diff --git a/README.md b/README.md index a35fe28d..aa8de273 100644 --- a/README.md +++ b/README.md @@ -82,8 +82,9 @@ As an alternative, you can use the [Azure Governance Visualizer accelerator](htt ## Release history -**Changes** (2024-May-24 / 6.4.7 Minor) +**Changes** (2024-June-03 / 6.4.8 Minor) +- ALZ policy refresh H2 FY24 (initiatives.json) - [DevSkim](https://github.com/microsoft/DevSkim-Action), [PSScriptAnalyzer](https://github.com/microsoft/psscriptanalyzer-action) and [OpenSSF Scorecard](https://github.com/ossf/scorecard?tab=readme-ov-file#scorecard-github-action) integration - fixes and optimization based on DevSkim, PSScriptAnalyzer and OpenSSF Scorecard findings - api version mapping in param block for cloud environment api version availability drift diff --git a/history.md b/history.md index 7ddf5ace..68de6e8e 100644 --- a/history.md +++ b/history.md @@ -4,8 +4,9 @@ ### Azure Governance Visualizer version 6 -**Changes** (2024-May-24 / 6.4.7 Minor) +**Changes** (2024-June-03 / 6.4.8 Minor) +- ALZ policy refresh H2 FY24 (initiatives.json) - [DevSkim](https://github.com/microsoft/DevSkim-Action), [PSScriptAnalyzer](https://github.com/microsoft/psscriptanalyzer-action) and [OpenSSF Scorecard](https://github.com/ossf/scorecard?tab=readme-ov-file#scorecard-github-action) integration - fixes and optimization based on DevSkim, PSScriptAnalyzer and OpenSSF Scorecard findings - api version mapping in param block for cloud environment api version availability drift diff --git a/pwsh/AzGovVizParallel.ps1 b/pwsh/AzGovVizParallel.ps1 index 3a581957..b14abae7 100644 --- a/pwsh/AzGovVizParallel.ps1 +++ b/pwsh/AzGovVizParallel.ps1 @@ -365,7 +365,7 @@ Param $Product = 'AzGovViz', [string] - $ProductVersion = '6.4.7', + $ProductVersion = '6.4.8', [string] $GithubRepository = 'aka.ms/AzGovViz', @@ -5489,6 +5489,120 @@ function processALZPolicyVersionChecker { } } + #ALZ policy refresh H2 FY24 (initiatives.json) + $gitHistInitiatives = (git log --format="%ai`t%H`t%an`t%ae`t%s" -- ./eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json) | ConvertFrom-Csv -Delimiter "`t" -Header ('Date', 'CommitId', 'Author', 'Email', 'Subject') + $commitCount = 0 + #$doNewALZPolicyReadingApproach = $false + foreach ($commit in $gitHistInitiatives | Sort-Object -Property Date) { + + # if ($commit.CommitId -eq $ALZCommitId) { + # $doNewALZPolicyReadingApproach = $true + # } + #Write-Host "processing commit $($commit.CommitId) - doNewALZPolicyReadingApproach: $doNewALZPolicyReadingApproach" + $commitCount++ + + $jsonRaw = git show "$($commit.CommitId):eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json" + + #if ($doNewALZPolicyReadingApproach) { + $jsonESLZPolicySets = $jsonRaw -replace '\[\[', '[' | ConvertFrom-Json + [regex]$extractVariableName = "(?