Framework/Core/SVT/Services/AnalysisServices.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
Set-StrictMode -Version Latest 
class AnalysisServices: AzSVTBase
{    
    hidden [PSObject] $ResourceObject;

    AnalysisServices([string] $subscriptionId, [SVTResource] $svtResource): 
        Base($subscriptionId, $svtResource) 
    { 
        $this.GetResourceObject();
    }

    hidden [PSObject] GetResourceObject()
    {
        if (-not $this.ResourceObject) 
        {
            #Get resource object from context
            $this.ResourceObject =   Get-AzResource -Name $this.ResourceContext.ResourceName `
                                    -ResourceGroupName $this.ResourceContext.ResourceGroupName `
                                    -ResourceType $this.ResourceContext.ResourceType
            
            if(-not $this.ResourceObject)
            {
                throw ([SuppressedException]::new(("Resource '{0}' not found under Resource Group '{1}'" -f ($this.ResourceContext.ResourceName), ($this.ResourceContext.ResourceGroupName)), [SuppressedExceptionType]::InvalidOperation))
            }
        }
        return $this.ResourceObject;
    }

    hidden [ControlResult] CheckAnalysisServicesAdmin([ControlResult] $controlResult)
    { 
        if($this.ResourceObject.Properties -and $this.ResourceObject.Properties.State)
        {
            if($this.ResourceObject.Properties.State -eq "Paused")
            {
                #Can not retrieve Analysis Services Admins details if analysis services state is 'Paused'
                $controlResult.AddMessage([MessageData]::new("Unable to fetch Analysis Services Admins as status is - [$($this.ResourceObject.Properties.State)]"))
                return $controlResult
            }
    
            #Get Admin count
            $adminCount = 0
            if(([Helpers]::CheckMember($this.ResourceObject.Properties ,"AsAdministrators")) -and  ([Helpers]::CheckMember($this.ResourceObject.Properties.AsAdministrators ,"members")))
            {
                $adminCount = ($this.ResourceObject.Properties.AsAdministrators.members  | Measure-Object).Count;
                $controlResult.SetStateData("Analysis Services admins", $this.ResourceObject.Properties.AsAdministrators.members);
            }

            #No admins
            if($adminCount -eq 0)
            {
                $controlResult.AddMessage([VerificationResult]::Verify, "Analysis Services admins are not configured"); 
            
            }
            #Threshold case
            elseif($adminCount -gt 0 -and $adminCount -le $this.ControlSettings.AnalysisService.Max_Admin_Count)
            {
                $controlResult.AddMessage([VerificationResult]::Verify, 
                                            "Validate that the following users require admin access on Analysis Services", 
                                            $this.ResourceObject.Properties.AsAdministrators.members); 
            }
            #Number of admins are more than permissible limit
            else
            {
                $controlResult.AddMessage([VerificationResult]::Failed, 
                                "Number of admins exceeds the maximum recommended value of $($this.ControlSettings.AnalysisService.Max_Admin_Count). Validate that the following users require admin access on Analysis Services", 
                                $this.ResourceObject.Properties.AsAdministrators.members); 
            }
        }
        else
        {
            $controlResult.AddMessage([MessageData]::new("Not able to fetch the required data for the resource", [MessageType]::Error)); 
        }
        return $controlResult;
    }

    hidden [ControlResult] CheckAnalysisServicesBCDRStatus([ControlResult] $controlResult)
    {
        if($this.ResourceObject.Properties){
              #If Backup is enabled then Resource Properties object will have property with name 'backupBlobContainerUri'
              if(Get-Member -InputObject $this.ResourceObject.Properties -Name 'backupBlobContainerUri' -MemberType Properties)
                {
                     $controlResult.AddMessage([VerificationResult]::Passed,  [MessageData]::new("Backup is enabled"));
                }
                else
                {
                     $controlResult.AddMessage([VerificationResult]::Failed,  [MessageData]::new("Backup is not enabled"));
                }
        }
        else{
             $controlResult.AddMessage([MessageData]::new("Not able to fetch the required data for the resource", [MessageType]::Error)); 
        }

        return $controlResult;
    }
}