PSRule.Rules.Azure.psm1
|
# Copyright (c) Microsoft Corporation. # Licensed under the MIT License. # # PSRule.Rules.Azure module # Set-StrictMode -Version latest; [PSRule.Rules.Azure.Configuration.PSRuleOption]::UseExecutionContext($ExecutionContext); # # Localization # # # Public functions # #region Public functions # .ExternalHelp PSRule.Rules.Azure-help.xml function Export-AzRuleData { [CmdletBinding(SupportsShouldProcess = $True, DefaultParameterSetName = 'Default')] [OutputType([System.IO.FileInfo])] [OutputType([PSObject])] param ( [Parameter(Position = 0, Mandatory = $False)] [String]$OutputPath = $PWD, # Filter by Subscription name or id [Parameter(Mandatory = $False, ParameterSetName = 'Default')] [String[]]$Subscription = $Null, # Filter by Tenant id [Parameter(Mandatory = $False, ParameterSetName = 'Default')] [String[]]$Tenant = $Null, # Filter by Resource Group name [Parameter(Mandatory = $False)] [String[]]$ResourceGroupName = $Null, # Filter by Tag [Parameter(Mandatory = $False)] [Hashtable]$Tag, [Parameter(Mandatory = $False)] [Switch]$PassThru = $False, [Parameter(Mandatory = $False, ParameterSetName = 'All')] [Switch]$All = $False ) begin { Write-Verbose -Message "[Export-AzRuleData] BEGIN::"; } process { # Get subscriptions $context = FindAzureContext -Subscription $Subscription -Tenant $Tenant -All:$All -Verbose:$VerbosePreference; if ($Null -eq $context) { return; } if (!(Test-Path -Path $OutputPath)) { if ($PSCmdlet.ShouldProcess('Create output directory', $OutputPath)) { $Null = New-Item -Path $OutputPath -ItemType Directory -Force; } } $getParams = @{ }; $filterParams = @{ }; if ($PSBoundParameters.ContainsKey('Tag')) { $getParams['Tag'] = $Tag; } if ($PSBoundParameters.ContainsKey('ResourceGroupName')) { $getParams['ResourceGroupName'] = $ResourceGroupName; $filterParams['ResourceGroupName'] = $ResourceGroupName; } foreach ($c in $context) { Write-Verbose -Message "[Export] -- Using subscription: $($c.Subscription.Name)"; $filePath = Join-Path -Path $OutputPath -ChildPath "$($c.Subscription.Id).json"; GetAzureResource @getParams -Context $c -Verbose:$VerbosePreference ` | FilterAzureResource @filterParams -Verbose:$VerbosePreference ` | ExportAzureResource -Path $filePath -PassThru $PassThru -Verbose:$VerbosePreference; } } end { Write-Verbose -Message "[Export-AzRuleData] END::"; } } # .ExternalHelp PSRule.Rules.Azure-help.xml function Export-AzRuleTemplateData { [CmdletBinding()] [OutputType([System.IO.FileInfo])] [OutputType([PSObject])] param ( [Parameter(Position = 0, Mandatory = $False)] [String]$Name, [Parameter(Mandatory = $True, ValueFromPipelineByPropertyName = $True)] [String]$TemplateFile, [Parameter(Mandatory = $False, ValueFromPipelineByPropertyName = $True)] [Alias('TemplateParameterFile')] [String[]]$ParameterFile, [Parameter(Mandatory = $False)] [Alias('ResourceGroupName')] [PSRule.Rules.Azure.Configuration.ResourceGroupReference]$ResourceGroup, [Parameter(Mandatory = $False)] [PSRule.Rules.Azure.Configuration.SubscriptionReference]$Subscription, [Parameter(Mandatory = $False)] [String]$OutputPath = $PWD, [Parameter(Mandatory = $False)] [Switch]$PassThru = $False ) begin { Write-Verbose -Message '[Export-AzRuleTemplateData] BEGIN::'; if ($MyInvocation.InvocationName -eq 'Export-AzTemplateRuleData') { Write-Warning -Message "The cmdlet 'Export-AzTemplateRuleData' is has been renamed to 'Export-AzRuleTemplateData'. Use of 'Export-AzTemplateRuleData' is deprecated and will be removed in the next major version." } $Option = [PSRule.Rules.Azure.Configuration.PSRuleOption]::FromFileOrDefault($PWD); $Option.Output.Path = $OutputPath; # Build the pipeline $builder = [PSRule.Rules.Azure.Pipeline.PipelineBuilder]::Template($Option); $builder.Deployment($Name); $builder.PassThru($PassThru); # Bind to subscription context if ($PSBoundParameters.ContainsKey('Subscription')) { $subscriptionOption = GetSubscription -InputObject $Subscription -ErrorAction SilentlyContinue; if ($Null -ne $subscriptionOption) { $builder.Subscription($subscriptionOption); } } # Bind to resource group if ($PSBoundParameters.ContainsKey('ResourceGroup')) { $resourceGroupOption = GetResourceGroup -InputObject $ResourceGroup -ErrorAction SilentlyContinue; if ($Null -ne $resourceGroupOption) { $builder.ResourceGroup($resourceGroupOption); } } $builder.UseCommandRuntime($PSCmdlet); $builder.UseExecutionContext($ExecutionContext); try { $pipeline = $builder.Build(); $pipeline.Begin(); } catch { $pipeline.Dispose(); } } process { if ($Null -ne (Get-Variable -Name pipeline -ErrorAction SilentlyContinue)) { try { $source = [PSRule.Rules.Azure.Pipeline.TemplateSource]::new($TemplateFile, $ParameterFile); $pipeline.Process($source); } catch { $pipeline.Dispose(); throw; } } } end { if ($Null -ne (Get-Variable -Name pipeline -ErrorAction SilentlyContinue)) { try { $pipeline.End(); } finally { $pipeline.Dispose(); } } Write-Verbose -Message '[Export-AzRuleTemplateData] END::'; } } # .ExternalHelp PSRule.Rules.Azure-help.xml function Get-AzRuleTemplateLink { [CmdletBinding()] [OutputType([PSRule.Rules.Azure.Data.Metadata.ITemplateLink])] param ( [Parameter(Position = 1, Mandatory = $False, ValueFromPipelineByPropertyName = $True)] [Alias('f', 'TemplateParameterFile', 'FullName')] [SupportsWildcards()] [String[]]$InputPath = '*.parameters.json', [Parameter(Mandatory = $False)] [Switch]$SkipUnlinked, [Parameter(Position = 0, Mandatory = $False)] [Alias('p')] [String]$Path = $PWD ) begin { Write-Verbose -Message '[Get-AzRuleTemplateLink] BEGIN::'; # Build the pipeline $builder = [PSRule.Rules.Azure.Pipeline.PipelineBuilder]::TemplateLink($Path); $builder.SkipUnlinked($SkipUnlinked); $builder.UseCommandRuntime($PSCmdlet); $builder.UseExecutionContext($ExecutionContext); $pipeline = $builder.Build(); if ($Null -ne (Get-Variable -Name pipeline -ErrorAction SilentlyContinue)) { try { $pipeline.Begin(); } catch { $pipeline.Dispose(); throw; } } } process { if ($Null -ne (Get-Variable -Name pipeline -ErrorAction SilentlyContinue)) { try { foreach ($p in $InputPath) { $pipeline.Process($p); } } catch { $pipeline.Dispose(); throw; } } } end { if ($Null -ne (Get-Variable -Name pipeline -ErrorAction SilentlyContinue)) { try { $pipeline.End(); } finally { $pipeline.Dispose(); } } Write-Verbose -Message '[Get-AzRuleTemplateLink] END::'; } } function Export-AzPolicyAssignmentData { [CmdletBinding(SupportsShouldProcess = $True, DefaultParameterSetName = 'Default')] [OutputType([System.IO.FileInfo])] [OutputType([PSObject])] param ( # Name of policy assignment [Parameter(ParameterSetName = 'Name', Mandatory = $False)] [String]$Name, # Fully qualified resource ID of policy assignment [Parameter(ParameterSetName = 'Id', Mandatory = $True)] [Alias('AssignmentId')] [String]$Id, # Specifies assignment policy scope [Parameter(ParameterSetName = 'Name', Mandatory = $False)] [Parameter(ParameterSetName = 'IncludeDescendent', Mandatory = $False)] [String]$Scope, # Specifies the policy definition ID of the policy assignment [Parameter(ParameterSetName = 'Name', Mandatory = $False)] [Parameter(ParameterSetName = 'Id', Mandatory = $False)] [String]$PolicyDefinitionId, # Include all assignments related to given scope [Parameter(ParameterSetName = 'IncludeDescendent', Mandatory = $True)] [Switch]$IncludeDescendent = $False, [Parameter(Mandatory = $False)] [String]$OutputPath = $PWD, [Parameter(Mandatory = $False)] [Switch]$PassThru = $False ) begin { Write-Verbose -Message '[Export-AzPolicyAssignmentData] BEGIN::'; } process { $context = GetAzureContext -ErrorAction SilentlyContinue if ($Null -eq $context) { Write-Error -Message 'Could not find an existing context. Use Connect-AzAccount to establish a PowerShell context with Azure.'; return; } if (!