PSRule.Rules.Azure.psm1
# Copyright (c) Microsoft Corporation. # Licensed under the MIT License. # # PSRule.Rules.Azure module # $m = Import-Module 'Az.Resources' -MinimumVersion 5.6.0 -Global -ErrorAction SilentlyContinue -PassThru; if ($Null -eq $m) { Write-Warning -Message "To use PSRule for Azure export cmdlets please install Az.Resources."; } Set-StrictMode -Version latest; [PSRule.Rules.Azure.Configuration.PSRuleOption]::UseExecutionContext($ExecutionContext); # # Localization # # # Public functions # #region Public functions # .ExternalHelp PSRule.Rules.Azure-help.xml function Export-AzRuleData { [CmdletBinding(SupportsShouldProcess = $True, DefaultParameterSetName = 'Default')] [OutputType([System.IO.FileInfo])] [OutputType([PSObject])] param ( [Parameter(Position = 0, Mandatory = $False)] [String]$OutputPath = $PWD, # Filter by Subscription name or id [Parameter(Mandatory = $False, ParameterSetName = 'Default')] [String[]]$Subscription = $Null, # Filter by Tenant id [Parameter(Mandatory = $False, ParameterSetName = 'Default')] [String[]]$Tenant = $Null, # Filter by Resource Group name [Parameter(Mandatory = $False)] [String[]]$ResourceGroupName = $Null, # Filter by Tag [Parameter(Mandatory = $False)] [Hashtable]$Tag, [Parameter(Mandatory = $False)] [Switch]$PassThru = $False, [Parameter(Mandatory = $False, ParameterSetName = 'All')] [Switch]$All = $False ) begin { Write-Verbose -Message "[Export-AzRuleData] BEGIN::"; } process { # Get subscriptions $context = FindAzureContext -Subscription $Subscription -Tenant $Tenant -All:$All -Verbose:$VerbosePreference; if ($Null -eq $context) { return; } if (!(Test-Path -Path $OutputPath)) { if ($PSCmdlet.ShouldProcess('Create output directory', $OutputPath)) { $Null = New-Item -Path $OutputPath -ItemType Directory -Force; } } $getParams = @{ }; $filterParams = @{ }; if ($PSBoundParameters.ContainsKey('Tag')) { $getParams['Tag'] = $Tag; } if ($PSBoundParameters.ContainsKey('ResourceGroupName')) { $getParams['ResourceGroupName'] = $ResourceGroupName; $filterParams['ResourceGroupName'] = $ResourceGroupName; } foreach ($c in $context) { Write-Verbose -Message "[Export] -- Using subscription: $($c.Subscription.Name)"; $filePath = Join-Path -Path $OutputPath -ChildPath "$($c.Subscription.Id).json"; GetAzureResource @getParams -Context $c -Verbose:$VerbosePreference ` | FilterAzureResource @filterParams -Verbose:$VerbosePreference ` | ExportAzureResource -Path $filePath -PassThru $PassThru -Verbose:$VerbosePreference; } } end { Write-Verbose -Message "[Export-AzRuleData] END::"; } } # .ExternalHelp PSRule.Rules.Azure-help.xml function Export-AzRuleTemplateData { [CmdletBinding()] [OutputType([System.IO.FileInfo])] [OutputType([PSObject])] param ( [Parameter(Position = 0, Mandatory = $False)] [String]$Name, [Parameter(Mandatory = $True, ValueFromPipelineByPropertyName = $True)] [String]$TemplateFile, [Parameter(Mandatory = $False, ValueFromPipelineByPropertyName = $True)] [Alias('TemplateParameterFile')] [String[]]$ParameterFile, [Parameter(Mandatory = $False)] [Alias('ResourceGroupName')] [PSRule.Rules.Azure.Configuration.ResourceGroupReference]$ResourceGroup, [Parameter(Mandatory = $False)] [PSRule.Rules.Azure.Configuration.SubscriptionReference]$Subscription, [Parameter(Mandatory = $False)] [String]$OutputPath = $PWD, [Parameter(Mandatory = $False)] [Switch]$PassThru = $False ) begin { Write-Verbose -Message '[Export-AzRuleTemplateData] BEGIN::'; if ($MyInvocation.InvocationName -eq 'Export-AzTemplateRuleData') { Write-Warning -Message "The cmdlet 'Export-AzTemplateRuleData' is has been renamed to 'Export-AzRuleTemplateData'. Use of 'Export-AzTemplateRuleData' is deprecated and will be removed in the next major version." } $Option = [PSRule.Rules.Azure.Configuration.PSRuleOption]::FromFileOrDefault($PWD); $Option.Output.Path = $OutputPath; # Build the pipeline $builder = [PSRule.Rules.Azure.Pipeline.PipelineBuilder]::Template($Option); $builder.Deployment($Name); $builder.PassThru($PassThru); # Bind to subscription context if ($PSBoundParameters.ContainsKey('Subscription')) { $subscriptionOption = GetSubscription -InputObject $Subscription -ErrorAction SilentlyContinue; if ($Null -ne $subscriptionOption) { $builder.Subscription($subscriptionOption); } } # Bind to resource group if ($PSBoundParameters.ContainsKey('ResourceGroup')) { $resourceGroupOption = GetResourceGroup -InputObject $ResourceGroup -ErrorAction SilentlyContinue; if ($Null -ne $resourceGroupOption) { $builder.ResourceGroup($resourceGroupOption); } } $builder.UseCommandRuntime($PSCmdlet); $builder.UseExecutionContext($ExecutionContext); try { $pipeline = $builder.Build(); $pipeline.Begin(); } catch { $pipeline.Dispose(); } } process { if ($Null -ne (Get-Variable -Name pipeline -ErrorAction SilentlyContinue)) { try { $source = [PSRule.Rules.Azure.Pipeline.TemplateSource]::new($TemplateFile, $ParameterFile); $pipeline.Process($source); } catch { $pipeline.Dispose(); throw; } } } end { if ($Null -ne (Get-Variable -Name pipeline -ErrorAction SilentlyContinue)) { try { $pipeline.End(); } finally { $pipeline.Dispose(); } } Write-Verbose -Message '[Export-AzRuleTemplateData] END::'; } } # .ExternalHelp PSRule.Rules.Azure-help.xml function Get-AzRuleTemplateLink { [CmdletBinding()] [OutputType([PSRule.Rules.Azure.Data.Metadata.ITemplateLink])] param ( [Parameter(Position = 1, Mandatory = $False, ValueFromPipelineByPropertyName = $True)] [Alias('f', 'TemplateParameterFile', 'FullName')] [SupportsWildcards()] [String[]]$InputPath = '*.parameters.json', [Parameter(Mandatory = $False)] [Switch]$SkipUnlinked, [Parameter(Position = 0, Mandatory = $False)] [Alias('p')] [String]$Path = $PWD ) begin { Write-Verbose -Message '[Get-AzRuleTemplateLink] BEGIN::'; # Build the pipeline $builder = [PSRule.Rules.Azure.Pipeline.PipelineBuilder]::TemplateLink($Path); $builder.SkipUnlinked($SkipUnlinked); $builder.UseCommandRuntime($PSCmdlet); $builder.UseExecutionContext($ExecutionContext); $pipeline = $builder.Build(); if ($Null -ne (Get-Variable -Name pipeline -ErrorAction SilentlyContinue)) { try { $pipeline.Begin(); } catch { $pipeline.Dispose(); throw; } } } process { if ($Null -ne (Get-Variable -Name pipeline -ErrorAction SilentlyContinue)) { try { foreach ($p in $InputPath) { $pipeline.Process($p); } } catch { $pipeline.Dispose(); throw; } } } end { if ($Null -ne (Get-Variable -Name pipeline -ErrorAction SilentlyContinue)) { try { $pipeline.End(); } finally { $pipeline.Dispose(); } } Write-Verbose -Message '[Get-AzRuleTemplateLink] END::'; } } function Export-AzPolicyAssignmentData { [CmdletBinding(SupportsShouldProcess = $True, DefaultParameterSetName = 'Default')] [OutputType([System.IO.FileInfo])] [OutputType([PSObject])] param ( # Name of policy assignment [Parameter(ParameterSetName = 'Name', Mandatory = $False)] [String]$Name, # Fully qualified resource ID of policy assignment [Parameter(ParameterSetName = 'Id', Mandatory = $True)] [Alias('AssignmentId')] [String]$Id, # Specifies assignment policy scope [Parameter(ParameterSetName = 'Name', Mandatory = $False)] [Parameter(ParameterSetName = 'IncludeDescendent', Mandatory = $False)] [String]$Scope, # Specifies the policy definition ID of the policy assignment [Parameter(ParameterSetName = 'Name', Mandatory = $False)] [Parameter(ParameterSetName = 'Id', Mandatory = $False)] [String]$PolicyDefinitionId, # Include all assignments related to given scope [Parameter(ParameterSetName = 'IncludeDescendent', Mandatory = $True)] [Switch]$IncludeDescendent = $False, [Parameter(Mandatory = $False)] [String]$OutputPath = $PWD, [Parameter(Mandatory = $False)] [Switch]$PassThru = $False ) begin { Write-Verbose -Message '[Export-AzPolicyAssignmentData] BEGIN::'; } process { $context = GetAzureContext -ErrorAction SilentlyContinue if ($Null -eq $context) { Write-Error -Message 'Could not find an existing context. Use Connect-AzAccount to establish a PowerShell context with Azure.'; return; } if (!