thereaper

1.0.2

thereaper.ps1


<#PSScriptInfo
 
.VERSION 1.0.2
 
.GUID fd91400e-efd8-4ae8-856d-6fa32b1250d3
 
.AUTHOR Chris Speers
 
.COMPANYNAME Avanade
 
.COPYRIGHT 2016 Avanade
 
.TAGS Azure ARM
 
.LICENSEURI
 
.PROJECTURI
 
.ICONURI
 
.EXTERNALMODULEDEPENDENCIES
 
.REQUIREDSCRIPTS
 
.EXTERNALSCRIPTDEPENDENCIES
 
.RELEASENOTES
 
#>

#Requires -Module Avanade.AzureAD

<#
    .DESCRIPTION
        Asynchronously deletes any resource groups not matching the desired tag set
    .PARAMETER ClientId
        The Azure AD Application Client Id
    .PARAMETER TenantId
        The Azure AD Tenant Id
    .PARAMETER ResourceId
        The Azure AD Authorized Resource Uri
    .PARAMETER ArmEndpoint
        The Azure Resource Manager Endpoint
    .PARAMETER ArmApiVersion
        The ARM Api Version
    .PARAMETER Credential
        The Credential to use
    .PARAMETER SubscriptionFilters
        Limit the scope to only the specified Subscription id's
    .PARAMETER RequiredTags
        The list of required tag names
    .PARAMETER AllowEmptyTags
        Keep resource groups with an empty tag value
    .PARAMETER DeleteEmpty
        Delete resource groups with no resources even if tagged properly
#>
[CmdletBinding()] 
Param
(
    [Parameter(Mandatory=$false)]
    [System.String]
    $ClientId='1950a258-227b-4e31-a9cf-717495945fc2',
    [Parameter(Mandatory=$false)]
    [System.String]
    $TenantId='common',
    [Parameter(Mandatory=$false)]
    [System.Uri]
    $ResourceId='https://management.core.windows.net',
    [Parameter(Mandatory=$false)]
    [System.Uri]
    $ArmEndpoint='https://management.azure.com',
    [Parameter(Mandatory=$false)]
    $ArmApiVersion='2015-11-01',  
    [Parameter(Mandatory=$true)]
    [PSCredential]
    [System.Management.Automation.Credential()]
    $Credential,
    [Parameter(Mandatory=$true)]
    [String[]]$RequiredTags,
    [Parameter(Mandatory=$false)]
    [String[]]
    $SubscriptionFilters,
    [Parameter(Mandatory=$false)]
    [Switch]
    $Whatif,
    [Parameter(Mandatory=$false)]
    [Switch]
    $AllowEmptyTags,
    [Parameter(Mandatory=$false)]
    [Switch]
    $DeleteEmpty     
)

$SubscriptionItems=@()
$InScopeSubscriptions=@()
$ResourceGroupsToPurge=@()
$ResourceGroupsToKeep=@()
$DeletedResourceGroups=@()

Write-Progress -Id 33 -Activity "Cleaning Resource Groups By Tag" -Status "Retrieving OAuth Token From Azure AD" -PercentComplete 5
$AuthToken=Get-AzureADUserToken -Resource $ResourceId -ClientId $ClientId -Credential $Credential -TenantId $TenantId
$Headers=@{Authorization="Bearer $($AuthToken.access_token)";}

Write-Progress -Id 33 -Activity "Cleaning Resource Groups By Tag" -Status "Retrieving Azure Subscriptions" -PercentComplete 15
$UriBld=New-Object System.UriBuilder($ArmEndpoint)
$UriBld.Path="Subscriptions"
$UriBld.Query="api-version=$ArmApiVersion"
$Subscriptions=@(Invoke-RestMethod -Uri $UriBld.Uri -ContentType "application/json" -Headers $Headers|Select-Object -ExpandProperty Value)

if(($null -ne $SubscriptionFilters) -and ($SubscriptionFilters.Count -gt 0))
{
    foreach($SubscriptionFilter in $SubscriptionFilters)
    {
        $FilteredSubs=$Subscriptions|Where-Object{$_.id -like "*$SubscriptionFilter*"}
        $FilteredSubs|ForEach-Object{$InScopeSubscriptions+=$_}
    }
}
else 
{
    $InScopeSubscriptions=$Subscriptions    
}

