search

JulianHayward / Azure-MG-Sub-Governance-Reporting

Azure Governance Visualizer aka AzGovViz is a PowerShell script that captures Azure Governance related information such as Azure Policy, RBAC (a lot more) by polling Azure ARM, Storage and Microsoft Graph APIs.
MIT License
817 stars 295 forks source link

Expand properties for collected resource information #149

Closed BernieWhite closed 1 year ago

BernieWhite commented 1 year ago

For PSRule for Azure to evaluate many rules properties must be able to be inspected for each resource. For example:

The property properties.sslEnforcement need to be inspected to determine if it set to Enabled.

---
# Synopsis: Enforce encrypted PostgreSQL connections.
apiVersion: github.com/microsoft/PSRule/v1
kind: Rule
metadata:
  name: Azure.PostgreSQL.UseSSL
  ref: AZR-000147
  tags:
    release: 'GA'
    ruleSet: '2020_06'
    Azure.WAF/pillar: 'Security'
  labels:
    Azure.ASB.v3/control: 'NS-2'
spec:
  type:
  - Microsoft.DBforPostgreSQL/servers
  condition:
    field: properties.sslEnforcement
    equals: Enabled

Currently the get API only retrieves the resource itself without the properties property.

https://github.com/JulianHayward/Azure-MG-Sub-Governance-Reporting/blob/74363de2e51343864fffc9ddab5792dfc9e863da/pwsh/AzGovVizParallel.ps1#L28264

Because we need to do this based the resource provider API version I propose we:

Thoughts?

Related to PSRule for Azure issues:

JulianHayward commented 1 year ago

AzGovViz / PSRule integration under review. Findings and decision on how to proceed will be posted soon. Closing for now.