6.4.8

README.md

@@ -82,8 +82,9 @@ As an alternative, you can use the [Azure Governance Visualizer accelerator](htt
 
 ## Release history
 
-**Changes** (2024-May-24 / 6.4.7 Minor)
+**Changes** (2024-June-03 / 6.4.8 Minor)
 
+- ALZ policy refresh H2 FY24 (initiatives.json)
 - [DevSkim](https://github.com/microsoft/DevSkim-Action), [PSScriptAnalyzer](https://github.com/microsoft/psscriptanalyzer-action) and [OpenSSF Scorecard](https://github.com/ossf/scorecard?tab=readme-ov-file#scorecard-github-action) integration
 - fixes and optimization based on DevSkim, PSScriptAnalyzer and OpenSSF Scorecard findings
 - api version mapping in param block for cloud environment api version availability drift

history.md

@@ -4,8 +4,9 @@
 
 ### Azure Governance Visualizer version 6
 
-**Changes** (2024-May-24 / 6.4.7 Minor)
+**Changes** (2024-June-03 / 6.4.8 Minor)
 
+- ALZ policy refresh H2 FY24 (initiatives.json)
 - [DevSkim](https://github.com/microsoft/DevSkim-Action), [PSScriptAnalyzer](https://github.com/microsoft/psscriptanalyzer-action) and [OpenSSF Scorecard](https://github.com/ossf/scorecard?tab=readme-ov-file#scorecard-github-action) integration
 - fixes and optimization based on DevSkim, PSScriptAnalyzer and OpenSSF Scorecard findings
 - api version mapping in param block for cloud environment api version availability drift

pwsh/AzGovVizParallel.ps1

@@ -365,7 +365,7 @@ Param
     $Product = 'AzGovViz',
 
     [string]
-    $ProductVersion = '6.4.7',
+    $ProductVersion = '6.4.8',
 
     [string]
     $GithubRepository = 'aka.ms/AzGovViz',
@@ -5489,6 +5489,120 @@ function processALZPolicyVersionChecker {
             }
         }
 
