Speed fixes (#698)

Co-authored-by: Anthony Watherston <[email protected]>
Azure · Jul 8, 2024 · 812a530 · 812a530
1 parent b20f7e6
commit 812a530
Show file tree

Hide file tree

Showing 6 changed files with 85 additions and 72 deletions.
diff --git a/Scripts/Deploy/Build-DeploymentPlans.ps1 b/Scripts/Deploy/Build-DeploymentPlans.ps1
@@ -317,6 +317,14 @@ if ($buildSelections.buildAny) {
         $allAssignments[$id] = $deployedPolicyAssignments.$id
     }
 
+    #region Process Deprecated
+    $deprecatedHash = @{}
+    foreach ($key in $combinedPolicyDetails.policies.keys) {
+        if ($combinedPolicyDetails.policies.$key.isDeprecated) {
+            $deprecatedHash[$combinedPolicyDetails.policies.$key.name] = $combinedPolicyDetails.policies.$key
+        }
+    }
+
     if ($buildSelections.buildPolicyAssignments) {
         # Process Assignment JSON files
         Build-AssignmentPlan `
@@ -329,7 +337,8 @@ if ($buildSelections.buildAny) {
             -AllAssignments $allAssignments `
             -ReplaceDefinitions $replaceDefinitions `
             -PolicyRoleIds $policyRoleIds `
-            -CombinedPolicyDetails $combinedPolicyDetails
+            -CombinedPolicyDetails $combinedPolicyDetails `
+            -DeprecatedHash $deprecatedHash
     }
 
     if ($buildSelections.buildPolicyExemptions) {

diff --git a/Scripts/Helpers/Build-AssignmentDefinitionNode.ps1 b/Scripts/Helpers/Build-AssignmentDefinitionNode.ps1
@@ -8,7 +8,8 @@ function Build-AssignmentDefinitionNode {
         [hashtable] $AssignmentDefinition, # Collected values in tree branch
         [hashtable] $CombinedPolicyDetails,
         [hashtable] $PolicyRoleIds,
-        [hashtable] $RoleDefinitions
+        [hashtable] $RoleDefinitions,
+        [hashtable] $DeprecatedHash
 
         # Returns a list os completed assignmentValues
     )
@@ -153,14 +154,6 @@ function Build-AssignmentDefinitionNode {
     }
     #endregion definitionEntry or definitionEntryList (required exactly once per branch)
 
-    #region Process Deprecated
-    $deprecatedHash = @{}
-    foreach ($key in $CombinedPolicyDetails.policies.keys) {
-        if ($true -eq $CombinedPolicyDetails.policies.$key.isDeprecated) {
-            $deprecatedHash[$CombinedPolicyDetails.policies.$key.name] = $CombinedPolicyDetails.policies.$key
-        }
-    }
-
     #region metadata
     if ($DefinitionNode.metadata) {
         # merge metadata
@@ -191,7 +184,7 @@ function Build-AssignmentDefinitionNode {
             $rawParameterValue = $addedParameters.$parameterName
             $currentParameterHash = $parameterHash.$parameterName
             if ($null -ne $currentParameterHash.name) {
-                if ($deprecatedHash.ContainsKey($($currentParameterHash.name)) -and $currentParameterHash.parameters.$parameterName.isEffect) {
+                if ($DeprecatedHash.ContainsKey($($currentParameterHash.name)) -and $currentParameterHash.parameters.$parameterName.isEffect) {
                     $null = $deprecatedInJSON.Add("Assignment: '$($assignment.name)' with Parameter: '$parameterName' ($($currentParameterHash))")
                     if (!$PacEnvironment.desiredState.doNotDisableDeprecatedPolicies) {
                         $rawParameterValue = "Disabled"
@@ -228,7 +221,7 @@ function Build-AssignmentDefinitionNode {
             # Replace CSV effect with Disabled if Deprecated
             foreach ($entry in $csvParameterArray) {
                 # If policy in csv is found to be deprecated
-                if ($deprecatedHash.ContainsKey($entry.name)) {
+                if ($DeprecatedHash.ContainsKey($entry.name)) {
                     # For each child in the assignment
                     foreach ($child in $DefinitionNode.children) {
                         # If that child is using a parameterSelector with the CSV
@@ -478,7 +471,8 @@ function Build-AssignmentDefinitionNode {
                 -AssignmentDefinition $definition `
                 -CombinedPolicyDetails $CombinedPolicyDetails `
                 -PolicyRoleIds $PolicyRoleIds `
-                -RoleDefinitions $RoleDefinitions
+                -RoleDefinitions $RoleDefinitions `
+                -DeprecatedHash $DeprecatedHash
 