(Test-Path -Path $OutputPath)) { if ($PSCmdlet.ShouldProcess('Create output directory', $OutputPath)) { $Null = New-Item -Path $OutputPath -ItemType Directory -Force; } } $getParams = @{ }; Write-Verbose -Message "Parameter Set: $($PSCmdlet.ParameterSetName)"; if ($PSCmdlet.ParameterSetName -eq 'Name') { if ($PSBoundParameters.ContainsKey('Name')) { $getParams['Name'] = $Name; } if ($PSBoundParameters.ContainsKey('PolicyDefinitionId')) { $getParams['PolicyDefinitionId'] = $PolicyDefinitionId; } if ($PSBoundParameters.ContainsKey('Scope')) { $getParams['Scope'] = $Scope; } else { $getParams['Scope'] = GetDefaultSubscriptionScope -Context $context } Write-Verbose -Message "Scope: $($getParams['Scope'])"; } elseif ($PSCmdlet.ParameterSetName -eq 'Id') { $getParams['Id'] = $Id; if ($PSBoundParameters.ContainsKey('PolicyDefinitionId')) { $getParams['PolicyDefinitionId'] = $PolicyDefinitionId; } } elseif ($PSCmdlet.ParameterSetName -eq 'IncludeDescendent') { $getParams['IncludeDescendent'] = $IncludeDescendent; if ($PSBoundParameters.ContainsKey('Scope')) { $getParams['Scope'] = $Scope; } else { $getParams['Scope'] = GetDefaultSubscriptionScope -Context $context } } Write-Verbose -Message "[Export] -- Using subscription: $($context.Subscription.Name)"; $filePath = Join-Path -Path $OutputPath -ChildPath "$($context.Subscription.Id).assignment.json"; Get-AzPolicyAssignment @getParams -Verbose:$VerbosePreference ` | ExpandPolicyAssignment -Context $context -Verbose:$VerbosePreference ` | ExportAzureResource -Path $filePath -PassThru $PassThru -Verbose:$VerbosePreference; } end { Write-Verbose -Message "[Export-AzPolicyAssignmentData] END::"; } } function Export-AzPolicyAssignmentRuleData { [CmdletBinding(DefaultParameterSetName = 'Default')] [OutputType([System.IO.FileInfo])] [OutputType([PSObject])] param ( # Name of Policy assignment [Parameter(Mandatory = $False)] [String]$Name, # Assignment file path [Parameter(Mandatory = $True, ValueFromPipelineByPropertyName = $True)] [String]$AssignmentFile, [Parameter(Mandatory = $False)] [Alias('ResourceGroupName')] [PSRule.Rules.Azure.Configuration.ResourceGroupReference]$ResourceGroup, [Parameter(Mandatory = $False)] [PSRule.Rules.Azure.Configuration.SubscriptionReference]$Subscription, [Parameter(Mandatory = $False)] [String]$OutputPath = $PWD, [Parameter(Mandatory = $False)] [Switch]$PassThru = $False ) begin { Write-Verbose -Message '[Export-AzPolicyAssignmentRuleData] BEGIN::'; $option = [PSRule.Rules.Azure.Configuration.PSRuleOption]::FromFileOrDefault($PWD); $option.Output.Path = $OutputPath; # Build the pipeline $builder = [PSRule.Rules.Azure.Pipeline.PipelineBuilder]::Assignment($option); $builder.Assignment($Name); $builder.PassThru($PassThru); # Bind to subscription context if ($PSBoundParameters.ContainsKey('Subscription')) { $subscriptionOption = GetSubscription -InputObject $Subscription -ErrorAction SilentlyContinue; if ($Null -ne $subscriptionOption) { $builder.Subscription($subscriptionOption); } } # Bind to resource group if ($PSBoundParameters.ContainsKey('ResourceGroup')) { $resourceGroupOption = GetResourceGroup -InputObject $ResourceGroup -ErrorAction SilentlyContinue; if ($Null -ne $resourceGroupOption) { $builder.ResourceGroup($resourceGroupOption); } } $builder.UseCommandRuntime($PSCmdlet); $builder.UseExecutionContext($ExecutionContext); try { $pipeline = $builder.Build(); $pipeline.Begin(); } catch { $pipeline.Dispose(); } } process { if ($Null -ne (Get-Variable -Name pipeline -ErrorAction SilentlyContinue)) { try { $source = [PSRule.Rules.Azure.Pipeline.PolicyAssignmentSource]::new($AssignmentFile); $pipeline.Process($source); } catch { $pipeline.Dispose(); throw; } } } end { if ($Null -ne (Get-Variable -Name pipeline -ErrorAction SilentlyContinue)) { try { $pipeline.End(); } finally { $pipeline.Dispose(); } } Write-Verbose -Message '[Export-AzPolicyAssignmentRuleData] END::'; } } function Get-AzPolicyAssignmentDataSource { [CmdletBinding(DefaultParameterSetName = 'Default')] [OutputType([PSRule.Rules.Azure.Pipeline.PolicyAssignmentSource])] param ( [Parameter(Mandatory = $False, ValueFromPipelineByPropertyName = $True)] [Alias('f', 'AssignmentFile', 'FullName')] [SupportsWildcards()] [String[]]$InputPath = '*.assignment.json', [Parameter(Mandatory = $False)] [Alias('p')] [String]$Path = $PWD ) begin { Write-Verbose -Message '[Get-AzPolicyAssignmentDataSource] BEGIN::'; # Build the pipeline $builder = [PSRule.Rules.Azure.Pipeline.PipelineBuilder]::AssignmentSearch($Path); $builder.UseCommandRuntime($PSCmdlet); $builder.UseExecutionContext($ExecutionContext); $pipeline = $builder.Build(); if ($Null -ne (Get-Variable -Name pipeline -ErrorAction SilentlyContinue)) { try { $pipeline.Begin(); } catch { $pipeline.Dispose(); throw; } } } process { if ($Null -ne (Get-Variable -Name pipeline -ErrorAction SilentlyContinue)) { try { foreach ($p in $InputPath) { $pipeline.Process($p); } } catch { $pipeline.Dispose(); throw; } } } end { if ($Null -ne (Get-Variable -Name pipeline -ErrorAction SilentlyContinue)) { try { $pipeline.End(); } finally { $pipeline.Dispose(); } } Write-Verbose -Message '[Get-AzPolicyAssignmentDataSource] END::'; } } #endregion Public functions # # Helper functions # function GetDefaultSubscriptionScope { [CmdletBinding()] param ( [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { return [string]::Concat('/subscriptions/', $context.Subscription.Id); } } function GetResourceGroup { [CmdletBinding()] [OutputType([PSRule.Rules.Azure.Configuration.ResourceGroupOption])] param ( [Parameter(Mandatory = $True)] [PSRule.Rules.Azure.Configuration.ResourceGroupReference]$InputObject ) process { $result = $InputObject.ToResourceGroupOption(); if ($InputObject.FromName) { $o = Get-AzResourceGroup -Name $InputObject.Name -ErrorAction SilentlyContinue; if ($Null -ne $o) { $result.Name = $o.ResourceGroupName $result.Location = $o.Location $result.ManagedBy = $o.ManagedBy $result.Properties.ProvisioningState = $o.ProvisioningState $result.Tags = $o.Tags } } return $result; } } function GetSubscription { [CmdletBinding()] [OutputType([PSRule.Rules.Azure.Configuration.SubscriptionOption])] param ( [Parameter(Mandatory = $True)] [PSRule.Rules.Azure.Configuration.SubscriptionReference]$InputObject ) process { $result = $InputObject.ToSubscriptionOption(); if ($InputObject.FromName) { $o = (Set-AzContext -Subscription $InputObject.DisplayName -ErrorAction SilentlyContinue).Subscription; if ($Null -ne $o) { $result.DisplayName = $o.Name $result.SubscriptionId = $o.SubscriptionId $result.State = $o.State $result.TenantId = $o.TenantId } } return $result; } } function FindAzureContext { [CmdletBinding()] [OutputType([Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer[]])] param ( [Parameter(Mandatory = $False)] [String[]]$Subscription = $Null, [Parameter(Mandatory = $False)] [String[]]$Tenant = $Null, [Parameter(Mandatory = $False)] [System.Boolean]$All = $False ) process { $listAvailable = $False; if ($Null -ne $Subscription -or $Null -ne $Tenant -or $All) { $listAvailable = $True; } # Get subscription contexts $context = @(GetAzureContext -ListAvailable:$listAvailable); if ($Null -eq $context -and $context.Length -gt 0) { Write-Error -Message 'Could not find an existing context. Use Connect-AzAccount to establish a PowerShell context with Azure.'; return; } Write-Verbose "[Context] -- Found ($($context.Length)) subscription