v6_major_20230315_1

JulianHayward · Mar 15, 2023 · 14a2e07 · 14a2e07
1 parent f39e2a1
commit 14a2e07
Show file tree

Hide file tree

Showing 13 changed files with 449 additions and 205 deletions.
diff --git a/README.md b/README.md
@@ -71,13 +71,12 @@ Listed as [security monitoring tool](https://docs.microsoft.com/en-us/azure/arch
 
 ## Release history
 
-__Changes__ (2023-Mar-08 / Major)
+__Changes__ (2023-Mar-15 / Major)
 
-* Extended the 'Cost optimization & cleanup' feature (HTML __TenantSummary__/Subscriptions, Resources & Defender) with application gateways with empty backend pools' - thanks @sebassem
-* New feature Policy Remediation (HTML __TenantSummary__/Policy, CSV export)
-  * Fix: it is indeed possible that no Policy definitions require remediation
-* Update `/.azuredevops/pipelines/AzGovViz.pipeline.yml` and `/.azuredevops/pipelines/AzGovViz.variables.yml`. Added guidance (issue [#173](https://github.com/JulianHayward/Azure-MG-Sub-Governance-Reporting/issues/173)): if using the publish to webApp feature the ManagementGroupId variable must have correct casing (Linux!=linuX)
-* Minor optimizations
+* Enhance __TenantSummary__/Subscriptions information with Advisor scores + CSV export *_SubscriptionDetails.csv
+* Fix feature Policy Remediation
+  * Exclude policy/assignments from out-of-scope scopes from processing (e.g. disabled subscription)
+* Fix `-NoCsvExport` parameter reliablity
 
 Passed tests: Powershell Core 7.3.3 on Windows  
 Passed tests: Powershell Core 7.2.10 Azure DevOps hosted agent ubuntu-22.04  

diff --git a/history.md b/history.md
@@ -4,6 +4,13 @@
 
 ### Azure Governance Visualizer version 6
 
+__Changes__ (2023-Mar-15 / Major)
+
+* Enhance __TenantSummary__/Subscriptions information with Advisor scores + CSV export *_SubscriptionDetails.csv
+* Fix feature Policy Remediation
+  * Exclude policy/assignments from out-of-scope scopes from processing (e.g. disabled subscription)
+* Fix `-NoCsvExport` parameter reliablity
+
 __Changes__ (2023-Mar-08 / Major)
 
 * Extended the 'Cost optimization & cleanup' feature (HTML __TenantSummary__/Subscriptions, Resources & Defender) with application gateways with empty backend pools' - thanks @sebassem

diff --git a/pwsh/AzGovVizParallel.ps1 b/pwsh/AzGovVizParallel.ps1
diff --git a/pwsh/dev/devAzGovVizParallel.ps1 b/pwsh/dev/devAzGovVizParallel.ps1
@@ -362,7 +362,7 @@ Param
     $AzAPICallVersion = '1.1.70',
 
     [string]
-    $ProductVersion = 'v6_major_20230308_3',
+    $ProductVersion = 'v6_major_20230315_1',
 
     [string]
     $GithubRepository = 'aka.ms/AzGovViz',
@@ -1121,8 +1121,10 @@ if (-not $HierarchyMapOnly) {
     getPolicyRemediation
 
     if ($arrayAdvisorScores.Count -gt 0) {
-        Write-Host "Exporting AdvisorScores CSV '$($outputPath)$($DirectorySeparatorChar)$($fileName)_AdvisorScores.csv'"
-        $arrayAdvisorScores | Sort-Object -Property subscriptionName, subscriptionId, category | Export-Csv -Path "$($outputPath)$($DirectorySeparatorChar)$($fileName)_AdvisorScores.csv" -Delimiter "$csvDelimiter" -NoTypeInformation
+        if (-not $NoCsvExport) {
+            Write-Host "Exporting AdvisorScores CSV '$($outputPath)$($DirectorySeparatorChar)$($fileName)_AdvisorScores.csv'"
+            $arrayAdvisorScores | Sort-Object -Property subscriptionName, subscriptionId, category | Export-Csv -Path "$($outputPath)$($DirectorySeparatorChar)$($fileName)_AdvisorScores.csv" -Delimiter "$csvDelimiter" -NoTypeInformation
+        }
     }
 
     showMemoryUsage
@@ -2206,15 +2208,18 @@ if (-not $HierarchyMapOnly) {
     showMemoryUsage
 
