Switch ($AzVirtualNetworkSubnet.NetworkSecurityGroup.Id) { - $null { 'None' } - default { ($AzVirtualNetworkSubnet.NetworkSecurityGroup.Id).Split('/')[-1] } - } - 'Route Table' = & { - if ($AzVirtualNetworkSubnet.Name -eq 'AzureBastionSubnet') { + Try { + $AzVirtualNetworkSubnets = (Get-AzVirtualNetwork -Name $Name).Subnets | Sort-Object Name + if ($AzVirtualNetworkSubnets) { + Write-PscriboMessage "Collecting Azure Virtual Network Subnet information." + Section -Style NOTOCHeading6 -ExcludeFromTOC 'Subnets' { + foreach ($AzVirtualNetworkSubnet in $AzVirtualNetworkSubnets) { + Section -Style NOTOCHeading7 -ExcludeFromTOC $($AzVirtualNetworkSubnet.Name) { + $AzVirtualNetworkSubnetInfo = [PSCustomObject]@{ + 'Name' = $AzVirtualNetworkSubnet.Name + 'Address Range' = $AzVirtualNetworkSubnet.AddressPrefix + 'NAT Gateway' = if ($AzVirtualNetworkSubnet.NatGateway) { + $AzVirtualNetworkSubnet.NatGateway + } else { + 'None' + } + 'Network Security Group' = if ($AzVirtualNetworkSubnet.NetworkSecurityGroup.Id) { + ($AzVirtualNetworkSubnet.NetworkSecurityGroup.Id).Split('/')[-1] + } else { + 'None' + } + 'Route Table' = if ($AzVirtualNetworkSubnet.Name -eq 'AzureBastionSubnet') { 'None' } elseif ($AzVirtualNetworkSubnet.RouteTable.Id) { ($AzVirtualNetworkSubnet.RouteTable.Id).Split('/')[-1] @@ -53,20 +55,22 @@ function Get-AbrAzVirtualNetworkSubnet { 'None' } } - } - $TableParams = @{ - Name = "Subnet - $($AzVirtualNetworkSubnet.Name)" - List = $true - ColumnWidths = 50, 50 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" + $TableParams = @{ + Name = "Subnet - $($AzVirtualNetworkSubnet.Name)" + List = $true + ColumnWidths = 40, 60 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $AzVirtualNetworkSubnetInfo | Table @TableParams } - $AzVirtualNetworkSubnetInfo | Table @TableParams } } } + } Catch { + Write-PScriboMessage -IsWarning $($_.Exception.Message) } } diff --git a/Src/Private/Get-CountryName.ps1 b/Src/Private/Get-CountryName.ps1 new file mode 100644 index 0000000..0ebb4e9 --- /dev/null +++ b/Src/Private/Get-CountryName.ps1 @@ -0,0 +1,266 @@ +function Get-CountryName { + param ( + [Parameter(Mandatory = $true)] + [string]$CountryCode + ) + + # Define a hashtable of country codes and names + $CountryLookup = @{ + AF = 'Afghanistan' + AX = 'Åland Islands' + AL = 'Albania' + DZ = 'Algeria' + AS = 'American Samoa' + AD = 'Andorra' + AO = 'Angola' + AQ = 'Antarctica' + AG = 'Antigua and Barbuda' + AR = 'Argentina' + AM = 'Armenia' + AW = 'Aruba' + AU = 'Australia' + AT = 'Austria' + AZ = 'Azerbaijan' + BS = 'Bahamas' + BH = 'Bahrain' + BD = 'Bangladesh' + BB = 'Barbados' + BY = 'Belarus' + BE = 'Belgium' + BZ = 'Belize' + BJ = 'Benin' + BM = 'Bermuda' + BT = 'Bhutan' + BO = 'Bolivia' + BQ = 'Bonaire' + BA = 'Bosnia and Herzegovina' + BW = 'Botswana' + BV = 'Bouvet Island' + BR = 'Brazil' + IO = 'British Indian Ocean Territory' + VG = 'British Virgin Islands' + BN = 'Brunei' + BG = 'Bulgaria' + BF = 