contexts"; $filteredContext = @($context | ForEach-Object -Process { if ( ($Null -eq $Tenant -or $Tenant.Length -eq 0 -or ($_.Tenant.Id -in $Tenant)) -and ($Null -eq $Subscription -or $Subscription.Length -eq 0 -or ($_.Subscription.Id -in $Subscription) -or ($_.Subscription.Name -in $Subscription)) ) { $_; Write-Verbose "[Context] -- Using subscription: $($_.Subscription.Name)"; } }) Write-Verbose "[Context] -- Using [$($filteredContext.Length)/$($context.Length)] subscription contexts"; return $filteredContext; } } function GetAzureContext { [CmdletBinding()] [OutputType([Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer[]])] param ( [Parameter(Mandatory = $False)] [System.Boolean]$ListAvailable = $False ) process { $getParams = @{ }; if ($ListAvailable) { $getParams['ListAvailable'] = $True; } # Get contexts return Get-AzContext @getParams; } } function GetAzureResource { [CmdletBinding()] [OutputType([PSObject])] param ( [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context, [Parameter(Mandatory = $False)] [Hashtable]$Tag, [Parameter(Mandatory = $False)] [String[]]$ResourceGroupName = $Null ) begin { $watch = New-Object -TypeName System.Diagnostics.Stopwatch; } process { $resourceParams = @{ }; $rgParams = @{ }; if ($PSBoundParameters.ContainsKey('Tag')) { $resourceParams['Tag'] = $Tag; $rgParams['Tag'] = $Tag; } try { Write-Verbose -Message "[Export] -- Getting Azure resources"; $watch.Restart(); if ($PSBoundParameters.ContainsKey('ResourceGroupName')) { foreach ($rg in $ResourceGroupName) { Write-Verbose -Message "[Export] -- Getting Azure resources for Resource Group: $rg"; Get-AzResource @resourceParams -ResourceGroupName $rg -ExpandProperties -ODataQuery "SubscriptionId EQ '$($Context.DefaultContext.Subscription.Id)'" -DefaultProfile $Context ` | ExpandResource -Context $Context -Verbose:$VerbosePreference; Get-AzResourceGroup @rgParams -Name $rg -DefaultProfile $Context | SetResourceType 'Microsoft.Resources/resourceGroups' | ExpandResource -Context $Context -Verbose:$VerbosePreference; } } else { Get-AzResource @resourceParams -ExpandProperties -DefaultProfile $Context | ExpandResource -Context $Context -Verbose:$VerbosePreference; Get-AzResourceGroup @rgParams -DefaultProfile $Context | SetResourceType 'Microsoft.Resources/resourceGroups' | ExpandResource -Context $Context -Verbose:$VerbosePreference; } Write-Verbose -Message "[Export] -- Azure resources exported in [$($watch.ElapsedMilliseconds) ms]"; $watch.Restart(); Write-Verbose -Message "[Export] -- Getting Azure subscription: $($Context.DefaultContext.Subscription.Id)"; Get-AzSubscription -SubscriptionId $Context.DefaultContext.Subscription.Id | SetResourceType 'Microsoft.Subscription' | ExpandResource -Context $Context -Verbose:$VerbosePreference; Write-Verbose -Message "[Export] -- Azure subscription exported in [$($watch.ElapsedMilliseconds) ms]"; } finally { $watch.Stop(); } } } function FilterAzureResource { [CmdletBinding()] [OutputType([PSObject])] param ( [Parameter(Mandatory = $False)] [String[]]$ResourceGroupName = $Null, [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$InputObject ) process { if (($Null -eq $ResourceGroupName) -or ($InputObject.ResourceType -eq 'Microsoft.Subscription') -or (@($InputObject.PSObject.Properties | Where-Object { $_.Name -eq 'ResourceGroupName' }).Length -eq 0)) { return $InputObject; } elseif ($InputObject.ResourceGroupName -in $ResourceGroupName) { return $InputObject; } } } function ExportAzureResource { [CmdletBinding(SupportsShouldProcess = $True)] [OutputType([System.IO.FileInfo])] [OutputType([PSObject])] param ( [Parameter(Mandatory = $True)] [String]$Path, [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$InputObject, [Parameter(Mandatory = $False)] [System.Boolean]$PassThru = $False ) begin { $resources = @(); } process { if ($PassThru) { $InputObject; } else { # Collect passed through resources $resources += $InputObject; } } end { $watch = New-Object -TypeName System.Diagnostics.Stopwatch; Write-Verbose -Message "[Export] -- Exporting to JSON"; $watch.Restart(); if (!$PassThru) { # Save to JSON ConvertTo-Json -InputObject $resources -Depth 100 | Set-Content -Path $Path; Get-Item -Path $Path; } $watch.Stop(); Write-Verbose -Message "[Export] -- Exported to JSON in [$($watch.ElapsedMilliseconds) ms]"; } } function GetSubResource { [CmdletBinding()] param ( [Parameter(Mandatory = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context, [Parameter(Mandatory = $True)] [String]$ResourceType, [Parameter(Mandatory = $True)] [String]$ApiVersion ) process { $getParams = @{ Name = $Resource.Name ResourceType = $ResourceType ResourceGroupName = $Resource.ResourceGroupName DefaultProfile = $Context ApiVersion = $ApiVersion } try { Get-AzResource @getParams -ExpandProperties; } catch { Write-Warning -Message "Failed to read $($Resource.Name): $ResourceType"; } } } function GetResourceById { [CmdletBinding()] param ( [Parameter(Mandatory = $True)] [PSObject]$ResourceId, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context, [Parameter(Mandatory = $True)] [String]$ApiVersion ) process { $getParams = @{ ResourceId = $ResourceId DefaultProfile = $Context ApiVersion = $ApiVersion } try { Get-AzResource @getParams -ExpandProperties; } catch { Write-Warning -Message "Failed to read $ResourceId"; } } } function GetSubResourceId { [CmdletBinding()] param ( [Parameter(Mandatory = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context, [Parameter(Mandatory = $True)] [String]$Property, [Parameter(Mandatory = $True)] [String]$ApiVersion ) process { $getParams = @{ ResourceId = [String]::Concat($Resource.Id, '/', $Property) DefaultProfile = $Context ApiVersion = $ApiVersion } try { Get-AzResource @getParams -ExpandProperties; } catch { Write-Warning -Message "Failed to read $($Resource.Name): $Property"; } } } function GetRestProperty { [CmdletBinding()] param ( [Parameter(Mandatory = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context, [Parameter(Mandatory = $True)] [String]$Property, [Parameter(Mandatory = $True)] [String]$ApiVersion ) process { try { $token = GetRestToken -Context $Context; $getParams = @{ Uri = [String]::Concat('https://management.azure.com', $Resource.Id, '/', $Property, '?api-version=', $ApiVersion) Headers = @{ Authorization = "Bearer $($token)" } } Invoke-RestMethod -Method Get @getParams -UseBasicParsing -Verbose:$VerbosePreference; } catch { Write-Warning -Message "Failed to read $($Resource.Name): $Property"; } } } function GetRestToken { [CmdletBinding()] [OutputType([String])] param ( [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { return ($Context.DefaultContext.TokenCache.ReadItems() | Where-Object { $_.TenantId -eq $Context.DefaultContext.Tenant.Id -and $_.Resource -eq 'https://management.core.windows.net/' -and $_.Authority -eq "https://login.windows.net/$($Context.DefaultContext.Tenant.Id)/" }).AccessToken; } } function GetSubProvider { [CmdletBinding()] param ( [Parameter(Mandatory = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context, [Parameter(Mandatory = $True)] [String]$ResourceType, [Parameter(Mandatory = $True)] [String]$ApiVersion, [Parameter(Mandatory = $False)] [Switch]$ExpandProperties ) process { $getParams = @{ ResourceId = [String]::Concat($Resource.Id, '/providers/', $ResourceType) DefaultProfile = $Context ApiVersion = $ApiVersion } try { Get-AzResource @getParams -ExpandProperties:$ExpandProperties; } catch { Write-Warning -Message "Failed to read $($Resource.Name): $ResourceType"; } } } function VisitAPIManagement { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $apis += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ApiManagement/service/apis' -ApiVersion '2019-12-01'; foreach ($api in $apis) { $resources += $api; $apiParams = @{ Name = "$($Resource.Name)/$($api.Name)" ResourceType = 'Microsoft.ApiManagement/service/apis/policies' ResourceGroupName = $Resource.ResourceGroupName DefaultProfile = $Context ApiVersion = '2019-12-01' }; $resources += Get-AzResource @apiParams; } # Add zones in from REST API because they are not included from Get-AzResource $apiManagementServicePrimaryZones = ((Invoke-AzRestMethod -Path "$($Resource.ResourceId)?api-version=2020-12-01" -Method GET).Content | ConvertFrom-Json).zones; $Resource = $Resource | Add-Member -MemberType NoteProperty -Name zones -Value $apiManagementServicePrimaryZones -PassThru; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ApiManagement/service/backends' -ApiVersion '2019-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ApiManagement/service/products' -ApiVersion '2019-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ApiManagement/service/policies' -ApiVersion '2019-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ApiManagement/service/identityProviders' -ApiVersion '2019-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ApiManagement/service/diagnostics' -ApiVersion '2019-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ApiManagement/service/loggers' -ApiVersion '2019-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ApiManagement/service/certificates' -ApiVersion '2019-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ApiManagement/service/namedValues' -ApiVersion '2019-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ApiManagement/service/portalsettings' -ApiVersion '2019-12-01'; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitSqlServer { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $sqlServer = $resource; $resources = @(); # Get SQL Server firewall rules $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.Sql/servers/firewallRules' -ApiVersion '2015-05-01-preview'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.Sql/servers/administrators' -ApiVersion '2014-04-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.Sql/servers/securityAlertPolicies' -ApiVersion '2017-03-01-preview'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.Sql/servers/vulnerabilityAssessments' -ApiVersion '2018-06-01-preview'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.Sql/servers/auditingSettings' -ApiVersion '2017-03-01-preview'; $sqlServer | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitSqlDatabase { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $getParams = @{ ResourceGroupName = $Resource.ResourceGroupName DefaultProfile = $Context ErrorAction = 'SilentlyContinue' } $idParts = $Resource.ResourceId.Split('/'); $serverName = $idParts[-3]; $resourceName = "$serverName/$($Resource.Name)"; $resources += Get-AzResource @getParams -Name $resourceName -ResourceType 'Microsoft.Sql/servers/databases/dataMaskingPolicies' -ApiVersion '2014-04-01' -ExpandProperties $resources += Get-AzResource @getParams -Name $resourceName -ResourceType 'Microsoft.Sql/servers/databases/transparentDataEncryption' -ApiVersion '2014-04-01' -ExpandProperties; $resources += Get-AzResource @getParams -Name $resourceName -ResourceType 'Microsoft.Sql/servers/databases/connectionPolicies' -ApiVersion '2014-04-01' -ExpandProperties; $resources += Get-AzResource @getParams -Name $resourceName -ResourceType 'Microsoft.Sql/servers/databases/geoBackupPolicies' -ApiVersion '2014-04-01' -ExpandProperties; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitPostgreSqlServer { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $sqlServer = $resource; $resources = @(); # Get Postgre SQL Server firewall rules $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.DBforPostgreSQL/servers/firewallRules' -ApiVersion '2017-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.DBforPostgreSQL/servers/securityAlertPolicies' -ApiVersion '2017-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.DBforPostgreSQL/servers/configurations' -ApiVersion '2017-12-01'; $sqlServer | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitMySqlServer { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $sqlServer = $resource; $resources = @(); # Get MySQL Server firewall rules $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.DBforMySQL/servers/firewallRules' -ApiVersion '2017-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.DBforMySQL/servers/securityAlertPolicies' -ApiVersion '2017-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.DBforMySQL/servers/configurations' -ApiVersion '2017-12-01'; $sqlServer | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitSqlManagedInstance { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $sqlMI = $resource; $resources = @(); $resources += Get-AzResource -Name $resource.Name -ResourceType 'Microsoft.Sql/managedInstances/securityAlertPolicies' -ResourceGroupName $resource.ResourceGroupName -DefaultProfile $Context -ApiVersion '2017-03-01-preview' -ExpandProperties; $resources += Get-AzResource -Name $resource.Name -ResourceType 'Microsoft.Sql/managedInstances/vulnerabilityAssessments' -ResourceGroupName $resource.ResourceGroupName -DefaultProfile $Context -ApiVersion '2018-06-01-preview' -ExpandProperties; $resources += Get-AzResource -Name $resource.Name -ResourceType 'Microsoft.Sql/managedInstances/administrators' -ResourceGroupName $resource.ResourceGroupName -DefaultProfile $Context -ApiVersion '2017-03-01-preview' -ExpandProperties; $sqlMI | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitAutomationAccount { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $aa = $Resource $resources = @(); $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.Automation/AutomationAccounts/variables' -ApiVersion '2015-10-31'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.Automation/AutomationAccounts/webhooks' -ApiVersion '2015-10-31'; $diagnosticSettingsResourceParams = @{ Name = $Resource.Name ResourceType = 'Microsoft.Automation/automationAccounts/providers/microsoft.insights/diagnosticSettings' ResourceGroupName = $Resource.ResourceGroupName DefaultProfile = $Context ExpandProperties = $True ApiVersion = '2021-05-01-preview' } $resources += Get-AzResource @diagnosticSettingsResourceParams $aa | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } # function VisitDataFactoryV2 { # param ( # [Parameter(Mandatory = $True, ValueFromPipeline = $True)] # [PSObject]$Resource, # [Parameter(Mandatory = $True)] # [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context # ) # process { # $df = $resource; # $resources = @(); # # Get linked services # $resources += Get-AzDataFactoryV2LinkedService -DataFactoryName $resource.Name -ResourceGroupName $resource.ResourceGroupName -DefaultProfile $Context | ForEach-Object -Process { # $linkedService = $_; # $type = $linkedService.Properties.GetType().Name; # $linkedService.Properties.AdditionalProperties = $Null; # if ($Null -ne $linkedService.Properties.EncryptedCredential) { # $linkedService.Properties.EncryptedCredential = $Null; # } # $linkedService | Add-Member -MemberType NoteProperty -Name 'ResourceType' -Value 'linkedServices'; # $linkedService | Add-Member -MemberType NoteProperty -Name 'Type' -Value $type; # $linkedService; # }; # $df | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; # } # } function VisitCDNEndpoint { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $resources += GetSubResourceId @PSBoundParameters -Property 'customdomains' -ApiVersion '2019-04-15'; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitContainerRegistry { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ContainerRegistry/registries/replications' -ApiVersion '2019-12-01-preview'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ContainerRegistry/registries/webhooks' -ApiVersion '2019-12-01-preview'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ContainerRegistry/registries/tasks' -ApiVersion '2019-06-01-preview'; $resources += GetRestProperty @PSBoundParameters -Property 'listUsages' -ApiVersion '2019-05-01' | SetResourceType 'Microsoft.ContainerRegistry/registries/listUsages'; $resources += GetSubProvider @PSBoundParameters -ResourceType 'Microsoft.Security/assessments' -ApiVersion '2019-01-01-preview'; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitAKSCluster { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); # Only add VNET resource if AKS cluster is using Azure CNI network plugin # Supported network plugins: azure or kubenet # https://docs.microsoft.com/en-us/azure/templates/microsoft.containerservice/managedclusters?tabs=json#containerservicenetworkprofile-object if ($Resource.Properties.networkProfile.networkPlugin -eq 'azure') { $nodePools = @($Resource.Properties.agentPoolProfiles); foreach ($nodePool in $nodePools) { $vnetId = $nodePool.vnetSubnetID; $resources += GetResourceById -ResourceId $vnetId -ApiVersion '2020-05-01' -Context $Context; } } $resources += Get-AzResource -Name $Resource.Name -ResourceType 'Microsoft.ContainerService/managedClusters/providers/microsoft.insights/diagnosticSettings' -ResourceGroupName $Resource.ResourceGroupName -DefaultProfile $Context -ApiVersion '2017-05-01-preview' -ExpandProperties; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitPublicIP { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { # Get-AzResource does not return zones, even with latest API version # Had to fetch the zones using ARM REST API and insert them into the resource # Logged an issue with Az PowerShell: https://github.com/Azure/azure-powershell/issues/15905 $publicIp = ((Invoke-AzRestMethod -Path "$($Resource.ResourceId)?api-version=2021-02-01" -Method GET).Content | ConvertFrom-Json).PSObject.Properties['zones']; if ($Null -ne $publicIp) { $Resource | Add-Member -MemberType NoteProperty -Name zones -Value $publicIp.value -PassThru; } else { $Resource; } } } function VisitRedisCache { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { # Get-AzResource does not return zones, even with latest API version # Had to fetch the zones using ARM REST API and insert them into the resource # Logged an issue with Az PowerShell: https://github.com/Azure/azure-powershell/issues/15905 $redisCacheZones = ((Invoke-AzRestMethod -Path "$($Resource.ResourceId)?api-version=2021-06-01" -Method GET).Content | ConvertFrom-Json).PSObject.Properties['zones']; if ($Null -ne $redisCacheZones) { $Resource | Add-Member -MemberType NoteProperty -Name zones -Value $redisCacheZones.value -PassThru; } else { $Resource; } } } function VisitRedisEnterpriseCache { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { # Get-AzResource does not return zones, even with latest API version # Had to fetch the zones using ARM REST API and insert them into the resource # Logged an issue with Az PowerShell: https://github.com/Azure/azure-powershell/issues/15905 $redisEnterpriseCacheZones = ((Invoke-AzRestMethod -Path "$($Resource.ResourceId)?api-version=2021-08-01" -Method GET).Content | ConvertFrom-Json).PSObject.Properties['zones']; if ($Null -ne $redisEnterpriseCacheZones) { $Resource | Add-Member -MemberType NoteProperty -Name zones -Value $redisEnterpriseCacheZones.value -PassThru; } else { $Resource; } } } function VisitStorageAccount { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); if ($Resource.Kind -ne 'FileStorage') { $blobServices = @(GetSubResource @PSBoundParameters -ResourceType 'Microsoft.Storage/storageAccounts/blobServices' -ApiVersion '2019-04-01'); foreach ($blobService in $blobServices) { $resources += $blobService; $resources += Get-AzResource -Name "$($Resource.Name)/$($blobService.Name)" -ResourceType 'Microsoft.Storage/storageAccounts/blobServices/containers' -ResourceGroupName $Resource.ResourceGroupName -DefaultProfile $Context -ApiVersion '2019-04-01' -ExpandProperties; } } $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitStorageSyncService { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $resources += Get-AzStorageSyncServer -ParentResourceId $Resource.ResourceId -DefaultProfile $Context; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitWebApp { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $configResourceType = 'Microsoft.Web/sites/config'; # Handle slots if ($Resource.ResourceType -eq 'Microsoft.Web/sites/slots') { $configResourceType = 'Microsoft.Web/sites/slots/config'; } $resources += Get-AzResource -Name $Resource.Name -ResourceType $configResourceType -ResourceGroupName $Resource.ResourceGroupName -DefaultProfile $Context -ApiVersion '2018-11-01' -ExpandProperties; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitRecoveryServices { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $resources += Get-AzResource -Name $resource.Name -ResourceType 'Microsoft.RecoveryServices/vaults/replicationRecoveryPlans' -ResourceGroupName $resource.ResourceGroupName -DefaultProfile $Context -ApiVersion '2018-07-10' -ExpandProperties; $resources += Get-AzResource -Name $resource.Name -ResourceType 'Microsoft.RecoveryServices/vaults/replicationAlertSettings' -ResourceGroupName $resource.ResourceGroupName -DefaultProfile $Context -ApiVersion '2018-07-10' -ExpandProperties; $resources += Get-AzResource -Name $resource.Name -ResourceType 'Microsoft.RecoveryServices/vaults/backupstorageconfig/vaultstorageconfig' -ResourceGroupName $resource.ResourceGroupName -DefaultProfile $Context -ApiVersion '2018-07-10' -ExpandProperties; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitVirtualMachine { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $networkInterfaceId = $Resource.Properties.networkProfile.networkInterfaces.id; foreach ($id in $networkInterfaceId) { $resources += Get-AzResource -ResourceId $id -ExpandProperties -DefaultProfile $Context; } $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitKeyVault { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $resources += Get-AzResource -Name $resource.Name -ResourceType 'Microsoft.KeyVault/vaults/providers/microsoft.insights/diagnosticSettings' -ResourceGroupName $resource.ResourceGroupName -DefaultProfile $Context -ApiVersion '2017-05-01-preview' -ExpandProperties; $resources += GetResourceById -ResourceId "$($Resource.Id)/keys" -Context $Context -ApiVersion '2021-11-01-preview'; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitFrontDoor { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { # Patch Front Door properties not fully returned from the default API version $Resource = Get-AzResource -Name $resource.Name -ResourceGroupName $resource.ResourceGroupName -DefaultProfile $Context -ResourceType 'Microsoft.Network/frontdoors' -ExpandProperties -ApiVersion '2018-08-01'; $resources = @(); $resources += Get-AzResource -Name $resource.Name -ResourceType 'Microsoft.Network/frontdoors/providers/microsoft.insights/diagnosticSettings' -ResourceGroupName $resource.ResourceGroupName -DefaultProfile $Context -ApiVersion '2017-05-01-preview' -ExpandProperties; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitFrontDoorWAFPolicy { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { # Patch Front Door WAF policy properties not fully returned from the default API version $Resource = Get-AzResource -Name $resource.Name -ResourceGroupName $resource.ResourceGroupName -DefaultProfile $Context -ResourceType 'Microsoft.Network/FrontDoorWebApplicationFirewallPolicies' -ExpandProperties -ApiVersion '2019-10-01'; $Resource; } } function VisitNetworkConnection { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { # Patch connections if (@($Resource.Properties.PSObject.Properties.Match('sharedKey')).Length -gt 0) { $Resource.Properties.sharedKey = "*** MASKED ***"; } $Resource; } } function VisitSubscription { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $resources += Get-AzRoleAssignment -DefaultProfile $Context -IncludeClassicAdministrators | SetResourceType 'Microsoft.Authorization/roleAssignments'; $resources += Get-AzResource -DefaultProfile $Context -ApiVersion '2017-08-01-preview' -ResourceId "/subscriptions/$($Resource.Id)/providers/Microsoft.Security/autoProvisioningSettings"; $resources += Get-AzResource -DefaultProfile $Context -ApiVersion '2017-08-01-preview' -ResourceId "/subscriptions/$($Resource.Id)/providers/Microsoft.Security/securityContacts"; $resources += Get-AzResource -DefaultProfile $Context -ApiVersion '2018-06-01' -ResourceId "/subscriptions/$($Resource.Id)/providers/Microsoft.Security/pricings"; $resources += Get-AzResource -DefaultProfile $Context -ApiVersion '2019-06-01' -ResourceId "/subscriptions/$($Resource.Id)/providers/Microsoft.Authorization/policyAssignments"; $resources += Get-AzResource -DefaultProfile $Context -ResourceType 'microsoft.insights/activityLogAlerts' -ExpandProperties; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; Get-AzPolicyDefinition -Custom -DefaultProfile $Context; Get-AzPolicySetDefinition -Custom -DefaultProfile $Context; } } function VisitResourceGroup { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $resources += Get-AzRoleAssignment -DefaultProfile $Context -Scope $Resource.ResourceId ` | Where-Object { $_.Scope.StartsWith($Resource.ResourceId) } ` | SetResourceType 'Microsoft.Authorization/roleAssignments'; $resources += Get-AzResourceLock -DefaultProfile $Context -ResourceGroupName $Resource.ResourceGroupName | SetResourceType 'Microsoft.Authorization/locks'; $Resource ` | Add-Member -MemberType NoteProperty -Name Name -Value $Resource.ResourceGroupName -PassThru ` | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitDataExplorerCluster { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $getParams = @{ ResourceGroupName = $Resource.ResourceGroupName DefaultProfile = $Context ErrorAction = 'SilentlyContinue' } $resources += Get-AzResource @getParams -Name $Resource.Name -ResourceType 'Microsoft.Kusto/clusters/databases' -ApiVersion '2021-08-27' -ExpandProperties; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitEventHubNamespaces { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $getParams = @{ ResourceGroupName = $Resource.ResourceGroupName DefaultProfile = $Context ErrorAction = 'SilentlyContinue' } $resources += Get-AzResource @getParams -Name $Resource.Name -ResourceType 'Microsoft.EventHub/namespaces/eventhubs' -ApiVersion '2021-11-01' -ExpandProperties; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitServiceBusNamespaces { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $getParams = @{ ResourceGroupName = $Resource.ResourceGroupName DefaultProfile = $Context ErrorAction = 'SilentlyContinue' } $resources += Get-AzResource @getParams -Name $Resource.Name -ResourceType 'Microsoft.ServiceBus/namespaces/queues' -ApiVersion '2021-06-01-preview' -ExpandProperties; $resources += Get-AzResource @getParams -Name $Resource.Name -ResourceType 'Microsoft.ServiceBus/namespaces/topics' -ApiVersion '2021-06-01-preview' -ExpandProperties; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function ExpandPolicyAssignment { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Assignment, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $policyDefinitionId = $Assignment.Properties.PolicyDefinitionId; Write-Verbose -Message "[Export] -- Expanding: $policyDefinitionId"; $policyDefinitions = [System.Collections.Generic.List[PSObject]]@(); if ($policyDefinitionId -like '*/providers/Microsoft.Authorization/policyDefinitions/*') { $definition = Get-AzPolicyDefinition -Id $policyDefinitionId -DefaultProfile $Context; $policyDefinitions.Add($definition); } elseif ($policyDefinitionId -like '*/providers/Microsoft.Authorization/policySetDefinitions/*') { $policySetDefinition = Get-AzPolicySetDefinition -Id $policyDefinitionId -DefaultProfile $Context; foreach ($definition in $policySetDefinition.Properties.PolicyDefinitions) { $definitionId = $definition.policyDefinitionId; Write-Verbose -Message "[Export] -- Expanding: $definitionId"; $definition = Get-AzPolicyDefinition -Id $definitionId -DefaultProfile $Context; $policyDefinitions.Add($definition); } } $Assignment | Add-Member -MemberType NoteProperty -Name PolicyDefinitions -Value $policyDefinitions -PassThru; } } # Add additional information to resources with child resources function ExpandResource { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resourceId = ''; if ($Resource.ResourceType -eq 'Microsoft.Subscription') { $resourceId = $Resource.Id; } else { $resourceId = $Resource.ResourceId; } Write-Verbose -Message "[Export] -- Expanding: $($resourceId)"; switch ($Resource.ResourceType) { 'Microsoft.ApiManagement/service' { VisitAPIManagement @PSBoundParameters; } 'Microsoft.Automation/automationAccounts' { VisitAutomationAccount @PSBoundParameters; } 'Microsoft.Cdn/profiles/endpoints' { VisitCDNEndpoint @PSBoundParameters; } 'Microsoft.ContainerRegistry/registries' { VisitContainerRegistry @PSBoundParameters; } 'Microsoft.ContainerService/managedClusters' { VisitAKSCluster @PSBoundParameters; } 'Microsoft.Sql/servers' { VisitSqlServer @PSBoundParameters; } 'Microsoft.Sql/servers/databases' { VisitSqlDatabase @PSBoundParameters; } 'Microsoft.DBforPostgreSQL/servers' { VisitPostgreSqlServer @PSBoundParameters; } 'Microsoft.DBforMySQL/servers' { VisitMySqlServer @PSBoundParameters; } # 'Microsoft.Sql/managedInstances' { VisitSqlManagedInstance @PSBoundParameters; } # 'Microsoft.DataFactory/factories' { VisitDataFactoryV2 @PSBoundParameters; } 'Microsoft.Storage/storageAccounts' { VisitStorageAccount @PSBoundParameters; } # "Microsoft.StorageSync/storageSyncServices" { VisitStorageSyncService @PSBoundParameters; } 'Microsoft.Web/sites' { VisitWebApp @PSBoundParameters; } 'Microsoft.Web/sites/slots' { VisitWebApp @PSBoundParameters; } 'Microsoft.RecoveryServices/vaults' { VisitRecoveryServices @PSBoundParameters; } 'Microsoft.Compute/virtualMachines' { VisitVirtualMachine @PSBoundParameters; } 'Microsoft.KeyVault/vaults' { VisitKeyVault @PSBoundParameters; } 'Microsoft.Network/frontDoors' { VisitFrontDoor @PSBoundParameters; } 'Microsoft.Network/FrontDoorWebApplicationFirewallPolicies' { VisitFrontDoorWAFPolicy @PSBoundParameters; } 'Microsoft.Network/connections' { VisitNetworkConnection @PSBoundParameters; } 'Microsoft.Subscription' { VisitSubscription @PSBoundParameters; } 'Microsoft.Resources/resourceGroups' { VisitResourceGroup @PSBoundParameters; } 'Microsoft.Network/publicIPAddresses' { VisitPublicIP @PSBoundParameters; } 'Microsoft.Cache/Redis' { VisitRedisCache @PSBoundParameters; } 'Microsoft.Cache/redisEnterprise' { VisitRedisEnterpriseCache @PSBoundParameters; } 'Microsoft.Kusto/Clusters' { VisitDataExplorerCluster @PSBoundParameters; } 