(Test-Path -Path $OutputPath)) { if ($PSCmdlet.ShouldProcess('Create output directory', $OutputPath)) { $Null = New-Item -Path $OutputPath -ItemType Directory -Force; } } $getParams = @{ }; Write-Verbose -Message "Parameter Set: $($PSCmdlet.ParameterSetName)"; if ($PSCmdlet.ParameterSetName -eq 'Name') { if ($PSBoundParameters.ContainsKey('Name')) { $getParams['Name'] = $Name; } if ($PSBoundParameters.ContainsKey('PolicyDefinitionId')) { $getParams['PolicyDefinitionId'] = $PolicyDefinitionId; } if ($PSBoundParameters.ContainsKey('Scope')) { $getParams['Scope'] = $Scope; } else { $getParams['Scope'] = GetDefaultSubscriptionScope -Context $context } Write-Verbose -Message "Scope: $($getParams['Scope'])"; } elseif ($PSCmdlet.ParameterSetName -eq 'Id') { $getParams['Id'] = $Id; if ($PSBoundParameters.ContainsKey('PolicyDefinitionId')) { $getParams['PolicyDefinitionId'] = $PolicyDefinitionId; } } elseif ($PSCmdlet.ParameterSetName -eq 'IncludeDescendent') { $getParams['IncludeDescendent'] = $IncludeDescendent; if ($PSBoundParameters.ContainsKey('Scope')) { $getParams['Scope'] = $Scope; } else { $getParams['Scope'] = GetDefaultSubscriptionScope -Context $context } } Write-Verbose -Message "[Export] -- Using subscription: $($context.Subscription.Name)"; $filePath = Join-Path -Path $OutputPath -ChildPath "$($context.Subscription.Id).assignment.json"; Get-AzPolicyAssignment @getParams -Verbose:$VerbosePreference ` | ExpandPolicyAssignment -Context $context -Verbose:$VerbosePreference ` | ExportAzureResource -Path $filePath -PassThru $PassThru -Verbose:$VerbosePreference; } end { Write-Verbose -Message "[Export-AzPolicyAssignmentData] END::"; } } function Export-AzPolicyAssignmentRuleData { [CmdletBinding(DefaultParameterSetName = 'Default')] [OutputType([System.IO.FileInfo])] [OutputType([PSObject])] param ( # Name of Policy assignment [Parameter(Mandatory = $False)] [String]$Name, # Assignment file path [Parameter(Mandatory = $True, ValueFromPipelineByPropertyName = $True)] [String]$AssignmentFile, [Parameter(Mandatory = $False)] [Alias('ResourceGroupName')] [PSRule.Rules.Azure.Configuration.ResourceGroupReference]$ResourceGroup, [Parameter(Mandatory = $False)] [PSRule.Rules.Azure.Configuration.SubscriptionReference]$Subscription, [Parameter(Mandatory = $False)] [String]$OutputPath = $PWD, [Parameter(Mandatory = $False)] [Switch]$PassThru = $False ) begin { Write-Verbose -Message '[Export-AzPolicyAssignmentRuleData] BEGIN::'; $option = [PSRule.Rules.Azure.Configuration.PSRuleOption]::FromFileOrDefault($PWD); $option.Output.Path = $OutputPath; # Build the pipeline $builder = [PSRule.Rules.Azure.Pipeline.PipelineBuilder]::Assignment($option); $builder.Assignment($Name); $builder.PassThru($PassThru); # Bind to subscription context if ($PSBoundParameters.ContainsKey('Subscription')) { $subscriptionOption = GetSubscription -InputObject $Subscription -ErrorAction SilentlyContinue; if ($Null -ne $subscriptionOption) { $builder.Subscription($subscriptionOption); } } # Bind to resource group if ($PSBoundParameters.ContainsKey('ResourceGroup')) { $resourceGroupOption = GetResourceGroup -InputObject $ResourceGroup -ErrorAction SilentlyContinue; if ($Null -ne $resourceGroupOption) { $builder.ResourceGroup($resourceGroupOption); } } $builder.UseCommandRuntime($PSCmdlet); $builder.UseExecutionContext($ExecutionContext); try { $pipeline = $builder.Build(); $pipeline.Begin(); } catch { $pipeline.Dispose(); } } process { if ($Null -ne (Get-Variable -Name pipeline -ErrorAction SilentlyContinue)) { try { $source = [PSRule.Rules.Azure.Pipeline.PolicyAssignmentSource]::new($AssignmentFile); $pipeline.Process($source); } catch { $pipeline.Dispose(); throw; } } } end { if ($Null -ne (Get-Variable -Name pipeline -ErrorAction SilentlyContinue)) { try { $pipeline.End(); } finally { $pipeline.Dispose(); } } Write-Verbose -Message '[Export-AzPolicyAssignmentRuleData] END::'; } } function Get-AzPolicyAssignmentDataSource { [CmdletBinding(DefaultParameterSetName = 'Default')] [OutputType([PSRule.Rules.Azure.Pipeline.PolicyAssignmentSource])] param ( [Parameter(Mandatory = $False, ValueFromPipelineByPropertyName = $True)] [Alias('f', 'AssignmentFile', 'FullName')] [SupportsWildcards()] [String[]]$InputPath = '*.assignment.json', [Parameter(Mandatory = $False)] [Alias('p')] [String]$Path = $PWD ) begin { Write-Verbose -Message '[Get-AzPolicyAssignmentDataSource] BEGIN::'; # Build the pipeline $builder = [PSRule.Rules.Azure.Pipeline.PipelineBuilder]::AssignmentSearch($Path); $builder.UseCommandRuntime($PSCmdlet); $builder.UseExecutionContext($ExecutionContext); $pipeline = $builder.Build(); if ($Null -ne (Get-Variable -Name pipeline -ErrorAction SilentlyContinue)) { try { $pipeline.Begin(); } catch { $pipeline.Dispose(); throw; } } } process { if ($Null -ne (Get-Variable -Name pipeline -ErrorAction SilentlyContinue)) { try { foreach ($p in $InputPath) { $pipeline.Process($p); } } catch { $pipeline.Dispose(); throw; } } } end { if ($Null -ne (Get-Variable -Name pipeline -ErrorAction SilentlyContinue)) { try { $pipeline.End(); } finally { $pipeline.Dispose(); } } Write-Verbose -Message '[Get-AzPolicyAssignmentDataSource] END::'; } } #endregion Public functions # # Helper functions # function GetDefaultSubscriptionScope { [CmdletBinding()] param ( [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { return [string]::Concat('/subscriptions/', $context.Subscription.Id); } } function GetResourceGroup { [CmdletBinding()] [OutputType([PSRule.Rules.Azure.Configuration.ResourceGroupOption])] param ( [Parameter(Mandatory = $True)] [PSRule.Rules.Azure.Configuration.ResourceGroupReference]$InputObject ) process { $result = $InputObject.ToResourceGroupOption(); if ($InputObject.FromName) { $o = Get-AzResourceGroup -Name $InputObject.Name -ErrorAction SilentlyContinue; if ($Null -ne $o) { $result.Name = $o.ResourceGroupName $result.Location = $o.Location $result.ManagedBy = $o.ManagedBy $result.Properties.ProvisioningState = $o.ProvisioningState $result.Tags = $o.Tags } } return $result; } } function GetSubscription { [CmdletBinding()] [OutputType([PSRule.Rules.Azure.Configuration.SubscriptionOption])] param ( [Parameter(Mandatory = $True)] [PSRule.Rules.Azure.Configuration.SubscriptionReference]$InputObject ) process { $result = $InputObject.ToSubscriptionOption(); if ($InputObject.FromName) { $o = (Set-AzContext -Subscription $InputObject.DisplayName -ErrorAction SilentlyContinue).Subscription; if ($Null -ne $o) { $result.DisplayName = $o.Name $result.SubscriptionId = $o.SubscriptionId $result.State = $o.State $result.TenantId = $o.TenantId } } return $result; } } function FindAzureContext { [CmdletBinding()] [OutputType([Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer[]])] param ( [Parameter(Mandatory = $False)] [String[]]$Subscription = $Null, [Parameter(Mandatory = $False)] [String[]]$Tenant = $Null, [Parameter(Mandatory = $False)] [System.Boolean]$All = $False ) process { $listAvailable = $False; if ($Null -ne $Subscription -or $Null -ne $Tenant -or $All) { $listAvailable = $True; } # Get subscription contexts $context = @(GetAzureContext -ListAvailable:$listAvailable); if ($Null -eq $context -and $context.Length -gt 0) { Write-Error -Message 'Could not