From 07c3e68ef6977364de2f350f87e6a873f9d1ad65 Mon Sep 17 00:00:00 2001 From: quoteee <45695032+JulianHayward@users.noreply.github.com> Date: Mon, 20 Mar 2023 19:57:14 +0100 Subject: [PATCH] v6_major_20230320_1 --- README.md | 53 +++++++++++++++++++++ history.md | 53 +++++++++++++++++++++ pwsh/AzGovVizParallel.ps1 | 8 ++-- pwsh/dev/devAzGovVizParallel.ps1 | 2 +- pwsh/dev/functions/getPolicyRemediation.ps1 | 4 +- pwsh/dev/functions/processTenantSummary.ps1 | 2 +- version.txt | 2 +- 7 files changed, 115 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index a8e3b78b..fa321b7b 100644 --- a/README.md +++ b/README.md @@ -71,6 +71,59 @@ Listed as [security monitoring tool](https://docs.microsoft.com/en-us/azure/arch ## Release history +__Changes__ (2023-Mar-20 / Major) + +* Fix/update feature Policy Remediation + * Optimze the Azure Resource Graph query by adding sort, due to duplicates/missing entries for results > 1k +* __Analysis__ on issue #[175](https://github.com/JulianHayward/Azure-MG-Sub-Governance-Reporting/issues/175) (no real explanation, but fixed by using `IsNullOrWhiteSpace` instead of `IsNullOrEmpty`) + +``` powershell +$htdetails0 = @" +{ + "then": { + "details": [ + { + "field": "Microsoft.ContainerInstance/containerGroups/diagnostics.logAnalytics.workspaceId", + "value": "[parameters('workspaceId')]" + } + ] + } +} +"@ +$htdetails1 = @" +{ + "then": { + "details": [ + { + "field": "Microsoft.ContainerInstance/containerGroups/diagnostics.logAnalytics.workspaceId", + "value": "[parameters('workspaceId')]" + }, + { + "field": "Microsoft.ContainerInstance/containerGroups/diagnostics.logAnalytics.workspaceKey", + "value": "[parameters('workspaceKey')]" + } + ] + } +} +"@ + +$obj0 = $htdetails0 | ConvertFrom-Json +if (-not [string]::IsNullOrEmpty($obj0.then.details.roleDefinitionIds)) { + Write-Host 'obj0 roleDefinitionIds not empty' +} +else { + Write-Host 'obj0 roleDefinitionIds empty' +} + +$obj1 = $htdetails1 | ConvertFrom-Json +if (-not [string]::IsNullOrEmpty($obj1.then.details.roleDefinitionIds)) { + Write-Host 'obj1 roleDefinitionIds not empty' +} +else { + Write-Host 'obj1 roleDefinitionIds empty' +} +``` + __Changes__ (2023-Mar-17 / Major) * Fix issue #[175](https://github.com/JulianHayward/Azure-MG-Sub-Governance-Reporting/issues/175) / occured with new policy definition [Configure diagnostics for container group to log analytics workspace (21c469fa-a887-4363-88a9-60bfd6911a15)](https://www.azadvertizer.net/azpolicyadvertizer/21c469fa-a887-4363-88a9-60bfd6911a15.html). Cache built-in Policy definitions failed. diff --git a/history.md b/history.md index 34799501..21e48078 100644 --- a/history.md +++ b/history.md @@ -4,6 +4,59 @@ ### Azure Governance Visualizer version 6 +__Changes__ (2023-Mar-20 / Major) + +* Fix/update feature Policy Remediation + * Optimze the Azure Resource Graph query by adding sort, due to duplicates/missing entries for results > 1k +* __Analysis__ on issue #[175](https://github.com/JulianHayward/Azure-MG-Sub-Governance-Reporting/issues/175) (no real explanation, but fixed by using `IsNullOrWhiteSpace` instead of `IsNullOrEmpty`) + +``` powershell +$htdetails0 = @" +{ + "then": { + "details": [ + { + "field": "Microsoft.ContainerInstance/containerGroups/diagnostics.logAnalytics.workspaceId", + "value": "[parameters('workspaceId')]" + } + ] + } +} +"@ +$htdetails1 = @" +{ + "then": { + "details": [ + { + "field": "Microsoft.ContainerInstance/containerGroups/diagnostics.logAnalytics.workspaceId", + "value": "[parameters('workspaceId')]" + }, + { + "field": "Microsoft.ContainerInstance/containerGroups/diagnostics.logAnalytics.workspaceKey", + "value": "[parameters('workspaceKey')]" + } + ] + } +} +"@ + +$obj0 = $htdetails0 | ConvertFrom-Json +if (-not [string]::IsNullOrEmpty($obj0.then.details.roleDefinitionIds)) { + Write-Host 'obj0 roleDefinitionIds not empty' +} +else { + Write-Host 'obj0 roleDefinitionIds empty' +} + +$obj1 = $htdetails1 | ConvertFrom-Json +if (-not [string]::IsNullOrEmpty($obj1.then.details.roleDefinitionIds)) { + Write-Host 'obj1 roleDefinitionIds not empty' +} +else { + Write-Host 'obj1 roleDefinitionIds empty' +} +``` + __Changes__ (2023-Mar-17 / Major) * Fix issue #[175](https://github.com/JulianHayward/Azure-MG-Sub-Governance-Reporting/issues/175) / occured with new policy definition [Configure diagnostics for container group to log analytics workspace (21c469fa-a887-4363-88a9-60bfd6911a15)](https://www.azadvertizer.net/azpolicyadvertizer/21c469fa-a887-4363-88a9-60bfd6911a15.html). Cache built-in Policy definitions failed. diff --git a/pwsh/AzGovVizParallel.ps1 b/pwsh/AzGovVizParallel.ps1 index 65cf01ae..dabc4bd4 100644 --- a/pwsh/AzGovVizParallel.ps1 +++ b/pwsh/AzGovVizParallel.ps1 @@ -362,7 +362,7 @@ Param $AzAPICallVersion = '1.1.70', [string] - $ProductVersion = 'v6_major_20230317_1', + $ProductVersion = 'v6_major_20230320_1', [string] $GithubRepository = 'aka.ms/AzGovViz', @@ -3889,7 +3889,7 @@ function getPolicyRemediation { policyresources | where type == 'microsoft.policyinsights/policystates' and properties.policyAssignmentScope startswith '/providers/Microsoft.Management/managementGroups/' and (properties.policyDefinitionAction =~ 'deployifnotexists' or properties.policyDefinitionAction =~ 'modify') and properties.complianceState =~ 'NonCompliant' | summarize count() by assignmentScope = tostring(properties.policyAssignmentScope), assignmentName = tostring(properties.policyAssignmentName), assignmentId = tostring(properties.policyAssignmentId), definitionName = tostring(properties.policyDefinitionName), definitionId = tostring(properties.policyDefinitionId), policyDefinitionReferenceId = tostring(properties.policyDefinitionReferenceId), effect = tostring(properties.policyDefinitionAction) - | order by ['count_'] desc + | sort by count_, assignmentId, definitionId, policyDefinitionReferenceId, effect '@ } else { @@ -3897,7 +3897,7 @@ function getPolicyRemediation { policyresources | where (properties.policyDefinitionAction =~ 'deployifnotexists' or properties.policyDefinitionAction =~ 'modify') and properties.complianceState =~ 'NonCompliant' | summarize count() by assignmentScope = tostring(properties.policyAssignmentScope), assignmentName = tostring(properties.policyAssignmentName), assignmentId = tostring(properties.policyAssignmentId), definitionName = tostring(properties.policyDefinitionName), definitionId = tostring(properties.policyDefinitionId), policyDefinitionReferenceId = tostring(properties.policyDefinitionReferenceId), effect = tostring(properties.policyDefinitionAction) - | order by ['count_'] desc + | sort by count_, assignmentId, definitionId, policyDefinitionReferenceId, effect '@ } @@ -17055,7 +17055,7 @@ extensions: [{ name: 'sort' }] "@) $htmlSUMMARYPolicyRemediation = $null - $arrayRemediatableSorted = $arrayRemediatable | Sort-Object -Property policyDefinitionId, policyAssignmentId + $arrayRemediatableSorted = $arrayRemediatable | Sort-Object -Property nonCompliantResourcesCount, policySetPolicyDefinitionReferenceId, policyDefinitionId, policyAssignmentId -Descending if (-not $NoCsvExport) { $csvFilename = "$($filename)_PolicyRemediation" Write-Host " Exporting PolicyRemediation CSV '$($outputPath)$($DirectorySeparatorChar)$($csvFilename).csv'" diff --git a/pwsh/dev/devAzGovVizParallel.ps1 b/pwsh/dev/devAzGovVizParallel.ps1 index e49e873d..75fd5ce7 100644 --- a/pwsh/dev/devAzGovVizParallel.ps1 +++ b/pwsh/dev/devAzGovVizParallel.ps1 @@ -362,7 +362,7 @@ Param $AzAPICallVersion = '1.1.70', [string] - $ProductVersion = 'v6_major_20230317_1', + $ProductVersion = 'v6_major_20230320_1', [string] $GithubRepository = 'aka.ms/AzGovViz', diff --git a/pwsh/dev/functions/getPolicyRemediation.ps1 b/pwsh/dev/functions/getPolicyRemediation.ps1 index 3caf9c73..ebad7d98 100644 --- a/pwsh/dev/functions/getPolicyRemediation.ps1 +++ b/pwsh/dev/functions/getPolicyRemediation.ps1 @@ -10,7 +10,7 @@ function getPolicyRemediation { policyresources | where type == 'microsoft.policyinsights/policystates' and properties.policyAssignmentScope startswith '/providers/Microsoft.Management/managementGroups/' and (properties.policyDefinitionAction =~ 'deployifnotexists' or properties.policyDefinitionAction =~ 'modify') and properties.complianceState =~ 'NonCompliant' | summarize count() by assignmentScope = tostring(properties.policyAssignmentScope), assignmentName = tostring(properties.policyAssignmentName), assignmentId = tostring(properties.policyAssignmentId), definitionName = tostring(properties.policyDefinitionName), definitionId = tostring(properties.policyDefinitionId), policyDefinitionReferenceId = tostring(properties.policyDefinitionReferenceId), effect = tostring(properties.policyDefinitionAction) - | order by ['count_'] desc + | sort by count_, assignmentId, definitionId, policyDefinitionReferenceId, effect '@ } else { @@ -18,7 +18,7 @@ function getPolicyRemediation { policyresources | where (properties.policyDefinitionAction =~ 'deployifnotexists' or properties.policyDefinitionAction =~ 'modify') and properties.complianceState =~ 'NonCompliant' | summarize count() by assignmentScope = tostring(properties.policyAssignmentScope), assignmentName = tostring(properties.policyAssignmentName), assignmentId = tostring(properties.policyAssignmentId), definitionName = tostring(properties.policyDefinitionName), definitionId = tostring(properties.policyDefinitionId), policyDefinitionReferenceId = tostring(properties.policyDefinitionReferenceId), effect = tostring(properties.policyDefinitionAction) - | order by ['count_'] desc + | sort by count_, assignmentId, definitionId, policyDefinitionReferenceId, effect '@ } diff --git a/pwsh/dev/functions/processTenantSummary.ps1 b/pwsh/dev/functions/processTenantSummary.ps1 index 30ec2c08..b41fe3d4 100644 --- a/pwsh/dev/functions/processTenantSummary.ps1 +++ b/pwsh/dev/functions/processTenantSummary.ps1 @@ -4402,7 +4402,7 @@ extensions: [{ name: 'sort' }] "@) $htmlSUMMARYPolicyRemediation = $null - $arrayRemediatableSorted = $arrayRemediatable | Sort-Object -Property policyDefinitionId, policyAssignmentId + $arrayRemediatableSorted = $arrayRemediatable | Sort-Object -Property nonCompliantResourcesCount, policySetPolicyDefinitionReferenceId, policyDefinitionId, policyAssignmentId -Descending if (-not $NoCsvExport) { $csvFilename = "$($filename)_PolicyRemediation" Write-Host " Exporting PolicyRemediation CSV '$($outputPath)$($DirectorySeparatorChar)$($csvFilename).csv'" diff --git a/version.txt b/version.txt index eb4a3172..301b07ef 100644 --- a/version.txt +++ b/version.txt @@ -1 +1 @@ -v6_major_20230317_1 \ No newline at end of file +v6_major_20230320_1 \ No newline at end of file