Framework/Core/SVT/Services/KubernetesService.ps1
|
Set-StrictMode -Version Latest class KubernetesService: SVTBase { hidden [PSObject] $ResourceObject; KubernetesService([string] $subscriptionId, [string] $resourceGroupName, [string] $resourceName): Base($subscriptionId, $resourceGroupName, $resourceName) { $this.GetResourceObject(); } KubernetesService([string] $subscriptionId, [SVTResource] $svtResource): Base($subscriptionId, $svtResource) { $this.GetResourceObject(); } hidden [PSObject] GetResourceObject() { if (-not $this.ResourceObject) { $ResourceAppIdURI = [WebRequestHelper]::GetResourceManagerUrl(); $AccessToken = [Helpers]::GetAccessToken($ResourceAppIdURI) if($null -ne $AccessToken) { $header = "Bearer " + $AccessToken $headers = @{"Authorization"=$header;"Content-Type"="application/json";} $uri=[system.string]::Format("{0}subscriptions/{1}/resourceGroups/{2}/providers/Microsoft.ContainerService/managedClusters/{3}?api-version=2018-03-31",$ResourceAppIdURI,$this.SubscriptionContext.SubscriptionId, $this.ResourceContext.ResourceGroupName, $this.ResourceContext.ResourceName) $result = "" $err = $null try { $propertiesToReplace = @{} $propertiesToReplace.Add("httpapplicationroutingzonename", "_httpapplicationroutingzonename") $result = [WebRequestHelper]::InvokeWebRequest([Microsoft.PowerShell.Commands.WebRequestMethod]::Get, $uri, $headers, $null, $null, $propertiesToReplace); if(($null -ne $result) -and (($result | Measure-Object).Count -gt 0)) { $this.ResourceObject = $result[0] } } catch{ $err = $_ if($null -ne $err) { throw ([SuppressedException]::new(("Resource '{0}' not found under Resource Group '{1}'" -f ($this.ResourceContext.ResourceName), ($this.ResourceContext.ResourceGroupName)), [SuppressedExceptionType]::InvalidOperation)) } } } } return $this.ResourceObject; } hidden [controlresult[]] CheckClusterRBAC([controlresult] $controlresult) { if([Helpers]::CheckMember($this.ResourceObject,"Properties")) { if([Helpers]::CheckMember($this.ResourceObject.Properties,"enableRBAC") -and $this.ResourceObject.Properties.enableRBAC) { $controlResult.VerificationResult = [VerificationResult]::Passed } else { $controlResult.VerificationResult = [VerificationResult]::Failed } } return $controlResult; } hidden [controlresult[]] CheckAADEnabled([controlresult] $controlresult) { if([Helpers]::CheckMember($this.ResourceObject,"Properties")) { if([Helpers]::CheckMember($this.ResourceObject.Properties,"aadProfile") -and [Helpers]::CheckMember($this.ResourceObject.Properties.aadProfile,"clientAppID") -and [Helpers]::CheckMember($this.ResourceObject.Properties.aadProfile,"serverAppID") -and [Helpers]::CheckMember($this.ResourceObject.Properties.aadProfile,"tenantID")) { $controlResult.AddMessage([VerificationResult]::Passed, [MessageData]::new("AAD profile configuration details", $this.ResourceObject.Properties.aadProfile)); } else { $controlResult.VerificationResult = [VerificationResult]::Failed } } return $controlResult; } hidden [controlresult[]] CheckKubernetesVersion([controlresult] $controlresult) { if(([Helpers]::CheckMember($this.ResourceObject,"Properties")) -and [Helpers]::CheckMember($this.ResourceObject.Properties,"kubernetesVersion")) { $resourceKubernetVersion = [System.Version] $this.ResourceObject.Properties.kubernetesVersion $requiredKubernetsVersion = [System.Version] $this.ControlSettings.KubernetesService.kubernetesVersion if($resourceKubernetVersion -lt $requiredKubernetsVersion) { $controlResult.VerificationResult = [VerificationResult]::Failed } else { $controlResult.VerificationResult = [VerificationResult]::Passed } } return $controlResult; } } |