Private/Azure/Test-AssignmentExcluded.ps1
|
function Test-AssignmentExcluded { <# .SYNOPSIS Check if a policy assignment should be excluded from analysis. .DESCRIPTION Determines if an assignment matches any exclusion patterns based on assignment name/ID or policy set name/ID. .PARAMETER Assignment The policy assignment object to check. .PARAMETER PolicySet The policy set definition object (if assignment is an initiative). .PARAMETER ExcludeList Array of names or IDs to exclude. .EXAMPLE $shouldExclude = Test-AssignmentExcluded -Assignment $assignment -PolicySet $policySet -ExcludeList @("MCSB") .OUTPUTS Boolean - $true if assignment should be excluded, $false otherwise #> [CmdletBinding()] param( [Parameter(Mandatory = $true)] $Assignment, [Parameter(Mandatory = $true)] $PolicySet, [string[]]$ExcludeList = @() ) $assignmentName = [string]$Assignment.DisplayName $assignmentId = [string]$Assignment.PolicyDefinitionId $policySetName = [string]$PolicySet.DisplayName $policySetId = [string]$PolicySet.Id foreach ($excludePattern in $ExcludeList) { if ([string]::IsNullOrWhiteSpace($excludePattern)) { continue } # Case-insensitive match against any identifier if ($assignmentName -ieq $excludePattern -or $assignmentId -ieq $excludePattern -or $policySetName -ieq $excludePattern -or $policySetId -ieq $excludePattern) { return $true } } return $false } |