Framework/Core/SVT/Services/TrafficManager.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
Set-StrictMode -Version Latest
class TrafficManager : SVTBase
{
    hidden [PSObject] $ResourceObject;
    
    TrafficManager([string] $subscriptionId, [string] $resourceGroupName, [string] $resourceName):
        Base($subscriptionId, $resourceGroupName, $resourceName)
    {
           $this.GetResourceObject();
    }

    TrafficManager([string] $subscriptionId, [SVTResource] $svtResource):
        Base($subscriptionId, $svtResource)
    {
           $this.GetResourceObject();
    }

     hidden [PSObject] GetResourceObject()
    {
        if (-not $this.ResourceObject)
        {
        
            $this.ResourceObject = Get-AzureRmTrafficManagerProfile -Name $this.ResourceContext.ResourceName `
                                -ResourceGroupName $this.ResourceContext.ResourceGroupName `
                                -ErrorAction SilentlyContinue

            if(-not $this.ResourceObject)
            {
                throw ([SuppressedException]::new(("Resource '$($this.ResourceContext.ResourceName)' not found under Resource Group '$($this.ResourceContext.ResourceGroupName)'"), [SuppressedExceptionType]::InvalidOperation))
            }

        }

        return $this.ResourceObject;
    }
    
    
    [ControlItem[]] ApplyServiceFilters([ControlItem[]] $controls)
    {
        if($controls.Count -eq 0)
        {
            return $controls;
        }

        $result = @();
        
        if([Helpers]::CheckMember($this.ResourceObject, "MonitorProtocol") -and $this.ResourceObject.MonitorProtocol -eq "TCP")
        {
            $result += $controls | Where-Object {$_.ControlID -ne "Azure_TrafficManager_DP_Enable_HTTPS" }
        }
        else{
            $result += $controls
        }

        
                
        return $result;
    }


    hidden [ControlResult] CheckTrafficManagerEndpointMonitorProtocol([ControlResult] $controlResult)
    {
            #Checking if endpoints are there or not in the profile
        if(($this.ResourceObject.Endpoints | Measure-Object).Count -gt 0)
        {
            $EnabledEndpointList =  $this.ResourceObject.Endpoints | Where-Object { $_.EndpointStatus -eq 'Enabled' }
            #check if all endpoints are not disabled
            if(($EnabledEndpointList | Measure-Object).Count -eq 0)
            {
                $controlResult.AddMessage([VerificationResult]::Passed,
                                        [MessageData]::new("All endpoints are disabled in the Traffic Manager profile ["+ $this.ResourceContext.ResourceName +"].")); 
            }
            else
            {
                if($this.ResourceObject.MonitorProtocol -eq 'HTTPS')
                {
                    $controlResult.AddMessage([VerificationResult]::Passed,
                                        [MessageData]::new("The Traffic Manager profile ["+ $this.ResourceContext.ResourceName +"] is using HTTPS protocol for endpoint monitoring.")); 
                }
                else
                {
                    $controlResult.EnableFixControl = $true;
                    $controlResult.AddMessage([VerificationResult]::Failed,
                                        [MessageData]::new("The Traffic Manager profile ["+ $this.ResourceContext.ResourceName +"] is not using HTTPS protocol for endpoint monitoring.",$this.ResourceObject)); 
                }
            }
            
        }
        else
        {
            $controlResult.AddMessage([VerificationResult]::Passed,
                                        [MessageData]::new("No endpoints found in the Traffic Manager profile ["+ $this.ResourceContext.ResourceName +"].")); 
        }
        
 
        return $controlResult;    
    }
}