+        #ALZ policy refresh H2 FY24 (initiatives.json)
+        $gitHistInitiatives = (git log --format="%ai`t%H`t%an`t%ae`t%s" -- ./eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json) | ConvertFrom-Csv -Delimiter "`t" -Header ('Date', 'CommitId', 'Author', 'Email', 'Subject')
+        $commitCount = 0
+        #$doNewALZPolicyReadingApproach = $false
+        foreach ($commit in $gitHistInitiatives | Sort-Object -Property Date) {
+
+            # if ($commit.CommitId -eq $ALZCommitId) {
+            #     $doNewALZPolicyReadingApproach = $true
+            # }
+            #Write-Host "processing commit $($commit.CommitId) - doNewALZPolicyReadingApproach: $doNewALZPolicyReadingApproach"
+            $commitCount++
+
+            $jsonRaw = git show "$($commit.CommitId):eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json"
+
+            #if ($doNewALZPolicyReadingApproach) {
+            $jsonESLZPolicySets = $jsonRaw -replace '\[\[', '[' | ConvertFrom-Json
+            [regex]$extractVariableName = "(?<=\[variables\(')[^']+"
+
+            $refsPolicySetDefinitionsAll = $extractVariableName.Matches($jsonESLZPolicySets.variables.loadPolicySetDefinitions.All).Value
+            $refsPolicySetDefinitionsAzureCloud = $extractVariableName.Matches($jsonESLZPolicySets.variables.loadPolicySetDefinitions.AzureCloud).Value
+            $refsPolicySetDefinitionsAzureChinaCloud = $extractVariableName.Matches($jsonESLZPolicySets.variables.loadPolicySetDefinitions.AzureChinaCloud).Value
+            $refsPolicySetDefinitionsAzureUSGovernment = $extractVariableName.Matches($jsonESLZPolicySets.variables.loadPolicySetDefinitions.AzureUSGovernment).Value
+            $listPolicySetDefinitionsAzureCloud = $refsPolicySetDefinitionsAll + $refsPolicySetDefinitionsAzureCloud
+            $listPolicySetDefinitionsAzureChinaCloud = $refsPolicySetDefinitionsAll + $refsPolicySetDefinitionsAzureChinaCloud
+            $listPolicySetDefinitionsAzureUSGovernment = $refsPolicySetDefinitionsAll + $refsPolicySetDefinitionsAzureUSGovernment
+            $policySetDefinitionsAzureCloud = $listPolicySetDefinitionsAzureCloud.ForEach({ $jsonESLZPolicySets.variables.$_ })
+            $policySetDefinitionsAzureChinaCloud = $listPolicySetDefinitionsAzureChinaCloud.ForEach({ $jsonESLZPolicySets.variables.$_ })
+            $policySetDefinitionsAzureUSGovernment = $listPolicySetDefinitionsAzureUSGovernment.ForEach({ $jsonESLZPolicySets.variables.$_ })
+
+            switch ($azAPICallConf['checkContext'].Environment.Name) {
+                'Azurecloud' {
+                    $policySetDefinitionsData = $policySetDefinitionsAzureCloud
+                }
+                'AzureChinaCloud' {
+                    $policySetDefinitionsData = $policySetDefinitionsAzureChinaCloud
+                }
+                'AzureUSGovernment' {
+                    $policySetDefinitionsData = $policySetDefinitionsAzureUSGovernment
+                }
+            }
+
+            foreach ($policySetDefinition in $policySetDefinitionsData) {
+
+                $policyJsonRebuild = $policySetDefinition | ConvertFrom-Json
+                $policyJsonParameters = $policyJsonRebuild.properties.parameters | ConvertTo-Json -Depth 99
+                $policyJsonPolicyDefinitions = $policyJsonRebuild.properties.policyDefinitions | ConvertTo-Json -Depth 99
+                $hashParameters = [System.Security.Cryptography.HashAlgorithm]::Create('sha256').ComputeHash([System.Text.Encoding]::UTF8.GetBytes($policyJsonParameters))
+                $stringHashParameters = [System.BitConverter]::ToString($hashParameters)
+                $hashPolicyDefinitions = [System.Security.Cryptography.HashAlgorithm]::Create('sha256').ComputeHash([System.Text.Encoding]::UTF8.GetBytes($policyJsonPolicyDefinitions))
+                $stringHashPolicyDefinitions = [System.BitConverter]::ToString($hashPolicyDefinitions)
+                $stringHash = "$($stringHashParameters)_$($stringHashPolicyDefinitions)"
+