find an existing context. Use Connect-AzAccount to establish a PowerShell context with Azure.'; return; } Write-Verbose "[Context] -- Found ($($context.Length)) subscription contexts"; $filteredContext = @($context | ForEach-Object -Process { if ( ($Null -eq $Tenant -or $Tenant.Length -eq 0 -or ($_.Tenant.Id -in $Tenant)) -and ($Null -eq $Subscription -or $Subscription.Length -eq 0 -or ($_.Subscription.Id -in $Subscription) -or ($_.Subscription.Name -in $Subscription)) ) { $_; Write-Verbose "[Context] -- Using subscription: $($_.Subscription.Name)"; } }) Write-Verbose "[Context] -- Using [$($filteredContext.Length)/$($context.Length)] subscription contexts"; return $filteredContext; } } function GetAzureContext { [CmdletBinding()] [OutputType([Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer[]])] param ( [Parameter(Mandatory = $False)] [System.Boolean]$ListAvailable = $False ) process { $getParams = @{ }; if ($ListAvailable) { $getParams['ListAvailable'] = $True; } # Get contexts return Get-AzContext @getParams; } } function GetAzureResource { [CmdletBinding()] [OutputType([PSObject])] param ( [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context, [Parameter(Mandatory = $False)] [Hashtable]$Tag, [Parameter(Mandatory = $False)] [String[]]$ResourceGroupName = $Null ) begin { $watch = New-Object -TypeName System.Diagnostics.Stopwatch; } process { $resourceParams = @{ }; $rgParams = @{ }; if ($PSBoundParameters.ContainsKey('Tag')) { $resourceParams['Tag'] = $Tag; $rgParams['Tag'] = $Tag; } try { Write-Verbose -Message "[Export] -- Getting Azure resources"; $watch.Restart(); if ($PSBoundParameters.ContainsKey('ResourceGroupName')) { foreach ($rg in $ResourceGroupName) { Write-Verbose -Message "[Export] -- Getting Azure resources for Resource Group: $rg"; Get-AzResource @resourceParams -ResourceGroupName $rg -ExpandProperties -ODataQuery "SubscriptionId EQ '$($Context.DefaultContext.Subscription.Id)'" -DefaultProfile $Context ` | ExpandResource -Context $Context -Verbose:$VerbosePreference; Get-AzResourceGroup @rgParams -Name $rg -DefaultProfile $Context | SetResourceType 'Microsoft.Resources/resourceGroups' | ExpandResource -Context $Context -Verbose:$VerbosePreference; } } else { Get-AzResource @resourceParams -ExpandProperties -DefaultProfile $Context | ExpandResource -Context $Context -Verbose:$VerbosePreference; Get-AzResourceGroup @rgParams -DefaultProfile $Context | SetResourceType 'Microsoft.Resources/resourceGroups' | ExpandResource -Context $Context -Verbose:$VerbosePreference; } Write-Verbose -Message "[Export] -- Azure resources exported in [$($watch.ElapsedMilliseconds) ms]"; $watch.Restart(); Write-Verbose -Message "[Export] -- Getting Azure subscription: $($Context.DefaultContext.Subscription.Id)"; Get-AzSubscription -SubscriptionId $Context.DefaultContext.Subscription.Id | SetResourceType 'Microsoft.Subscription' | ExpandResource -Context $Context -Verbose:$VerbosePreference; Write-Verbose -Message "[Export] -- Azure subscription exported in [$($watch.ElapsedMilliseconds) ms]"; } finally { $watch.Stop(); } } } function FilterAzureResource { [CmdletBinding()] [OutputType([PSObject])] param ( [Parameter(Mandatory = $False)] [String[]]$ResourceGroupName = $Null, [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$InputObject ) process { if (($Null -eq $ResourceGroupName) -or ($InputObject.ResourceType -eq 'Microsoft.Subscription') -or (@($InputObject.PSObject.Properties | Where-Object { $_.Name -eq 'ResourceGroupName' }).Length -eq 0)) { return $InputObject; } elseif ($InputObject.ResourceGroupName -in $ResourceGroupName) { return $InputObject; } } } function ExportAzureResource { [CmdletBinding(SupportsShouldProcess = $True)] [OutputType([System.IO.FileInfo])] [OutputType([PSObject])] param ( [Parameter(Mandatory = $True)] [String]$Path, [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$InputObject, [Parameter(Mandatory = $False)] [System.Boolean]$PassThru = $False ) begin { $resources = @(); } process { if ($PassThru) { $InputObject; } else { # Collect passed through resources $resources += $InputObject; } } end { $watch = New-Object -TypeName System.Diagnostics.Stopwatch; Write-Verbose -Message "[Export] -- Exporting to JSON"; $watch.Restart(); if (!$PassThru) { # Save to JSON ConvertTo-Json -InputObject $resources -Depth 100 | Set-Content -Path $Path; Get-Item -Path $Path; } $watch.Stop(); Write-Verbose -Message "[Export] -- Exported to JSON in [$($watch.ElapsedMilliseconds) ms]"; } } function GetSubResource { [CmdletBinding()] param ( [Parameter(Mandatory = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context, [Parameter(Mandatory = $True)] [String]$ResourceType, [Parameter(Mandatory = $True)] [String]$ApiVersion ) process { $getParams = @{ Name = $Resource.Name ResourceType = $ResourceType ResourceGroupName = $Resource.ResourceGroupName DefaultProfile = $Context ApiVersion = $ApiVersion } try { Get-AzResource @getParams -ExpandProperties; } catch { Write-Warning -Message "Failed to read $($Resource.Name): $ResourceType"; } } } function GetResourceById { [CmdletBinding()] param ( [Parameter(Mandatory = $True)] [PSObject]$ResourceId, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context, [Parameter(Mandatory = $True)] [String]$ApiVersion ) process { $getParams = @{ ResourceId = $ResourceId DefaultProfile = $Context ApiVersion = $ApiVersion } try { Get-AzResource @getParams -ExpandProperties; } catch { Write-Warning -Message "Failed to read $ResourceId"; } } } function GetSubResourceId { [CmdletBinding()] param ( [Parameter(Mandatory = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context, [Parameter(Mandatory = $True)] [String]$Property, [Parameter(Mandatory = $True)] [String]$ApiVersion ) process { $getParams = @{ ResourceId = [String]::Concat($Resource.Id, '/', $Property) DefaultProfile = $Context ApiVersion = $ApiVersion } try { Get-AzResource @getParams -ExpandProperties; } catch { Write-Warning -Message "Failed to read $($Resource.Name): $Property"; } } } function GetRestProperty { [CmdletBinding()] param ( [Parameter(Mandatory = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context, [Parameter(Mandatory = $True)] [String]$Property, [Parameter(Mandatory = $True)] [String]$ApiVersion ) process { try { $token = GetRestToken -Context $Context; $getParams = @{ Uri = [String]::Concat('https://management.azure.com', $Resource.Id, '/', $Property, '?api-version=', $ApiVersion) Headers = @{ Authorization = "Bearer $($token)" } } Invoke-RestMethod -Method Get @getParams -UseBasicParsing -Verbose:$VerbosePreference; } catch { Write-Warning -Message "Failed to read $($Resource.Name): $Property"; } } } function GetRestToken { [CmdletBinding()] [OutputType([String])] param ( [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { return ($Context.DefaultContext.TokenCache.ReadItems() | Where-Object { $_.TenantId -eq $Context.DefaultContext.Tenant.Id -and $_.Resource -eq 'https://management.core.windows.net/' -and $_.Authority -eq "https://login.windows.net/$($Context.DefaultContext.Tenant.Id)/" }).AccessToken; } } function GetSubProvider { [CmdletBinding()] param ( [Parameter(Mandatory = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context, [Parameter(Mandatory = $True)] [String]$ResourceType, [Parameter(Mandatory = $True)] [String]$ApiVersion, [Parameter(Mandatory = $False)] [Switch]$ExpandProperties ) process { $getParams = @{ ResourceId = [String]::Concat($Resource.Id, '/providers/', $ResourceType) DefaultProfile = $Context ApiVersion = $ApiVersion } try { Get-AzResource @getParams -ExpandProperties:$ExpandProperties; } catch { Write-Warning -Message "Failed to read $($Resource.Name): $ResourceType"; } } } function VisitAPIManagement { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $apis += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ApiManagement/service/apis' -ApiVersion '2019-12-01'; foreach ($api in $apis) { $resources += $api; $apiParams = @{ Name = "$($Resource.Name)/$($api.Name)" ResourceType = 'Microsoft.ApiManagement/service/apis/policies' ResourceGroupName = $Resource.ResourceGroupName DefaultProfile = $Context ApiVersion = '2019-12-01' }; $resources += Get-AzResource @apiParams; } # Add zones in from REST API because they are not included from Get-AzResource $apiManagementServicePrimaryZones = ((Invoke-AzRestMethod -Path "$($Resource.ResourceId)?api-version=2020-12-01" -Method GET).Content | ConvertFrom-Json).zones; $Resource = $Resource | Add-Member -MemberType NoteProperty -Name zones -Value $apiManagementServicePrimaryZones -PassThru; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ApiManagement/service/backends' -ApiVersion '2019-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ApiManagement/service/products' -ApiVersion '2019-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ApiManagement/service/policies' -ApiVersion '2019-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ApiManagement/service/identityProviders' -ApiVersion '2019-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ApiManagement/service/diagnostics' -ApiVersion '2019-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ApiManagement/service/loggers' -ApiVersion '2019-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ApiManagement/service/certificates' -ApiVersion '2019-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ApiManagement/service/namedValues' -ApiVersion '2019-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ApiManagement/service/portalsettings' -ApiVersion '2019-12-01'; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitSqlServer { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $sqlServer = $resource; $resources = @(); # Get SQL Server firewall rules $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.Sql/servers/firewallRules' -ApiVersion '2015-05-01-preview'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.Sql/servers/administrators' -ApiVersion '2014-04-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.Sql/servers/securityAlertPolicies' -ApiVersion '2017-03-01-preview'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.Sql/servers/vulnerabilityAssessments' -ApiVersion '2018-06-01-preview'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.Sql/servers/auditingSettings' -ApiVersion '2017-03-01-preview'; $sqlServer | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitSqlDatabase { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $getParams = @{ ResourceGroupName = $Resource.ResourceGroupName DefaultProfile = $Context ErrorAction = 'SilentlyContinue' } $idParts = $Resource.ResourceId.Split('/'); $serverName = $idParts[-3]; $resourceName = "$serverName/$($Resource.Name)"; $resources += Get-AzResource @getParams -Name $resourceName -ResourceType 'Microsoft.Sql/servers/databases/dataMaskingPolicies' -ApiVersion '2014-04-01' -ExpandProperties $resources += Get-AzResource @getParams -Name $resourceName -ResourceType 'Microsoft.Sql/servers/databases/transparentDataEncryption' -ApiVersion '2014-04-01' -ExpandProperties; $resources += Get-AzResource @getParams -Name $resourceName -ResourceType 'Microsoft.Sql/servers/databases/connectionPolicies' -ApiVersion '2014-04-01' -ExpandProperties; $resources += Get-AzResource @getParams -Name $resourceName -ResourceType 'Microsoft.Sql/servers/databases/geoBackupPolicies' -ApiVersion '2014-04-01' -ExpandProperties; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitPostgreSqlServer { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $sqlServer = $resource; $resources = @(); # Get Postgre SQL Server firewall rules $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.DBforPostgreSQL/servers/firewallRules' -ApiVersion '2017-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.DBforPostgreSQL/servers/securityAlertPolicies' -ApiVersion '2017-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.DBforPostgreSQL/servers/configurations' -ApiVersion '2017-12-01'; $sqlServer | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitMySqlServer { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $sqlServer = $resource; $resources = @(); # Get MySQL Server firewall rules $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.DBforMySQL/servers/firewallRules' -ApiVersion '2017-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.DBforMySQL/servers/securityAlertPolicies' -ApiVersion '2017-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.DBforMySQL/servers/configurations' -ApiVersion '2017-12-01'; $sqlServer | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitSqlManagedInstance { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $sqlMI = $resource; $resources = @(); $resources += Get-AzResource -Name $resource.Name -ResourceType 'Microsoft.Sql/managedInstances/securityAlertPolicies' -ResourceGroupName $resource.ResourceGroupName -DefaultProfile $Context -ApiVersion '2017-03-01-preview' -ExpandProperties; $resources += Get-AzResource -Name $resource.Name -ResourceType 'Microsoft.Sql/managedInstances/vulnerabilityAssessments' -ResourceGroupName $resource.ResourceGroupName -DefaultProfile $Context -ApiVersion '2018-06-01-preview' -ExpandProperties; $resources += Get-AzResource -Name $resource.Name -ResourceType 'Microsoft.Sql/managedInstances/administrators' -ResourceGroupName $resource.ResourceGroupName -DefaultProfile $Context -ApiVersion '2017-03-01-preview' -ExpandProperties; $sqlMI | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitAutomationAccount { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $aa = $Resource $resources = @(); $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.Automation/AutomationAccounts/variables' -ApiVersion '2015-10-31'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.Automation/AutomationAccounts/webhooks' -ApiVersion '2015-10-31'; $diagnosticSettingsResourceParams = @{ Name = $Resource.Name ResourceType = 'Microsoft.Automation/automationAccounts/providers/microsoft.insights/diagnosticSettings' ResourceGroupName = $Resource.ResourceGroupName DefaultProfile = $Context ExpandProperties = $True ApiVersion = '2021-05-01-preview' } $resources += Get-AzResource @diagnosticSettingsResourceParams $aa | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } # function VisitDataFactoryV2 { # param ( # [Parameter(Mandatory = $True, ValueFromPipeline = $True)] # [PSObject]$Resource, # [Parameter(Mandatory = $True)] # [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context # ) # process { # $df = $resource; # $resources = @(); # # Get linked services # $resources += Get-AzDataFactoryV2LinkedService -DataFactoryName $resource.Name -ResourceGroupName $resource.ResourceGroupName -DefaultProfile $Context | ForEach-Object -Process { # $linkedService = $_; # $type = $linkedService.Properties.GetType().Name; # $linkedService.Properties.AdditionalProperties = $Null; # if ($Null -ne $linkedService.Properties.EncryptedCredential) { # $linkedService.Properties.EncryptedCredential = $Null; # } # $linkedService | Add-Member -MemberType NoteProperty -Name 'ResourceType' -Value 'linkedServices'; # $linkedService | Add-Member -MemberType NoteProperty -Name 'Type' -Value $type; # $linkedService; # }; # $df | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; # } # } function