'Burkina Faso' + BI = 'Burundi' + CV = 'Cabo Verde' + KH = 'Cambodia' + CM = 'Cameroon' + CA = 'Canada' + KY = 'Cayman Islands' + CF = 'Central African Republic' + TD = 'Chad' + CZ = 'Czechia' + CL = 'Chile' + CN = 'China' + CX = 'Christmas Island' + CC = 'Cocos (Keeling) Islands' + CO = 'Colombia' + KM = 'Comoros' + CG = 'Congo' + CD = 'Congo (DRC)' + CK = 'Cook Islands' + CR = 'Costa Rica' + CI = 'Côte d''Ivoire' + HR = 'Croatia' + CU = 'Cuba' + CW = 'Curaçao' + CY = 'Cyprus' + DK = 'Denmark' + DJ = 'Djibouti' + DM = 'Dominica' + DO = 'Dominican Republic' + EC = 'Ecuador' + EG = 'Egypt' + SV = 'El Salvador' + GQ = 'Equatorial Guinea' + ER = 'Eritrea' + EE = 'Estonia' + SZ = 'eSwatini' + ET = 'Ethiopia' + FO = 'Faroe Islands' + FJ = 'Fiji' + FI = 'Finland' + FR = 'France' + GF = 'French Guiana' + PF = 'French Polynesia' + TF = 'French Southern Territories' + GA = 'Gabon' + GM = 'Gambia' + GE = 'Georgia' + DE = 'Germany' + GH = 'Ghana' + GI = 'Gibraltar' + GR = 'Greece' + GL = 'Greenland' + GD = 'Grenada' + GP = 'Guadeloupe' + GU = 'Guam' + GT = 'Guatemala' + GG = 'Guernsey' + GN = 'Guinea' + GW = 'Guinea-Bissau' + GY = 'Guyana' + HT = 'Haiti' + HM = 'Heard Island and McDonald Islands' + HN = 'Honduras' + HK = 'Hong Kong SAR' + HU = 'Hungary' + IS = 'Iceland' + IN = 'India' + ID = 'Indonesia' + IR = 'Iran' + IQ = 'Iraq' + IE = 'Ireland' + IM = 'Isle of Man' + IL = 'Israel' + IT = 'Italy' + JM = 'Jamaica' + JP = 'Japan' + JE = 'Jersey' + JO = 'Jordan' + KZ = 'Kazakhstan' + KE = 'Kenya' + KI = 'Kiribati' + KR = 'Korea (South)' + KW = 'Kuwait' + KG = 'Kyrgyzstan' + LA = 'Laos' + LV = 'Latvia' + LB = 'Lebanon' + LS = 'Lesotho' + LR = 'Liberia' + LY = 'Libya' + LI = 'Liechtenstein' + LT = 'Lithuania' + LU = 'Luxembourg' + MO = 'Macao SAR' + MG = 'Madagascar' + MW = 'Malawi' + MY = 'Malaysia' + MV = 'Maldives' + ML = 'Mali' + MT = 'Malta' + MH = 'Marshall Islands' + MQ = 'Martinique' + MR = 'Mauritania' + MU = 'Mauritius' + YT = 'Mayotte' + MX = 'Mexico' + FM = 'Micronesia' + MD = 'Moldova' + MC = 'Monaco' + MN = 'Mongolia' + ME = 'Montenegro' + MS = 'Montserrat' + MA = 'Morocco' + MZ = 'Mozambique' + MM = 'Myanmar' + NA = 'Namibia' + NR = 'Nauru' + NP = 'Nepal' + NL = 'Netherlands' + NC = 'New Caledonia' + NZ = 'New Zealand' + NI = 'Nicaragua' + NE = 'Niger' + NG = 'Nigeria' + NU = 'Niue' + NF = 'Norfolk Island' + KP = 'North Korea' + MP = 'Northern Mariana Islands' + MK = 'North Macedonia' + NO = 'Norway' + OM = 'Oman' + PK = 'Pakistan' + PW = 'Palau' + PS = 'Palestinian Authority' + PA = 'Panama' + PG = 'Papua New Guinea' + PY = 'Paraguay' + PE = 'Peru' + PH = 'Philippines' + PN = 'Pitcairn Islands' + PL = 'Poland' + PT = 'Portugal' + PR = 'Puerto Rico' + QA = 'Qatar' + RE = 'Réunion' + RO = 'Romania' + RU = 'Russia' + RW = 'Rwanda' + BL = 'Saint Barthélemy' + KN = 'Saint Kitts and Nevis' + LC = 'Saint Lucia' + MF = 'Saint Martin' + PM = 'Saint Pierre and Miquelon' + VC = 'Saint Vincent and the