Write-Progress -Id 33 -Activity "Cleaning Resource Groups By Tag" -Status "Gathering Azure Subscription Detail" -PercentComplete 25
Write-Progress -ParentId 33 -Id 333 -Activity "Gathering Subscription Data" -PercentComplete 0
for ($i = 0; $i -lt $InScopeSubscriptions.Count; $i++)
{
    $SubProgress=($i/$InScopeSubscriptions.Count)*100

    $Subscription=$InScopeSubscriptions[$i]
    $SubResults=@{Subscription=$Subscription}

    Write-Progress -ParentId 33 -Id 333 -Activity "Gathering Subscription Data" -Status "Gathering Subscription $($Subscription.id) Providers" -PercentComplete $SubProgress
    $UriBld.Path="$($Subscription.id)/providers"
    $SubResult=Invoke-RestMethod -Uri $UriBld.Uri -ContentType "application/json" -Headers $Headers|Select-Object -ExpandProperty Value
    $SubResults.Providers=$SubResult

    Write-Progress -ParentId 33 -Id 333 -Activity "Gathering Subscription Data" -Status "Gathering Subscription $($Subscription.id) Resource Groups" -PercentComplete $SubProgress
    $UriBld.Path="$($Subscription.id)/resourceGroups"
    $ResourceGroups=Invoke-RestMethod -Uri $UriBld.Uri -ContentType "application/json" -Headers $Headers|Select-Object -ExpandProperty Value
    $SubResults.ResourceGroups=$ResourceGroups

    Write-Progress -ParentId 33 -Id 333 -Activity "Gathering Subscription Data" -Status "Gathering Subscription $($Subscription.id) Resources" -PercentComplete $SubProgress
    $UriBld.Path="$($Subscription.id)/resources"
    $Resources=Invoke-RestMethod -Uri $UriBld.Uri -ContentType "application/json" -Headers $Headers|Select-Object -ExpandProperty Value
    $SubResults.Resources=$Resources
    $SubscriptionItem=New-Object PSObject -Property $SubResults
    $SubscriptionItems+=$SubscriptionItem  
}
Write-Progress -ParentId 33 -Id 333 -Activity "Gathering Subscription Data" -Completed