<=\[variables\(')[^']+" + + $refsPolicySetDefinitionsAll = $extractVariableName.Matches($jsonESLZPolicySets.variables.loadPolicySetDefinitions.All).Value + $refsPolicySetDefinitionsAzureCloud = $extractVariableName.Matches($jsonESLZPolicySets.variables.loadPolicySetDefinitions.AzureCloud).Value + $refsPolicySetDefinitionsAzureChinaCloud = $extractVariableName.Matches($jsonESLZPolicySets.variables.loadPolicySetDefinitions.AzureChinaCloud).Value + $refsPolicySetDefinitionsAzureUSGovernment = $extractVariableName.Matches($jsonESLZPolicySets.variables.loadPolicySetDefinitions.AzureUSGovernment).Value + $listPolicySetDefinitionsAzureCloud = $refsPolicySetDefinitionsAll + $refsPolicySetDefinitionsAzureCloud + $listPolicySetDefinitionsAzureChinaCloud = $refsPolicySetDefinitionsAll + $refsPolicySetDefinitionsAzureChinaCloud + $listPolicySetDefinitionsAzureUSGovernment = $refsPolicySetDefinitionsAll + $refsPolicySetDefinitionsAzureUSGovernment + $policySetDefinitionsAzureCloud = $listPolicySetDefinitionsAzureCloud.ForEach({ $jsonESLZPolicySets.variables.$_ }) + $policySetDefinitionsAzureChinaCloud = $listPolicySetDefinitionsAzureChinaCloud.ForEach({ $jsonESLZPolicySets.variables.$_ }) + $policySetDefinitionsAzureUSGovernment = $listPolicySetDefinitionsAzureUSGovernment.ForEach({ $jsonESLZPolicySets.variables.$_ }) + + switch ($azAPICallConf['checkContext'].Environment.Name) { + 'Azurecloud' { + $policySetDefinitionsData = $policySetDefinitionsAzureCloud + } + 'AzureChinaCloud' { + $policySetDefinitionsData = $policySetDefinitionsAzureChinaCloud + } + 'AzureUSGovernment' { + $policySetDefinitionsData = $policySetDefinitionsAzureUSGovernment + } + } + + foreach ($policySetDefinition in $policySetDefinitionsData) { + + $policyJsonRebuild = $policySetDefinition | ConvertFrom-Json + $policyJsonParameters = $policyJsonRebuild.properties.parameters | ConvertTo-Json -Depth 99 + $policyJsonPolicyDefinitions = $policyJsonRebuild.properties.policyDefinitions | ConvertTo-Json -Depth 99 + $hashParameters = [System.Security.Cryptography.HashAlgorithm]::Create('sha256').ComputeHash([System.Text.Encoding]::UTF8.GetBytes($policyJsonParameters)) + $stringHashParameters = [System.BitConverter]::ToString($hashParameters) + $hashPolicyDefinitions = [System.Security.Cryptography.HashAlgorithm]::Create('sha256').ComputeHash([System.Text.Encoding]::UTF8.GetBytes($policyJsonPolicyDefinitions)) + $stringHashPolicyDefinitions = [System.BitConverter]::ToString($hashPolicyDefinitions) + $stringHash = "$($stringHashParameters)_$($stringHashPolicyDefinitions)" + + if (-not $allESLZPolicySets.($policyJsonRebuild.name)) { + $allESLZPolicySets.($policyJsonRebuild.name) = @{} + $allESLZPolicySets.($policyJsonRebuild.name).version = [System.Collections.ArrayList]@() + $null = $allESLZPolicySets.($policyJsonRebuild.name).version.Add($policyJsonRebuild.properties.metadata.version) + $allESLZPolicySets.($policyJsonRebuild.name).$stringHash = $policyJsonRebuild.properties.metadata.version + $allESLZPolicySets.($policyJsonRebuild.name).name = $policyJsonRebuild.name + $allESLZPolicySets.($policyJsonRebuild.name).metadataSource = $policyJsonRebuild.properties.metadata.source + if ($commitCount -eq $gitHistInitiatives.Count) { + $allESLZPolicySets.($policyJsonRebuild.name).status = 'prod' + } + else { + $allESLZPolicySets.($policyJsonRebuild.name).status = 'obsolete' + } + } + else { + if ($commitCount -eq $gitHistInitiatives.Count) { + $allESLZPolicySets.($policyJsonRebuild.name).status = 'prod' + } + else { + $allESLZPolicySets.($policyJsonRebuild.name).status = 'obsolete' + } + $allESLZPolicySets.($policyJsonRebuild.name).metadataSource = $policyJsonRebuild.properties.metadata.source + if ($allESLZPolicySets.