Framework/Listeners/UserReports/WriteDetailedLog.ps1

Set-StrictMode -Version Latest 
class WriteDetailedLog: FileOutputBase
{
    hidden static [WriteDetailedLog] $Instance = $null;
    hidden [bool] $ControlExclusionByOrgPolicyEnabled = $false
    static [WriteDetailedLog] GetInstance()
    {
        if ( $null -eq  [WriteDetailedLog]::Instance)
        {
            [WriteDetailedLog]::Instance = [WriteDetailedLog]::new();
        }
    
        return [WriteDetailedLog]::Instance
    }

    [void] RegisterEvents()
    {
        $this.UnregisterEvents();       

        $this.RegisterEvent([AzSKRootEvent]::GenerateRunIdentifier, {
            $currentInstance = [WriteDetailedLog]::GetInstance();
            try 
            {
                $currentInstance.SetRunIdentifier([AzSKRootEventArgument] ($Event.SourceArgs | Select-Object -First 1));                         
            }
            catch 
            {
                $currentInstance.PublishException($_);
            }
        });

        $this.RegisterEvent([SVTEvent]::EvaluationStarted, {
            $currentInstance = [WriteDetailedLog]::GetInstance();
            try 
            {
                $subscriptionId = $Event.SourceArgs[0].SubscriptionContext.SubscriptionId
                $currentInstance.ControlExclusionByOrgPolicyEnabled = [FeatureFlightingManager]::GetFeatureStatus("EnableControlExclusionByOrgPolicy",$subscriptionId)
                if($Event.SourceArgs.IsResource())
                {
                    $currentInstance.SetFilePath($Event.SourceArgs.SubscriptionContext, $Event.SourceArgs.ResourceContext.ResourceGroupName, ($Event.SourceArgs.FeatureName + ".LOG"));            
                    $startHeading = ([Constants]::ModuleStartHeading -f $Event.SourceArgs.FeatureName, $Event.SourceArgs.ResourceContext.ResourceGroupName, $Event.SourceArgs.ResourceContext.ResourceName);
                }
                else
                {
                    $currentInstance.SetFilePath($Event.SourceArgs.SubscriptionContext, $Event.SourceArgs.SubscriptionContext.SubscriptionName, ($Event.SourceArgs.FeatureName + ".LOG"));            
                    $startHeading = ([Constants]::ModuleStartHeadingSub -f $Event.SourceArgs.FeatureName, $Event.SourceArgs.SubscriptionContext.SubscriptionName, $Event.SourceArgs.SubscriptionContext.SubscriptionId);
                }
                $currentInstance.AddOutputLog($startHeading);
            }
            catch 
            {
                $currentInstance.PublishException($_);
            }
        });
        
        $this.RegisterEvent([SVTEvent]::EvaluationCompleted, {
            $currentInstance = [WriteDetailedLog]::GetInstance();
            try 
            {
                $currentInstance.ControlExclusionByOrgPolicyEnabled = $false
                $props = $Event.SourceArgs[0];
                if($props)
                {
                    if($props.IsResource())
                    {
                        $currentInstance.AddOutputLog(([Constants]::CompletedAnalysis  -f $props.FeatureName, $props.ResourceContext.ResourceGroupName, $props.ResourceContext.ResourceName));
                    }
                    else
                    {
                        $currentInstance.AddOutputLog(([Constants]::CompletedAnalysisSub  -f $props.FeatureName, $props.SubscriptionContext.SubscriptionName, $props.SubscriptionContext.SubscriptionId));
                    }
                }
                else
                {
                    $currentInstance.AddOutputLog([Constants]::SingleDashLine + "`r`nNo detailed data found.`r`n" + [Constants]::DoubleDashLine);
                }
                $currentInstance.AddOutputLog([Constants]::HashLine);
            
                $currentInstance.FilePath = "";
            }
            catch 
            {
                $currentInstance.PublishException($_);
            }
        });