     #region BuildDailySummaryCSV
-    $dailySummary4ExportToCSV = [System.Collections.ArrayList]@()
-    foreach ($entry in $htDailySummary.keys | Sort-Object) {
-        $null = $dailySummary4ExportToCSV.Add([PSCustomObject]@{
-                capability = $entry
-                count      = $htDailySummary.($entry)
-            })
+    if (-not $NoCsvExport) {
+        $dailySummary4ExportToCSV = [System.Collections.ArrayList]@()
+        foreach ($entry in $htDailySummary.keys | Sort-Object) {
+            $null = $dailySummary4ExportToCSV.Add([PSCustomObject]@{
+                    capability = $entry
+                    count      = $htDailySummary.($entry)
+                })
+        }
+        Write-Host " Exporting DailySummary CSV '$($outputPath)$($DirectorySeparatorChar)$($fileName)_DailySummary.csv'"
+        $dailySummary4ExportToCSV | Export-Csv -Path "$($outputPath)$($DirectorySeparatorChar)$($fileName)_DailySummary.csv" -Delimiter "$csvDelimiter" -NoTypeInformation
     }
-    Write-Host " Exporting DailySummary CSV '$($outputPath)$($DirectorySeparatorChar)$($fileName)_DailySummary.csv'"
-    $dailySummary4ExportToCSV | Export-Csv -Path "$($outputPath)$($DirectorySeparatorChar)$($fileName)_DailySummary.csv" -Delimiter "$csvDelimiter" -NoTypeInformation
+
     #endregion BuildDailySummaryCSV
 
     $endSummary = Get-Date

diff --git a/pwsh/dev/functions/dataCollection/dataCollectionFunctions.ps1 b/pwsh/dev/functions/dataCollection/dataCollectionFunctions.ps1
@@ -63,6 +63,7 @@ function dataCollectionAdvisorScores {
     [CmdletBinding()]Param(
         [string]$scopeId,
         [string]$scopeDisplayName,
+        $ChildMgMgPath,
         $SubscriptionQuotaId
     )
 
@@ -90,6 +91,7 @@ function dataCollectionAdvisorScores {
                                     subscriptionId      = $scopeId
                                     subscriptionName    = $scopeDisplayName
                                     subscriptionQuotaId = $SubscriptionQuotaId
+                                    subscriptionMgPath  = $childMgMgPath
                                     category            = $entry.Name
                                     score               = $entry.properties.lastRefreshedScore.score
                                 })
@@ -1684,7 +1686,8 @@ function dataCollectionASCSecureScoreSub {
 
         if ($subASCSecureScoreResult -ne 'DisallowedProvider') {
             if (($subASCSecureScoreResult).count -gt 0) {
-                $subscriptionASCSecureScore = "$($subASCSecureScoreResult.properties.score.current) of $($subASCSecureScoreResult.properties.score.max) points"
+                $secureScorePercentageRounded = [math]::Round(($subASCSecureScoreResult.properties.score.current / $subASCSecureScoreResult.properties.score.max * 100),2)
+                $subscriptionASCSecureScore = "$($secureScorePercentageRounded)% ($($subASCSecureScoreResult.properties.score.current) of $($subASCSecureScoreResult.properties.score.max) points)"
             }
             else {
                 $subscriptionASCSecureScore = 'n/a'

diff --git a/pwsh/dev/functions/exportBaseCSV.ps1 b/pwsh/dev/functions/exportBaseCSV.ps1
@@ -1,18 +1,20 @@
 function exportBaseCSV {
-    Write-Host "Exporting CSV '$($outputPath)$($DirectorySeparatorChar)$($fileName).csv'"
-    $startBuildCSV = Get-Date
+    if (-not $NoCsvExport) {
+        Write-Host "Exporting CSV '$($outputPath)$($DirectorySeparatorChar)$($fileName).csv'"
+        $startBuildCSV = Get-Date
 