+                if (-not $allESLZPolicySets.($policyJsonRebuild.name)) {
+                    $allESLZPolicySets.($policyJsonRebuild.name) = @{}
+                    $allESLZPolicySets.($policyJsonRebuild.name).version = [System.Collections.ArrayList]@()
+                    $null = $allESLZPolicySets.($policyJsonRebuild.name).version.Add($policyJsonRebuild.properties.metadata.version)
+                    $allESLZPolicySets.($policyJsonRebuild.name).$stringHash = $policyJsonRebuild.properties.metadata.version
+                    $allESLZPolicySets.($policyJsonRebuild.name).name = $policyJsonRebuild.name
+                    $allESLZPolicySets.($policyJsonRebuild.name).metadataSource = $policyJsonRebuild.properties.metadata.source
+                    if ($commitCount -eq $gitHistInitiatives.Count) {
+                        $allESLZPolicySets.($policyJsonRebuild.name).status = 'prod'
+                    }
+                    else {
+                        $allESLZPolicySets.($policyJsonRebuild.name).status = 'obsolete'
+                    }
+                }
+                else {
+                    if ($commitCount -eq $gitHistInitiatives.Count) {
+                        $allESLZPolicySets.($policyJsonRebuild.name).status = 'prod'
+                    }
+                    else {
+                        $allESLZPolicySets.($policyJsonRebuild.name).status = 'obsolete'
+                    }
+                    $allESLZPolicySets.($policyJsonRebuild.name).metadataSource = $policyJsonRebuild.properties.metadata.source
+                    if ($allESLZPolicySets.($policyJsonRebuild.name).version -notcontains $policyJsonRebuild.properties.metadata.version) {
+                        $null = $allESLZPolicySets.($policyJsonRebuild.name).version.Add($policyJsonRebuild.properties.metadata.version)
+                    }
+                    if (-not $allESLZPolicySets.($policyJsonRebuild.name).$stringHash) {
+                        $allESLZPolicySets.($policyJsonRebuild.name).$stringHash = $policyJsonRebuild.properties.metadata.version
+                    }
+                }
+
+                #hsh
+                if (-not $allESLZPolicySetHashes.($stringHash)) {
+                    $allESLZPolicySetHashes.($stringHash) = @{}
+                    $allESLZPolicySetHashes.($stringHash).version = [System.Collections.ArrayList]@()
+                    $null = $allESLZPolicySetHashes.($stringHash).version.Add($policyJsonRebuild.properties.metadata.version)
+                    $allESLZPolicySetHashes.($stringHash).name = $policyJsonRebuild.name
+                    $allESLZPolicySetHashes.($stringHash).metadataSource = $policyJsonRebuild.properties.metadata.source
+                    if ($commitCount -eq $gitHistInitiatives.Count) {
+                        $allESLZPolicySetHashes.($stringHash).status = 'prod'
+                    }
+                    else {
+                        $allESLZPolicySetHashes.($stringHash).status = 'obsolete'
+                    }
+                }
+                else {
+                    if ($commitCount -eq $gitHistInitiatives.Count) {
+                        $allESLZPolicySetHashes.($stringHash).status = 'prod'
+                    }
+                    else {
+                        $allESLZPolicySetHashes.($stringHash).status = 'obsolete'
+                    }
+                    $allESLZPolicySetHashes.($stringHash).metadataSource = $policyJsonRebuild.properties.metadata.source
+                    if ($allESLZPolicySetHashes.($stringHash).version -notcontains $policyJsonRebuild.properties.metadata.version) {
+                        $null = $allESLZPolicySetHashes.($stringHash).version.Add($policyJsonRebuild.properties.metadata.version)
+                    }
+                    if (-not $allESLZPolicySetHashes.($stringHash).($policyJsonRebuild.name)) {
+                        $allESLZPolicySetHashes.($stringHash).($policyJsonRebuild.name) = $policyJsonRebuild.name
+                    }
+                }
+            }
+            #}
+        }
 
