Merge pull request #44 from JulianHayward/v5_major_20210721_2

V5 major 20210722_1
JulianHayward · Jul 22, 2021 · a7f6b5a · a7f6b5a
2 parents cc3816c + 70f8e5d
commit a7f6b5a
Show file tree

Hide file tree

Showing 8 changed files with 1,205 additions and 1,053 deletions.
diff --git a/README.md b/README.md
diff --git a/history.md b/history.md
@@ -4,9 +4,22 @@
 
 ### AzGovViz version 5
 
+__Changes__ (2021-July-22 / Major)
+
+* Full blown JSON definition output. Leveraging Git with this new capability you can easily track any changes that occurred in between the previous and last AzGovViz run.  
+![newBuiltInRoleDefinition](img/gitdiff600.jpg)  
+_* a new BuiltIn RBAC Role definition was added_
+* Renamed parameter `-PolicyIncludeResourceGroups` to , `-DoNotIncludeResourceGroupsOnPolicy` (from now Policy assignments on ResourceGroups will be included by default)
+* Renamed parameter `-RBACIncludeResourceGroupsAndResources` to , `-DoNotIncludeResourceGroupsAndResourcesOnRBAC` (from now Role assignments on ResourceGroups and Resources will be included by default)
+* New parameter `-HtmlTableRowsLimit`. Although the parameter `-LargeTenant` was introduced recently, still the html output may become too large to be processed properly. The new parameter defines the limit of rows - if for the html processing part the limit is reached then the html table will not be created (csv and json output will still be created). Default rows limit is 40.000.
+* Added NonCompliance Message for Policy assignments
+* Cosmetics
+* Bugfixes
+* Performance optimization
+
 __Changes__ (2021-July-07 / Major)
 
-* Replaced parameters `-NoScopeInsights`, `-RBACAtScopeOnly` and `-PolicyAtScopeOnly` with `-LargeTenant`. A large tenant is a tenant with more than ~500 Subscriptions - the HTML output for large tenants simply becomes too big, therefore will not create __ScopeInsights__ and will not show inheritance for Policy and Role assignments in the __TenantSummary__ (html) output
+* Replaced parameters ~~`-NoScopeInsights`,~~ `-RBACAtScopeOnly` and `-PolicyAtScopeOnly` with `-LargeTenant`. A large tenant is a tenant with more than ~500 Subscriptions - the HTML output for large tenants simply becomes too big, therefore will not create __ScopeInsights__ and will not show inheritance for Policy and Role assignments in the __TenantSummary__ (html) output
 * Add Tenant to __HierarchyMap__ including count of Role assignments
 * Executing against any child Management Group will show all parent Management Groups in __HierarchyMap__
 * Cosmetics / Icons