($policyJsonRebuild.name).version -notcontains $policyJsonRebuild.properties.metadata.version) { + $null = $allESLZPolicySets.($policyJsonRebuild.name).version.Add($policyJsonRebuild.properties.metadata.version) + } + if (-not $allESLZPolicySets.($policyJsonRebuild.name).$stringHash) { + $allESLZPolicySets.($policyJsonRebuild.name).$stringHash = $policyJsonRebuild.properties.metadata.version + } + } + + #hsh + if (-not $allESLZPolicySetHashes.($stringHash)) { + $allESLZPolicySetHashes.($stringHash) = @{} + $allESLZPolicySetHashes.($stringHash).version = [System.Collections.ArrayList]@() + $null = $allESLZPolicySetHashes.($stringHash).version.Add($policyJsonRebuild.properties.metadata.version) + $allESLZPolicySetHashes.($stringHash).name = $policyJsonRebuild.name + $allESLZPolicySetHashes.($stringHash).metadataSource = $policyJsonRebuild.properties.metadata.source + if ($commitCount -eq $gitHistInitiatives.Count) { + $allESLZPolicySetHashes.($stringHash).status = 'prod' + } + else { + $allESLZPolicySetHashes.($stringHash).status = 'obsolete' + } + } + else { + if ($commitCount -eq $gitHistInitiatives.Count) { + $allESLZPolicySetHashes.($stringHash).status = 'prod' + } + else { + $allESLZPolicySetHashes.($stringHash).status = 'obsolete' + } + $allESLZPolicySetHashes.($stringHash).metadataSource = $policyJsonRebuild.properties.metadata.source + if ($allESLZPolicySetHashes.($stringHash).version -notcontains $policyJsonRebuild.properties.metadata.version) { + $null = $allESLZPolicySetHashes.($stringHash).version.Add($policyJsonRebuild.properties.metadata.version) + } + if (-not $allESLZPolicySetHashes.($stringHash).($policyJsonRebuild.name)) { + $allESLZPolicySetHashes.($stringHash).($policyJsonRebuild.name) = $policyJsonRebuild.name + } + } + } + #} + } Write-Host " $($allESLZPolicies.Keys.Count) Azure Landing Zones (ALZ) Policy definitions ($($allESLZPolicies.Values.where({$_.status -eq 'Prod'}).Count) productive)" Write-Host " $($allESLZPolicySets.Keys.Count) Azure Landing Zones (ALZ) PolicySet definitions ($($allESLZPolicySets.Values.where({$_.status -eq 'Prod'}).Count) productive)" diff --git a/pwsh/dev/devAzGovVizParallel.ps1 b/pwsh/dev/devAzGovVizParallel.ps1 index 531be3d6..67c10156 100644 --- a/pwsh/dev/devAzGovVizParallel.ps1 +++ b/pwsh/dev/devAzGovVizParallel.ps1 @@ -365,7 +365,7 @@ Param $Product = 'AzGovViz', [string] - $ProductVersion = '6.4.7', + $ProductVersion = '6.4.8', [string] $GithubRepository = 'aka.ms/AzGovViz', diff --git a/pwsh/dev/functions/processALZPolicyVersionChecker.ps1 b/pwsh/dev/functions/processALZPolicyVersionChecker.ps1 index 9763b691..12424869 100644 --- a/pwsh/dev/functions/processALZPolicyVersionChecker.ps1 +++ b/pwsh/dev/functions/processALZPolicyVersionChecker.ps1 @@ -473,6 +473,120 @@ } } + #ALZ policy refresh H2 FY24 (initiatives.json) + $gitHistInitiatives = (git log --format="%ai`t%H`t%an`t%ae`t%s" -- ./eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json) | ConvertFrom-Csv -Delimiter "`t" -Header ('Date', 'CommitId', 'Author', 'Email', 'Subject') + $commitCount = 0 + #$doNewALZPolicyReadingApproach = $false + foreach ($commit in $gitHistInitiatives | Sort-Object -Property Date) { + + # if ($commit.CommitId -eq $ALZCommitId) { + # $doNewALZPolicyReadingApproach = $true + # } + #Write-Host "processing commit $($commit.CommitId) - doNewALZPolicyReadingApproach: $doNewALZPolicyReadingApproach" + $commitCount++ + + $jsonRaw = git show "$($commit.CommitId):eslzArm/managementGroupTemplates/policyDefinitions/initiatives.json" + + #if ($doNewALZPolicyReadingApproach) { + $jsonESLZPolicySets = $jsonRaw -replace '\[\[', '[' | ConvertFrom-Json + [regex]$extractVariableName = "(?