         Write-Host " $($allESLZPolicies.Keys.Count) Azure Landing Zones (ALZ) Policy definitions ($($allESLZPolicies.Values.where({$_.status -eq 'Prod'}).Count) productive)"
         Write-Host " $($allESLZPolicySets.Keys.Count) Azure Landing Zones (ALZ) PolicySet definitions ($($allESLZPolicySets.Values.where({$_.status -eq 'Prod'}).Count) productive)"

pwsh/dev/devAzGovVizParallel.ps1

@@ -365,7 +365,7 @@ Param
     $Product = 'AzGovViz',
 
     [string]
-    $ProductVersion = '6.4.7',
+    $ProductVersion = '6.4.8',
 
     [string]
     $GithubRepository = 'aka.ms/AzGovViz',

pwsh/dev/functions/processALZPolicyVersionChecker.ps1

@@ -473,6 +473,120 @@
             }
         }
 
+        #ALZ policy refresh H2 FY24 (initiatives.json)
+        $gitHistInitiatives = (git log --format="%ai`t%H`t%an`t%ae`t%s" -- ./eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json) | ConvertFrom-Csv -Delimiter "`t" -Header ('Date', 'CommitId', 'Author', 'Email', 'Subject')
+        $commitCount = 0
+        #$doNewALZPolicyReadingApproach = $false
+        foreach ($commit in $gitHistInitiatives | Sort-Object -Property Date) {
+
+            # if ($commit.CommitId -eq $ALZCommitId) {
+            #     $doNewALZPolicyReadingApproach = $true
+            # }
+            #Write-Host "processing commit $($commit.CommitId) - doNewALZPolicyReadingApproach: $doNewALZPolicyReadingApproach"
+            $commitCount++
+
+            $jsonRaw = git show "$($commit.CommitId):eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json"
+
+            #if ($doNewALZPolicyReadingApproach) {
+            $jsonESLZPolicySets = $jsonRaw -replace '\[\[', '[' | ConvertFrom-Json
+            [regex]$extractVariableName = "(?<=\[variables\(')[^']+"
+
+            $refsPolicySetDefinitionsAll = $extractVariableName.Matches($jsonESLZPolicySets.variables.loadPolicySetDefinitions.All).Value
+            $refsPolicySetDefinitionsAzureCloud = $extractVariableName.Matches($jsonESLZPolicySets.variables.loadPolicySetDefinitions.AzureCloud).Value
+            $refsPolicySetDefinitionsAzureChinaCloud = $extractVariableName.Matches($jsonESLZPolicySets.variables.loadPolicySetDefinitions.AzureChinaCloud).Value
+            $refsPolicySetDefinitionsAzureUSGovernment = $extractVariableName.Matches($jsonESLZPolicySets.variables.loadPolicySetDefinitions.AzureUSGovernment).Value
+            $listPolicySetDefinitionsAzureCloud = $refsPolicySetDefinitionsAll + $refsPolicySetDefinitionsAzureCloud
+            $listPolicySetDefinitionsAzureChinaCloud = $refsPolicySetDefinitionsAll + $refsPolicySetDefinitionsAzureChinaCloud
+            $listPolicySetDefinitionsAzureUSGovernment = $refsPolicySetDefinitionsAll + $refsPolicySetDefinitionsAzureUSGovernment
+            $policySetDefinitionsAzureCloud = $listPolicySetDefinitionsAzureCloud.ForEach({ $jsonESLZPolicySets.variables.$_ })
+            $policySetDefinitionsAzureChinaCloud = $listPolicySetDefinitionsAzureChinaCloud.ForEach({ $jsonESLZPolicySets.variables.$_ })
+            $policySetDefinitionsAzureUSGovernment = $listPolicySetDefinitionsAzureUSGovernment.ForEach({ $jsonESLZPolicySets.variables.$_ })
+
+            switch ($azAPICallConf['checkContext'].Environment.Name) {
+                'Azurecloud' {
+                    $policySetDefinitionsData = $policySetDefinitionsAzureCloud
+                }
+                'AzureChinaCloud' {
+                    $policySetDefinitionsData = $policySetDefinitionsAzureChinaCloud
+                }
+                'AzureUSGovernment' {
+                    $policySetDefinitionsData = $policySetDefinitionsAzureUSGovernment
+                }
+            }
+
+            foreach ($policySetDefinition in $policySetDefinitionsData) {
+
+                $policyJsonRebuild = $policySetDefinition | ConvertFrom-Json
+                $policyJsonParameters = $policyJsonRebuild.properties.parameters | ConvertTo-Json -Depth 99
+                $policyJsonPolicyDefinitions = $policyJsonRebuild.properties.policyDefinitions | ConvertTo-Json -Depth 99
+                $hashParameters = [System.Security.Cryptography.HashAlgorithm]::Create('sha256').ComputeHash([System.Text.Encoding]::UTF8.GetBytes($policyJsonParameters))
+                $stringHashParameters = [System.BitConverter]::ToString($hashParameters)
+                $hashPolicyDefinitions = [System.Security.Cryptography.HashAlgorithm]::Create('sha256').ComputeHash([System.Text.Encoding]::UTF8.GetBytes($policyJsonPolicyDefinitions))
+                $stringHashPolicyDefinitions = [System.BitConverter]::ToString($hashPolicyDefinitions)
