PSRule.Rules.Azure.psm1
# Copyright (c) Microsoft Corporation. # Licensed under the MIT License. # # PSRule.Rules.Azure module # $m = Import-Module 'Az.Resources' -MinimumVersion 5.6.0 -Global -ErrorAction SilentlyContinue -PassThru; if ($Null -eq $m) { Write-Warning -Message "To use PSRule for Azure export cmdlets please install Az.Resources."; } Set-StrictMode -Version latest; [PSRule.Rules.Azure.Configuration.PSRuleOption]::UseExecutionContext($ExecutionContext); # # Localization # # # Public functions # #region Public functions # .ExternalHelp PSRule.Rules.Azure-help.xml function Export-AzRuleData { [CmdletBinding(SupportsShouldProcess = $True, DefaultParameterSetName = 'Default')] [OutputType([System.IO.FileInfo])] [OutputType([PSObject])] param ( [Parameter(Position = 0, Mandatory = $False)] [String]$OutputPath = $PWD, # Filter by Subscription name or id [Parameter(Mandatory = $False, ParameterSetName = 'Default')] [String[]]$Subscription = $Null, # Filter by Tenant id [Parameter(Mandatory = $False, ParameterSetName = 'Default')] [String[]]$Tenant = $Null, # Filter by Resource Group name [Parameter(Mandatory = $False)] [String[]]$ResourceGroupName = $Null, # Filter by Tag [Parameter(Mandatory = $False)] [Hashtable]$Tag, [Parameter(Mandatory = $False)] [Switch]$PassThru = $False, [Parameter(Mandatory = $False, ParameterSetName = 'All')] [Switch]$All = $False ) begin { Write-Verbose -Message "[Export-AzRuleData] BEGIN::"; } process { # Get subscriptions $context = FindAzureContext -Subscription $Subscription -Tenant $Tenant -All:$All -Verbose:$VerbosePreference; if ($Null -eq $context) { return; } if (!(Test-Path -Path $OutputPath)) { if ($PSCmdlet.ShouldProcess('Create output directory', $OutputPath)) { $Null = New-Item -Path $OutputPath -ItemType Directory -Force; } } $getParams = @{ }; $filterParams = @{ }; if ($PSBoundParameters.ContainsKey('Tag')) { $getParams['Tag'] = $Tag; } if ($PSBoundParameters.ContainsKey('ResourceGroupName')) { $getParams['ResourceGroupName'] = $ResourceGroupName; $filterParams['ResourceGroupName'] = $ResourceGroupName; } foreach ($c in $context) { Write-Verbose -Message "[Export] -- Using subscription: $($c.Subscription.Name)"; $filePath = Join-Path -Path $OutputPath -ChildPath "$($c.Subscription.Id).json"; GetAzureResource @getParams -Context $c -Verbose:$VerbosePreference ` | FilterAzureResource @filterParams -Verbose:$VerbosePreference ` | ExportAzureResource -Path $filePath -PassThru $PassThru -Verbose:$VerbosePreference; } } end { Write-Verbose -Message "[Export-AzRuleData] END::"; } } # .ExternalHelp PSRule.Rules.Azure-help.xml function Export-AzRuleTemplateData { [CmdletBinding()] [OutputType([System.IO.FileInfo])] [OutputType([PSObject])] param ( [Parameter(Position = 0, Mandatory = $False)] [String]$Name, [Parameter(Mandatory = $True, ValueFromPipelineByPropertyName = $True)] [String]$TemplateFile, [Parameter(Mandatory = $False, ValueFromPipelineByPropertyName = $True)] [Alias('TemplateParameterFile')] [String[]]$ParameterFile, [Parameter(Mandatory = $False)] [Alias('ResourceGroupName')] [PSRule.Rules.Azure.Configuration.ResourceGroupReference]$ResourceGroup, [Parameter(Mandatory = $False)] [PSRule.Rules.Azure.Configuration.SubscriptionReference]$Subscription, [Parameter(Mandatory = $False)] [String]$OutputPath = $PWD, [Parameter(Mandatory = $False)] [Switch]$PassThru = $False ) begin { Write-Verbose -Message '[Export-AzRuleTemplateData] BEGIN::'; if ($MyInvocation.InvocationName -eq 'Export-AzTemplateRuleData') { Write-Warning -Message "The cmdlet 'Export-AzTemplateRuleData' is has been renamed to 'Export-AzRuleTemplateData'. Use of 