        $this.RegisterEvent([SVTEvent]::ControlStarted, {
            $currentInstance = [WriteDetailedLog]::GetInstance();
            try 
            {
                $isCurrControlExcludedByOrgPolicy = $Event.SourceArgs[0].ControlItem.IsControlExcluded;
                if(-not ($currentInstance.ControlExclusionByOrgPolicyEnabled -and $isCurrControlExcludedByOrgPolicy)){
                    $currentInstance.AddOutputLog([Constants]::DoubleDashLine);
                    $currentInstance.AddOutputLog("[$($Event.SourceArgs.ControlItem.ControlID)]: $($Event.SourceArgs.ControlItem.Description)");
                    $currentInstance.AddOutputLog([Constants]::SingleDashLine);
                    if($Event.SourceArgs.IsResource())
                    {
                        $currentInstance.AddOutputLog(("Checking: [{0}]-[$($Event.SourceArgs.ControlItem.Description)] for resource [{1}]" -f 
                                $Event.SourceArgs.FeatureName, 
                                $Event.SourceArgs.ResourceContext.ResourceName), 
                            $true);  
                    }
                    else
                    {
                        $currentInstance.AddOutputLog(("Checking: [{0}]-[$($Event.SourceArgs.ControlItem.Description)] for subscription [{1}]" -f 
                            $Event.SourceArgs.FeatureName, 
                            $Event.SourceArgs.SubscriptionContext.SubscriptionName), 
                        $true);  
                    }
                }else{
                    # For controls excluded by org policy don't add details to detailed log file
                }
                
            }
            catch 
            {
                $currentInstance.PublishException($_);
            }
        });


        $this.RegisterEvent([SVTEvent]::ControlCompleted, {
            $currentInstance = [WriteDetailedLog]::GetInstance();     
            try 
            {
                $isCurrControlExcludedByOrgPolicy = $Event.SourceArgs[0].ControlItem.IsControlExcluded;
                if(-not ($currentInstance.ControlExclusionByOrgPolicyEnabled -and $isCurrControlExcludedByOrgPolicy)){
                    $currentInstance.WriteControlResult([SVTEventContext] ($Event.SourceArgs | Select-Object -First 1 ));
                    $currentInstance.AddOutputLog(([Constants]::DoubleDashLine + " `r`n"));
                }else{
                    # For controls excluded by org policy don't add details to detailed log file
                }
            }
            catch 
            {
                $currentInstance.PublishException($_);
            }
        });

        $this.RegisterEvent([AzSKRootEvent]::CommandProcessing, {
            $currentInstance = [WriteDetailedLog]::GetInstance();
            try 
            {
                if($Event.SourceArgs.Messages)
                {
                    $currentInstance.SetFilePath($Event.SourceArgs.SubscriptionContext, $Event.SourceArgs.SubscriptionContext.SubscriptionName, "Detailed.LOG");
                    $Event.SourceArgs.Messages | ForEach-Object {
                        $currentInstance.AddOutputLog($_);
                    }
                }
            }
            catch 
            {
                $currentInstance.PublishException($_);
            }
        });

        $this.RegisterEvent([AzSKRootEvent]::CommandCompleted, {
            $currentInstance = [WriteDetailedLog]::GetInstance();
            try 
            {
                if($Event.SourceArgs.Messages)
                {
                    $currentInstance.SetFilePath($Event.SourceArgs.SubscriptionContext, $Event.SourceArgs.SubscriptionContext.SubscriptionName, "Detailed.LOG");
                    $Event.SourceArgs.Messages | ForEach-Object {
                        $currentInstance.AddOutputLog($_);
                    }
                }
                $currentInstance.FilePath = "";
            }
            catch 
            {
                $currentInstance.PublishException($_);
            }
        });
    }

    hidden [void] AddOutputLog([string] $message, [bool] $includeTimeStamp)   
    {
        if([string]::IsNullOrEmpty($message) -or [string]::IsNullOrEmpty($this.FilePath))
        {
            return;
        }
             
        if($includeTimeStamp)
        {
            $message = (Get-Date -format "MM\/dd\/yyyy HH:mm:ss") + "-" + $message
        }

        Add-Content -Value $message -Path $this.FilePath        
    } 

    hidden [void] AddOutputLog([string] $message)   
    {
       $this.AddOutputLog($message, $false);  
    } 

    hidden [void] AddOutputLog([MessageData] $messageData)
    {
        if($messageData)
        {
            if (-not [string]::IsNullOrEmpty($messageData.Message)) 
            {
                $this.AddOutputLog($messageData.Message);
                #$this.AddOutputLog("`r`n" + $messageData.Message);
            }
            
            if ($messageData.DataObject) {
                if (-not [string]::IsNullOrEmpty($messageData.Message)) 
                {
                    #$this.AddOutputLog("`r`n");
                }
                $this.AddOutputLog([Helpers]::ConvertObjectToString($messageData.DataObject, $false));                    
            }
            
