MetadataInfo/GetMetadataInfo.ps1
|
Set-StrictMode -Version Latest function Get-AzSKInfo { <# .SYNOPSIS This command would help users to get details of various components of AzSK. .DESCRIPTION This command will fetch details of AzSK components and help user to provide details of different component using single command. Refer https://aka.ms/azskossdocs for more information .PARAMETER InfoType InfoType for which type of information required by user. .PARAMETER SubscriptionId Subscription id for which the security evaluation has to be performed. .PARAMETER ResourceGroupNames ResourceGroups for which the security evaluation has to be performed. Comma separated values are supported. Wildcards are not permitted. By default, the command gets all resources in the subscription. .PARAMETER ResourceType Gets only resources of the specified resource type. Wildcards are not permitted. e.g.: Microsoft.KeyVault/vaults. Run command 'Get-AzSKSupportedResourceTypes' to get the list of supported types. .PARAMETER ResourceTypeName Friendly name of resource type. e.g.: KeyVault. Run command 'Get-AzSKSupportedResourceTypes' to get the list of supported values. .PARAMETER ResourceNames Gets a resource with the specified name. Comma separated values are supported. Wildcards/like searches are not permitted. By default, the command gets all resources in the subscription. .PARAMETER Tag The tag filter for Azure resource. The expected format is @{tagName1=$null} or @{tagName = 'tagValue'; tagName2='value1'}. .PARAMETER TagName The name of the tag to query for Azure resource. .PARAMETER TagValue The value of the tag to query for Azure resource. .PARAMETER FilterTags Comma separated tags to filter the security controls. e.g.: RBAC, SOX, AuthN etc. .PARAMETER DoNotOpenOutputFolder Switch to specify whether to open output folder containing all security evaluation report or not. .PARAMETER UseBaselineControls This switch would scan only for baseline controls defined at org level .NOTES This command helps the application team to verify whether their Azure resources are compliant with the security guidance or not .LINK https://aka.ms/azskossdocs #> Param( [Parameter(Mandatory = $false)] [ValidateSet("SubscriptionInfo", "ControlInfo", "HostInfo" , "AttestationInfo")] $InfoType, [ResourceTypeName] $ResourceTypeName = [ResourceTypeName]::All, [string] $ResourceType, [string] $ControlIds, [switch] $UseBaselineControls, [string] $FilterTags, [string] $SubscriptionId, [string] $ResourceGroupNames, [string] [Alias("ResourceName")] $ResourceNames, [ValidateSet("Critical", "High", "Medium" , "Low")] $ControlSeverity, [string] $ControlIdContains ) Begin { [CommandHelper]::BeginCommand($PSCmdlet.MyInvocation); [ListenerHelper]::RegisterListeners(); } Process { try { if ([string]::IsNullOrEmpty($SubscriptionId)) { if((-not [string]::IsNullOrEmpty($InfoType)) -and $InfoType.ToString() -eq 'AttestationInfo') { $SubscriptionId = Read-Host "SubscriptionId" $SubscriptionId = $SubscriptionId.Trim() } else { $SubscriptionId = [Constants]::BlankSubscriptionId } } if(-not [string]::IsNullOrEmpty($InfoType)) { switch ($InfoType.ToString()) { SubscriptionInfo { $basicInfo = [BasicInfo]::new($SubscriptionId, $PSCmdlet.MyInvocation); if ($basicInfo) { return $basicInfo.InvokeFunction($basicInfo.GetBasicInfo); } } ControlInfo { If($PSCmdlet.MyInvocation.BoundParameters["Verbose"] -and $PSCmdlet.MyInvocation.BoundParameters["Verbose"].IsPresent) { $Full = $true } else { $Full = $false } $controlsInfo = [ControlsInfo]::new($SubscriptionId, $PSCmdlet.MyInvocation, $ResourceTypeName, $ResourceType, $ControlIds, $UseBaselineControls, $FilterTags, $Full, $ControlSeverity, $ControlIdContains); if ($controlsInfo) { return $controlsInfo.InvokeFunction($controlsInfo.GetControlDetails); } } HostInfo { $environmentInfo = [EnvironmentInfo]::new($SubscriptionId, $PSCmdlet.MyInvocation); if ($environmentInfo) { return $environmentInfo.InvokeFunction($environmentInfo.GetEnvironmentInfo); } } AttestationInfo { if([string]::IsNullOrWhiteSpace($ResourceType) -and [string]::IsNullOrWhiteSpace($ResourceTypeName)) { $ResourceTypeName = [ResourceTypeName]::All } $resolver = [SVTResourceResolver]::new($SubscriptionId, $ResourceGroupNames, $ResourceNames, $ResourceType, $ResourceTypeName); $attestationReport = [SVTStatusReport]::new($SubscriptionId, $PSCmdlet.MyInvocation, $resolver); if ($attestationReport) { $attestationReport.ControlIdString = $ControlIds; [AttestationOptions] $attestationOptions = [AttestationOptions]::new(); #$attestationOptions.AttestationStatus = $AttestationStatus $attestationReport.AttestationOptions = $attestationOptions; return ([CommandBase]$attestationReport).InvokeFunction($attestationReport.FetchAttestationInfo); } } Default { Write-Host $([Constants]::DefaultInfoCmdMsg) } } } else { Write-Host $([Constants]::DefaultInfoCmdMsg) } } catch { [EventBase]::PublishGenericException($_); } } End { [ListenerHelper]::UnregisterListeners(); } } |