<=\[variables\(')[^']+" + + $refsPolicySetDefinitionsAll = $extractVariableName.Matches($jsonESLZPolicySets.variables.loadPolicySetDefinitions.All).Value + $refsPolicySetDefinitionsAzureCloud = $extractVariableName.Matches($jsonESLZPolicySets.variables.loadPolicySetDefinitions.AzureCloud).Value + $refsPolicySetDefinitionsAzureChinaCloud = $extractVariableName.Matches($jsonESLZPolicySets.variables.loadPolicySetDefinitions.AzureChinaCloud).Value + $refsPolicySetDefinitionsAzureUSGovernment = $extractVariableName.Matches($jsonESLZPolicySets.variables.loadPolicySetDefinitions.AzureUSGovernment).Value + $listPolicySetDefinitionsAzureCloud = $refsPolicySetDefinitionsAll + $refsPolicySetDefinitionsAzureCloud + $listPolicySetDefinitionsAzureChinaCloud = $refsPolicySetDefinitionsAll + $refsPolicySetDefinitionsAzureChinaCloud + $listPolicySetDefinitionsAzureUSGovernment = $refsPolicySetDefinitionsAll + $refsPolicySetDefinitionsAzureUSGovernment + $policySetDefinitionsAzureCloud = $listPolicySetDefinitionsAzureCloud.ForEach({ $jsonESLZPolicySets.variables.$_ }) + $policySetDefinitionsAzureChinaCloud = $listPolicySetDefinitionsAzureChinaCloud.ForEach({ $jsonESLZPolicySets.variables.$_ }) + $policySetDefinitionsAzureUSGovernment = $listPolicySetDefinitionsAzureUSGovernment.ForEach({ $jsonESLZPolicySets.variables.$_ }) + + switch ($azAPICallConf['checkContext'].Environment.Name) { + 'Azurecloud' { + $policySetDefinitionsData = $policySetDefinitionsAzureCloud + } + 'AzureChinaCloud' { + $policySetDefinitionsData = $policySetDefinitionsAzureChinaCloud + } + 'AzureUSGovernment' { + $policySetDefinitionsData = $policySetDefinitionsAzureUSGovernment + } + } + + foreach ($policySetDefinition in $policySetDefinitionsData) { + + $policyJsonRebuild = $policySetDefinition | ConvertFrom-Json + $policyJsonParameters = $policyJsonRebuild.properties.parameters | ConvertTo-Json -Depth 99 + $policyJsonPolicyDefinitions = $policyJsonRebuild.properties.policyDefinitions | ConvertTo-Json -Depth 99 + $hashParameters = [System.Security.Cryptography.HashAlgorithm]::Create('sha256').ComputeHash([System.Text.Encoding]::UTF8.GetBytes($policyJsonParameters)) + $stringHashParameters = [System.BitConverter]::ToString($hashParameters) + $hashPolicyDefinitions = [System.Security.Cryptography.HashAlgorithm]::Create('sha256').ComputeHash([System.Text.Encoding]::UTF8.GetBytes($policyJsonPolicyDefinitions)) + $stringHashPolicyDefinitions = [System.BitConverter]::ToString($hashPolicyDefinitions) + $stringHash = "$($stringHashParameters)_$($stringHashPolicyDefinitions)" + + if (-not $allESLZPolicySets.($policyJsonRebuild.name)) { + $allESLZPolicySets.($policyJsonRebuild.name) = @{} + $allESLZPolicySets.($policyJsonRebuild.name).version = [System.Collections.ArrayList]@() + $null = $allESLZPolicySets.