-    $outprops = $newtable[0].PSObject.Properties.Name
-    if (-not $HierarchyMapOnly -and -not $HierarchyMapOnlyCustomDataJSON) {
-        $outprops.Set($outprops.IndexOf('PolicyAssignmentNotScopes'), @{L = 'PolicyAssignmentNotScopes'; E = { ($_.PolicyAssignmentNotScopes -join "$CsvDelimiterOpposite ") } })
-    }
-    if ($CsvExportUseQuotesAsNeeded) {
-        $newTable | Sort-Object -Property level, mgId, SubscriptionId, PolicyAssignmentId, RoleAssignmentId, BlueprintId, BlueprintAssignmentId | Select-Object -Property $outprops -ExcludeProperty PolicyAssignmentParameters | Export-Csv -Path "$($outputPath)$($DirectorySeparatorChar)$($fileName).csv" -Delimiter "$csvDelimiter" -NoTypeInformation -UseQuotes AsNeeded
-    }
-    else {
-        $newTable | Sort-Object -Property level, mgId, SubscriptionId, PolicyAssignmentId, RoleAssignmentId, BlueprintId, BlueprintAssignmentId | Select-Object -Property $outprops -ExcludeProperty PolicyAssignmentParameters | Export-Csv -Path "$($outputPath)$($DirectorySeparatorChar)$($fileName).csv" -Delimiter "$csvDelimiter" -NoTypeInformation
-    }
+        $outprops = $newtable[0].PSObject.Properties.Name
+        if (-not $HierarchyMapOnly -and -not $HierarchyMapOnlyCustomDataJSON) {
+            $outprops.Set($outprops.IndexOf('PolicyAssignmentNotScopes'), @{L = 'PolicyAssignmentNotScopes'; E = { ($_.PolicyAssignmentNotScopes -join "$CsvDelimiterOpposite ") } })
+        }
+        if ($CsvExportUseQuotesAsNeeded) {
+            $newTable | Sort-Object -Property level, mgId, SubscriptionId, PolicyAssignmentId, RoleAssignmentId, BlueprintId, BlueprintAssignmentId | Select-Object -Property $outprops -ExcludeProperty PolicyAssignmentParameters | Export-Csv -Path "$($outputPath)$($DirectorySeparatorChar)$($fileName).csv" -Delimiter "$csvDelimiter" -NoTypeInformation -UseQuotes AsNeeded
+        }
+        else {
+            $newTable | Sort-Object -Property level, mgId, SubscriptionId, PolicyAssignmentId, RoleAssignmentId, BlueprintId, BlueprintAssignmentId | Select-Object -Property $outprops -ExcludeProperty PolicyAssignmentParameters | Export-Csv -Path "$($outputPath)$($DirectorySeparatorChar)$($fileName).csv" -Delimiter "$csvDelimiter" -NoTypeInformation
+        }
 
-    $endBuildCSV = Get-Date
-    Write-Host "Exporting CSV total duration: $((New-TimeSpan -Start $startBuildCSV -End $endBuildCSV).TotalMinutes) minutes ($((New-TimeSpan -Start $startBuildCSV -End $endBuildCSV).TotalSeconds) seconds)"
+        $endBuildCSV = Get-Date
+        Write-Host "Exporting CSV total duration: $((New-TimeSpan -Start $startBuildCSV -End $endBuildCSV).TotalMinutes) minutes ($((New-TimeSpan -Start $startBuildCSV -End $endBuildCSV).TotalSeconds) seconds)"
+    }
 }
diff --git a/pwsh/dev/functions/exportResourceLocks.ps1 b/pwsh/dev/functions/exportResourceLocks.ps1
@@ -85,7 +85,9 @@ function exportResourceLocks {
         }
     }
     if ($arrayResourceLocks4CSV.count -gt 0) {
-        Write-Host "Exporting ResourceLocks CSV '$($outputPath)$($DirectorySeparatorChar)$($fileName)_ResourceLocks.csv'"
-        $arrayResourceLocks4CSV | Sort-Object -Property ScopeType, Lock, SubscriptionId, Id | Export-Csv -Path "$($outputPath)$($DirectorySeparatorChar)$($fileName)_ResourceLocks.csv" -Delimiter "$csvDelimiter" -NoTypeInformation
+        if (-not $NoCsvExport) {
+            Write-Host "Exporting ResourceLocks CSV '$($outputPath)$($DirectorySeparatorChar)$($fileName)_ResourceLocks.csv'"
+            $arrayResourceLocks4CSV | Sort-Object -Property ScopeType, Lock, SubscriptionId, Id | Export-Csv -Path "$($outputPath)$($DirectorySeparatorChar)$($fileName)_ResourceLocks.csv" -Delimiter "$csvDelimiter" -NoTypeInformation
+        }
     }
 }
diff --git a/pwsh/dev/functions/getConsumption.ps1 b/pwsh/dev/functions/getConsumption.ps1
@@ -575,17 +575,19 @@ function getConsumption {
         }
 
