Framework/Helpers/Constants.ps1
Set-StrictMode -Version Latest class Constants { #All constant used across all modules Defined Here. static [string] $DoubleDashLine = "================================================================================" static [string] $HashLine = "################################################################################" static [string] $SingleDashLine = "--------------------------------------------------------------------------------" static [string] $UnderScoreLineLine= "________________________________________________________________________________" static [string] $RemediationMsg = "** Next steps **`r`n" + "Look at the individual control evaluation status in the CSV file.`r`n" + " a) If the control has passed, no action is necessary.`r`n" + " b) If the control has failed, look at the control evaluation detail in the LOG file to understand why.`r`n" + " c) If the control status says 'Verify', it means that human judgement is required to determine the final control status. Look at the control evaluation output in the LOG file to make a determination.`r`n" + " d) If the control status says 'Manual', it means that AzSDK (currently) does not cover the control via automation OR AzSDK is not able to fetch the data. You need to manually implement/verify it.`r`n" + "`r`nNote: The 'Recommendation' column in the CSV file provides basic (generic) guidance that can help you fix a failed control. You can also use standard Azure product documentation. You should carefully consider the implications of making the required change in the context of your application. `r`n" static [string] $DefaultInfoCmdMsg = "This command provides overall information about different components of the AzSDK which includes subscription information, security controls information, attestation information, host information. 'Get-AzSKInfo' command can be used with 'InfoType' parameter to fetch information.`r`n" + "`r`nFollowing InfoType parameter values are currently supported by Get-AzSKInfo cmdlet.`r`n" + "`tSubscriptionInfo : To get version details about different component of AzSDK configured in Subscription.`r`n" + "`tControlInfo : To get baseline, severity, description, rationale etc information about security controls.`r`n" + "`tAttestationInfo : To get statistics, attestation justification, expiry etc information about controls attestation.`r`n" + "`tHostInfo : To get information about machine details.`r`n" + "`r`n`r`nExamples:`r`n" + "`tGet-AzSKInfo -InfoType SubscriptionInfo -SubscriptionId <YourSubscriptionId> `r`n" + "`tGet-AzSKInfo -InfoType ControlInfo -ResourceTypeName All -UseBaselineControls `r`n" + "`tGet-AzSKInfo -InfoType AttestationInfo -SubscriptionId <YourSubscriptionId> -ResourceTypeName All -UseBaselineControls `r`n" + "`tGet-AzSKInfo -InfoType HostInfo `r`n"; static [string] $DefaultControlInfoCmdMsg = "Run 'Get-AzSKInfo' command with below combination of parameter to get information about Azure services security control(s).`r`n`r`n" + " All controls : Get-AzSKInfo -InfoType ControlInfo -ResourceTypeName All `r`n" + " Baseline controls information : Get-AzSKInfo -InfoType ControlInfo -ResourceTypeName All -UseBaselineControls `r`n" + " Controls for specific resource type : Get-AzSKInfo -InfoType ControlInfo -ResourceTypeName AppService `r`n" + " Controls with specific severity : Get-AzSKInfo -InfoType ControlInfo -ResourceTypeName All -ControlSeverity 'High' `r`n" + " Controls with specific tag(s) : Get-AzSKInfo -InfoType ControlInfo -ResourceTypeName All -FilterTags 'Automated, FunctionApp' `r`n" + " Controls with specific keyword : Get-AzSKInfo -InfoType ControlInfo -ResourceTypeName All -ControlIdContains 'AppService_AuthZ_' `r`n" + " Control(s) with specific controlId(s) : Get-AzSKInfo -InfoType ControlInfo -ResourceTypeName AppService -ControlIds 'Azure_AppService_AuthZ_Grant_Min_RBAC_Access, Azure_AppService_DP_Use_CNAME_With_SSL' `r`n" + " Get information on PS console : Use any of above command with addtional -Verbose argument`r`n"; static [string] $OfflineModeWarning = "Running in offline policy mode. Commands will run against local JSON files!" #Constants for SVTs static [string] $ModuleStartHeading = [Constants]::DoubleDashLine + "`r`nStarting analysis: [FeatureName: {0}] [ResourceGroupName: {1}] [ResourceName: {2}] `r`n" + [Constants]::SingleDashLine static [string] $ModuleStartHeadingSub = [Constants]::DoubleDashLine + "`r`nStarting analysis: [FeatureName: {0}] [SubscriptionName: {1}] [SubscriptionId: {2}] `r`n" + [Constants]::SingleDashLine static [string] $AnalysingControlHeading = "Checking: [{0}]-[{1}]" static [string] $AnalysingControlHeadingSub = "Checking: [{0}]-[{1}]" static [string] $CompletedAnalysis = [Constants]::SingleDashLine + "`r`nCompleted analysis: [FeatureName: {0}] [ResourceGroupName: {1}] [ResourceName: {2}] `r`n" + [Constants]::DoubleDashLine static [string] $CompletedAnalysisSub = [Constants]::SingleDashLine + "`r`nCompleted analysis: [FeatureName: {0}] [SubscriptionName: {1}] [SubscriptionId: {2}] `r`n" + [Constants]::DoubleDashLine #Constants for Attestation static [string] $ModuleAttestStartHeading = [Constants]::DoubleDashLine + "`r`nInfo: Starting attestation [{3}/{4}]- [FeatureName: {0}] [ResourceGroupName: {1}] [ResourceName: {2}] `r`n" + [Constants]::SingleDashLine static [string] $ModuleAttestStartHeadingSub = [Constants]::DoubleDashLine + "`r`nInfo: Starting attestation - [FeatureName: {0}] [SubscriptionName: {1}] [SubscriptionId: {2}] `r`n" + [Constants]::SingleDashLine static [string] $CompletedAttestAnalysis = [Constants]::SingleDashLine + "`r`nCompleted attestation: [FeatureName: {0}] [ResourceGroupName: {1}] [ResourceName: {2}] `r`n" + [Constants]::DoubleDashLine static [string] $CompletedAttestAnalysisSub = [Constants]::SingleDashLine + "`r`nCompleted attestation: [FeatureName: {0}] [SubscriptionName: {1}] [SubscriptionId: {2}] `r`n" + [Constants]::DoubleDashLine static [string] $AzSdkModuleName = "AzSDK"; static [string] $StateContainerName = "azsdk-controls-state" static [string] $CentralScanContainerName = "azsdk-scan-objects" static [string] $BaselineContainerName = "azsdk-controls-baseline" static [string] $CALogsContainerName= "azsdkexecutionlogs" static [string] $AzSdkAppFolderPath = $Env:LOCALAPPDATA + "\Microsoft\" + [Constants]::AzSdkModuleName static [string] $AzSdkLogFolderPath = $Env:LOCALAPPDATA + "\Microsoft\" static [string] $AzSdkTempFolderPath = $env:TEMP + "\" + [Constants]::AzSdkModuleName + "\" static [string] $ARMManagementUri = "https://management.azure.com/"; static [string] $VersionCheckMessage = "A newer version of AzSDK is available: Version {0} `r`nTo update, run the command below in a fresh PS window:`r`n" ; static [string] $VersionWarningMessage = ("Using the latest version ensures that AzSDK security commands you run use the latest, most up-to-date controls. `r`nResults from the current version should not be considered towards compliance requirements.`r`n" + [Constants]::DoubleDashLine); static [string] $UsageTelemetryKey = "cf4c5e1a-d68d-4ea1-9901-37b67f58a192"; static [string] $AzSDKRGLocation = "eastus2"; static [string] $OMSRequestURI = "https://management.azure.com/{0}?api-version=2015-03-20"; static [string] $NewStorageSku = "Standard_GRS"; #V1 alert RG name constant is temporary and added for backward compatibility static [string] $V1AlertRGName = "AzSDKAlertsRG"; static [string] $AlertActionGroupName = "AzSDKAlertActionGroup" # Append recommendation when control require elevated permission static [string] $RequireOwnerPermMessage = "(The status for this control has been marked as 'Manual' because elevated (Co-Admin/Owner/Contributor) permission is required to check security configuration for this resource. You can re-run the control with the appropriate privilege.) " static [string] $OwnerAccessTagName = "OwnerAccess" static [string] $BlankSubscriptionId = "00000000-0000-0000-0000-000000000000" static [string] $BlankSubscriptionName = "AzSDK Empty Subscription" static [string] $BlankScope = "/subscriptions/00000000-0000-0000-0000-000000000000"; static [string] $CentralRBACVersionTagName = "CentralRBACVersion" static [string] $DeprecatedRBACVersionTagName = "DeprecatedRBACVersion" static [string] $ARMPolicyConfigVersionTagName = "ARMPolicyConfigVersion" static [string] $AzSDKAlertsVersionTagName = "AzSDKAlertsVersion" static [string] $SecurityCenterConfigVersionTagName = "SecurityCenterConfigVersion" static [string] $NoActionRequiredMessage ="No Action Required" static [int] $DefaultControlExpiryInDays = 90 static [string] $NewModuleName = "AzSK" static [string] $OldModuleName = "AzSDK" static [string] $CommandNameChangeWarning = "The command {0} shall be renamed to {1} in a future release ('SDK' shall be replaced with 'SK')."; static [void] SetAzSDKModuleName($moduleName) { if(-not [string]::IsNullOrWhiteSpace($moduleName)) { [Constants]::AzSdkModuleName = $moduleName; [Constants]::AzSdkAppFolderPath = $Env:LOCALAPPDATA + "\Microsoft\" + [Constants]::AzSdkModuleName [Constants]::AzSdkTempFolderPath = $env:TEMP + "\" + [Constants]::AzSdkModuleName + "\" } } } |