'Export-AzTemplateRuleData' is deprecated and will be removed in the next major version." } $Option = [PSRule.Rules.Azure.Configuration.PSRuleOption]::FromFileOrDefault($PWD); $Option.Output.Path = $OutputPath; # Build the pipeline $builder = [PSRule.Rules.Azure.Pipeline.PipelineBuilder]::Template($Option); $builder.Deployment($Name); $builder.PassThru($PassThru); # Bind to subscription context if ($PSBoundParameters.ContainsKey('Subscription')) { $subscriptionOption = GetSubscription -InputObject $Subscription -ErrorAction SilentlyContinue; if ($Null -ne $subscriptionOption) { $builder.Subscription($subscriptionOption); } } # Bind to resource group if ($PSBoundParameters.ContainsKey('ResourceGroup')) { $resourceGroupOption = GetResourceGroup -InputObject $ResourceGroup -ErrorAction SilentlyContinue; if ($Null -ne $resourceGroupOption) { $builder.ResourceGroup($resourceGroupOption); } } $builder.UseCommandRuntime($PSCmdlet); $builder.UseExecutionContext($ExecutionContext); try { $pipeline = $builder.Build(); $pipeline.Begin(); } catch { $pipeline.Dispose(); } } process { if ($Null -ne (Get-Variable -Name pipeline -ErrorAction SilentlyContinue)) { try { $source = [PSRule.Rules.Azure.Pipeline.TemplateSource]::new($TemplateFile, $ParameterFile); $pipeline.Process($source); } catch { $pipeline.Dispose(); throw; } } } end { if ($Null -ne (Get-Variable -Name pipeline -ErrorAction SilentlyContinue)) { try { $pipeline.End(); } finally { $pipeline.Dispose(); } } Write-Verbose -Message '[Export-AzRuleTemplateData] END::'; } } # .ExternalHelp PSRule.Rules.Azure-help.xml function Get-AzRuleTemplateLink { [CmdletBinding()] [OutputType([PSRule.Rules.Azure.Data.Metadata.ITemplateLink])] param ( [Parameter(Position = 1, Mandatory = $False, ValueFromPipelineByPropertyName = $True)] [Alias('f', 'TemplateParameterFile', 'FullName')] [SupportsWildcards()] [String[]]$InputPath = '*.parameters.json', [Parameter(Mandatory = $False)] [Switch]$SkipUnlinked, [Parameter(Position = 0, Mandatory = $False)] [Alias('p')] [String]$Path = $PWD ) begin { Write-Verbose -Message '[Get-AzRuleTemplateLink] BEGIN::'; # Build the pipeline $builder = [PSRule.Rules.Azure.Pipeline.PipelineBuilder]::TemplateLink($Path); $builder.SkipUnlinked($SkipUnlinked); $builder.UseCommandRuntime($PSCmdlet); $builder.UseExecutionContext($ExecutionContext); $pipeline = $builder.Build(); if ($Null -ne (Get-Variable -Name pipeline -ErrorAction SilentlyContinue)) { try { $pipeline.Begin(); } catch { $pipeline.Dispose(); throw; } } } process { if ($Null -ne (Get-Variable -Name pipeline -ErrorAction SilentlyContinue)) { try { foreach ($p in $InputPath) { $pipeline.Process($p); } } catch { $pipeline.Dispose(); throw; } } } end { if ($Null -ne (Get-Variable -Name pipeline -ErrorAction SilentlyContinue)) { try { $pipeline.End(); } finally { $pipeline.Dispose(); } } Write-Verbose -Message '[Get-AzRuleTemplateLink] END::'; } } function Export-AzPolicyAssignmentData { [CmdletBinding(SupportsShouldProcess = $True, DefaultParameterSetName = 'Default')] [OutputType([System.IO.FileInfo])] [OutputType([PSObject])] param ( # Name of policy assignment [Parameter(ParameterSetName = 'Name', Mandatory = $False)] [String]$Name, # Fully qualified resource ID of policy assignment [Parameter(ParameterSetName = 'Id', Mandatory = $True)] [Alias('AssignmentId')] [String]$Id, # Specifies assignment policy scope [Parameter(ParameterSetName = 'Name', Mandatory = $False)] [Parameter(ParameterSetName = 'IncludeDescendent', Mandatory = $False)] [String]$Scope, # Specifies the policy definition ID of the policy assignment [Parameter(ParameterSetName = 'Name', Mandatory = $False)] [Parameter(ParameterSetName = 'Id', Mandatory = $False)] [String]$PolicyDefinitionId, # Include all assignments related to given scope [Parameter(ParameterSetName = 'IncludeDescendent', Mandatory = $True)] [Switch]$IncludeDescendent = $False, [Parameter(Mandatory = $False)] [String]$OutputPath = $PWD, [Parameter(Mandatory = $False)] [Switch]$PassThru = $False ) begin { Write-Verbose -Message '[Export-AzPolicyAssignmentData] BEGIN::'; } process { $context = GetAzureContext -ErrorAction SilentlyContinue if ($Null -eq $context) { Write-Error -Message 'Could not find an existing context. Use Connect-AzAccount to establish a PowerShell context with Azure.'; return; } if (!(Test-Path -Path $OutputPath)) { if ($PSCmdlet.ShouldProcess('Create output directory', $OutputPath)) { $Null = New-Item -Path $OutputPath -ItemType Directory -Force; } } $getParams = @{ }; Write-Verbose -Message "Parameter Set: $($PSCmdlet.ParameterSetName)"; if ($PSCmdlet.ParameterSetName -eq 'Name') { if ($PSBoundParameters.ContainsKey('Name')) { $getParams['Name'] = $Name; } if ($PSBoundParameters.ContainsKey('PolicyDefinitionId')) { $getParams['PolicyDefinitionId'] = $PolicyDefinitionId; } if ($PSBoundParameters.ContainsKey('Scope')) { $getParams['Scope'] = $Scope; } else { $getParams['Scope'] = GetDefaultSubscriptionScope -Context $context } Write-Verbose -Message "Scope: $($getParams['Scope'])"; } elseif ($PSCmdlet.ParameterSetName -eq 'Id') { $getParams['Id'] = $Id; if ($PSBoundParameters.ContainsKey('PolicyDefinitionId')) { $getParams['PolicyDefinitionId'] = $PolicyDefinitionId; } } elseif ($PSCmdlet.ParameterSetName -eq 'IncludeDescendent') { $getParams['IncludeDescendent'] = $IncludeDescendent; if ($PSBoundParameters.ContainsKey('Scope')) { $getParams['Scope'] = $Scope; } else { $getParams['Scope'] = GetDefaultSubscriptionScope -Context $context } } Write-Verbose -Message "[Export] -- Using subscription: $($context.Subscription.Name)"; $filePath = Join-Path -Path $OutputPath -ChildPath "$($context.Subscription.Id).assignment.json"; Get-AzPolicyAssignment @getParams -Verbose:$VerbosePreference ` | ExpandPolicyAssignment -Context $context -Verbose:$VerbosePreference ` | ExportAzureResource -Path $filePath -PassThru $PassThru -Verbose:$VerbosePreference; } end { Write-Verbose -Message "[Export-AzPolicyAssignmentData] END::"; } } function Export-AzPolicyAssignmentRuleData { [CmdletBinding(DefaultParameterSetName = 'Default')] [OutputType([System.IO.FileInfo])] [OutputType([PSObject])] param ( # Name of Policy assignment [Parameter(Mandatory = $False)] [String]$Name, # Assignment file path [Parameter(Mandatory = $True, ValueFromPipelineByPropertyName = $True)] [String]$AssignmentFile, [Parameter(Mandatory = $False)] [Alias('ResourceGroupName')] [PSRule.Rules.Azure.Configuration.ResourceGroupReference]$ResourceGroup, [Parameter(Mandatory = $False)] [PSRule.Rules.Azure.Configuration.SubscriptionReference]$Subscription, [Parameter(Mandatory = $False)] [String]$OutputPath = $PWD, [Parameter(Mandatory = $False)] [Switch]$PassThru = $False ) begin { Write-Verbose -Message '[Export-AzPolicyAssignmentRuleData] BEGIN::'; $option = [PSRule.Rules.Azure.Configuration.PSRuleOption]::FromFileOrDefault($PWD); $option.Output.Path = $OutputPath; # Build the pipeline $builder = [PSRule.Rules.Azure.Pipeline.PipelineBuilder]::Assignment($option); $builder.Assignment($Name); $builder.PassThru($PassThru); # Bind to subscription context if ($PSBoundParameters.ContainsKey('Subscription')) { $subscriptionOption = GetSubscription -InputObject $Subscription -ErrorAction SilentlyContinue; if ($Null -ne $subscriptionOption) { $builder.Subscription($subscriptionOption); } } # Bind to resource group if ($PSBoundParameters.ContainsKey('ResourceGroup')) { $resourceGroupOption = GetResourceGroup -InputObject $ResourceGroup -ErrorAction SilentlyContinue; if ($Null -ne $resourceGroupOption) { $builder.ResourceGroup($resourceGroupOption); } } $builder.UseCommandRuntime($PSCmdlet); $builder.UseExecutionContext($ExecutionContext); try { $pipeline = $builder.Build(); $pipeline.Begin(); } catch { $pipeline.Dispose(); } } process { if ($Null -ne (Get-Variable -Name pipeline -ErrorAction SilentlyContinue)) { try { $source = [PSRule.Rules.Azure.Pipeline.PolicyAssignmentSource]::new($AssignmentFile); $pipeline.Process($source); } catch { $pipeline.Dispose(); throw; } } } end { if ($Null -ne (Get-Variable -Name pipeline -ErrorAction SilentlyContinue)) { try { $pipeline.End(); } finally { $pipeline.Dispose(); } } Write-Verbose -Message '[Export-AzPolicyAssignmentRuleData] END::'; } } function Get-AzPolicyAssignmentDataSource { [CmdletBinding(DefaultParameterSetName = 'Default')] [OutputType([PSRule.Rules.Azure.Pipeline.PolicyAssignmentSource])] param ( [Parameter(Mandatory = $False, ValueFromPipelineByPropertyName = $True)] [Alias('f', 'AssignmentFile', 'FullName')] [SupportsWildcards()] [String[]]$InputPath = '*.assignment.json', [Parameter(Mandatory = $False)] [Alias('p')] [String]$Path = $PWD ) begin { Write-Verbose -Message '[Get-AzPolicyAssignmentDataSource] BEGIN::'; # Build the pipeline $builder = [PSRule.Rules.Azure.Pipeline.PipelineBuilder]::AssignmentSearch($Path); $builder.UseCommandRuntime($PSCmdlet); $builder.UseExecutionContext($ExecutionContext); $pipeline = $builder.Build(); if ($Null -ne (Get-Variable -Name pipeline -ErrorAction SilentlyContinue)) { try { $pipeline.Begin(); } catch { $pipeline.Dispose(); throw; } } } process { if ($Null -ne (Get-Variable -Name pipeline -ErrorAction SilentlyContinue)) { try { foreach ($p in $InputPath) { $pipeline.Process($p); } } catch { $pipeline.Dispose(); throw; } } } end { if ($Null -ne (Get-Variable -Name pipeline -ErrorAction SilentlyContinue)) { try { $pipeline.End(); } finally { $pipeline.Dispose(); } } Write-Verbose -Message '[Get-AzPolicyAssignmentDataSource] END::'; } } #endregion Public functions # # Helper functions # function GetDefaultSubscriptionScope { [CmdletBinding()] param ( [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { return [string]::Concat('/subscriptions/', $context.Subscription.Id); } } function GetResourceGroup { [CmdletBinding()] [OutputType([PSRule.Rules.Azure.Configuration.ResourceGroupOption])] param ( [Parameter(Mandatory = $True)] [PSRule.Rules.Azure.Configuration.ResourceGroupReference]$InputObject ) process { $result = $InputObject.ToResourceGroupOption(); if ($InputObject.FromName) { $o = Get-AzResourceGroup -Name $InputObject.Name -ErrorAction SilentlyContinue; if ($Null -ne $o) { $result.Name = $o.ResourceGroupName $result.Location = $o.Location $result.ManagedBy = $o.ManagedBy $result.Properties.ProvisioningState = $o.ProvisioningState $result.Tags = $o.Tags } } return $result; } } function GetSubscription { [CmdletBinding()] [OutputType([PSRule.Rules.Azure.Configuration.SubscriptionOption])] param ( [Parameter(Mandatory = $True)] [PSRule.Rules.Azure.Configuration.SubscriptionReference]$InputObject ) process { $result = $InputObject.ToSubscriptionOption(); if ($InputObject.FromName) { $o = (Set-AzContext -Subscription $InputObject.DisplayName -ErrorAction SilentlyContinue).Subscription; if ($Null -ne $o) { $result.DisplayName = $o.Name $result.SubscriptionId = $o.SubscriptionId $result.State = $o.State $result.TenantId = $o.TenantId } } return $result; } } function FindAzureContext { [CmdletBinding()] [OutputType([Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer[]])] param ( [Parameter(Mandatory = $False)] [String[]]$Subscription = $Null, [Parameter(Mandatory = $False)] [String[]]$Tenant = $Null, [Parameter(Mandatory = $False)] [System.Boolean]$All = $False ) process { $listAvailable = $False; if ($Null -ne $Subscription -or $Null -ne $Tenant -or $All) { $listAvailable = $True; } # Get subscription contexts $context = @(GetAzureContext -ListAvailable:$listAvailable); if ($Null -eq $context -and $context.Length -gt 0) { Write-Error -Message 'Could not find an existing context. Use Connect-AzAccount to establish a PowerShell context with Azure.'; return; } Write-Verbose "[Context] -- Found ($($context.Length)) subscription contexts"; $filteredContext = @($context | ForEach-Object -Process { if ( ($Null -eq $Tenant -or $Tenant.Length -eq 0 -or ($_.Tenant.Id -in $Tenant)) -and ($Null -eq $Subscription -or $Subscription.Length -eq 0 -or ($_.Subscription.Id -in $Subscription) -or ($_.Subscription.Name -in $Subscription)) ) { $_; Write-Verbose "[Context] -- Using subscription: $($_.Subscription.Name)"; } }) Write-Verbose "[Context] -- Using [$($filteredContext.Length)/$($context.Length)] subscription contexts"; return $filteredContext; } } function GetAzureContext { [CmdletBinding()] [OutputType([Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer[]])] param ( [Parameter(Mandatory = $False)] [System.Boolean]$ListAvailable = $False ) process { $getParams = @{ }; if ($ListAvailable) { $getParams['ListAvailable'] = $True; } # Get contexts return Get-AzContext @getParams; } } function GetAzureResource { [CmdletBinding()] [OutputType([PSObject])] param ( [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context, [Parameter(Mandatory = $False)] [Hashtable]$Tag, [Parameter(Mandatory = $False)] [String[]]$ResourceGroupName = $Null ) begin { $watch = New-Object -TypeName System.Diagnostics.Stopwatch; } process { $resourceParams = @{ }; $rgParams = @{ }; if ($PSBoundParameters.ContainsKey('Tag')) { $resourceParams['Tag'] = $Tag; $rgParams['Tag'] = $Tag; } try { Write-Verbose -Message "[Export] -- Getting Azure resources"; $watch.Restart(); if ($PSBoundParameters.ContainsKey('ResourceGroupName')) { foreach ($rg in $ResourceGroupName) { Write-Verbose -Message "[Export] -- Getting Azure resources for Resource Group: $rg"; Get-AzResource @resourceParams -ResourceGroupName $rg -ExpandProperties -ODataQuery "SubscriptionId EQ '$($Context.DefaultContext.Subscription.Id)'" -DefaultProfile $Context ` | ExpandResource -Context $Context -Verbose:$VerbosePreference; Get-AzResourceGroup @rgParams -Name $rg -DefaultProfile $Context | SetResourceType 'Microsoft.Resources/resourceGroups' | ExpandResource -Context $Context -Verbose:$VerbosePreference; } } else { Get-AzResource @resourceParams -ExpandProperties -DefaultProfile $Context | ExpandResource -Context $Context -Verbose:$VerbosePreference; Get-AzResourceGroup @rgParams -DefaultProfile $Context | SetResourceType 'Microsoft.Resources/resourceGroups' | ExpandResource -Context $Context -Verbose:$VerbosePreference; } Write-Verbose -Message "[Export] -- Azure resources exported in [$($watch.ElapsedMilliseconds) ms]"; $watch.Restart(); Write-Verbose -Message "[Export] -- Getting Azure subscription: $($Context.DefaultContext.Subscription.Id)"; Get-AzSubscription -SubscriptionId $Context.DefaultContext.Subscription.Id | SetResourceType 'Microsoft.Subscription' | ExpandResource -Context $Context -Verbose:$VerbosePreference; Write-Verbose -Message "[Export] -- Azure subscription exported