Grenadines' + WS = 'Samoa' + SM = 'San Marino' + ST = 'São Tomé and Príncipe' + SA = 'Saudi Arabia' + SN = 'Senegal' + RS = 'Serbia' + SC = 'Seychelles' + SL = 'Sierra Leone' + SG = 'Singapore' + SX = 'Sint Maarten' + SK = 'Slovakia' + SI = 'Slovenia' + SB = 'Solomon Islands' + SO = 'Somalia' + ZA = 'South Africa' + GS = 'South Georgia and South Sandwich Islands' + SS = 'South Sudan' + ES = 'Spain' + LK = 'Sri Lanka' + SH = 'St Helena, Ascension, Tristan da Cunha' + SD = 'Sudan' + SR = 'Suriname' + SJ = 'Svalbard' + SE = 'Sweden' + CH = 'Switzerland' + SY = 'Syria' + TW = 'Taiwan' + TJ = 'Tajikistan' + TZ = 'Tanzania' + TH = 'Thailand' + TL = 'Timor-Leste' + TG = 'Togo' + TK = 'Tokelau' + TO = 'Tonga' + TT = 'Trinidad and Tobago' + TN = 'Tunisia' + TR = 'Türkiye' + TM = 'Turkmenistan' + TC = 'Turks and Caicos Islands' + TV = 'Tuvalu' + UG = 'Uganda' + UA = 'Ukraine' + AE = 'United Arab Emirates' + GB = 'United Kingdom' + US = 'United States' + UY = 'Uruguay' + UM = 'U.S. Outlying Islands' + VI = 'U.S. Virgin Islands' + UZ = 'Uzbekistan' + VU = 'Vanuatu' + VA = 'Vatican City' + VE = 'Venezuela' + VN = 'Vietnam' + WF = 'Wallis and Futuna' + YE = 'Yemen' + ZM = 'Zambia' + ZW = 'Zimbabwe' + } + + # Convert input to uppercase to handle case insensitivity + $CountryCode = $CountryCode.ToUpper() + + # Lookup the country name or return a default message if not found + if ($CountryLookup.ContainsKey($CountryCode)) { + return $CountryLookup[$CountryCode] + } else { + return "Country code not found" + } +} \ No newline at end of file diff --git a/Src/Public/Invoke-AsBuiltReport.Microsoft.Azure.ps1 b/Src/Public/Invoke-AsBuiltReport.Microsoft.Azure.ps1 index ab5d8fc..c87a89c 100644 --- a/Src/Public/Invoke-AsBuiltReport.Microsoft.Azure.ps1 +++ b/Src/Public/Invoke-AsBuiltReport.Microsoft.Azure.ps1 @@ -5,7 +5,7 @@ function Invoke-AsBuiltReport.Microsoft.Azure { .DESCRIPTION Documents the configuration of Microsoft Azure in Word/HTML/Text formats using PScribo. .NOTES - Version: 0.1.5 + Version: 0.1.7 Author: Tim Carman Twitter: @tpcarman Github: @tpcarman @@ -22,7 +22,7 @@ function Invoke-AsBuiltReport.Microsoft.Azure { [Switch] $MFA ) - Get-RequiredModule -Name 'Az' -Version '9.4.0' + Get-RequiredModule -Name 'Az' -Version '12.0.0' Write-PScriboMessage -Plugin "Module" -Message "Please refer to the AsBuiltReport.Microsoft.Azure GitHub website for more detailed information about this project." Write-PScriboMessage -Plugin "Module" -Message "Do not forget to update your report configuration file after each new version release: https://www.asbuiltreport.com/user-guide/new-asbuiltreportconfig/" @@ -66,31 +66,33 @@ function Invoke-AsBuiltReport.Microsoft.Azure { if ($AzAccount) { $AzTenant = Get-AzTenant -TenantId $TenantId $AzLocations = Get-AzLocation - $AzLocationLookup = @{ } + $AzLocationLookup = @{} foreach ($AzLocation in $AzLocations) { $AzLocationLookup.