Src/Private/Get-AbrAzNetworkSecurityGroup.ps1

function Get-AbrAzNetworkSecurityGroup {
    <#
    .SYNOPSIS
        Used by As Built Report to retrieve Azure Network Security Group information
    .DESCRIPTION
 
    .NOTES
        Version: 0.1.2
        Author: Tim Carman
        Twitter: @tpcarman
        Github: tpcarman
    .EXAMPLE
 
    .LINK
 
    #>

    [CmdletBinding()]
    param (
    )

    begin {
        Write-PScriboMessage "NetworkSecurityGroup InfoLevel set at $($InfoLevel.NetworkSecurityGroup)."
    }

    process {
        Try {
            if ($InfoLevel.NetworkSecurityGroup -gt 0) {
                $AzNetworkSecurityGroups = Get-AzNetworkSecurityGroup | Sort-Object Name
                if ($AzNetworkSecurityGroups) {
                    Write-PscriboMessage "Collecting Azure Network Security Group information."
                    Section -Style Heading4 'Network Security Groups' {
                        if ($Options.ShowSectionInfo) {
                            Paragraph "An Azure Network Security Group (NSG) is used to filter network traffic to and from Azure resources in an Azure virtual network. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. For each rule, you can specify source and destination, port, and protocol."
                            BlankLine
                            Try {
                                Image -Text 'Network Security Group' -Align 'Center' -Percent 100 -Base64 ""
                                BlankLine
                            } Catch {
                                Write-PScriboMessage -IsWarning "Unable to display Network Security Group image."
                            }
                        }
                        $AzNsgInfo = @()
                        foreach ($AzNetworkSecurityGroup in $AzNetworkSecurityGroups) {
                            $NsgSecurityRules = @()
                            $NsgSecurityRules += $AzNetworkSecurityGroup.SecurityRules
                            $NsgSecurityRules += $AzNetworkSecurityGroup.DefaultSecurityRules

                            $InObj = [Ordered]@{
                                'Name' = $AzNetworkSecurityGroup.Name
                                'Resource Group' = $AzNetworkSecurityGroup.ResourceGroupName
                                'Location' = $AzLocationLookup."$($AzNetworkSecurityGroup.Location)"
                                'Subscription' = "$($AzSubscriptionLookup.(($AzNetworkSecurityGroup.Id).split('/')[2]))"
                                'Associated With' = "$(($AzNetworkSecurityGroup.Subnets.Id).Count) subnets, $(($AzNetworkSecurityGroup.NetworkInterfaces.Id).Count) NICs"
                                'Network Interfaces' = if ($AzNetworkSecurityGroup.NetworkInterfaces.Id) {
                                    ($AzNetworkSecurityGroup.NetworkInterfaces.Id | ForEach-Object {$_.split('/')[-1]}) -join ', '
                                } else {
                                    'None'
                                }
                                'Subnets' = if ($AzNetworkSecurityGroup.Subnets.Id) {
                                    ($AzNetworkSecurityGroup.Subnets.Id | ForEach-Object {$_.split('/')[-1]}) -join ', '
                                } else {
                                    'None'
                                }
                            }

                            if ($Options.ShowTags) {
                                $InObj['Tags'] = if ([string]::IsNullOrEmpty($AzNetworkSecurityGroup.Tag)) {
                                    'None'
                                } else {
                                    ($AzNetworkSecurityGroup.Tag.GetEnumerator() | ForEach-Object { "$($_.Name):`t$($_.Value)" }) -join [Environment]::NewLine
                                }
                            }

                            $AzNsgInfo += [PSCustomObject]$InObj
                        }

                        if ($InfoLevel.NetworkSecurityGroup -ge 2) {
                            Paragraph "The following sections detail the configuration of the network security groups within the $($AzSubscription.Name) subscription."
                            foreach ($AzNetworkSecurityGroup in $AzNsgInfo) {
                                Section -Style NOTOCHeading5 -ExcludeFromTOC "$($AzNetworkSecurityGroup.Name)" {
                                    $TableParams = @{
                                        Name = "Network Security Group - $($AzNetworkSecurityGroup.Name)"
                                        List = $true
                                        ColumnWidths = 40, 60
                                    }
                                    if ($Report.ShowTableCaptions) {
                                        $TableParams['Caption'] = "- $($TableParams.Name)"
                                    }
                                    $AzNetworkSecurityGroup | Table @TableParams

                                    Get-AbrAzNetworkSecurityGroupRule -Name $($AzNetworkSecurityGroup.Name)
                                }
                            }
                        } else {
                            Paragraph "The following table summarises the configuration of the network security groups within the $($AzSubscription.Name) subscription."
                            BlankLine
                            $TableParams = @{
                                Name = "Network Security Groups - $($AzSubscription.Name)"
                                List = $false
                                Columns = 'Name', 'Resource Group', 'Location', 'Associated With'
                                ColumnWidths = 25, 25, 25, 25
                            }
                            if ($Report.ShowTableCaptions) {
                                $TableParams['Caption'] = "- $($TableParams.Name)"
                            }
                            $AzNsgInfo | Table @TableParams
                        }
                    }
                }
            }
        } Catch {
            Write-PScriboMessage -IsWarning $($_.Exception.Message)
        }
    }

    end {}
}