SubscriptionSecurity/SubscriptionSecurity.ps1

Set-StrictMode -Version Latest
function Set-AzSKSubscriptionSecurity 
{
    <#
    .SYNOPSIS
    This command would help in setting up the all the critical subscription security packages
 
    .DESCRIPTION
    This command would help in setting up the all the critical subscription security packages
     
    .LINK
    https://aka.ms/azsdkossdocs
    #>

    Param(

        [string]
        [Parameter(Mandatory = $true, HelpMessage = "Subscription id for which subscription security configuration has to be set.")]
        [ValidateNotNullOrEmpty()]
        $SubscriptionId,
        
        [string] 
        [Parameter(Mandatory = $false, HelpMessage = "Provide tag names for processing specific policies. Comma separated values are supported.")]
        $Tags,

        [string]
        [Parameter(Mandatory = $true, HelpMessage = "Provide a security contact email address or addresses separated by a comma. Recommended a mail enabled Security Group with receiving of external emails option turned ON.")]
        $SecurityContactEmails,

        [string]
        [Parameter(Mandatory = $true, HelpMessage = "Provide a security contact international information phone number including the country code (for example, +1-425-1234567)")]
        $SecurityPhoneNumber,

        [string] 
        [Parameter(Mandatory = $false, HelpMessage = "Provide the ResourceGroup on which the AlertPackage has to be configured")]
        $TargetResourceGroup,

        [string] 
        [Parameter(Mandatory = $false, HelpMessage = "Provide the location for alert ResourceGroup")]
        $AlertResourceGroupLocation = "East US",
        
        [switch]
        [Parameter(Mandatory = $false, HelpMessage = "Switch to apply subscription security confugations forcefully regardless of latest updates already present on subscription.")]
        $Force,

        [switch]
        [Parameter(Mandatory = $false, HelpMessage = "Switch to specify whether to open output folder containing all security evaluation report or not.")]
        $DoNotOpenOutputFolder
    )

    Begin
    {
        [CommandHelper]::BeginCommand($PSCmdlet.MyInvocation);
        [ListenerHelper]::RegisterListeners();
    }

    Process
    {
        try 
        {
            # Adding all mandatory tags
            $modifiedTags = [string]::Join(",", [ConfigurationManager]::GetAzSdkConfigData().SubscriptionMandatoryTags);
            if(-not [string]::IsNullOrWhiteSpace($Tags))
            {
                $modifiedTags = $modifiedTags + "," +$Tags;
            }

            $subSec = [SubscriptionSecurity]::new($SubscriptionId, $PSCmdlet.MyInvocation, $modifiedTags);
            if ($subSec) 
            {
                return $subSec.InvokeFunction($subSec.SetSubscriptionSecurity, @($SecurityContactEmails, $SecurityPhoneNumber, $TargetResourceGroup, $AlertResourceGroupLocation));
            }
        }
        catch 
        {
            [EventBase]::PublishGenericException($_);
        }          
    }

    End
    {
        [ListenerHelper]::UnregisterListeners();
    }
}

function Remove-AzSKSubscriptionSecurity 
{
    <#
    .SYNOPSIS
    This command would help in cleaning up the AzSDK Subscription Security package for a Subscription
 
    .DESCRIPTION
    This command would help in cleaning up the AzSDK Subscription Security package for a Subscription
     
    .LINK
    https://aka.ms/azsdkossdocs
    #>

    Param(

        [string]
        [Parameter(Mandatory = $true, HelpMessage = "Subscription id for which the subscription security configuration has to be removed.")]
        [ValidateNotNullOrEmpty()]
        $SubscriptionId,

        [string] 
        [Parameter(Mandatory = $true, HelpMessage = "Provide tag names for processing specific policies. Comma separated values are supported.")]
        $Tags,

        [switch]
        [Parameter(Mandatory = $false, HelpMessage = "Switch to specify whether to delete resource group containing all alerts or not")]
        $DeleteResourceGroup,

        [Parameter(Mandatory = $false, HelpMessage = "Provide the comma separated values of alert names")]
        [string]
        $AlertNames,
        
        [switch]
        [Parameter(Mandatory = $false, HelpMessage = "Switch to specify whether to open output folder containing all security evaluation report or not.")]
        $DoNotOpenOutputFolder
    )

    Begin
    {
        [CommandHelper]::BeginCommand($PSCmdlet.MyInvocation);
        [ListenerHelper]::RegisterListeners();
    }

    Process
    {
        try 
        {

            $subSec = [SubscriptionSecurity]::new($SubscriptionId, $PSCmdlet.MyInvocation, $Tags);
            if ($subSec) 
            {
                return $subSec.InvokeFunction($subSec.RemoveSubscriptionSecurity, @([bool] $DeleteResourceGroup, $AlertNames));
            }
        }
        catch 
        {
            [EventBase]::PublishGenericException($_);
        }          
    }

    End
    {
        [ListenerHelper]::UnregisterListeners();
    }
}

function Update-AzSKSubscriptionSecurity 
{
    
    <#
    .SYNOPSIS
    This command would help in updating all the critical AzSDK packages which includes subscription security (RBAC, ARM Policies, Alerts, Security center configuration) and Continuous Assurance (CA) automation runbook.
 
    .DESCRIPTION
    This command would help in updating all the critical AzSDK packages which includes subscription security (RBAC, ARM Policies, Alerts, Security center configuration) and Continuous Assurance (CA) automation runbook.
     
    .LINK
    https://aka.ms/azsdkossdocs
    #>

    Param(

        [string]
        [Parameter(Mandatory = $true, HelpMessage = "Subscription id for which subscription security configuration has to be updated.")]
        [ValidateNotNullOrEmpty()]
        $SubscriptionId,

        [switch]
        [Parameter(Mandatory = $false, HelpMessage = "Switch to apply subscription security confugation updates forcefully regardless of latest updates already present on subscription.")]
        $Force,
        
        [switch]
        [Parameter(Mandatory = $false, HelpMessage = "Switch to specify whether to open output folder containing all security evaluation report or not.")]
        $DoNotOpenOutputFolder
    )

    Begin
    {
        [CommandHelper]::BeginCommand($PSCmdlet.MyInvocation);
        [ListenerHelper]::RegisterListeners();
    }

    Process
    {
        try 
        {
            $subSec = [SubscriptionSecurity]::new($SubscriptionId, $PSCmdlet.MyInvocation);
            if ($subSec) 
            {
                return $subSec.InvokeFunction($subSec.UpdateSubscriptionSecurity);
            }
        }
        catch 
        {
            [EventBase]::PublishGenericException($_);
        }          
    }

    End
    {
        [ListenerHelper]::UnregisterListeners();
    }
}