Framework/Core/SVT/Services/CDN.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
Set-StrictMode -Version Latest
class CDN: AzSVTBase
{
    hidden [PSObject] $ResourceObject;

    CDN([string] $subscriptionId, [SVTResource] $svtResource):
        Base($subscriptionId, $svtResource)
    {
       
    }

    hidden [ControlResult] CheckCDNHttpsProtocol([ControlResult] $controlResult)
    {
        $cdnEndpoints = Get-AzCdnEndpoint -ProfileName $this.ResourceContext.ResourceName `
                            -ResourceGroupName $this.ResourceContext.ResourceGroupName `
                            -ErrorAction Stop
        
        if(($cdnEndpoints | Measure-Object).Count -eq 0)
        {
            $controlResult.AddMessage([VerificationResult]::Passed,
                                        [MessageData]::new("No CDN endpoints are found in the CDN profile.")); 
        }
        else
        {
            $httpAllowedEndpointList =  $cdnEndpoints | Where-Object { $_.IsHttpAllowed -eq $true }

            if(($httpAllowedEndpointList | Measure-Object).Count -eq 0)
            {
                $controlResult.AddMessage([VerificationResult]::Passed,
                                        [MessageData]::new("All CDN endpoints in the CDN profile [" + $this.ResourceContext.ResourceName + "] are using HTTPS protocol only - ", ($cdnEndpoints | Select-Object -Property Name, HostName, OriginHostHeader, IsHttpAllowed, IsHttpsAllowed))); 
            }
            else
            {
                $httpEndpointObjList=@()
                $httpAllowedEndpointList| Foreach-Object {
                    $httpEndpointObj = New-Object -TypeName PSObject
                    $httpEndpointObj | Add-Member -NotePropertyName HostName -NotePropertyValue $_.HostName
                    $httpEndpointObj | Add-Member -NotePropertyName IsHttpAllowed -NotePropertyValue $_.IsHttpAllowed
                    $httpEndpointObj | Add-Member -NotePropertyName IsHttpsAllowed -NotePropertyValue $_.IsHttpsAllowed
                    $httpEndpointObjList+=$httpEndpointObj
                    }

                $controlResult.SetStateData("Http Enabled Endpoints", $httpEndpointObjList);
                $controlResult.EnableFixControl = $true;
                $controlResult.AddMessage([VerificationResult]::Failed,
                                        [MessageData]::new("Below CDN endpoints in the CDN profile [" + $this.ResourceContext.ResourceName + "] are using HTTP protocol - ", ($httpAllowedEndpointList | Select-Object -Property Name, HostName, OriginHostHeader, IsHttpAllowed, IsHttpsAllowed))); 
            }
        }
 
        return $controlResult;    
    }
}