             if ($hasErrorsLocal) {
                 $hasErrors = $true

diff --git a/Scripts/Helpers/Build-AssignmentPlan.ps1 b/Scripts/Helpers/Build-AssignmentPlan.ps1
@@ -10,7 +10,8 @@ function Build-AssignmentPlan {
         [hashtable] $AllAssignments,
         [hashtable] $ReplaceDefinitions,
         [hashtable] $PolicyRoleIds,
-        [hashtable] $CombinedPolicyDetails
+        [hashtable] $CombinedPolicyDetails,
+        [hashtable] $DeprecatedHash
     )
 
     Write-Information "==================================================================================================="
@@ -94,7 +95,8 @@ function Build-AssignmentPlan {
             -AssignmentDefinition $rootAssignmentDefinition `
             -CombinedPolicyDetails $CombinedPolicyDetails `
             -PolicyRoleIds $PolicyRoleIds `
-            -RoleDefinitions $roleDefinitions
+            -RoleDefinitions $roleDefinitions `
+            -DeprecatedHash $DeprecatedHash
 
         if ($hasErrors) {
             Write-Error "Assignment definitions content errors" -ErrorAction Stop

diff --git a/Scripts/Helpers/Get-GlobalSettings.ps1 b/Scripts/Helpers/Get-GlobalSettings.ps1
@@ -192,11 +192,6 @@ function Get-GlobalSettings {
             if ($skipResourceValidationForExemptionsRaw) {
                 $skipResourceValidationForExemptions = $true
             }
-            $doNotDisableDeprecatedPolicies = $false
-            $doNotDisableDeprecatedPoliciesRaw = $pacEnvironment.doNotDisableDeprecatedPolicies
-            if ($doNotDisableDeprecatedPoliciesRaw) {
-                $doNotDisableDeprecatedPolicies = $true
-            }
 
             $desiredState = @{
                 strategy                             = "undefined"
@@ -321,6 +316,9 @@ function Get-GlobalSettings {
                         Add-ErrorMessage -ErrorInfo $errorInfo -ErrorString "Global settings error: pacEnvironment $pacSelector field desiredState.doNotDisableDeprecatedPolicies ($doNotDisableDeprecatedPolicies) must be a boolean value."
                     }
                 }
+                else {
+                    $doNotDisableDeprecatedPolicies = $false
+                }
             }
 
             $pacEnvironmentDefinition = @{

diff --git a/Scripts/Helpers/Out-DocumentationForPolicyAssignments.ps1 b/Scripts/Helpers/Out-DocumentationForPolicyAssignments.ps1
@@ -6,7 +6,7 @@ function Out-DocumentationForPolicyAssignments {
         $DocumentationSpecification,
         [hashtable] $AssignmentsByEnvironment,
         [switch] $IncludeManualPolicies,
-        [bool] $doNotDisableDeprecatedPolicies
+        [hashtable] $PacEnvironments
     )
 
     [string] $fileNameStem = $DocumentationSpecification.fileNameStem
@@ -153,9 +153,9 @@ function Out-DocumentationForPolicyAssignments {
 