in [$($watch.ElapsedMilliseconds) ms]"; } finally { $watch.Stop(); } } } function FilterAzureResource { [CmdletBinding()] [OutputType([PSObject])] param ( [Parameter(Mandatory = $False)] [String[]]$ResourceGroupName = $Null, [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$InputObject ) process { if (($Null -eq $ResourceGroupName) -or ($InputObject.ResourceType -eq 'Microsoft.Subscription') -or (@($InputObject.PSObject.Properties | Where-Object { $_.Name -eq 'ResourceGroupName' }).Length -eq 0)) { return $InputObject; } elseif ($InputObject.ResourceGroupName -in $ResourceGroupName) { return $InputObject; } } } function ExportAzureResource { [CmdletBinding(SupportsShouldProcess = $True)] [OutputType([System.IO.FileInfo])] [OutputType([PSObject])] param ( [Parameter(Mandatory = $True)] [String]$Path, [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$InputObject, [Parameter(Mandatory = $False)] [System.Boolean]$PassThru = $False ) begin { $resources = @(); } process { if ($PassThru) { $InputObject; } else { # Collect passed through resources $resources += $InputObject; } } end { $watch = New-Object -TypeName System.Diagnostics.Stopwatch; Write-Verbose -Message "[Export] -- Exporting to JSON"; $watch.Restart(); if (!$PassThru) { # Save to JSON ConvertTo-Json -InputObject $resources -Depth 100 | Set-Content -Path $Path; Get-Item -Path $Path; } $watch.Stop(); Write-Verbose -Message "[Export] -- Exported to JSON in [$($watch.ElapsedMilliseconds) ms]"; } } function GetSubResource { [CmdletBinding()] param ( [Parameter(Mandatory = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context, [Parameter(Mandatory = $True)] [String]$ResourceType, [Parameter(Mandatory = $True)] [String]$ApiVersion ) process { $getParams = @{ Name = $Resource.Name ResourceType = $ResourceType ResourceGroupName = $Resource.ResourceGroupName DefaultProfile = $Context ApiVersion = $ApiVersion } try { Get-AzResource @getParams -ExpandProperties; } catch { Write-Warning -Message "Failed to read $($Resource.Name): $ResourceType"; } } } function GetResourceById { [CmdletBinding()] param ( [Parameter(Mandatory = $True)] [PSObject]$ResourceId, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context, [Parameter(Mandatory = $True)] [String]$ApiVersion ) process { $getParams = @{ ResourceId = $ResourceId DefaultProfile = $Context ApiVersion = $ApiVersion } try { Get-AzResource @getParams -ExpandProperties; } catch { Write-Warning -Message "Failed to read $ResourceId"; } } } function GetSubResourceId { [CmdletBinding()] param ( [Parameter(Mandatory = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context, [Parameter(Mandatory = $True)] [String]$Property, [Parameter(Mandatory = $True)] [String]$ApiVersion ) process { $getParams = @{ ResourceId = [String]::Concat($Resource.Id, '/', $Property) DefaultProfile = $Context ApiVersion = $ApiVersion } try { Get-AzResource @getParams -ExpandProperties; } catch { Write-Warning -Message "Failed to read $($Resource.Name): $Property"; } } } function GetRestProperty { [CmdletBinding()] param ( [Parameter(Mandatory = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context, [Parameter(Mandatory = $True)] [String]$Property, [Parameter(Mandatory = $True)] [String]$ApiVersion ) process { try { $token = GetRestToken -Context $Context; $getParams = @{ Uri = [String]::Concat('https://management.azure.com', $Resource.Id, '/', $Property, '?api-version=', $ApiVersion) Headers = @{ Authorization = "Bearer $($token)" } } Invoke-RestMethod -Method Get @getParams -UseBasicParsing -Verbose:$VerbosePreference; } catch { Write-Warning -Message "Failed to read $($Resource.Name): $Property"; } } } function