($policyJsonRebuild.name).version.Add($policyJsonRebuild.properties.metadata.version) + $allESLZPolicySets.($policyJsonRebuild.name).$stringHash = $policyJsonRebuild.properties.metadata.version + $allESLZPolicySets.($policyJsonRebuild.name).name = $policyJsonRebuild.name + $allESLZPolicySets.($policyJsonRebuild.name).metadataSource = $policyJsonRebuild.properties.metadata.source + if ($commitCount -eq $gitHistInitiatives.Count) { + $allESLZPolicySets.($policyJsonRebuild.name).status = 'prod' + } + else { + $allESLZPolicySets.($policyJsonRebuild.name).status = 'obsolete' + } + } + else { + if ($commitCount -eq $gitHistInitiatives.Count) { + $allESLZPolicySets.($policyJsonRebuild.name).status = 'prod' + } + else { + $allESLZPolicySets.($policyJsonRebuild.name).status = 'obsolete' + } + $allESLZPolicySets.($policyJsonRebuild.name).metadataSource = $policyJsonRebuild.properties.metadata.source + if ($allESLZPolicySets.($policyJsonRebuild.name).version -notcontains $policyJsonRebuild.properties.metadata.version) { + $null = $allESLZPolicySets.($policyJsonRebuild.name).version.Add($policyJsonRebuild.properties.metadata.version) + } + if (-not $allESLZPolicySets.($policyJsonRebuild.name).$stringHash) { + $allESLZPolicySets.($policyJsonRebuild.name).$stringHash = $policyJsonRebuild.properties.metadata.version + } + } + + #hsh + if (-not $allESLZPolicySetHashes.($stringHash)) { + $allESLZPolicySetHashes.($stringHash) = @{} + $allESLZPolicySetHashes.($stringHash).version = [System.Collections.ArrayList]@() + $null = $allESLZPolicySetHashes.($stringHash).version.Add($policyJsonRebuild.properties.metadata.version) + $allESLZPolicySetHashes.($stringHash).name = $policyJsonRebuild.name + $allESLZPolicySetHashes.($stringHash).metadataSource = $policyJsonRebuild.properties.metadata.source + if ($commitCount -eq $gitHistInitiatives.Count) { + $allESLZPolicySetHashes.($stringHash).status = 'prod' + } + else { + $allESLZPolicySetHashes.($stringHash).status = 'obsolete' + } + } + else { + if ($commitCount -eq $gitHistInitiatives.Count) { + $allESLZPolicySetHashes.($stringHash).status = 'prod' + } + else { + $allESLZPolicySetHashes.($stringHash).status = 'obsolete' + } + $allESLZPolicySetHashes.($stringHash).metadataSource = $policyJsonRebuild.properties.metadata.source + if ($allESLZPolicySetHashes.($stringHash).version -notcontains $policyJsonRebuild.properties.metadata.version) { + $null = $allESLZPolicySetHashes.($stringHash).version.Add($policyJsonRebuild.properties.metadata.version) + } + if (-not $allESLZPolicySetHashes.($stringHash).($policyJsonRebuild.name)) { + $allESLZPolicySetHashes.($stringHash).($policyJsonRebuild.name) = $policyJsonRebuild.name + } + } + } + #} + } Write-Host " $($allESLZPolicies.Keys.Count) Azure Landing Zones (ALZ) Policy definitions ($($allESLZPolicies.Values.where({$_.status -eq 'Prod'}).Count) productive)" Write-Host " $($allESLZPolicySets.Keys.Count) Azure Landing Zones (ALZ) PolicySet definitions ($($allESLZPolicySets.Values.where({$_.status -eq 'Prod'}).Count) productive)" diff --git a/version.json b/version.json index c80cd715..b642bbbb 100644 --- a/version.json +++ b/version.json @@ -1,3 +1,3 @@ { - "ProductVersion": "6.4.7" + "ProductVersion": "6.4.8" } \ No newline at end of file