     #region Process Deprecated
     $deprecatedHash = @{}
-    foreach ($key in $CombinedPolicyDetails.policies.keys) {
-        if ($true -eq $CombinedPolicyDetails.policies.$key.isDeprecated) {
-            $deprecatedHash[$CombinedPolicyDetails.policies.$key.name] = $CombinedPolicyDetails.policies.$key
+    foreach ($key in $policyResourceDetails.policies.keys) {
+        if ($true -eq $policyResourceDetails.policies.$key.isDeprecated) {
+            $deprecatedHash[$policyResourceDetails.policies.$key.name] = $policyResourceDetails.policies.$key
         }
     }
     #region Review Duplicates
@@ -286,6 +286,9 @@ function Out-DocumentationForPolicyAssignments {
                 if ($environmentList.ContainsKey($environmentCategory)) {
                     $environmentCategoryValues = $environmentList.$environmentCategory
                     $effectValue = $environmentCategoryValues.effectValue
+                    if ($effectValue.StartsWith("[if(contains(parameters('resourceTypeList')")) {
+                        $effectValue = "SetByParameter"
+                    }
                     $effectAllowedValues = $_.effectAllowedValues
                     $text = Convert-EffectToMarkdownString `
                         -Effect $effectValue `
@@ -451,52 +454,58 @@ function Out-DocumentationForPolicyAssignments {
     $flatPolicyListAcrossEnvironments.Values | Sort-Object -Property { $_.category }, { $_.displayName } | ForEach-Object -Process {
         # If statement to skip over duplicates and ensure not to include Deprecated Policies
         if ( $true -ne $_.isReferencePathMatch) {
-            if (!$deprecatedHash.ContainsKey($_.name) -or $doNotDisableDeprecatedPolicies) {
-                # Initialize row - with empty strings
-                $rowObj = [ordered]@{}
-                foreach ($key in $columnHeaders) {
-                    $null = $rowObj.Add($key, "")
-                }
+            # Initialize row - with empty strings
+            $rowObj = [ordered]@{}
+            foreach ($key in $columnHeaders) {
+                $null = $rowObj.Add($key, "")
+            }
 
-                # Cache loop values
-                # $effectAllowedValues = $_.effectAllowedValues
-                # $groupNames = $_.groupNames
-                # $policySetEffectStrings = $_.policySetEffectStrings
-                $effectAllowedValues = $_.effectAllowedValues
-                $isEffectParameterized = $_.isEffectParameterized
-                $effectAllowedOverrides = $_.effectAllowedOverrides
-                $groupNames = $_.groupNames
-                $effectDefault = $_.effectDefault
-                $policySetEffectStrings = $_.policySetEffectStrings
-
-                # Build common columns
-                $rowObj.name = $_.name
-                $rowObj.referencePath = $_.referencePath
-                $rowObj.policyType = $_.policyType
-                $rowObj.category = $_.category
-                $rowObj.displayName = $_.displayName
-                $rowObj.description = $_.description
-                $groupNames = $_.groupNames
-                if ($groupNames.Count -gt 0) {
-                    $sortedGroupNameList = $groupNames | Sort-Object -Unique
-                    $rowObj.groupNames = $sortedGroupNameList -join $inCellSeparator3
-                }
-                if ($policySetEffectStrings.Count -gt 0) {
-                    $rowObj.policySets = $policySetEffectStrings -join $inCellSeparator3
-                }
-                $rowObj.allowedEffects = Convert-AllowedEffectsToCsvString `
-                    -DefaultEffect $effectDefault `
-                    -IsEffectParameterized $isEffectParameterized `
-                    -EffectAllowedValues $effectAllowedValues.Keys `
-                    -EffectAllowedOverrides $effectAllowedOverrides `
-                    -InCellSeparator1 $inCellSeparator1 `
-                    -InCellSeparator2 $inCellSeparator2
+            # Cache loop values
+            # $effectAllowedValues = $_.effectAllowedValues
+            # $groupNames = $_.groupNames
+            # $policySetEffectStrings = $_.policySetEffectStrings
+            $effectAllowedValues = $_.effectAllowedValues
+            $isEffectParameterized = $_.isEffectParameterized
+            $effectAllowedOverrides = $_.effectAllowedOverrides
+            $groupNames = $_.groupNames
+            $effectDefault = $_.effectDefault
+            $policySetEffectStrings = $_.policySetEffectStrings
+
+            # Build common columns
+            $rowObj.name = $_.name
+            $rowObj.referencePath = $_.referencePath
+            $rowObj.policyType = $_.policyType
+            $rowObj.category = $_.category
+            $rowObj.displayName = $_.displayName
+            $rowObj.description = $_.description
+            $groupNames = $_.groupNames
+            if ($groupNames.Count -gt 0) {
+                $sortedGroupNameList = $groupNames | Sort-Object -Unique
+                $rowObj.groupNames = $sortedGroupNameList -join $inCellSeparator3
+            }
+            if ($policySetEffectStrings.Count -gt 0) {
+                $rowObj.policySets = $policySetEffectStrings -join $inCellSeparator3
+            }
+            $rowObj.allowedEffects = Convert-AllowedEffectsToCsvString `
+                -DefaultEffect $effectDefault `
+                -IsEffectParameterized $isEffectParameterized `
+                -EffectAllowedValues $effectAllowedValues.Keys `
+                -EffectAllowedOverrides $effectAllowedOverrides `
+                -InCellSeparator1 $inCellSeparator1 `
+                -InCellSeparator2 $inCellSeparator2
 