VisitCDNEndpoint { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $resources += GetSubResourceId @PSBoundParameters -Property 'customdomains' -ApiVersion '2019-04-15'; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitContainerRegistry { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ContainerRegistry/registries/replications' -ApiVersion '2019-12-01-preview'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ContainerRegistry/registries/webhooks' -ApiVersion '2019-12-01-preview'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ContainerRegistry/registries/tasks' -ApiVersion '2019-06-01-preview'; $resources += GetRestProperty @PSBoundParameters -Property 'listUsages' -ApiVersion '2019-05-01' | SetResourceType 'Microsoft.ContainerRegistry/registries/listUsages'; $resources += GetSubProvider @PSBoundParameters -ResourceType 'Microsoft.Security/assessments' -ApiVersion '2019-01-01-preview'; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitAKSCluster { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); # Only add VNET resource if AKS cluster is using Azure CNI network plugin # Supported network plugins: azure or kubenet # https://docs.microsoft.com/en-us/azure/templates/microsoft.containerservice/managedclusters?tabs=json#containerservicenetworkprofile-object if ($Resource.Properties.networkProfile.networkPlugin -eq 'azure') { $nodePools = @($Resource.Properties.agentPoolProfiles); foreach ($nodePool in $nodePools) { $vnetId = $nodePool.vnetSubnetID; $resources += GetResourceById -ResourceId $vnetId -ApiVersion '2020-05-01' -Context $Context; } } $resources += Get-AzResource -Name $Resource.Name -ResourceType 'Microsoft.ContainerService/managedClusters/providers/microsoft.insights/diagnosticSettings' -ResourceGroupName $Resource.ResourceGroupName -DefaultProfile $Context -ApiVersion '2017-05-01-preview' -ExpandProperties; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitPublicIP { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { # Get-AzResource does not return zones, even with latest API version # Had to fetch the zones using ARM REST API and insert them into the resource # Logged an issue with Az PowerShell: https://github.com/Azure/azure-powershell/issues/15905 $publicIp = ((Invoke-AzRestMethod -Path "$($Resource.ResourceId)?api-version=2021-02-01" -Method GET).Content | ConvertFrom-Json).PSObject.Properties['zones']; if ($Null -ne $publicIp) { $Resource | Add-Member -MemberType NoteProperty -Name zones -Value $publicIp.value -PassThru; } else { $Resource; } } } function VisitRedisCache { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { # Get-AzResource does not return zones, even with latest API version # Had to fetch the zones using ARM REST API and insert them into the resource # Logged an issue with Az PowerShell: https://github.com/Azure/azure-powershell/issues/15905 $redisCacheZones = ((Invoke-AzRestMethod -Path "$($Resource.ResourceId)?api-version=2021-06-01" -Method GET).Content | ConvertFrom-Json).PSObject.Properties['zones']; if ($Null -ne $redisCacheZones) { $Resource | Add-Member -MemberType NoteProperty -Name zones -Value $redisCacheZones.value -PassThru; } else { $Resource; } } } function VisitRedisEnterpriseCache { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { # Get-AzResource does not return zones, even with latest API version # Had to fetch the zones using ARM REST API and insert them into the resource # Logged an issue with Az PowerShell: https://github.com/Azure/azure-powershell/issues/15905 $redisEnterpriseCacheZones = ((Invoke-AzRestMethod -Path "$($Resource.ResourceId)?api-version=2021-08-01" -Method GET).Content | ConvertFrom-Json).PSObject.Properties['zones']; if ($Null -ne $redisEnterpriseCacheZones) { $Resource | Add-Member -MemberType NoteProperty -Name zones -Value $redisEnterpriseCacheZones.value -PassThru; } else { $Resource; } } } function VisitStorageAccount { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); if ($Resource.Kind -ne 'FileStorage') { $blobServices = @(GetSubResource @PSBoundParameters -ResourceType 'Microsoft.Storage/storageAccounts/blobServices' -ApiVersion '2019-04-01'); foreach ($blobService in $blobServices) { $resources += $blobService; $resources += Get-AzResource -Name "$($Resource.Name)/$($blobService.Name)" -ResourceType 'Microsoft.Storage/storageAccounts/blobServices/containers' -ResourceGroupName $Resource.ResourceGroupName -DefaultProfile $Context -ApiVersion '2019-04-01' -ExpandProperties; } } $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitStorageSyncService { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $resources += Get-AzStorageSyncServer -ParentResourceId $Resource.ResourceId -DefaultProfile $Context; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitWebApp { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $configResourceType = 'Microsoft.Web/sites/config'; # Handle slots if ($Resource.ResourceType -eq 'Microsoft.Web/sites/slots') { $configResourceType = 'Microsoft.Web/sites/slots/config'; } $resources += Get-AzResource -Name $Resource.Name -ResourceType $configResourceType -ResourceGroupName $Resource.ResourceGroupName -DefaultProfile $Context -ApiVersion '2018-11-01' -ExpandProperties; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitRecoveryServices { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $resources += Get-AzResource -Name $resource.Name -ResourceType 'Microsoft.RecoveryServices/vaults/replicationRecoveryPlans' -ResourceGroupName $resource.ResourceGroupName -DefaultProfile $Context -ApiVersion '2018-07-10' -ExpandProperties; $resources += Get-AzResource -Name $resource.Name -ResourceType 'Microsoft.RecoveryServices/vaults/replicationAlertSettings' -ResourceGroupName $resource.ResourceGroupName -DefaultProfile $Context -ApiVersion '2018-07-10' -ExpandProperties; $resources += Get-AzResource -Name $resource.Name -ResourceType 'Microsoft.RecoveryServices/vaults/backupstorageconfig/vaultstorageconfig' -ResourceGroupName $resource.ResourceGroupName -DefaultProfile $Context -ApiVersion '2018-07-10' -ExpandProperties; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitVirtualMachine { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $networkInterfaceId = $Resource.Properties.networkProfile.networkInterfaces.id; foreach ($id in $networkInterfaceId) { $resources += Get-AzResource -ResourceId $id -ExpandProperties -DefaultProfile $Context; } $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitKeyVault { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $resources += Get-AzResource -Name $resource.Name -ResourceType 'Microsoft.KeyVault/vaults/providers/microsoft.insights/diagnosticSettings' -ResourceGroupName $resource.ResourceGroupName -DefaultProfile $Context -ApiVersion '2017-05-01-preview' -ExpandProperties; $resources += GetResourceById -ResourceId "$($Resource.Id)/keys" -Context $Context -ApiVersion '2021-11-01-preview'; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitFrontDoor { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { # Patch Front Door properties not fully returned from the default API version $Resource = Get-AzResource -Name $resource.Name -ResourceGroupName $resource.ResourceGroupName -DefaultProfile $Context -ResourceType 'Microsoft.Network/frontdoors' -ExpandProperties -ApiVersion '2018-08-01'; $resources = @(); $resources += Get-AzResource -Name $resource.Name -ResourceType 'Microsoft.Network/frontdoors/providers/microsoft.insights/diagnosticSettings' -ResourceGroupName $resource.ResourceGroupName -DefaultProfile $Context -ApiVersion '2017-05-01-preview' -ExpandProperties; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitFrontDoorWAFPolicy { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { # Patch Front Door WAF policy properties not fully returned from the default API version $Resource = Get-AzResource -Name $resource.Name -ResourceGroupName $resource.ResourceGroupName -DefaultProfile $Context -ResourceType 'Microsoft.Network/FrontDoorWebApplicationFirewallPolicies' -ExpandProperties -ApiVersion '2019-10-01'; $Resource; } } function VisitNetworkConnection { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { # Patch connections if (@($Resource.Properties.PSObject.Properties.Match('sharedKey')).Length -gt 0) { $Resource.Properties.sharedKey = "*** MASKED ***"; } $Resource; } } function VisitSubscription { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $resources += Get-AzRoleAssignment -DefaultProfile $Context -IncludeClassicAdministrators | SetResourceType 'Microsoft.Authorization/roleAssignments'; $resources += Get-AzResource -DefaultProfile $Context -ApiVersion '2017-08-01-preview' -ResourceId "/subscriptions/$($Resource.Id)/providers/Microsoft.Security/autoProvisioningSettings"; $resources += Get-AzResource -DefaultProfile $Context -ApiVersion '2017-08-01-preview' -ResourceId "/subscriptions/$($Resource.Id)/providers/Microsoft.Security/securityContacts"; $resources += Get-AzResource -DefaultProfile $Context -ApiVersion '2018-06-01' -ResourceId "/subscriptions/$($Resource.Id)/providers/Microsoft.Security/pricings"; $resources += Get-AzResource -DefaultProfile $Context -ApiVersion '2019-06-01' -ResourceId "/subscriptions/$($Resource.Id)/providers/Microsoft.Authorization/policyAssignments"; $resources += Get-AzResource -DefaultProfile $Context -ResourceType 'microsoft.insights/activityLogAlerts' -ExpandProperties; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; Get-AzPolicyDefinition -Custom -DefaultProfile $Context; Get-AzPolicySetDefinition -Custom -DefaultProfile $Context; } } function VisitResourceGroup { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $resources += Get-AzRoleAssignment -DefaultProfile $Context -Scope $Resource.ResourceId ` | Where-Object { $_.Scope.StartsWith($Resource.ResourceId) } ` | SetResourceType 'Microsoft.Authorization/roleAssignments'; $resources += Get-AzResourceLock -DefaultProfile $Context -ResourceGroupName $Resource.ResourceGroupName | SetResourceType 'Microsoft.Authorization/locks'; $Resource ` | Add-Member -MemberType NoteProperty -Name Name -Value $Resource.ResourceGroupName -PassThru ` | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitDataExplorerCluster { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $getParams = @{ ResourceGroupName = $Resource.ResourceGroupName DefaultProfile = $Context ErrorAction = 'SilentlyContinue' } $resources += Get-AzResource @getParams -Name $Resource.Name -ResourceType 'Microsoft.Kusto/clusters/databases' -ApiVersion '2021-08-27' -ExpandProperties; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitEventHubNamespaces { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $getParams = @{ ResourceGroupName = $Resource.ResourceGroupName DefaultProfile = $Context ErrorAction = 'SilentlyContinue' } $resources += Get-AzResource @getParams -Name $Resource.Name -ResourceType 'Microsoft.EventHub/namespaces/eventhubs' -ApiVersion '2021-11-01' -ExpandProperties; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitServiceBusNamespaces { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $getParams = @{ ResourceGroupName = $Resource.ResourceGroupName DefaultProfile = $Context ErrorAction = 'SilentlyContinue' } $resources += Get-AzResource @getParams -Name $Resource.Name -ResourceType 'Microsoft.ServiceBus/namespaces/queues' -ApiVersion '2021-06-01-preview' -ExpandProperties; $resources += Get-AzResource @getParams -Name $Resource.Name -ResourceType 'Microsoft.ServiceBus/namespaces/topics' -ApiVersion '2021-06-01-preview' -ExpandProperties; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function ExpandPolicyAssignment { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Assignment, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $policyDefinitionId = $Assignment.Properties.PolicyDefinitionId; Write-Verbose -Message "[Export] -- Expanding: $policyDefinitionId"; $policyDefinitions = [System.Collections.Generic.List[PSObject]]@(); if ($policyDefinitionId -like '*/providers/Microsoft.Authorization/policyDefinitions/*') { $definition = Get-AzPolicyDefinition -Id $policyDefinitionId -DefaultProfile $Context; $policyDefinitions.Add($definition); } elseif ($policyDefinitionId -like '*/providers/Microsoft.Authorization/policySetDefinitions/*') { $policySetDefinition = Get-AzPolicySetDefinition -Id $policyDefinitionId -DefaultProfile $Context; foreach ($definition in $policySetDefinition.Properties.PolicyDefinitions) { $definitionId = $definition.policyDefinitionId; Write-Verbose -Message "[Export] -- Expanding: $definitionId"; $definition = Get-AzPolicyDefinition -Id $definitionId -DefaultProfile $Context; $policyDefinitions.Add($definition); } } $Assignment | Add-Member -MemberType NoteProperty -Name PolicyDefinitions -Value $policyDefinitions -PassThru; } } # Add additional information to resources with child resources function ExpandResource { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resourceId = ''; if ($Resource.ResourceType -eq 'Microsoft.Subscription') { $resourceId = $Resource.Id; } else { $resourceId = $Resource.ResourceId; } Write-Verbose -Message "[Export] -- Expanding: $($resourceId)"; switch ($Resource.ResourceType) { 'Microsoft.ApiManagement/service' { VisitAPIManagement @PSBoundParameters; } 'Microsoft.Automation/automationAccounts' { VisitAutomationAccount @PSBoundParameters; } 'Microsoft.Cdn/profiles/endpoints' { VisitCDNEndpoint @PSBoundParameters; } 'Microsoft.ContainerRegistry/registries' { VisitContainerRegistry @PSBoundParameters; } 'Microsoft.ContainerService/managedClusters' { VisitAKSCluster @PSBoundParameters; } 'Microsoft.Sql/servers' { VisitSqlServer @PSBoundParameters; } 'Microsoft.Sql/servers/databases' { VisitSqlDatabase @PSBoundParameters; } 'Microsoft.DBforPostgreSQL/servers' { VisitPostgreSqlServer @PSBoundParameters; } 'Microsoft.DBforMySQL/servers' { VisitMySqlServer @PSBoundParameters; } # 'Microsoft.Sql/managedInstances' { VisitSqlManagedInstance @PSBoundParameters; } # 'Microsoft.DataFactory/factories' { VisitDataFactoryV2 @PSBoundParameters; } 'Microsoft.Storage/storageAccounts' { VisitStorageAccount @PSBoundParameters; } # "Microsoft.StorageSync/storageSyncServices" { VisitStorageSyncService @PSBoundParameters; } 'Microsoft.Web/sites' { VisitWebApp @PSBoundParameters; } 'Microsoft.Web/sites/slots' { VisitWebApp @PSBoundParameters; } 'Microsoft.RecoveryServices/vaults' { VisitRecoveryServices @PSBoundParameters; } 'Microsoft.Compute/virtualMachines' { VisitVirtualMachine @PSBoundParameters; } 'Microsoft.KeyVault/vaults' { VisitKeyVault @PSBoundParameters; } 'Microsoft.Network/frontDoors' { VisitFrontDoor @PSBoundParameters; } 'Microsoft.Network/FrontDoorWebApplicationFirewallPolicies' { VisitFrontDoorWAFPolicy @PSBoundParameters; } 'Microsoft.Network/connections' { VisitNetworkConnection @PSBoundParameters; } 'Microsoft.Subscription' { VisitSubscription @PSBoundParameters; } 'Microsoft.Resources/resourceGroups' { VisitResourceGroup @PSBoundParameters; } 'Microsoft.Network/publicIPAddresses' { VisitPublicIP @PSBoundParameters; } 'Microsoft.Cache/Redis' { VisitRedisCache @PSBoundParameters; } 'Microsoft.Cache/redisEnterprise' { VisitRedisEnterpriseCache @PSBoundParameters; } 