Write-Progress -Id 33 -Activity "Cleaning Resource Groups By Tag" -Status "Evaluating Resource Group Tags" -PercentComplete 35
for ($i = 0; $i -lt $SubscriptionItems.Count; $i++)
{
    Write-Progress -ParentId 33 -Id 3333 -Activity "Examining Resource Group Tags" -PercentComplete 0
    $SubscriptionItem=$SubscriptionItems[$i]
    #Start with the ones we know we wanna kill..
    if($null -ne $SubscriptionItem.ResourceGroups)
    {
        $UntaggedResourceGroups=@($SubscriptionItem.ResourceGroups|Where-Object{$_.tags -eq $null})
        $UntaggedResourceGroups|ForEach-Object{Write-Verbose "Removing Untagged Resource Group $($_.id)";$ResourceGroupsToPurge+=$_;}
    }
    $TaggedResourceGroups=@($SubscriptionItem.ResourceGroups|Where-Object{$_.tags -ne $null})
    for ($t = 0; $t -lt $TaggedResourceGroups.Count; $t++) 
    {
        $TaggedResourceGroup=$TaggedResourceGroups[$t]
        Write-Verbose "Examining Resource Group $($TaggedResourceGroup.id)"
        $TagProgress=($t/$TaggedResourceGroups.Count)*100
        Write-Progress -ParentId 33 -Id 3333 -Activity "Examining Resource Group Tags" -Status "Examining Resource Group $($TaggedResourceGroup.id)" -PercentComplete $TagProgress
        $ResourceGroupResources=@($SubscriptionItem.Resources|Where-Object{$_.id -like "$($TaggedResourceGroup.id)*"})
        $ResourceGroupTagNames=$TaggedResourceGroup.tags|Get-Member -MemberType NoteProperty|Select-Object -ExpandProperty Name
        $AllTagsPresent=$true
        foreach ($RequiredTag in $RequiredTags)
        {
            #Check for the tag presence
            if($RequiredTag -notin $ResourceGroupTagNames)
            {
                Write-Verbose "Required Tag $RequiredTag is not present on $($TaggedResourceGroup.id)"
                $AllTagsPresent=$false
                break
            }
            else
            {
                #See if there is a value too...
                if(-not $AllowEmptyTags)
                {
                    if([String]::IsNullOrEmpty($TaggedResourceGroup.tags."$RequiredTag"))
                    {
                        Write-Verbose "Required Tag $RequiredTag is present but empty on $($TaggedResourceGroup.id)"
                        $AllTagsPresent=$false
                        break
                    }
                }    
            }
        }
        if($AllTagsPresent)
        {
            if($DeleteEmpty.IsPresent -and $ResourceGroupResources.Count -eq 0)
            {
                Write-Verbose "$($TaggedResourceGroup.id) is tagged but has no resources. It will be removed"
                $ResourceGroupsToPurge+=$TaggedResourceGroup
            }
            else
            {
                Write-Verbose "$($TaggedResourceGroup.id) is tagged and has resources. It will be kept"
                $ResourceGroupsToKeep+=$TaggedResourceGroup
            }
        }
        else
        {
            Write-Verbose "$($TaggedResourceGroup.id) is not properly tagged. It will be removed"
            $ResourceGroupsToPurge+=$TaggedResourceGroup
        }
    }
    Write-Progress -ParentId 33 -Id 3333 -Activity "Examining Resource Group Tags" -Completed
}

Write-Progress -Id 33 -Activity "Cleaning Resource Groups By Tag" -Status "Removing Resource Groups" -PercentComplete 50
Write-Progress -ParentId 33 -Id 33333 -Activity "Deleting $($ResourceGroupsToPurge.Count) Resource Groups" -PercentComplete 0
for ($i = 0; $i -lt $ResourceGroupsToPurge.Count; $i++) 
{
    $PurgeProgress=($i/$ResourceGroupsToPurge.Count)*100
    $ResourceGroupToPurge=$ResourceGroupsToPurge[$i]
    Write-Progress -ParentId 33 -Id 33333 -Activity 'Deleting Resource Groups' `
        -Status "Deleting Resource Group $($ResourceGroupToPurge.id)" -PercentComplete $PurgeProgress
    try
    {
        Write-Verbose "Deleting Resource Group $($ResourceGroupToPurge.id)"
        $UriBld.Path=$ResourceGroupToPurge.id
        if(-not $Whatif)
        {
            Invoke-RestMethod -Method Delete -Uri $UriBld.Uri -Headers $Headers|Out-Null
        }
        $DeletedResourceGroups+=$ResourceGroupToPurge
    }
    catch
    {
        Write-Warning "Error deleting resource group $($ResourceGroupToPurge.id) $_"
    }    
}
Write-Progress -ParentId 33 -Id 33333 -Activity 'Deleting Resource Groups' -Completed
Write-Progress -Id 33 -Activity "Cleaning Resource Groups By Tag" -Completed

$ProcessResult=New-Object PSObject -Property @{
    ResourceGroupsRetained=$ResourceGroupsToKeep;
    ResourceGroupsDeleted=$DeletedResourceGroups;
}
return $ProcessResult