Beta of ORCA Addition - Githubissues

soulemike commented 2 months ago

This introduces a script to build the ORCA dependencies into Maester and generate tests for each of their controls. It uses a similar idea to the EIDSCA tests. Less concerned with approval on this and more just discussion to see what we want to fix before merging.

Here is an initial example of testing this given the additions in this branch. The additions to the PSD1 should address the manual load process below.

Connect-Maester -Service ExchangeOnline,SecurityCompliance
cd .\Desktop\temp\
. ..\..\Documents\Git\maester\powershell\internal\orca\orcaClass.ps1
gci ..\..\Documents\Git\maester\powershell\internal\orca\*.ps1|%{. $_}
#$__MtSession = @{ ExoCache = @{}}
#function Get-MtExo {
.\orca\check-ORCA100.Tests.ps1

Known issues:

Get-MtExo requires additional command support. Shown below.
Get-ORCACollection is modified to use Get-MtExo to introduce caching, but it is still called in each test rather than just the necessary policy lookup.
- There are a couple EXO cmdlets that are not set to cache in Get-ORCACollection due to parameters.
Add-IsPresetValue uses Add-Member and due to calling Get-ORCACollection, this causes errors to be shown.
Add-MtTestResultDetail would benefit form adding in the base MD files. Example result shown below.
The test is executed from the Pester test file and this probably isn't the most desirable.

function Get-MtExo {
     [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSAvoidUsingInvokeExpression","")]
     [CmdletBinding()]
     [OutputType([string],[object[]],[psobject])]
     param(
         [string] $Request = ($MyInvocation.InvocationName).Substring(6)
     )
     <#
     $policies = @{
         "SafeAttachmentPolicy"      = Get-SafeAttachmentPolicy #RecommendedPolicyType -eq "Standard", "Strict"
         "ATPBuiltInProtectionRule"  = Get-ATPBuiltInProtectionRule
         "EOPProtectionPolicyRule"   = Get-EOPProtectionPolicyRule #-Identity "*Preset Security Policy" #IsBuiltInProtection
         "ATPProtectionPolicyRule"   = Get-ATPProtectionPolicyRule #-Identity "*Preset Security Policy" #IsBuiltInProtection
     }
     #>

     ### To add new commands
     ### - add them to the hashtable below
     ### - confirm the command's return type is in OutputType (e.g. (Get-AcceptedDomain).GetType().Name)
     $commands = @{
         "AcceptedDomain"            = "Get-AcceptedDomain"
         "RemoteDomain"              = "Get-RemoteDomain"
         "TransportConfig"           = "Get-TransportConfig"
         "TransportRule"             = "Get-TransportRule"
         "OrganizationConfig"        = "Get-OrganizationConfig"
         "DkimSigningConfig"         = "Get-DkimSigningConfig"
         "SharingPolicy"             = "Get-SharingPolicy"
         "DlpComplianceRule"         = "Get-DlpComplianceRule"
         "DlpCompliancePolicy"       = "Get-DlpCompliancePolicy"
         "MalwareFilterPolicy"       = "Get-MalwareFilterPolicy"
         "HostedContentFilterPolicy" = "Get-HostedContentFilterPolicy"
         "AntiPhishPolicy"           = "Get-AntiPhishPolicy"
         "SafeAttachmentPolicy"      = "Get-SafeAttachmentPolicy"
         "SafeLinksPolicy"           = "Get-SafeLinksPolicy"
         "ATPBuiltInProtectionRule"  = "Get-ATPBuiltInProtectionRule"
         "EOPProtectionPolicyRule"   = "Get-EOPProtectionPolicyRule"
         "ATPProtectionPolicyRule"   = "Get-ATPProtectionPolicyRule"
         "ProtectionAlert"           = "Get-ProtectionAlert"

         "ArcConfig"                      = "Get-ArcConfig"
         "ExternalInOutlook"              = "Get-ExternalInOutlook"
         "InboundConnector"               = "Get-InboundConnector"
         "AtpPolicyForO365"               = "Get-AtpPolicyForO365"
         "SafeLinksRule"                  = "Get-SafeLinksRule"
         "SafeAttachmentRule"             = "Get-SafeAttachmentRule"
         "MalwareFilterRule"              = "Get-MalwareFilterRule"
         "AntiPhishRule"                  = "Get-AntiPhishRule"
         "QuarantinePolicy"               = "Get-QuarantinePolicy"
         "HostedOutboundSpamFilterRule"   = "Get-HostedOutboundSpamFilterRule"
         "HostedOutboundSpamFilterPolicy" = "Get-HostedOutboundSpamFilterPolicy"
         "HostedContentFilterRule"        = "Get-HostedContentFilterRule"
         "HostedConnectionFilterPolicy"   = "Get-HostedConnectionFilterPolicy"

     }

     if($Request -eq "Exo"){
         Write-Error "$($MyInvocation.InvocationName) called with invalid -Request, specify value (e.g., AcceptedDomain)"
         return "Unable to obtain policy"
     }elseif($Request -notin $commands.Keys){
         Write-Error "$($MyInvocation.InvocationName) called with unsupported -Request"
         return "Unable to obtain policy"
     }

     if($null -eq $__MtSession.ExoCache.$Request){
         Write-Verbose "$request not in cache, requesting."
         $response = Invoke-Expression $commands.$Request
         $__MtSession.ExoCache.$Request = $response
     }else{
         Write-Verbose "$request in cache."
         $response = $__MtSession.ExoCache.$Request
     }

     return $response
 }

Ref #30

merill commented 2 months ago

Nice. Thanks for kicking this off @Snozzberries

Let me first check with Cam on what he thinks about us importing into Maester. The license it's being published under is not clear.

merill commented 2 months ago

FYI Cam is OOF atm, will follow up when he is back.

cammurray commented 3 weeks ago

FYI Cam is OOF atm, will follow up when he is back.

Definitely happy. It's open source! Fork away!

merill commented 3 weeks ago

Brilliant!! Thanks @cammurray 👍

soulemike commented 3 weeks ago

Thanks @cammurray!!

@merill, I will try to do an update this weekend to get this staged on the current main and try to clean up a few of the known issues I listed. Let me know if you have other thoughts. Not certain if we'd make this in before v1 timetable.

maester365 / maester

Beta of ORCA Addition #425