'Microsoft.Kusto/Clusters' { VisitDataExplorerCluster @PSBoundParameters; } 'Microsoft.EventHub/namespaces' { VisitEventHubNamespaces @PSBoundParameters; } 'Microsoft.ServiceBus/namespaces' { VisitServiceBusNamespaces @PSBoundParameters; } default { $Resource; } } } } function SetResourceType { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True, Position = 0)] [String]$ResourceType ) process { if ($ResourceType -eq 'Microsoft.Resources/resourceGroups') { $Resource = $Resource | Add-Member -MemberType NoteProperty -Name Id -Value $Resource.ResourceId -PassThru -Force; } $Resource | Add-Member -MemberType NoteProperty -Name ResourceType -Value $ResourceType -PassThru -Force; } } # # Export module # New-Alias -Name 'Export-AzTemplateRuleData' -Value 'Export-AzRuleTemplateData' -Force; Export-ModuleMember -Function @( 'Export-AzRuleData' 'Export-AzRuleTemplateData' 'Get-AzRuleTemplateLink' 'Export-AzPolicyAssignmentData' 'Export-AzPolicyAssignmentRuleData' 'Get-AzPolicyAssignmentDataSource' ); Export-ModuleMember -Alias @( 'Export-AzTemplateRuleData' ); # SIG # Begin signature block # MIInogYJKoZIhvcNAQcCoIInkzCCJ48CAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCDcwydHHwpHsXYU # +feOx0uEWn0WZhFXlIuiA16ZtT/YMaCCDXYwggX0MIID3KADAgECAhMzAAACURR2 # zMWFg24LAAAAAAJRMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjEwOTAyMTgzMjU5WhcNMjIwOTAxMTgzMjU5WjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQDBIpXR3b1IYAMunV9ZYBVYsaA7S64mqacKy/OJUf0Lr/LW/tWlJDzJH9nFAhs0 # zzSdQQcLhShOSTUxtlwZD9dnfIcx4pZgu0VHkqQw2dVc8Ob21GBo5sVrXgEAQxZo # rlEuAl20KpSIFLUBwoZFGFSQNSMcqPudXOw+Mhvn6rXYv/pjXIjgBntn6p1f+0+C # 2NXuFrIwjJIJd0erGefwMg//VqUTcRaj6SiCXSY6kjO1J9P8oaRQBHIOFEfLlXQ3 # a1ATlM7evCUvg3iBprpL+j1JMAUVv+87NRApprPyV75U/FKLlO2ioDbb69e3S725 # XQLW+/nJM4ihVQ0BHadh74/lAgMBAAGjggFzMIIBbzAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQUMLgM7NX5EnpPfK5uU6FPvn2g/Ekw # RQYDVR0RBD4wPKQ6MDgxHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEW # MBQGA1UEBRMNMjMwMDEyKzQ2NzU5NjAfBgNVHSMEGDAWgBRIbmTlUAXTgqoXNzci # tW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3JsMGEG # CCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQu # Y29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3J0 # MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAIVJlff+Fp0ylEJhmvap # NVv1bYLSWf58OqRRIDnXbHQ+FobsOwL83/ncPC3xl8ySR5uK/af4ZDy7DcDw0yEd # mKbRLzHIfcztZVSrlsg0GKwZuaB2MEI1VizNCoZlN+HlFZa4DNm3J0LhTWrZjVR0 # M6V57cFW0GsV4NlqmtelT9JFEae7PomwgAV9xOScz8HzvbZeERcoSRp9eRsQwOw7 # 8XeCLeglqjUnz9gFM7RliCYP58Fgphtkht9LNEcErLOVW17m6/Dj75zg/IS+//6G # FEK2oXnw5EIIWZraFHqSaee+NMgOw/R6bwB8qLv5ClOJEpGKA3XPJvS9YgOpF920 # Vu4Afqa5Rv5UJKrsxA7HOiuH4TwpkP3XQ801YLMp4LavXnvqNkX5lhFcITvb01GQ # lcC5h+XfCv0L4hUum/QrFLavQXJ/vtirCnte5Bediqmjx3lswaTRbr/j+KX833A1 # l9NIJmdGFcVLXp1en3IWG/fjLIuP7BqPPaN7A1tzhWxL+xx9yw5vQiT1Yn14YGmw # OzBYYLX0H9dKRLWMxMXGvo0PWEuXzYyrdDQExPf66Fq/EiRpZv2EYl2gbl9fxc3s # qoIkyNlL1BCrvmzunkwt4cwvqWremUtqTJ2B53MbBHlf4RfvKz9NVuh5KHdr82AS # MMjU4C8KNTqzgisqQdCy8unTMIIHejCCBWKgAwIBAgIKYQ6Q0gAAAAAAAzANBgkq # hkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x # EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv # bjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5 # IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEwOTA5WjB+MQswCQYDVQQG # EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG # A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYDVQQDEx9NaWNyb3NvZnQg # Q29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC # CgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+laUKq4BjgaBEm6f8MMHt03 # a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc6Whe0t+bU7IKLMOv2akr # rnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4Ddato88tt8zpcoRb0Rrrg # OGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+lD3v++MrWhAfTVYoonpy # 4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nkkDstrjNYxbc+/jLTswM9 # sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6A4aN91/w0FK/jJSHvMAh # dCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmdX4jiJV3TIUs+UsS1Vz8k # A/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL5zmhD+kjSbwYuER8ReTB # w3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zdsGbiwZeBe+3W7UvnSSmn # Eyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3T8HhhUSJxAlMxdSlQy90 # lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS4NaIjAsCAwEAAaOCAe0w # ggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRIbmTlUAXTgqoXNzcitW2o # ynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYD # VR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBDuRQFTuHqp8cx0SOJNDBa # BgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2Ny # bC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3JsMF4GCCsG # AQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29t # L3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3J0MIGfBgNV # HSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEFBQcCARYzaHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1hcnljcHMuaHRtMEAGCCsG # AQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkAYwB5AF8AcwB0AGEAdABl # AG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn8oalmOBUeRou09h0ZyKb # C5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7v0epo/Np22O/IjWll11l # hJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0bpdS1HXeUOeLpZMlEPXh6 # I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/KmtYSWMfCWluWpiW5IP0 # wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvyCInWH8MyGOLwxS3OW560 # STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBpmLJZiWhub6e3dMNABQam # ASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJihsMdYzaXht/a8/jyFqGa # J+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYbBL7fQccOKO7eZS/sl/ah # XJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbSoqKfenoi+kiVH6v7RyOA # 9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sLgOppO6/8MO0ETI7f33Vt # Y5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtXcVZOSEXAQsmbdlsKgEhr # /Xmfwb1tbWrJUnMTDXpQzTGCGYIwghl+AgEBMIGVMH4xCzAJBgNVBAYTAlVTMRMw # EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN # aWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNp # Z25pbmcgUENBIDIwMTECEzMAAAJRFHbMxYWDbgsAAAAAAlEwDQYJYIZIAWUDBAIB # BQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEO # MAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIJzpQZLvywfsdzIjrdnlubAO # HPdHg41AQzV9DJamlLvqMEIGCisGAQQBgjcCAQwxNDAyoBSAEgBNAGkAYwByAG8A # cwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20wDQYJKoZIhvcNAQEB # BQAEggEAY33Otewol+dJODFGqBtueTcgTq0EJDvnCi5RMefA16jHz/nkldkbxwD4 # grC+WluxPtnMNh/yqShzgXzpwkSvK4FYgPp1xVshgEVuGbLZR6iLisO1BtYMmyQN # EA7XrKfzAUSA71x8dpojDDDWQY1qDFp3NNb77EsDaRJz2WBowTnkLZd5edH/3WHl # DD8/zF78wrs9Iho3+fUry0JwzRgzODslf+wLWBTuPPFC+m9dlQ2hX4EXLdvfIP4Q # ZtJ977uv0+sV7ZQlfWpJXI7SsOZLGx6SxLHLvdAe0uR0hl3oyQ3Vvqe5VCOoS1f8 # Em8MbwUSh9VMQZMvIbLkbidZBR4Tf6GCFwwwghcIBgorBgEEAYI3AwMBMYIW+DCC # FvQGCSqGSIb3DQEHAqCCFuUwghbhAgEDMQ8wDQYJYIZIAWUDBAIBBQAwggFVBgsq # hkiG9w0BCRABBKCCAUQEggFAMIIBPAIBAQYKKwYBBAGEWQoDATAxMA0GCWCGSAFl # AwQCAQUABCDLgDzkLdlLRXU3zyufbLOK5hDLtakMnZryOSv9STfk5gIGYoSspPr2 # GBMyMDIyMDYxMjEyMDAwMC43MjZaMASAAgH0oIHUpIHRMIHOMQswCQYDVQQGEwJV # UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE # ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSkwJwYDVQQLEyBNaWNyb3NvZnQgT3Bl # cmF0aW9ucyBQdWVydG8gUmljbzEmMCQGA1UECxMdVGhhbGVzIFRTUyBFU046NDYy # Ri1FMzE5LTNGMjAxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZp # Y2WgghFfMIIHEDCCBPigAwIBAgITMwAAAaQHz+OPo7pv1gABAAABpDANBgkqhkiG # 9w0BAQsFADB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4G # A1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYw # JAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDAeFw0yMjAzMDIx # ODUxMThaFw0yMzA1MTExODUxMThaMIHOMQswCQYDVQQGEwJVUzETMBEGA1UECBMK # V2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0 # IENvcnBvcmF0aW9uMSkwJwYDVQQLEyBNaWNyb3NvZnQgT3BlcmF0aW9ucyBQdWVy # dG8gUmljbzEmMCQGA1UECxMdVGhhbGVzIFRTUyBFU046NDYyRi1FMzE5LTNGMjAx # JTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2UwggIiMA0GCSqG # SIb3DQEBAQUAA4ICDwAwggIKAoICAQDAR44A+hT8vNT1IXDiFRoeGzkmqut+GPk4 # 1toTRfQZZ1sSyQhLjIlemBecemEzO09WSzOjZx9MIT8qYs921WUZsIBsk1ESn1cj # yfPUd1mmfxzL3ACWZwjIC/pjqcRPeIMECQ/6qPFKrjqwigmP33I3IcVfMjJHyKj+ # vR51n1tK2rZPiNhmRdiEhckbbxLsSb2nCBQxZEF49x/l8vSB8zaqovoOeIkIzgDe # rN7OvJouq6r+vg/Qz1T4NXr+sKKyNxZWM6zywiLp7G7WLd18N2hyjHwPkh/AleIq # if3hGVD9bhSU+dDADzUJSMFhEWunHHElQeZjdmIB3/Mw1KkFOJNvw1sPteIi5MK4 # DZX3Wd/Fd8ZsQvZmXPWJ8BXN9sYtHMz8zdeQvMImRCKgnXcW8IpnPtC7Tymp3UV5 # NoTH8INF6WWicQ3y04L2I1VOT104AddJoVgAP2KLIGwfCs7wMVz56xJ2IN1y1pIA # WfpTqx76orM5RQhkAvayj1RTwgrHst+elYX3F5b8ACWrgJO1dJy1U4MIv+SC8h33 # xLmWA568emvrJ6g0xy/2akbAeRx6tFwaP4uwVbjF50kl5RQqNzp/CDpfCTikOAqy # Ja4valiWDMbEiArHKLYDg6GDjuJZl5bSjgdJdCAIRF8EkiiA+UAGvcE6SGoHmtoc # 4yOklGNVvwIDAQABo4IBNjCCATIwHQYDVR0OBBYEFOLQE5+s+AgS9sWUHdI4zekp # 4yTCMB8GA1UdIwQYMBaAFJ+nFV0AXmJdg/Tl0mWnG1M1GelyMF8GA1UdHwRYMFYw # VKBSoFCGTmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY3JsL01pY3Jv # c29mdCUyMFRpbWUtU3RhbXAlMjBQQ0ElMjAyMDEwKDEpLmNybDBsBggrBgEFBQcB # AQRgMF4wXAYIKwYBBQUHMAKGUGh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lv # cHMvY2VydHMvTWljcm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBDQSUyMDIwMTAoMSku # Y3J0MAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwgwDQYJKoZIhvcN # AQELBQADggIBAAlWHFDRDJck7jwwRoYmdVOePLLBeidoPUBJVhG9nGeHS9PuRvO9 # tf4IkbUz74MUIQxeayQoxxo/JxUqjhPH52M/b4G9mHJWB75KCllCTg8Y4VkvktOm # S0f5w0vOR3gwA9BRnbgAPNEO7xs5Jylto8aDR02++CkBDFolCtTNjwzfniEj1z4T # 7nRlRi2yBAJNRqI+VY820LiyoZtk5OGttq5F5HhPfIMjaIx5QYR22+53sd8xgUwR # pFbcLdrne6jdq3KbiYbCf7y/9F2C7cjpO3kkGXX8ntE09f6o9fIklx7CFw4Rzrky # qgYomraKOFJ8JO7hsjNJb9/Gba/mKWo0j/qdDxDER/UXX6ykZuGx1eQpjkyMwJnO # PWGbeNIYZVcJQpRQODPs593Mi5hBsHzag+vd4Q+Vt73KZ4X98YWW1Vk1aSR9Qjxk # 5keMuVPZMcMrCvFZXwhUcGFGueuNCrICL9bSYRfS13pliDxJ7sPSZ8x2d4ksOXW0 # 0l6fR5nTiSM7Dvv7Y0MGVgUhap2smhr92PMNSmIkCUvHCiYcJ4RoAT28mp/hOQ/U # 8mPXSpWdxYpLLcDOISmBhFJYN7amlhIpVsGvUmjXrTcY0n4Goe/Nqs2400IcA4HO # iX9OxdmpNGDJzSRR7AW9TT8O+3YZqPZIvL6yzgfvnehptmf4w6QzkrLfMIIHcTCC # BVmgAwIBAgITMwAAABXF52ueAptJmQAAAAAAFTANBgkqhkiG9w0BAQsFADCBiDEL # MAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1v # bmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWlj # cm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTAwHhcNMjEwOTMw # MTgyMjI1WhcNMzAwOTMwMTgzMjI1WjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMK # V2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0 # IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0Eg # MjAxMDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOThpkzntHIhC3mi # y9ckeb0O1YLT/e6cBwfSqWxOdcjKNVf2AX9sSuDivbk+F2Az/1xPx2b3lVNxWuJ+ # Slr+uDZnhUYjDLWNE893MsAQGOhgfWpSg0S3po5GawcU88V29YZQ3MFEyHFcUTE3 # oAo4bo3t1w/YJlN8OWECesSq/XJprx2rrPY2vjUmZNqYO7oaezOtgFt+jBAcnVL+ # tuhiJdxqD89d9P6OU8/W7IVWTe/dvI2k45GPsjksUZzpcGkNyjYtcI4xyDUoveO0 # hyTD4MmPfrVUj9z6BVWYbWg7mka97aSueik3rMvrg0XnRm7KMtXAhjBcTyziYrLN # ueKNiOSWrAFKu75xqRdbZ2De+JKRHh09/SDPc31BmkZ1zcRfNN0Sidb9pSB9fvzZ # nkXftnIv231fgLrbqn427DZM9ituqBJR6L8FA6PRc6ZNN3SUHDSCD/AQ8rdHGO2n # 6Jl8P0zbr17C89XYcz1DTsEzOUyOArxCaC4Q6oRRRuLRvWoYWmEBc8pnol7XKHYC # 4jMYctenIPDC+hIK12NvDMk2ZItboKaDIV1fMHSRlJTYuVD5C4lh8zYGNRiER9vc # G9H9stQcxWv2XFJRXRLbJbqvUAV6bMURHXLvjflSxIUXk8A8FdsaN8cIFRg/eKtF # tvUeh17aj54WcmnGrnu3tz5q4i6tAgMBAAGjggHdMIIB2TASBgkrBgEEAYI3FQEE # BQIDAQABMCMGCSsGAQQBgjcVAgQWBBQqp1L+ZMSavoKRPEY1Kc8Q/y8E7jAdBgNV # HQ4EFgQUn6cVXQBeYl2D9OXSZacbUzUZ6XIwXAYDVR0gBFUwUzBRBgwrBgEEAYI3 # TIN9AQEwQTA/BggrBgEFBQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3Br # aW9wcy9Eb2NzL1JlcG9zaXRvcnkuaHRtMBMGA1UdJQQMMAoGCCsGAQUFBwMIMBkG # CSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8E # BTADAQH/MB8GA1UdIwQYMBaAFNX2VsuP6KJcYmjRPZSQW9fOmhjEMFYGA1UdHwRP # ME0wS6BJoEeGRWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvY3JsL3Byb2R1 # Y3RzL01pY1Jvb0NlckF1dF8yMDEwLTA2LTIzLmNybDBaBggrBgEFBQcBAQROMEww # SgYIKwYBBQUHMAKGPmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvY2VydHMv # TWljUm9vQ2VyQXV0XzIwMTAtMDYtMjMuY3J0MA0GCSqGSIb3DQEBCwUAA4ICAQCd # VX38Kq3hLB9nATEkW+Geckv8qW/qXBS2Pk5HZHixBpOXPTEztTnXwnE2P9pkbHzQ # dTltuw8x5MKP+2zRoZQYIu7pZmc6U03dmLq2HnjYNi6cqYJWAAOwBb6J6Gngugnu # e99qb74py27YP0h1AdkY3m2CDPVtI1TkeFN1JFe53Z/zjj3G82jfZfakVqr3lbYo # VSfQJL1AoL8ZthISEV09J+BAljis9/kpicO8F7BUhUKz/AyeixmJ5/ALaoHCgRlC # GVJ1ijbCHcNhcy4sa3tuPywJeBTpkbKpW99Jo3QMvOyRgNI95ko+ZjtPu4b6MhrZ # lvSP9pEB9s7GdP32THJvEKt1MMU0sHrYUP4KWN1APMdUbZ1jdEgssU5HLcEUBHG/ # ZPkkvnNtyo4JvbMBV0lUZNlz138eW0QBjloZkWsNn6Qo3GcZKCS6OEuabvshVGtq # RRFHqfG3rsjoiV5PndLQTHa1V1QJsWkBRH58oWFsc/4Ku+xBZj1p/cvBQUl+fpO+ # y/g75LcVv7TOPqUxUYS8vwLBgqJ7Fx0ViY1w/ue10CgaiQuPNtq6TPmb/wrpNPgk # NWcr4A245oyZ1uEi6vAnQj0llOZ0dFtq0Z4+7X6gMTN9vMvpe784cETRkPHIqzqK # Oghif9lwY1NNje6CbaUFEMFxBmoQtB1VM1izoXBm8qGCAtIwggI7AgEBMIH8oYHU # pIHRMIHOMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE # BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSkwJwYD # VQQLEyBNaWNyb3NvZnQgT3BlcmF0aW9ucyBQdWVydG8gUmljbzEmMCQGA1UECxMd # VGhhbGVzIFRTUyBFU046NDYyRi1FMzE5LTNGMjAxJTAjBgNVBAMTHE1pY3Jvc29m # dCBUaW1lLVN0YW1wIFNlcnZpY2WiIwoBATAHBgUrDgMCGgMVADQcKOKTa3xC+g1a # PrcPerxiby6foIGDMIGApH4wfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hp # bmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jw # b3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAw # DQYJKoZIhvcNAQEFBQACBQDmUB+wMCIYDzIwMjIwNjEyMTIxNzUyWhgPMjAyMjA2 # MTMxMjE3NTJaMHcwPQYKKwYBBAGEWQoEATEvMC0wCgIFAOZQH7ACAQAwCgIBAAIC # DWsCAf8wBwIBAAICEx0wCgIFAOZRcTACAQAwNgYKKwYBBAGEWQoEAjEoMCYwDAYK # KwYBBAGEWQoDAqAKMAgCAQACAwehIKEKMAgCAQACAwGGoDANBgkqhkiG9w0BAQUF # AAOBgQA0HtNr8o3d51WoqFyBO3ud/4BBFL2nQWNSZ0U+jqvOUjrK4/4qfmM2WDii # Tlx9WoNYs46jxtQ4usjocYPKE6hWw0AL6mVl9R1l+KdWLFzjT3ZfowNBI4i8dFLa # oqb9QhOBNQqV0Q0L4aDaSmVXTOGx1LhLnnNise2faZcsgamL0jGCBA0wggQJAgEB # MIGTMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH # EwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNV # BAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMzAAABpAfP44+jum/W # AAEAAAGkMA0GCWCGSAFlAwQCAQUAoIIBSjAaBgkqhkiG9w0BCQMxDQYLKoZIhvcN # AQkQAQQwLwYJKoZIhvcNAQkEMSIEIPFyY8t/E7zsiftV2Upy1VZ2qu2fgWJl6Bym # K8mjbiErMIH6BgsqhkiG9w0BCRACLzGB6jCB5zCB5DCBvQQgBfzgoyEmcKTASfDC # d1sDAhd6jmuWBxRuieLh42rqefgwgZgwgYCkfjB8MQswCQYDVQQGEwJVUzETMBEG # A1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWlj # cm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFt # cCBQQ0EgMjAxMAITMwAAAaQHz+OPo7pv1gABAAABpDAiBCDl3HyPWcnuLyse/YbL # W7K6GTlGVBSH2Y+YeJODq+pt2zANBgkqhkiG9w0BAQsFAASCAgAwpdjMmB3qR7Ex # 5y6PbKYpN2fXHyrdOR6IBVSOduIReuSClBd87GPxpX2mbrSi6TCJ8rcBdT3sysWs # 9I9uX94biEvqHbiqK7MSC7JjjDTlBtOVn0yVpdlfNDD9zY82ohPzhxWdS5HdR7e4 # MGIMpLk74xcC7SZnjeZpQf1UUQXdpJDGazyiYZVCEgmE7SrVidSBAvmGbdQy7cTO # SQBSh1xmHorcjjb3oXaLp2Jehg5eb+NbiKSI5kQU85icpeBpMZV3ktsDotHb+9Zt # T7Kh3jhUVG26y9zCovv56aO7H/wH9t+xbgf9QtWYwXPtPrZBCZdMy5POaDYlRGkR # plo6O8jjHkZ8mqGJTi0eRicw35SMN/rqt57aP3xEoScRcWdnywveEhnd5QVUArM6 # URyvzV60EoR+8gLQH52u63LwiHFg6f8aoYbyNmoMcBLQ1h9CV+GtGTaMwQ88MoVP # 3E7AdqtIgtNfV2OUdwo5rbV0tjDFbddcJcWfSfgI+r9dUAMeOHCR4KgHwbw4o5KO # OMnAsy4puo96TLEzTGmuucpAqA9urSCnN1U8tgf/dhSUWAD6ogrMuueYoF9rvz80 # oX0y3FD81z4ccp+qmMIv6yN/122jLFCLiRPZ55NUy/oulDqydDF7MiXKxskjs63F # jCpJ11B5SLzujxM5AumhPIHBJnKlAQ== # SIG # End signature block |