         #region BuildConsumptionCSV
-        if (-not $NoAzureConsumptionReportExportToCSV) {
-            Write-Host " Exporting Consumption CSV $($outputPath)$($DirectorySeparatorChar)$($fileName)_Consumption.csv"
-            $startBuildConsumptionCSV = Get-Date
-            if ($CsvExportUseQuotesAsNeeded) {
-                $allConsumptionData | Export-Csv -Path "$($outputPath)$($DirectorySeparatorChar)$($fileName)_Consumption.csv" -Delimiter "$csvDelimiter" -NoTypeInformation -UseQuotes AsNeeded
-            }
-            else {
-                $allConsumptionData | Export-Csv -Path "$($outputPath)$($DirectorySeparatorChar)$($fileName)_Consumption.csv" -Delimiter "$csvDelimiter" -NoTypeInformation
+        if (-not $NoCsvExport) {
+            if (-not $NoAzureConsumptionReportExportToCSV) {
+                Write-Host " Exporting Consumption CSV $($outputPath)$($DirectorySeparatorChar)$($fileName)_Consumption.csv"
+                $startBuildConsumptionCSV = Get-Date
+                if ($CsvExportUseQuotesAsNeeded) {
+                    $allConsumptionData | Export-Csv -Path "$($outputPath)$($DirectorySeparatorChar)$($fileName)_Consumption.csv" -Delimiter "$csvDelimiter" -NoTypeInformation -UseQuotes AsNeeded
+                }
+                else {
+                    $allConsumptionData | Export-Csv -Path "$($outputPath)$($DirectorySeparatorChar)$($fileName)_Consumption.csv" -Delimiter "$csvDelimiter" -NoTypeInformation
+                }
+                $endBuildConsumptionCSV = Get-Date
+                Write-Host " Exporting Consumption CSV total duration: $((New-TimeSpan -Start $startBuildConsumptionCSV -End $endBuildConsumptionCSV).TotalMinutes) minutes ($((New-TimeSpan -Start $startBuildConsumptionCSV -End $endBuildConsumptionCSV).TotalSeconds) seconds)"
             }
-            $endBuildConsumptionCSV = Get-Date
-            Write-Host " Exporting Consumption CSV total duration: $((New-TimeSpan -Start $startBuildConsumptionCSV -End $endBuildConsumptionCSV).TotalMinutes) minutes ($((New-TimeSpan -Start $startBuildConsumptionCSV -End $endBuildConsumptionCSV).TotalSeconds) seconds)"
         }
         #endregion BuildConsumptionCSV
     }

diff --git a/pwsh/dev/functions/getOrphanedResources.ps1 b/pwsh/dev/functions/getOrphanedResources.ps1
@@ -185,8 +185,10 @@ function getOrphanedResources {
         }
 
         Write-Host " Found $($arrayOrphanedResources.Count) orphaned/unused Resources"
-        Write-Host " Exporting OrphanedResources CSV '$($outputPath)$($DirectorySeparatorChar)$($fileName)_ResourcesCostOptimizationAndCleanup.csv'"
-        $arrayOrphanedResources | Sort-Object -Property Resource | Export-Csv -Path "$($outputPath)$($DirectorySeparatorChar)$($fileName)_ResourcesCostOptimizationAndCleanup.csv" -Delimiter "$csvDelimiter" -NoTypeInformation
+        if (-not $NoCsvExport) {
+            Write-Host " Exporting OrphanedResources CSV '$($outputPath)$($DirectorySeparatorChar)$($fileName)_ResourcesCostOptimizationAndCleanup.csv'"
+            $arrayOrphanedResources | Sort-Object -Property Resource | Export-Csv -Path "$($outputPath)$($DirectorySeparatorChar)$($fileName)_ResourcesCostOptimizationAndCleanup.csv" -Delimiter "$csvDelimiter" -NoTypeInformation
+        }
     }
     else {
         Write-Host ' No orphaned/unused Resources found'