-                $environmentList = $_.environmentList
-                # Build environmentCategory columns
-                foreach ($environmentCategory in $environmentCategories) {
-                    if ($environmentList.ContainsKey($environmentCategory)) {
-                        $perEnvironment = $environmentList.$environmentCategory
+            $environmentList = $_.environmentList
+            # Build environmentCategory columns
+            $doNotSkip = $false
+            foreach ($environmentCategory in $environmentCategories) {
+                if ($environmentList.ContainsKey($environmentCategory)) {
+                    $perEnvironment = $environmentList.$environmentCategory
+
+                    # Valide doNotDisableDeprecatedPolicies for env
+                    $envPacSelector = $AssignmentsByEnvironment."$($perEnvironment.environmentCategory)".pacEnvironmentSelector
+                    $doNotDisableDeprecatedPolicies = $PacEnvironments.$envPacSelector.doNotDisableDeprecatedPolicies
+
+                    if (!$deprecatedHash.ContainsKey($_.name) -or $doNotDisableDeprecatedPolicies) {
                         if ($null -ne $perEnvironment.effectValue) {
                             $rowObj["$($environmentCategory)Effect"] = Convert-EffectToCsvString $perEnvironment.effectValue
                         }
@@ -506,10 +515,13 @@ function Out-DocumentationForPolicyAssignments {
 
                         $text = Convert-ParametersToString -Parameters $perEnvironment.parameters -OutputType "csvValues"
                         $rowObj["$($environmentCategory)Parameters"] = $text
+                        $doNotSkip = $true
                     }
                 }
+            }
 
-                # Add row to spreadsheet
+            # Add row to spreadsheet
+            if ($doNotSkip) {
                 $null = $allRows.Add($rowObj)
             }
         }

diff --git a/Scripts/Operations/Build-PolicyDocumentation.ps1 b/Scripts/Operations/Build-PolicyDocumentation.ps1
@@ -299,9 +299,7 @@ foreach ($file in $files) {
                     }
                 )
             }
-
             # Build documents
-            $doNotDisableDeprecatedPolicies = $pacEnvironments[$($globalSettings.pacEnvironmentPrompt)].'doNotDisableDeprecatedPolicies'
             $documentationSpecifications = $documentAssignments.documentationSpecifications
             foreach ($documentationSpecification in $documentationSpecifications) {
                 $documentationType = $documentationSpecification.type
@@ -314,7 +312,7 @@ foreach ($file in $files) {
                     -DocumentationSpecification $documentationSpecification `
                     -AssignmentsByEnvironment $assignmentsByEnvironment `
                     -IncludeManualPolicies:$IncludeManualPolicies `
-                    -doNotDisableDeprecatedPolicies:$doNotDisableDeprecatedPolicies
+                    -PacEnvironments $pacEnvironments
                 # Out-DocumentationForPolicyAssignments `
                 #     -OutputPath $outputPath `
                 #     -WindowsNewLineCells:$true `