Framework/Core/SubscriptionSecurity/SubscriptionSecurity.ps1
|
using namespace System.Management.Automation Set-StrictMode -Version Latest # The class serves as an intermediate class to call multiple subscription security module classes class SubscriptionSecurity: CommandBase { [string] $Tags SubscriptionSecurity([string] $subscriptionId, [InvocationInfo] $invocationContext, [string] $tags): Base($subscriptionId, $invocationContext) { $this.Tags = $tags; } [MessageData[]] SetSubscriptionSecurity( # Inputs for Security Center [string] $securityContactEmails, [string] $securityPhoneNumber, # Inputs for Alerts [string] $targetResourceGroup, [string] $alertResourceGroupLocation ) { [MessageData[]] $messages = @(); # Set up Security Center try { $this.PublishCustomMessage([Constants]::DoubleDashLine + "`r`nSetting up Security Center`r`n" + [Constants]::DoubleDashLine); $secCenter = [SecurityCenter]::new($this.SubscriptionContext.SubscriptionId); if ($secCenter) { $messages += $secCenter.SetPolicies($securityContactEmails, $securityPhoneNumber); $this.PublishCustomMessage([Constants]::DoubleDashLine + "`r`nCompleted Security Center configuration`r`n" + [Constants]::DoubleDashLine, [MessageType]::Update); } } catch { $this.CommandError($_); } # Set up RBAC try { $this.PublishCustomMessage([Constants]::DoubleDashLine + "`r`nSetting up subscription RBAC`r`n" + [Constants]::DoubleDashLine); $rbac = [RBAC]::new($this.SubscriptionContext.SubscriptionId, $this.InvocationContext, $this.Tags); if ($rbac) { $messages += $rbac.SetRBACAccounts(); $this.PublishCustomMessage([Constants]::DoubleDashLine + "`r`nCompleted subscription RBAC configuration`r`n" + [Constants]::DoubleDashLine, [MessageType]::Update); } } catch { $this.CommandError($_); } # Set up ARM policies try { $this.PublishCustomMessage([Constants]::DoubleDashLine + "`r`nSetting up ARM policies`r`n" + [Constants]::DoubleDashLine); $armPolicy = [ARMPolicy]::new($this.SubscriptionContext.SubscriptionId, $this.InvocationContext, $this.Tags); if ($armPolicy) { $messages += $armPolicy.SetARMPolicy(); $this.PublishCustomMessage([Constants]::DoubleDashLine + "`r`nCompleted ARM policy configuration`r`n" + [Constants]::DoubleDashLine, [MessageType]::Update); } } catch { $this.CommandError($_); } # Set up Alerts try { $this.PublishCustomMessage([Constants]::DoubleDashLine + "`r`nSetting up Alerts`r`n" + [Constants]::DoubleDashLine); $alert = [Alerts]::new($this.SubscriptionContext.SubscriptionId, $this.InvocationContext, $this.Tags); if ($alert) { $messages += $alert.SetAlerts($targetResourceGroup, $securityContactEmails, $alertResourceGroupLocation); $this.PublishCustomMessage([Constants]::DoubleDashLine + "`r`nCompleted Alerts configuration`r`n" + [Constants]::DoubleDashLine, [MessageType]::Update); } } catch { $this.CommandError($_); } return $messages; } [MessageData[]] RemoveSubscriptionSecurity([bool] $deleteResourceGroup, [string] $alertNames) { [MessageData[]] $messages = @(); # Remove ARM policies try { $this.PublishCustomMessage([Constants]::DoubleDashLine + "`r`nRemoving ARM policies`r`n" + [Constants]::DoubleDashLine); $armPolicy = [ARMPolicy]::new($this.SubscriptionContext.SubscriptionId, $this.InvocationContext, $this.Tags); if ($armPolicy) { $messages += $armPolicy.RemoveARMPolicy(); $this.PublishCustomMessage([Constants]::DoubleDashLine + "`r`nRemoved ARM policies`r`n" + [Constants]::DoubleDashLine, [MessageType]::Update); } } catch { $this.CommandError($_); } # Remove Alerts try { $this.PublishCustomMessage([Constants]::DoubleDashLine + "`r`nRemoving Alerts`r`n" + [Constants]::DoubleDashLine); $alert = [Alerts]::new($this.SubscriptionContext.SubscriptionId, $this.InvocationContext, $this.Tags); if ($alert) { $messages += $alert.RemoveAlerts($deleteResourceGroup, $alertNames); $this.PublishCustomMessage([Constants]::DoubleDashLine + "`r`nRemoved Alerts configuration`r`n" + [Constants]::DoubleDashLine, [MessageType]::Update); } } catch { $this.CommandError($_); } return $messages; } } |