        }
    }

    hidden [void] WriteControlResult([SVTEventContext] $eventContext)
    {
        if($eventContext.ControlResults -and $eventContext.ControlResults.Count -ne 0)
        {
            $controlDesc = $eventContext.ControlItem.Description;
            $eventContext.ControlResults | Foreach-Object {
                if(-not [string]::IsNullOrWhiteSpace($_.ChildResourceName))
                {
                    $this.AddOutputLog("`r`n"+([Constants]::SingleDashLine));
                    $this.AddOutputLog(("Checking: [{0}]-[$controlDesc] for resource [{1}]" -f 
                             $eventContext.FeatureName, 
                             $_.ChildResourceName), 
                        $true);
                }            

                $_.Messages | ForEach-Object {
                    $this.AddOutputLog($_);
                }

                # Add attestation data to log
                if($_.StateManagement -and $_.StateManagement.AttestedStateData)
                {
                    $this.AddOutputLog([Constants]::SingleDashLine);                    

                    $stateObject = $_.StateManagement.AttestedStateData;
                    $this.AddOutputLog("Justification: $($stateObject.Justification)");
                    $this.AddOutputLog("Attested by: [$($stateObject.AttestedBy)] on [$($stateObject.AttestedDate)]");
                    if($_.AttestationStatus -eq [AttestationStatus]::None)
                    {
                        $this.AddOutputLog("**State drift occurred**: The attested state doesn't match with the current state. Attestation status has been reset.");
                        if(-not [string]::IsNullOrWhiteSpace($stateObject.Message))
                        {
                            $this.AddOutputLog($stateObject.Message);
                        }

                        if ($stateObject.DataObject) 
                        {                            
                            $this.AddOutputLog("Attestation Data");
                            $this.AddOutputLog([Helpers]::ConvertObjectToString($stateObject.DataObject, $false));                    
                        }
                    }
                    else
                    {
                        $this.AddOutputLog("Attestation status: [$($_.AttestationStatus)]");
                    }
                    if($_.VerificationResult -eq [VerificationResult]::NotScanned)
                    {
                        if($stateObject.DataObject)
                        {
                            $this.AddOutputLog("Attestation Data");
                            $this.AddOutputLog("Attested Data:"+[Helpers]::ConvertObjectToString($stateObject.DataObject, $false));              
                        }
                        else
                        {
                            $this.AddOutputLog("Attested Data: None");    
                        }
                        if(![string]::IsNullOrWhiteSpace($stateObject.ExpiryDate))
                        {
                            $this.AddOutputLog("Attestation expiry date: [$($stateObject.ExpiryDate)]");
                        }
                    }
                }

                #$this.AddOutputLog("`r`n");
                if($_.VerificationResult -ne [VerificationResult]::NotScanned)
                {
                    $this.AddOutputLog([Constants]::SingleDashLine);

                    if($eventContext.IsResource())
                    {
                        $resourceName = $eventContext.ResourceContext.ResourceName;
                        if(-not [string]::IsNullOrWhiteSpace($_.ChildResourceName))
                        {
                            $resourceName = $_.ChildResourceName;
                        }

                        $this.AddOutputLog(("**{3}**: [{0}]-[{2}] for resource: [{1}]" -f 
                                $eventContext.FeatureName, 
                                $resourceName, 
                                $eventContext.ControlItem.Description, 
                                $_.VerificationResult.ToString()));      
                    }
                    else
                    {        
                        $this.AddOutputLog(("**{3}**: [{0}]-[{2}] for subscription: [{1}]" -f 
                                $eventContext.FeatureName, 
                                $eventContext.SubscriptionContext.SubscriptionName, 
                                $eventContext.ControlItem.Description, 
                                $_.VerificationResult.ToString()));    
                    }
                }
            }
        }
        else
        {
            #$this.AddOutputLog("`r`n");
            $this.AddOutputLog([Constants]::SingleDashLine);
            $this.AddOutputLog(("**Disabled**: [{0}]-[{1}]" -f 
                        $eventContext.FeatureName, 
                        $eventContext.ControlItem.Description));
        }      

        $this.AddOutputLog([Constants]::SingleDashLine);
    } 
}