diff --git a/img/HierarchyMap.png b/img/HierarchyMap.png
diff --git a/img/TenantSummary.png b/img/TenantSummary.png
diff --git a/img/gitdiff600.jpg b/img/gitdiff600.jpg
diff --git a/img/jsonfolderfull450.jpg b/img/jsonfolderfull450.jpg
diff --git a/pipeline/AzGovViz.yml b/pipeline/AzGovViz.yml
@@ -1,11 +1,11 @@
-# AzGovViz v5_major_20210707_3
+# AzGovViz v5_major_20210722_1
 # First things first: 
-# 1. edit line 52 and line 53 
-# 2. check line 67 if branch 'master' is applicable 
+# 1. edit line 54 and line 55 
+# 2. check line 69 and 80 if branch 'master' is applicable 
 # Documentation: https://github.com/JulianHayward/Azure-MG-Sub-Governance-Reporting
 # Also check https://www.azadvertizer.net - AzAdvertizer helps you to keep up with the pace by providing overview and insights on new releases and changes/updates for Azure Governance capabilities such as Azure Policy's policy definitions, initiatives (set definitions), aliases and Azure RBAC's role definitions and resource provider operations.
 # 
-# Parameters reference (use in line 102)
+# Parameters reference (use in line 105)
 # LimitCriticalPercentage | default is '80' | example: -LimitCriticalPercentage 90  | WhatDoesItDo? marks capabilities that approch limits e.g. limit 100, usage 80 will mark with warning
 # SubscriptionQuotaIdWhitelist | default is 'undefined' | example: -SubscriptionQuotaIdWhitelist MSDN_, EnterpriseAgreement_ | WhatDoesItDo? processes only subscriptions that startWith the given QuotaIds
 # HierarchyMapOnly | switch | example: -HierarchyMapOnly | WhatDoesItDo? only creates the Hierarchy Tree
@@ -27,12 +27,14 @@
 # AzureDevOpsWikiHierarchyDirection | example: -AzureDevOpsWikiHierarchyDirection "LR" | WhatDoesItDo? Define the direction the Hierarchy should be built in Azure DevOps WokiAsCode (Markdown) TD = TopDown (Horizontal), LR = LeftRight (Vertical)
 # SubscriptionId4AzContext | example: -SubscriptionId4AzContext "<your-Subscription-Id>" | WhatDoesItDo? Define the Subscription Id to use for AzContext (default is to use a random Subscription Id)
 # NoCsvExport | example: -NoCsvExport | WhatDoesItDo? Do not export enriched 'Role assignments' data, enriched 'Policy assignments' data and 'all resources' (subscriptionId, resourceType, id, name, location, tags, createdTime, changedTime)
-# PolicyIncludeResourceGroups | example: -PolicyIncludeResourceGroups | WhatDoesItDo? Include Policy assignments on ResourceGroups
-# RBACIncludeResourceGroupsAndResources | example: -RBACIncludeResourceGroupsAndResources | WhatDoesItDo? Include Role assignments on ResourceGroups and Resources
+# DoNotIncludeResourceGroupsOnPolicy | example: -DoNotIncludeResourceGroupsOnPolicy | WhatDoesItDo? Do not include Policy assignments on ResourceGroups
+# DoNotIncludeResourceGroupsAndResourcesOnRBAC | example: -DoNotIncludeResourceGroupsAndResourcesOnRBAC | WhatDoesItDo? Do not include Role assignments on ResourceGroups and Resources
 # ChangeTrackingDays | example: -ChangeTrackingDays 30 | WhatDoesItDo? Tracks newly created and updated custom Policy, PolicySet and RBAC Role definitions, Policy/RBAC Role assignments and Resources that occured within the last 14 days (default)
 # FileTimeStampFormat | example: -FileTimeStampFormat "yyyyMM-dd_HHmm" | WhatDoesItDo? Time format for the output files (default is `yyyyMMdd_HHmmss`)
 # NoJsonExport | example: -JsonExport | WhatDoesItDo? Do not export of ManagementGroup Hierarchy including all MG/Sub Policy/RBAC definitions, Policy/RBAC assignments and some more relevant information to JSON
+# NoScopeInsights | example: -NoScopeInsights | WhatDoesItDo? and why would you want to do this? In larger tenants the ScopeInsights section blows up the html file (up to unusable due to html file size). To further reduce the output use parameter -LargeTenant
 # LargeTenant | example: -LargeTenant | WhatDoesItDo? A large tenant is a tenant with more than ~500 Subscriptions - the HTML output for large tenants simply becomes too big, therefore will not create ScopeInsights and will not show inheritance for Policy and Role assignments in the TenantSummary (html) output
+# HtmlTableRowsLimit | example: -HtmlTableRowsLimit | WhatDoesItDo? Although the parameter -LargeTenant was introduced recently, still the html output may become too large to be processed properly. The new parameter defines the limit of rows - if for the html processing part the limit is reached then the html table will not be created (csv and json output will still be created). Default rows limit is 40.000
 
 trigger: none
 
@@ -66,15 +68,16 @@ schedules:
     include:
     - master
 
-#running ESLZ / AzOps? Run AzGovViz after Push ..
+#Running AzOps? Run AzGovViz after 'AzOps - Push' ..
+#AzOps Accellerator https://github.com/Azure/AzOps-Accelerator
 #resources:
 #  pipelines:
 #    - pipeline: 'Push'
 #      source: 'AzOps - Push'
 #      trigger:
 #        branches:
 #          include:
-#            - main
+#            - master
 
 jobs:
 - job: AzGovViz