'Microsoft.EventHub/namespaces' { VisitEventHubNamespaces @PSBoundParameters; } 'Microsoft.ServiceBus/namespaces' { VisitServiceBusNamespaces @PSBoundParameters; } default { $Resource; } } } } function SetResourceType { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True, Position = 0)] [String]$ResourceType ) process { if ($ResourceType -eq 'Microsoft.Resources/resourceGroups') { $Resource = $Resource | Add-Member -MemberType NoteProperty -Name Id -Value $Resource.ResourceId -PassThru -Force; } $Resource | Add-Member -MemberType NoteProperty -Name ResourceType -Value $ResourceType -PassThru -Force; } } # # Export module # New-Alias -Name 'Export-AzTemplateRuleData' -Value 'Export-AzRuleTemplateData' -Force; Export-ModuleMember -Function @( 'Export-AzRuleData' 'Export-AzRuleTemplateData' 'Get-AzRuleTemplateLink' 'Export-AzPolicyAssignmentData' 'Export-AzPolicyAssignmentRuleData' 'Get-AzPolicyAssignmentDataSource' ); Export-ModuleMember -Alias @( 'Export-AzTemplateRuleData' ); # SIG # Begin signature block # MIInrwYJKoZIhvcNAQcCoIInoDCCJ5wCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCBSseRHSJie2DOK # iylmu4rod8KEI4q623YU9kxN3+8GMKCCDXYwggX0MIID3KADAgECAhMzAAACURR2 # zMWFg24LAAAAAAJRMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjEwOTAyMTgzMjU5WhcNMjIwOTAxMTgzMjU5WjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQDBIpXR3b1IYAMunV9ZYBVYsaA7S64mqacKy/OJUf0Lr/LW/tWlJDzJH9nFAhs0 # zzSdQQcLhShOSTUxtlwZD9dnfIcx4pZgu0VHkqQw2dVc8Ob21GBo5sVrXgEAQxZo # rlEuAl20KpSIFLUBwoZFGFSQNSMcqPudXOw+Mhvn6rXYv/pjXIjgBntn6p1f+0+C # 2NXuFrIwjJIJd0erGefwMg//VqUTcRaj6SiCXSY6kjO1J9P8oaRQBHIOFEfLlXQ3 # a1ATlM7evCUvg3iBprpL+j1JMAUVv+87NRApprPyV75U/FKLlO2ioDbb69e3S725 # XQLW+/nJM4ihVQ0BHadh74/lAgMBAAGjggFzMIIBbzAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQUMLgM7NX5EnpPfK5uU6FPvn2g/Ekw # RQYDVR0RBD4wPKQ6MDgxHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEW # MBQGA1UEBRMNMjMwMDEyKzQ2NzU5NjAfBgNVHSMEGDAWgBRIbmTlUAXTgqoXNzci # tW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3JsMGEG # CCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQu # Y29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3J0 # MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAIVJlff+Fp0ylEJhmvap # NVv1bYLSWf58OqRRIDnXbHQ+FobsOwL83/ncPC3xl8ySR5uK/af4ZDy7DcDw0yEd # mKbRLzHIfcztZVSrlsg0GKwZuaB2MEI1VizNCoZlN+HlFZa4DNm3J0LhTWrZjVR0 # M6V57cFW0GsV4NlqmtelT9JFEae7PomwgAV9xOScz8HzvbZeERcoSRp9eRsQwOw7 # 8XeCLeglqjUnz9gFM7RliCYP58Fgphtkht9LNEcErLOVW17m6/Dj75zg/IS+//6G # FEK2oXnw5EIIWZraFHqSaee+NMgOw/R6bwB8qLv5ClOJEpGKA3XPJvS9YgOpF920 # Vu4Afqa5Rv5UJKrsxA7HOiuH4TwpkP3XQ801YLMp4LavXnvqNkX5lhFcITvb01GQ # lcC5h+XfCv0L4hUum/QrFLavQXJ/vtirCnte5Bediqmjx3lswaTRbr/j+KX833A1 # l9NIJmdGFcVLXp1en3IWG/fjLIuP7BqPPaN7A1tzhWxL+xx9yw5vQiT1Yn14YGmw # OzBYYLX0H9dKRLWMxMXGvo0PWEuXzYyrdDQExPf66Fq/EiRpZv2EYl2gbl9fxc3s # qoIkyNlL1BCrvmzunkwt4cwvqWremUtqTJ2B53MbBHlf4RfvKz9NVuh5KHdr82AS # MMjU4C8KNTqzgisqQdCy8unTMIIHejCCBWKgAwIBAgIKYQ6Q0gAAAAAAAzANBgkq # hkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x # EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv # bjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5 # IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEwOTA5WjB+MQswCQYDVQQG # EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG # A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYDVQQDEx9NaWNyb3NvZnQg # Q29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC # CgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+laUKq4BjgaBEm6f8MMHt03 # a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc6Whe0t+bU7IKLMOv2akr # rnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4Ddato88tt8zpcoRb0Rrrg # OGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+lD3v++MrWhAfTVYoonpy # 4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nkkDstrjNYxbc+/jLTswM9 # sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6A4aN91/w0FK/jJSHvMAh # dCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmdX4jiJV3TIUs+UsS1Vz8k # A/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL5zmhD+kjSbwYuER8ReTB # w3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zdsGbiwZeBe+3W7UvnSSmn # Eyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3T8HhhUSJxAlMxdSlQy90 # lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS4NaIjAsCAwEAAaOCAe0w # ggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRIbmTlUAXTgqoXNzcitW2o # ynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYD # VR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBDuRQFTuHqp8cx0SOJNDBa # BgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2Ny # bC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3JsMF4GCCsG # AQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29t # L3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3J0MIGfBgNV # HSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEFBQcCARYzaHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1hcnljcHMuaHRtMEAGCCsG # AQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkAYwB5AF8AcwB0AGEAdABl # AG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn8oalmOBUeRou09h0ZyKb # C5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7v0epo/Np22O/IjWll11l # hJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0bpdS1HXeUOeLpZMlEPXh6 # I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/KmtYSWMfCWluWpiW5IP0 # wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvyCInWH8MyGOLwxS3OW560 # STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBpmLJZiWhub6e3dMNABQam # ASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJihsMdYzaXht/a8/jyFqGa # J+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYbBL7fQccOKO7eZS/sl/ah # XJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbSoqKfenoi+kiVH6v7RyOA # 9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sLgOppO6/8MO0ETI7f33Vt # Y5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtXcVZOSEXAQsmbdlsKgEhr # /Xmfwb1tbWrJUnMTDXpQzTGCGY8wghmLAgEBMIGVMH4xCzAJBgNVBAYTAlVTMRMw # EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN # aWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNp # Z25pbmcgUENBIDIwMTECEzMAAAJRFHbMxYWDbgsAAAAAAlEwDQYJYIZIAWUDBAIB # BQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEO # MAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIFP4PKIfUgzKwhX4lQ6NVRVT # BbrWFp3bzjuI7Q0/PGKtMEIGCisGAQQBgjcCAQwxNDAyoBSAEgBNAGkAYwByAG8A # cwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20wDQYJKoZIhvcNAQEB # BQAEggEAYAY8BGWM2Fe/IJ2SVQMMh/y2ZGCJg6J5hvdCxTsm3jmW+s+HmdNuFVRm # OLvDgT7oit39HAtDau2AWZvgXvhPfa7JoH3BSx31t/QhjkNk0oYyjm4DCza4/8si # VOcFJUd6fH3t1LpbHKX3Eit2PhHaAF/swmP/5kudCBYmYoDcWYENKByANc3JV6KI # F7VW3CeR5fFIYzwO5v3XB0zqjimKrSMnF4OK3lGjgUF3Ys7cuq/iOs3xw8FHx3Zx # IswVvfYX/BiynAtvBf0nKQZ//2yDuNUPAS+KWCWOt8RSF6BTj1aTtmbsB+rHG2e2 # T7yX/s4CSZh2z5xfeDdgE898ZzqRkqGCFxkwghcVBgorBgEEAYI3AwMBMYIXBTCC # FwEGCSqGSIb3DQEHAqCCFvIwghbuAgEDMQ8wDQYJYIZIAWUDBAIBBQAwggFZBgsq # hkiG9w0BCRABBKCCAUgEggFEMIIBQAIBAQYKKwYBBAGEWQoDATAxMA0GCWCGSAFl # AwQCAQUABCBVUDaiWk5GOVjeBhJZbuA9Ol+J8b6GtGGvD6226QGiGQIGYmxIJ0Zs # GBMyMDIyMDUxMjEwMjUwMS45MjhaMASAAgH0oIHYpIHVMIHSMQswCQYDVQQGEwJV # UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE # ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMS0wKwYDVQQLEyRNaWNyb3NvZnQgSXJl # bGFuZCBPcGVyYXRpb25zIExpbWl0ZWQxJjAkBgNVBAsTHVRoYWxlcyBUU1MgRVNO # OjhENDEtNEJGNy1CM0I3MSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBT # ZXJ2aWNloIIRaDCCBxQwggT8oAMCAQICEzMAAAGILs3GgUHhvCoAAQAAAYgwDQYJ # KoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x # EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv # bjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAwHhcNMjEx # MDI4MTkyNzQwWhcNMjMwMTI2MTkyNzQwWjCB0jELMAkGA1UEBhMCVVMxEzARBgNV # BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv # c29mdCBDb3Jwb3JhdGlvbjEtMCsGA1UECxMkTWljcm9zb2Z0IElyZWxhbmQgT3Bl # cmF0aW9ucyBMaW1pdGVkMSYwJAYDVQQLEx1UaGFsZXMgVFNTIEVTTjo4RDQxLTRC # RjctQjNCNzElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAgU2VydmljZTCC # AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJrnEAgEJpHFx8g61eEvPFXi # YNlxqjSnFqbK2qUShVnIYYy7H/zPVzfW4M5yzePAVzwLTpcKHnQdpDeG2XTz9ynU # TW2KtbTRVIfFJ5owgq/goy5a4oB3JktEfq7DdoATF5SxGYdlvwjrg/VTi7G9j9ow # 6eN91eK1AAFFvNjO64PNXdznHLTvtV1tYdxLW0LUukBJMOg2CLr31+wMPI1x2Z7D # LoD/GQNaLaa6UzVIf80Vguwicgc8pkCA0gnVoVXw+LIcXvkbOtWsX9u204OR/1f0 # pDXfYczOjav8tjowyqy7bjfYUud+evboUzUHgIQFQ33h6RM5TL7Vzsl+jE5nt45x # 3Rz4+hi0/QDESKwH/eoT2DojxAbx7a4OjKYiN/pejZW0jrNevxU3pY09frHbFhrR # U2b3mvaQKldWge/eWg5JmerEZuY7XZ1Ws36Fqx3d7w3od+VldPL1uE5TnxHFdvim # 2oqz8WhZCePrZbCfjH7FTok6/2Zw4GjGh5886IHpSNwKHw1PSE2zJE7U8ayz8oE2 # 0XbW6ba5y8wZ9o80eEyX5EKPoc1rmjLuTrTGYildiOTDtJtZirlAIKKvuONi8PAk # Lo/RAthfJ02yW9jXFA4Pu+HYCYrPz/AWvzq5cVvk64HOkzxsQjrU+9/VKnrJb1g+ # qzUOlBDvX+71g5IXdr7bAgMBAAGjggE2MIIBMjAdBgNVHQ4EFgQUZHm1UMSju867 # vfqNuxoz5YzJSkowHwYDVR0jBBgwFoAUn6cVXQBeYl2D9OXSZacbUzUZ6XIwXwYD # VR0fBFgwVjBUoFKgUIZOaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9j # cmwvTWljcm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBDQSUyMDIwMTAoMSkuY3JsMGwG # CCsGAQUFBwEBBGAwXjBcBggrBgEFBQcwAoZQaHR0cDovL3d3dy5taWNyb3NvZnQu # Y29tL3BraW9wcy9jZXJ0cy9NaWNyb3NvZnQlMjBUaW1lLVN0YW1wJTIwUENBJTIw # MjAxMCgxKS5jcnQwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDCDAN # BgkqhkiG9w0BAQsFAAOCAgEAQBBa2/tYCCbL/xii0ts2r5tnpNe+5pOMrugbkulY # iLi9HttGDdnXV3olIRHYZNxUbaPxg/d5OUiMjSel/qfLkDDsSNt2DknchMyycIe/ # n7btCH/Mt8egCdEtXddjme37GKpYx1HnHJ3kvQ1qoqR5PLjPJtmWwYUZ1DfDOIqo # OK6CRpmSmfRXPGe2RyYDPe4u3yMgPYSR9Ne89uVqwyZcWqQ+XZjMjcs83wFamgcn # pgqAZ+FZEQhjSEsdMUZXG/d1uhDYSRdTQYzJd3ClRB1uHfGNDWYaXVw7Xi5PR4Gy # cngiNnzfRgawktQdWpPtfeDxomSi/PoLSuzaKwKADELxZGIKx61gmH41ej6Lgtzf # gOsDga3JFTh0/T1CAyuQAwh+Ga2kInXkvSw/4pihzNyOImsz5KHB3BRwfcqOXfZT # CWfqZwAFoJUEIzFoVKpxP5ZQPhKo2ztJQMZZlLVYqFVLMIU96Sug4xUVzPy1McE7 # bbn89cwYxC5ESGfLgstWJDMXwRcBKLP0BSJQ2hUr1J+CIlmQN1S3wBI8udYicCto # 0iB8PtW4wiPhQR3Ak0R9qT9/oeQ5UOQGf3b3HzawEz9cMM9uSK/CoCjmx0QiGB+F # SNla5jm6EhxRu/SWx3ZD1Uo3y8U7k7KIeRc6FNbebqxtK8LpaGWRWcU5K8X8k5Ib # 5owwggdxMIIFWaADAgECAhMzAAAAFcXna54Cm0mZAAAAAAAVMA0GCSqGSIb3DQEB # CwUAMIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE # BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTIwMAYD # VQQDEylNaWNyb3NvZnQgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxMDAe # Fw0yMTA5MzAxODIyMjVaFw0zMDA5MzAxODMyMjVaMHwxCzAJBgNVBAYTAlVTMRMw # EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN # aWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0 # YW1wIFBDQSAyMDEwMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5OGm # TOe0ciELeaLL1yR5vQ7VgtP97pwHB9KpbE51yMo1V/YBf2xK4OK9uT4XYDP/XE/H # ZveVU3Fa4n5KWv64NmeFRiMMtY0Tz3cywBAY6GB9alKDRLemjkZrBxTzxXb1hlDc # wUTIcVxRMTegCjhuje3XD9gmU3w5YQJ6xKr9cmmvHaus9ja+NSZk2pg7uhp7M62A # W36MEBydUv626GIl3GoPz130/o5Tz9bshVZN7928jaTjkY+yOSxRnOlwaQ3KNi1w # jjHINSi947SHJMPgyY9+tVSP3PoFVZhtaDuaRr3tpK56KTesy+uDRedGbsoy1cCG # MFxPLOJiss254o2I5JasAUq7vnGpF1tnYN74kpEeHT39IM9zfUGaRnXNxF803RKJ # 1v2lIH1+/NmeRd+2ci/bfV+AutuqfjbsNkz2K26oElHovwUDo9Fzpk03dJQcNIIP # 8BDyt0cY7afomXw/TNuvXsLz1dhzPUNOwTM5TI4CvEJoLhDqhFFG4tG9ahhaYQFz # ymeiXtcodgLiMxhy16cg8ML6EgrXY28MyTZki1ugpoMhXV8wdJGUlNi5UPkLiWHz # NgY1GIRH29wb0f2y1BzFa/ZcUlFdEtsluq9QBXpsxREdcu+N+VLEhReTwDwV2xo3 # xwgVGD94q0W29R6HXtqPnhZyacaue7e3PmriLq0CAwEAAaOCAd0wggHZMBIGCSsG # AQQBgjcVAQQFAgMBAAEwIwYJKwYBBAGCNxUCBBYEFCqnUv5kxJq+gpE8RjUpzxD/ # LwTuMB0GA1UdDgQWBBSfpxVdAF5iXYP05dJlpxtTNRnpcjBcBgNVHSAEVTBTMFEG # DCsGAQQBgjdMg30BATBBMD8GCCsGAQUFBwIBFjNodHRwOi8vd3d3Lm1pY3Jvc29m # dC5jb20vcGtpb3BzL0RvY3MvUmVwb3NpdG9yeS5odG0wEwYDVR0lBAwwCgYIKwYB # BQUHAwgwGQYJKwYBBAGCNxQCBAweCgBTAHUAYgBDAEEwCwYDVR0PBAQDAgGGMA8G # A1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU1fZWy4/oolxiaNE9lJBb186aGMQw # VgYDVR0fBE8wTTBLoEmgR4ZFaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9j # cmwvcHJvZHVjdHMvTWljUm9vQ2VyQXV0XzIwMTAtMDYtMjMuY3JsMFoGCCsGAQUF # BwEBBE4wTDBKBggrBgEFBQcwAoY+aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3Br # aS9jZXJ0cy9NaWNSb29DZXJBdXRfMjAxMC0wNi0yMy5jcnQwDQYJKoZIhvcNAQEL # BQADggIBAJ1VffwqreEsH2cBMSRb4Z5yS/ypb+pcFLY+TkdkeLEGk5c9MTO1OdfC # cTY/2mRsfNB1OW27DzHkwo/7bNGhlBgi7ulmZzpTTd2YurYeeNg2LpypglYAA7AF # vonoaeC6Ce5732pvvinLbtg/SHUB2RjebYIM9W0jVOR4U3UkV7ndn/OOPcbzaN9l # 9qRWqveVtihVJ9AkvUCgvxm2EhIRXT0n4ECWOKz3+SmJw7wXsFSFQrP8DJ6LGYnn # 8AtqgcKBGUIZUnWKNsIdw2FzLixre24/LAl4FOmRsqlb30mjdAy87JGA0j3mSj5m # O0+7hvoyGtmW9I/2kQH2zsZ0/fZMcm8Qq3UwxTSwethQ/gpY3UA8x1RtnWN0SCyx # TkctwRQEcb9k+SS+c23Kjgm9swFXSVRk2XPXfx5bRAGOWhmRaw2fpCjcZxkoJLo4 # S5pu+yFUa2pFEUep8beuyOiJXk+d0tBMdrVXVAmxaQFEfnyhYWxz/gq77EFmPWn9 # y8FBSX5+k77L+DvktxW/tM4+pTFRhLy/AsGConsXHRWJjXD+57XQKBqJC4822rpM # +Zv/Cuk0+CQ1ZyvgDbjmjJnW4SLq8CdCPSWU5nR0W2rRnj7tfqAxM328y+l7vzhw # RNGQ8cirOoo6CGJ/2XBjU02N7oJtpQUQwXEGahC0HVUzWLOhcGbyoYIC1zCCAkAC # AQEwggEAoYHYpIHVMIHSMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3Rv # bjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0 # aW9uMS0wKwYDVQQLEyRNaWNyb3NvZnQgSXJlbGFuZCBPcGVyYXRpb25zIExpbWl0 # ZWQxJjAkBgNVBAsTHVRoYWxlcyBUU1MgRVNOOjhENDEtNEJGNy1CM0I3MSUwIwYD # VQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNloiMKAQEwBwYFKw4DAhoD # FQDhPIrMfCAXlT0sHg/NOZeUHXoOQqCBgzCBgKR+MHwxCzAJBgNVBAYTAlVTMRMw # EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN # aWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0 # YW1wIFBDQSAyMDEwMA0GCSqGSIb3DQEBBQUAAgUA5idA0zAiGA8yMDIyMDUxMjE2 # MTYxOVoYDzIwMjIwNTEzMTYxNjE5WjB3MD0GCisGAQQBhFkKBAExLzAtMAoCBQDm # J0DTAgEAMAoCAQACAg1SAgH/MAcCAQACAhGKMAoCBQDmKJJTAgEAMDYGCisGAQQB # hFkKBAIxKDAmMAwGCisGAQQBhFkKAwKgCjAIAgEAAgMHoSChCjAIAgEAAgMBhqAw # DQYJKoZIhvcNAQEFBQADgYEAfJ4/TCiic092G9YBtEpYgd07HkqviMgofcloDLb+ # j/ivttXsxuvDyEmvL/1Yp2Q4Hum5NOAWFiY4eIt2c45M0s7vtU/lcfUdJ4QfmaIw # jVhBHpeGq7/58EXg/nQU9Fl95sQrjqBZ37dcoNlxYkpoLZghOdxkIzjxHrzoZM3m # syQxggQNMIIECQIBATCBkzB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGlu # Z3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBv # cmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMAIT # MwAAAYguzcaBQeG8KgABAAABiDANBglghkgBZQMEAgEFAKCCAUowGgYJKoZIhvcN # AQkDMQ0GCyqGSIb3DQEJEAEEMC8GCSqGSIb3DQEJBDEiBCB1xs2PiNMuyqbVo1T2 # PjrcGd43p7m+R487Uael3sRJRzCB+gYLKoZIhvcNAQkQAi8xgeowgecwgeQwgb0E # IGbp3u2sBjdGhIL4z+ycjtzSpe4bLV/AoYaypl7SSUClMIGYMIGApH4wfDELMAkG # A1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQx # HjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9z # b2Z0IFRpbWUtU3RhbXAgUENBIDIwMTACEzMAAAGILs3GgUHhvCoAAQAAAYgwIgQg # OUee4ACMHwgDaOrIKMVOov54iINQqOLmPUpmq+78svkwDQYJKoZIhvcNAQELBQAE # ggIAN+wplXCDs2+Mro3biR6nG9utr70hLmY287if3Va6eF1r4PBoE9x0Jm1vTHiE # KWhiBlBht74MDRhS/WviKfouxdwwTEHCc85Tea1k6k0uuzI3aLkHpLkYXTMcaVZz # Bn3FBbhmkdP2RGzTAo+Bm/6DPOMNeN86VXExCY9I9UA2gbmySRwtJrE3EcdmkNbh # lqSSiU4Et5rjPPZ6Wl1RjKhmH5XzD0pVd5vAa8ixzFzCUv1YCdd9QwtBvtjV1TOV # MeLdS3xHyW+ajwRBeoVCK/DoIbGa95F/ClHpYdBsoyNv/LDx254BT/7jlM4HIkeT # kcw/aMUU7HYnrH0dcmLoV7ftt0Xf31zvI2iuLWv9V755O4aPztYsyszyWz0Uws9L # bjXg6o6jcLcDrFxq4uLWAeQYTYm2pOstCqPVV81dJVSnbJbNz/K+kUgfqQhCNIe0 # 7eKwKpfpa0fwBuFxa7gnNGTBaDJc0eu2mMd19LJ3QGCFcZ7xDgMhs6HUIaeKcMln # rFZghJZwcqOKyPvpg2d+lVdEvx0FydG9jl5f50qMV2hKq8w3sYf/UpPYa0L6rxK8 # q43hph6joqOHZ7DmYZ9lyKmAajuBZgE5QB2r7CRH2oCMmoDqJIi/WGc53lR2zYys # 3gQNCfMhZL0VLeztalmlu0IQy5Pzbe1abV8RAbgKwm1niuE= # SIG # End signature block |