Framework/Core/SVT/Services/ContainerInstances.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
Set-StrictMode -Version Latest 
class ContainerInstances: AzSVTBase
{       
    hidden [PSObject] $ResourceObject;

    ContainerInstances([string] $subscriptionId, [SVTResource] $svtResource): 
        Base($subscriptionId, $svtResource) 
    { 
        $this.GetResourceObject();
    }

    hidden [PSObject] GetResourceObject()
    {
        if (-not $this.ResourceObject) 
        {
           # $this.ResourceObject = Get-AzureRmContainerGroup -Name $this.ResourceContext.ResourceName `
                                            #-ResourceGroupName $this.ResourceContext.ResourceGroupName -ErrorAction SilentlyContinue

            $this.ResourceObject = Get-AzResource -Name $this.ResourceContext.ResourceName `
                                            -ResourceGroupName $this.ResourceContext.ResourceGroupName -ResourceType $this.ResourceContext.ResourceType -ExpandProperties

            if(-not $this.ResourceObject)
            {
                throw ([SuppressedException]::new(("Resource '{0}' not found under Resource Group '{1}'" -f ($this.ResourceContext.ResourceName), ($this.ResourceContext.ResourceGroupName)), [SuppressedExceptionType]::InvalidOperation))
            }
        }
        return $this.ResourceObject;
    }

    hidden [ControlResult] CheckPublicIPAndPorts([ControlResult] $controlResult)
    {
        if([Helpers]::CheckMember($this.ResourceObject, "properties.ipAddress"))
        {
            $controlResult.VerificationResult = [VerificationResult]::Verify; 
            $controlResult.SetStateData("Public IP address and ports assigned to the container", $this.ResourceObject.properties.ipAddress);
            $controlResult.AddMessage([MessageData]::new("Review following public IP address and ports assignment to the container - ["+ $this.ResourceContext.ResourceName +"]",
                                $this.ResourceObject.properties.ipAddress));
        }
        else
        {
            $controlResult.AddMessage([VerificationResult]::Passed, 
                            [MessageData]::new("No public IP address has been assigned to the container - ["+ $this.ResourceContext.ResourceName +"]"));
        }
  
        return $controlResult;
    }

    hidden [ControlResult] CheckContainerImage([ControlResult] $controlResult)
    {
        $controlResult.VerificationResult = [VerificationResult]::Verify; 
        if([Helpers]::CheckMember($this.ResourceObject, "properties.containers"))
        {
            $containerImages = @();
            $containerImages += $this.ResourceObject.properties.containers | Select-Object name, @{ Label="image"; Expression={ $_.properties.image } };
            if($containerImages.Count -ne 0)
            {
                $controlResult.SetStateData("Containers and their images", $containerImages);
                $controlResult.AddMessage([MessageData]::new("Review following images utilized by containers. Make sure their source is trustworthy.",
                                    $containerImages));
            }
            else
            {
                $controlResult.AddMessage([MessageData]::new("No containers are found under container group - ["+ $this.ResourceContext.ResourceName +"]"));
            }    
        }
        else
        {
            $controlResult.AddMessage([MessageData]::new("No containers are found under container group - ["+ $this.ResourceContext.ResourceName +"]"));
        }
  
        return $controlResult;
    }    

    hidden [ControlResult] CheckRegistry([ControlResult] $controlResult)
    {
        $controlResult.VerificationResult = [VerificationResult]::Verify; 
        if([Helpers]::CheckMember($this.ResourceObject, "Properties.imageRegistryCredentials"))
        {
            $registry = @();
            $registry += $this.ResourceObject.Properties.imageRegistryCredentials | Select-Object server | Select-Object -ExpandProperty server -Unique;
            if($registry.Count -ne 0)
            {
                $controlResult.SetStateData("Container registry", $registry);
                $controlResult.AddMessage([MessageData]::new("Make sure the following registry is trustworthy.",
                                    $registry));
            }
            else
            {
                $controlResult.AddMessage([MessageData]::new("Containers are utilizing default public registry for container group - ["+ $this.ResourceContext.ResourceName +"]"));
            }    
        }
        else
        {
            $controlResult.AddMessage([MessageData]::new("Containers are utilizing default public registry for container group - ["+ $this.ResourceContext.ResourceName +"]"));
        }
  
        return $controlResult;
    }
    
    hidden [ControlResult] CheckContainerTrust([ControlResult] $controlResult)
    {
        if([Helpers]::CheckMember($this.ResourceObject, "properties.containers"))
        {
            $containers = @();
            $containers += $this.ResourceObject.properties.containers | Select-Object name | Select-Object -ExpandProperty name;

            if($containers.Count -gt 1)
            {
                $controlResult.SetStateData("Containers", $containers);
                $controlResult.AddMessage([VerificationResult]::Verify, [MessageData]::new("Make sure that following containers trust each other.",
                                    $containers));
            }
            elseif($containers.Count -eq 1)
            {
                $controlResult.AddMessage([VerificationResult]::Passed, 
                                            [MessageData]::new("Only 1 container is found under container group - ["+ $this.ResourceContext.ResourceName +"]", $containers));
            }
            else
            {
                $controlResult.AddMessage([VerificationResult]::Passed, [MessageData]::new("No containers are found under container group - ["+ $this.ResourceContext.ResourceName +"]"));
            }
        }
        else
        {
            $controlResult.AddMessage([VerificationResult]::Passed, [MessageData]::new("No containers are found under container group - ["+ $this.ResourceContext.ResourceName +"]"));
        }
  
        return $controlResult;
    }
}