+                $stringHash = "$($stringHashParameters)_$($stringHashPolicyDefinitions)"
+
+                if (-not $allESLZPolicySets.($policyJsonRebuild.name)) {
+                    $allESLZPolicySets.($policyJsonRebuild.name) = @{}
+                    $allESLZPolicySets.($policyJsonRebuild.name).version = [System.Collections.ArrayList]@()
+                    $null = $allESLZPolicySets.($policyJsonRebuild.name).version.Add($policyJsonRebuild.properties.metadata.version)
+                    $allESLZPolicySets.($policyJsonRebuild.name).$stringHash = $policyJsonRebuild.properties.metadata.version
+                    $allESLZPolicySets.($policyJsonRebuild.name).name = $policyJsonRebuild.name
+                    $allESLZPolicySets.($policyJsonRebuild.name).metadataSource = $policyJsonRebuild.properties.metadata.source
+                    if ($commitCount -eq $gitHistInitiatives.Count) {
+                        $allESLZPolicySets.($policyJsonRebuild.name).status = 'prod'
+                    }
+                    else {
+                        $allESLZPolicySets.($policyJsonRebuild.name).status = 'obsolete'
+                    }
+                }
+                else {
+                    if ($commitCount -eq $gitHistInitiatives.Count) {
+                        $allESLZPolicySets.($policyJsonRebuild.name).status = 'prod'
+                    }
+                    else {
+                        $allESLZPolicySets.($policyJsonRebuild.name).status = 'obsolete'
+                    }
+                    $allESLZPolicySets.($policyJsonRebuild.name).metadataSource = $policyJsonRebuild.properties.metadata.source
+                    if ($allESLZPolicySets.($policyJsonRebuild.name).version -notcontains $policyJsonRebuild.properties.metadata.version) {
+                        $null = $allESLZPolicySets.($policyJsonRebuild.name).version.Add($policyJsonRebuild.properties.metadata.version)
+                    }
+                    if (-not $allESLZPolicySets.($policyJsonRebuild.name).$stringHash) {
+                        $allESLZPolicySets.($policyJsonRebuild.name).$stringHash = $policyJsonRebuild.properties.metadata.version
+                    }
+                }
+
+                #hsh
+                if (-not $allESLZPolicySetHashes.($stringHash)) {
+                    $allESLZPolicySetHashes.($stringHash) = @{}
+                    $allESLZPolicySetHashes.($stringHash).version = [System.Collections.ArrayList]@()
+                    $null = $allESLZPolicySetHashes.($stringHash).version.Add($policyJsonRebuild.properties.metadata.version)
+                    $allESLZPolicySetHashes.($stringHash).name = $policyJsonRebuild.name
+                    $allESLZPolicySetHashes.($stringHash).metadataSource = $policyJsonRebuild.properties.metadata.source
+                    if ($commitCount -eq $gitHistInitiatives.Count) {
+                        $allESLZPolicySetHashes.($stringHash).status = 'prod'
+                    }
+                    else {
+                        $allESLZPolicySetHashes.($stringHash).status = 'obsolete'
+                    }
+                }
+                else {
+                    if ($commitCount -eq $gitHistInitiatives.Count) {
+                        $allESLZPolicySetHashes.($stringHash).status = 'prod'
+                    }
+                    else {
+                        $allESLZPolicySetHashes.($stringHash).status = 'obsolete'
+                    }
+                    $allESLZPolicySetHashes.($stringHash).metadataSource = $policyJsonRebuild.properties.metadata.source
+                    if ($allESLZPolicySetHashes.($stringHash).version -notcontains $policyJsonRebuild.properties.metadata.version) {
+                        $null = $allESLZPolicySetHashes.($stringHash).version.Add($policyJsonRebuild.properties.metadata.version)
+                    }
+                    if (-not $allESLZPolicySetHashes.($stringHash).($policyJsonRebuild.name)) {
+                        $allESLZPolicySetHashes.($stringHash).($policyJsonRebuild.name) = $policyJsonRebuild.name
+                    }
+                }
+            }
+            #}
+        }
 
         Write-Host " $($allESLZPolicies.Keys.Count) Azure Landing Zones (ALZ) Policy definitions ($($allESLZPolicies.Values.where({$_.status -eq 'Prod'}).Count) productive)"
         Write-Host " $($allESLZPolicySets.Keys.Count) Azure Landing Zones (ALZ) PolicySet definitions ($($allESLZPolicySets.Values.where({$_.status -eq 'Prod'}).Count) productive)"

version.json

@@ -1,3 +1,3 @@
 {
-  "ProductVersion": "6.4.7"
+  "ProductVersion": "6.4.8"
 }