($AzLocation.Location) = $AzLocation.DisplayName } if ($AzTenant) { - if ($Filter.Subscription -eq "*") { - $AzSubscriptions = Get-AzSubscription -TenantId $TenantId | Sort-Object Name - } else { + # Create a Lookup Hashtable for all Azure Subscriptions + $AzSubscriptions = Get-AzSubscription -TenantId $TenantId | Sort-Object Name + $AzSubscriptionLookup = @{} + foreach ($AzSubscription in $AzSubscriptions) { + $AzSubscriptionLookup.($AzSubscription.SubscriptionId) = $AzSubscription.Name + } + + # Filter Subscriptions + if ($Filter.Subscription -ne "*") { $AzSubscriptions = foreach ($AzSubscription in $Filter.Subscription) { - Get-AzSubscription -TenantId $TenantId -SubscriptionId $AzSubscription + Get-AzSubscription -TenantId $TenantId -SubscriptionId $AzSubscription | Sort-Object Name } } - $AzSubscriptionLookup = @{ } - foreach ($AzSubscription in ($AzSubscriptions | Sort-Object Name)) { - $AzSubscriptionLookup.($AzSubscription.SubscriptionId) = $AzSubscription.Name - } + Section -Style Heading1 $($AzTenant.Name) { Get-AbrAzTenant Section -Style Heading2 'Subscriptions' { Get-AbrAzSubscription - foreach ($AzSubscription in ($AzSubscriptions | Sort-Object Name)) { + foreach ($AzSubscription in $AzSubscriptions) { Section -Style Heading3 $($AzSubscription.Name) { Write-PScriboMessage "Setting Azure context to Subscription ID '$AzSubscription.Id'." $AzContext = Set-AzContext -Subscription $AzSubscription.Id -Tenant $TenantId - Get-AbrAzPolicyAssignment Get-AbrAzAvailabilitySet Get-AbrAzBastion Get-AbrAzExpressRouteCircuit @@ -100,6 +102,7 @@ function Invoke-AsBuiltReport.Microsoft.Azure { Get-AbrAzLoadBalancer Get-AbrAzVirtualNetwork Get-AbrAzNetworkSecurityGroup + Get-AbrAzPolicy Get-AbrAzRouteTable Get-AbrAzVirtualMachine Get-AbrAzRecoveryServicesVault From 8ab7159c9a286d274937b9c126e533cb1ee5cfb7 Mon Sep 17 00:00:00 2001 From: Tim Carman Date: Sun, 13 Oct 2024 09:10:51 +1100 Subject: [PATCH 2/2] Update GitHub Action release workflow --- .github/workflows/Release.yml | 4 ++-- CHANGELOG.md | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/Release.yml b/.github/workflows/Release.yml index cf52e21..069cde9 100644 --- a/.github/workflows/Release.yml +++ b/.github/workflows/Release.yml @@ -8,7 +8,7 @@ jobs: publish-to-gallery: runs-on: windows-2019 steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - name: Set PSRepository to Trusted for PowerShell Gallery shell: pwsh run: | @@ -29,7 +29,7 @@ jobs: needs: publish-to-gallery runs-on: ubuntu-latest steps: - - uses: Eomm/why-don-t-you-tweet@v1 + - uses: Eomm/why-don-t-you-tweet@v2 # We don't want to tweet if the repository is not a public one if: ${{ !github.event.repository.private }} with: diff --git a/CHANGELOG.md b/CHANGELOG.md index 549af5f..fa7fc41 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,7 @@ ### Changed * Performance improvements +* Update GitHub Action release workflow * Improve reporting for Azure Tenant * Improve reporting for Azure Policy assignments * Improve reporting for Key Vaults