AzSK.ADO

1.0.0

AzSKADOInfo/AzSKADOInfo.ps1

Set-StrictMode -Version Latest
function Get-AzSKADOInfo
{
    
    <#
    .SYNOPSIS
    This command would help users to get details of various components of AzSK.ADO.
     
    .DESCRIPTION
    This command will fetch details of AzSK.ADO components and help user to provide details of different component using single command. Refer https://aka.ms/adoscanner/docs for more information
     
    .PARAMETER InfoType
        InfoType for which type of information required by user.
    .PARAMETER ResourceTypeName
        Friendly name of resource type. e.g.: Build, Release, etc. (combo types e.g., Build_Release are not currently supported).
    .PARAMETER DoNotOpenOutputFolder
        Switch to specify whether to open output folder containing all security evaluation report or not.
    .PARAMETER UseBaselineControls
        This switch would scan only for baseline controls defined at org level
    .PARAMETER ControlIds
        Comma-separated control ids to filter the security controls. e.g.: ADO_Release_AuthZ_Disable_Inherited_Permissions, ADO_ServiceConnection_AuthZ_Dont_Grant_All_Pipelines_Access
    .PARAMETER ControlSeverity
        Select one of the control severity (Critical, High, Low, Medium)
    .PARAMETER ControlIdContains
        The list of control ids for which fixes should be applied.
 
    .NOTES
    This command helps the application team to verify whether their ADO resources are compliant with the security guidance or not
 
    .LINK
    https://aka.ms/ADOScanner
 
    #>
    Param(
        [Parameter(Mandatory = $false)]
        [ValidateSet("OrganizationInfo", "ControlInfo", "HostInfo")] 
        [Alias("it")]
        $InfoType,

        [string]
        [Parameter(Mandatory = $true)]
        [Alias("oz")]
        $OrganizationName,

        [string]
        [Parameter( HelpMessage="Project names for which the security evaluation has to be performed.")]
        [ValidateNotNullOrEmpty()]
        [Alias("pns", "ProjectName", "pn")]
        $ProjectNames,

        [string]
        [Parameter(Mandatory = $false, HelpMessage="Name of the project hosting organization policy with which the scan should run.")]
        [ValidateNotNullOrEmpty()]
        [Alias("pp")]
        $PolicyProject,
        
        [ResourceTypeName]
        [Alias("rtn")]
        $ResourceTypeName = [ResourceTypeName]::All,

        [string]
        [Alias("cids")]
        $ControlIds,

        [switch]
        [Alias("ubc")]
        $UseBaselineControls,

        [switch]
        [Alias("upbc")]
        $UsePreviewBaselineControls,

        [Alias("cs")]
        $ControlSeverity,

        [string]
        [Alias("ft")]
        $FilterTags,

        [string]
        [Alias("cidc")]
        $ControlIdContains,
        
        [switch]
        [Parameter(Mandatory = $false, HelpMessage = "Switch to specify whether to open output folder.")]
        [Alias("dnof")]
        $DoNotOpenOutputFolder
    )
    Begin
    {
        [CommandHelper]::BeginCommand($PSCmdlet.MyInvocation);
        [ListenerHelper]::RegisterListeners();
    }

    Process
    {
        try 
        {
            $SubscriptionId = $OrganizationName
            $unsupported = $false
            if([string]::IsNullOrWhiteSpace($ResourceTypeName))
            {
                $ResourceTypeName = [ResourceTypeName]::All
            }
            elseif ($ResourceTypeName -match "_")
            {
                $unsupported = $true
                Write-Host -ForegroundColor Yellow "Combo ResourceTypeNames are not supported in this command.`r`nUse individual names or run use All and apply filter in CSV."
            }


            if(-not ([string]::IsNullOrEmpty($InfoType) -or $unsupported))
            {
                switch ($InfoType.ToString()) 
                {
                    OrganizationInfo
                    {
                        Write-Host -ForegroundColor Yellow "OrganizationInfo support is yet to be implemented."
                    }
                    ControlInfo 
                    {
                        If($PSCmdlet.MyInvocation.BoundParameters["Verbose"] -and $PSCmdlet.MyInvocation.BoundParameters["Verbose"].IsPresent)
                        {
                            $Full = $true
                        }
                        else
                        {
                            $Full = $false
                        }

                        $controlsInfo = [ControlsInfo]::new($SubscriptionId, $PSCmdlet.MyInvocation, $ResourceTypeName, $ControlIds, $UseBaselineControls, $UsePreviewBaselineControls, $FilterTags, $Full, $ControlSeverity, $ControlIdContains);
                        if ($controlsInfo) 
                        {
                            return $controlsInfo.InvokeFunction($controlsInfo.GetControlDetails);
                        }
                    }
                    HostInfo 
                    {
                        $hInfo = [HostInfo]::new($SubscriptionId, $PSCmdlet.MyInvocation);
                        if ($hInfo) 
                        {
                            return $hInfo.InvokeFunction($hInfo.GetHostInfo);
                        }
                    }
                    AttestationInfo
                    {
                        Write-Host -ForegroundColor Yellow "AttestationInfo support is yet to be implemented."
                    }
                    Default
                    {
                        Write-Host $([Constants]::DefaultInfoCmdMsg)
                    }
                }
            }
            else
            {
                Write-Host $([Constants]::DefaultInfoCmdMsg)
            }
        }
        catch 
        {
            [EventBase]::PublishGenericException($_);
        }  
    }

    End
    {
        [ListenerHelper]::UnregisterListeners();
    }
}