InClusterCA/ContinuousAssuranceForClustersRoot.ps1
function Get-AzSKContinuousAssuranceForCluster { Param( [string] [ValidateSet("HDInsight", "Databricks", "Kubernetes")] [Parameter(Mandatory = $true, HelpMessage="Friendly name of resource type. e.g.: Kubernetes,HDInight")] [Alias("rt")] $ResourceType, [string] [Alias("sid","HostSubscriptionId","hsid","s")] [Parameter(Mandatory = $true, HelpMessage="Subscription Id of the cluster for which AzSK Continuous Assurance will be installed.")] $SubscriptionId, [string] [Alias("wsn")] $WorkspaceName, [string] [Alias("cn","ResourceName")] [Parameter(Mandatory = $false, HelpMessage="Resource Name of the cluster for which AzSK Continuous Assurance will be installed.")] $ClusterName, [string] [Alias("rgn")] [Parameter(Mandatory = $true, HelpMessage="ResourceGroup Name of the cluster for which AzSK Continuous Assurance will be installed.")] $ResourceGroupName ) Begin{ [CommandHelper]::BeginCommand($MyInvocation); [ListenerHelper]::RegisterListeners(); } Process { try { if ($ResourceType -eq "Databricks") { [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12; $ResourceContext = [DatabricksClusterCA]::GetParameters($SubscriptionId, $WorkspaceName, $ResourceGroupName) $CAInstance = [DatabricksClusterCA]::new($ResourceContext, $MyInvocation) $CAInstance.InvokeFunction($CAInstance.GetCA) } elseif($ResourceType -eq "HDInsight") { $ResourceContext = [HDInsightClusterCA]::GetParameters($SubscriptionId, $ClusterName, $ResourceGroupName) $CAInstance = [HDInsightClusterCA]::new($ResourceContext, $MyInvocation) $CAInstance.InvokeFunction($CAInstance.GetCA) } elseif($ResourceType -eq "Kubernetes") { $CAInstance = [KubernetesClusterCA]::new($SubscriptionId, $ResourceGroupName, $ClusterName, $MyInvocation); if ($CAInstance) { return $CAInstance.InvokeFunction($CAInstance.GetKubernetesContinuousAssurance); } } } catch { [EventBase]::PublishGenericException($_); } } End { [ListenerHelper]::UnregisterListeners(); } } function Install-AzSKContinuousAssuranceForCluster{ Param( [string] [ValidateSet("HDInsight", "Databricks", "Kubernetes")] [Parameter(Mandatory = $true, HelpMessage="Friendly name of resource type. e.g.: Kubernetes,HDInight")] [Alias("rt")] $ResourceType, [string] [Alias("sid","HostSubscriptionId","hsid","s")] [Parameter(Mandatory = $true, HelpMessage="Subscription Id of the cluster for which AzSK Continuous Assurance will be installed.")] $SubscriptionId, [string] [Alias("wsn")] $WorkspaceName, [string] [Alias("cn","ResourceName")] [Parameter(Mandatory = $false, HelpMessage="Resource Name of the cluster for which AzSK Continuous Assurance will be installed.")] $ClusterName, [string] [Alias("rgn")] [Parameter(Mandatory = $true, HelpMessage="ResourceGroup Name of the cluster for which AzSK Continuous Assurance will be installed.")] $ResourceGroupName, [string] [Alias("aik")] [Parameter(Mandatory = $false, HelpMessage= "Instrumention key of Application Insight where security scan results will be populated.")] [ValidateNotNullOrEmpty()] $InstrumentationKey, [string] [Alias("lawsid")] $LAWorkspaceId, [string] [Alias("lasec")] $LASharedSecret ) Begin{ [CommandHelper]::BeginCommand($MyInvocation); [ListenerHelper]::RegisterListeners(); } Process { try { if ($ResourceType -eq "Databricks") { [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12; $ResourceContext = [DatabricksClusterCA]::GetParameters($SubscriptionId, $WorkspaceName, $ResourceGroupName) $ResourceContext.InstrumentationKey = $InstrumentationKey $ResourceContext.LAWorkspaceId = $LAWorkspaceId $ResourceContext.LASharedSecret = $LASharedSecret $CAInstance = [DatabricksClusterCA]::new($ResourceContext, $MyInvocation) $CAInstance.InvokeFunction($CAInstance.InstallCA) } elseif ($Resourcetype -eq "HDInsight") { $ResourceContext = [HDInsightClusterCA]::GetParameters($SubscriptionId, $ClusterName, $ResourceGroupName) $ResourceContext.InstrumentationKey = $InstrumentationKey $CAInstance = [HDInsightClusterCA]::new($ResourceContext, $MyInvocation) $CAInstance.InvokeFunction($CAInstance.InstallCA) } elseif($ResourceType -eq "Kubernetes") { $CAInstance = [KubernetesClusterCA]::new($SubscriptionId, $ResourceGroupName, $ClusterName, $MyInvocation); if ($CAInstance) { return $CAInstance.InvokeFunction($CAInstance.InstallKubernetesContinuousAssurance,@($LAWorkspaceId, $LASharedSecret)); } } } catch { [EventBase]::PublishGenericException($_); } } End { [ListenerHelper]::UnregisterListeners(); } } function Update-AzSKContinuousAssuranceForCluster{ Param( [string] [ValidateSet("HDInsight", "Databricks", "Kubernetes")] [Parameter(Mandatory = $true, HelpMessage="Friendly name of resource type. e.g.: Kubernetes,HDInight")] [Alias("rt")] $ResourceType, [string] [Alias("sid","HostSubscriptionId","hsid","s")] [Parameter(Mandatory = $true, HelpMessage="Subscription Id of the cluster for which AzSK Continuous Assurance will be installed.")] $SubscriptionId, [string] [Alias("wsn")] $WorkspaceName, [string] [Alias("cn","ResourceName")] [Parameter(Mandatory = $false, HelpMessage="Resource Name of the cluster for which AzSK Continuous Assurance will be installed.")] $ClusterName, [string] [Alias("rgn")] [Parameter(Mandatory = $true, HelpMessage="ResourceGroup Name of the cluster for which AzSK Continuous Assurance will be installed.")] $ResourceGroupName, [string] [Alias("npat")] $NewPersonalAccessToken, [string] [Alias("naik")] [Parameter(Mandatory = $false, HelpMessage= "Instrumention key of Application Insight where security scan results will be populated.")] [ValidateNotNullOrEmpty()] $NewAppInsightKey, [string] [Alias("nsed")] $NewSchedule, [string] [Alias("lawsid")] $NewLAWorkspaceId, [string] [Alias("lasec")] $NewLASharedSecret, [Parameter(Mandatory = $false, HelpMessage = "Use this switch to fix CA runtime account in case of any issue with service account/role etc.")] [switch] [Alias("fra")] $FixRuntimeAccount, [Parameter(Mandatory = $false, HelpMessage = "This provides the capability to users to decide how manys previous job logs to be reatined in cluster.")] [int] [Alias("lo")] $LogRetentionInDays, [Parameter(Mandatory = $false, HelpMessage= "This provides the capability to users to run specific version of image.")] [ValidateNotNullOrEmpty()] [string] [Alias("siv")] $SpecificImageVersion, [Parameter(Mandatory = $false, HelpMessage= "Overrides the default scan interval (24hrs) with the custom provided value")] [int] [Alias("si")] $ScanIntervalInHours ) Begin{ [CommandHelper]::BeginCommand($MyInvocation); [ListenerHelper]::RegisterListeners(); } Process { try { if ($ResourceType -eq "Databricks") { [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12; $ResourceContext = [DatabricksClusterCA]::GetParameters($SubscriptionId, $WorkspaceName, $ResourceGroupName) $CAInstance = [DatabricksClusterCA]::new($ResourceContext, $MyInvocation) $CAInstance.InvokeFunction($CAInstance.UpdateCA, @($NewPersonalAccessToken, $NewAppInsightKey, $NewSchedule)) } elseif ($Resourcetype -eq "HDInsight") { $ResourceContext = [HDInsightClusterCA]::GetParameters($SubscriptionId, $ClusterName, $ResourceGroupName) $ResourceContext.InstrumentationKey = $NewAppInsightKey $ResourceContext.LAWorkspaceId = $NewLAWorkspaceId $ResourceContext.LASharedSecret = $NewLASharedSecret $CAInstance = [HDInsightClusterCA]::new($ResourceContext, $MyInvocation) $CAInstance.InvokeFunction($CAInstance.UpdateCA) } elseif($ResourceType -eq "Kubernetes") { $CAInstance = [KubernetesClusterCA]::new($SubscriptionId, $ResourceGroupName, $ClusterName, $MyInvocation); if ($CAInstance) { return $CAInstance.InvokeFunction($CAInstance.UpdateKubernetesContinuousAssurance,@($NewAppInsightKey, $NewLAWorkspaceId, $NewLASharedSecret, $FixRuntimeAccount,$LogRetentionInDays,$ScanIntervalInHours, $SpecificImageVersion)); } } } catch { [EventBase]::PublishGenericException($_); } } End { [ListenerHelper]::UnregisterListeners(); } } function Remove-AzSKContinuousAssuranceForCluster { Param( [string] [ValidateSet("HDInsight", "Databricks", "Kubernetes")] [Parameter(Mandatory = $true, HelpMessage="Friendly name of resource type. e.g.: Kubernetes,HDInight")] [Alias("rt")] $ResourceType, [string] [Alias("sid","HostSubscriptionId","hsid","s")] [Parameter(Mandatory = $true, HelpMessage="Subscription Id of the cluster for which AzSK Continuous Assurance will be installed.")] $SubscriptionId, [string] [Alias("wsn")] $WorkspaceName, [string] [Alias("cn","ResourceName")] [Parameter(Mandatory = $false, HelpMessage="Resource Name of the cluster for which AzSK Continuous Assurance will be installed.")] $ClusterName, [string] [Alias("rgn")] [Parameter(Mandatory = $true, HelpMessage="ResourceGroup Name of the cluster for which AzSK Continuous Assurance will be installed.")] $ResourceGroupName, [ValidateSet("Yes","No")] [Parameter(Mandatory = $false, HelpMessage="This provides the capability to download all previous job logs to local before removing AzSK Continuous Assurance from cluster.")] [Alias("djl")] $DownloadJobLogs, [switch] $Force, [switch] $RemoveLogs ) Begin{ [CommandHelper]::BeginCommand($MyInvocation); [ListenerHelper]::RegisterListeners(); } Process { try { if ($ResourceType -eq "Databricks") { [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12; $ResourceContext = [DatabricksClusterCA]::GetParameters($SubscriptionId, $WorkspaceName, $ResourceGroupName) $ResourceContext.RemoveLogs = $RemoveLogs $CAInstance = [DatabricksClusterCA]::new($ResourceContext, $MyInvocation) $CAInstance.InvokeFunction($CAInstance.RemoveCA) } elseif ($ResourceType -eq "HDInsight") { $ResourceContext = [HDInsightClusterCA]::GetParameters($SubscriptionId, $ClusterName, $ResourceGroupName) $ResourceContext.RemoveLogs = $RemoveLogs $CAInstance = [HDInsightClusterCA]::new($ResourceContext, $MyInvocation) $CAInstance.InvokeFunction($CAInstance.RemoveCA) } elseif($ResourceType -eq "Kubernetes") { $CAInstance = [KubernetesClusterCA]::new($SubscriptionId, $ResourceGroupName, $ClusterName, $MyInvocation); if ($CAInstance) { return $CAInstance.InvokeFunction($CAInstance.RemoveKubernetesContinuousAssurance,@($DownloadJobLogs, $Force)); } } } catch { [EventBase]::PublishGenericException($_); } } End { [ListenerHelper]::UnregisterListeners(); } } |