GetRestToken { [CmdletBinding()] [OutputType([String])] param ( [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { return ($Context.DefaultContext.TokenCache.ReadItems() | Where-Object { $_.TenantId -eq $Context.DefaultContext.Tenant.Id -and $_.Resource -eq 'https://management.core.windows.net/' -and $_.Authority -eq "https://login.windows.net/$($Context.DefaultContext.Tenant.Id)/" }).AccessToken; } } function GetSubProvider { [CmdletBinding()] param ( [Parameter(Mandatory = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context, [Parameter(Mandatory = $True)] [String]$ResourceType, [Parameter(Mandatory = $True)] [String]$ApiVersion, [Parameter(Mandatory = $False)] [Switch]$ExpandProperties ) process { $getParams = @{ ResourceId = [String]::Concat($Resource.Id, '/providers/', $ResourceType) DefaultProfile = $Context ApiVersion = $ApiVersion } try { Get-AzResource @getParams -ExpandProperties:$ExpandProperties; } catch { Write-Warning -Message "Failed to read $($Resource.Name): $ResourceType"; } } } function VisitAPIManagement { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $apis += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ApiManagement/service/apis' -ApiVersion '2019-12-01'; foreach ($api in $apis) { $resources += $api; $apiParams = @{ Name = "$($Resource.Name)/$($api.Name)" ResourceType = 'Microsoft.ApiManagement/service/apis/policies' ResourceGroupName = $Resource.ResourceGroupName DefaultProfile = $Context ApiVersion = '2019-12-01' }; $resources += Get-AzResource @apiParams; } # Add zones in from REST API because they are not included from Get-AzResource $apiManagementServicePrimaryZones = ((Invoke-AzRestMethod -Path "$($Resource.ResourceId)?api-version=2020-12-01" -Method GET).Content | ConvertFrom-Json).zones; $Resource = $Resource | Add-Member -MemberType NoteProperty -Name zones -Value $apiManagementServicePrimaryZones -PassThru; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ApiManagement/service/backends' -ApiVersion '2019-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ApiManagement/service/products' -ApiVersion '2019-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ApiManagement/service/policies' -ApiVersion '2019-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ApiManagement/service/identityProviders' -ApiVersion '2019-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ApiManagement/service/diagnostics' -ApiVersion '2019-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ApiManagement/service/loggers' -ApiVersion '2019-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ApiManagement/service/certificates' -ApiVersion '2019-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ApiManagement/service/namedValues' -ApiVersion '2019-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ApiManagement/service/portalsettings' -ApiVersion '2019-12-01'; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitSqlServer { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $sqlServer = $resource; $resources = @(); # Get SQL Server firewall rules $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.Sql/servers/firewallRules' -ApiVersion '2015-05-01-preview'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.Sql/servers/administrators' -ApiVersion '2014-04-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.Sql/servers/securityAlertPolicies' -ApiVersion '2017-03-01-preview'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.Sql/servers/vulnerabilityAssessments' -ApiVersion '2018-06-01-preview'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.Sql/servers/auditingSettings' -ApiVersion '2017-03-01-preview'; $sqlServer | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitSqlDatabase { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $getParams = @{ ResourceGroupName = $Resource.ResourceGroupName DefaultProfile = $Context ErrorAction = 'SilentlyContinue' } $idParts = $Resource.ResourceId.Split('/'); $serverName = $idParts[-3]; $resourceName = "$serverName/$($Resource.Name)"; $resources += Get-AzResource @getParams -Name $resourceName -ResourceType 'Microsoft.Sql/servers/databases/dataMaskingPolicies' -ApiVersion '2014-04-01' -ExpandProperties $resources += Get-AzResource @getParams -Name $resourceName -ResourceType 'Microsoft.Sql/servers/databases/transparentDataEncryption' -ApiVersion '2014-04-01' -ExpandProperties; $resources += Get-AzResource @getParams -Name $resourceName -ResourceType 'Microsoft.Sql/servers/databases/connectionPolicies' -ApiVersion '2014-04-01' -ExpandProperties; $resources += Get-AzResource @getParams -Name $resourceName -ResourceType 'Microsoft.Sql/servers/databases/geoBackupPolicies' -ApiVersion '2014-04-01' -ExpandProperties; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitPostgreSqlServer { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $sqlServer = $resource; $resources = @(); # Get Postgre SQL Server firewall rules $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.DBforPostgreSQL/servers/firewallRules' -ApiVersion '2017-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.DBforPostgreSQL/servers/securityAlertPolicies' -ApiVersion '2017-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.DBforPostgreSQL/servers/configurations' -ApiVersion '2017-12-01'; $sqlServer | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitMySqlServer { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $sqlServer = $resource; $resources = @(); # Get MySQL Server firewall rules $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.DBforMySQL/servers/firewallRules' -ApiVersion '2017-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.DBforMySQL/servers/securityAlertPolicies' -ApiVersion '2017-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.DBforMySQL/servers/configurations' -ApiVersion '2017-12-01'; $sqlServer | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitSqlManagedInstance { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $sqlMI = $resource; $resources = @(); $resources += Get-AzResource -Name $resource.Name -ResourceType 'Microsoft.Sql/managedInstances/securityAlertPolicies' -ResourceGroupName $resource.ResourceGroupName -DefaultProfile $Context -ApiVersion '2017-03-01-preview' -ExpandProperties; $resources += Get-AzResource -Name $resource.Name -ResourceType 'Microsoft.Sql/managedInstances/vulnerabilityAssessments' -ResourceGroupName $resource.ResourceGroupName -DefaultProfile $Context -ApiVersion '2018-06-01-preview' -ExpandProperties; $resources += Get-AzResource -Name $resource.Name -ResourceType 'Microsoft.Sql/managedInstances/administrators' -ResourceGroupName $resource.ResourceGroupName -DefaultProfile $Context -ApiVersion '2017-03-01-preview' -ExpandProperties; $sqlMI | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitAutomationAccount { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $aa = $Resource $resources = @(); $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.Automation/AutomationAccounts/variables' -ApiVersion '2015-10-31'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.Automation/AutomationAccounts/webhooks' -ApiVersion '2015-10-31'; $diagnosticSettingsResourceParams = @{ Name = $Resource.Name ResourceType = 'Microsoft.Automation/automationAccounts/providers/microsoft.insights/diagnosticSettings' ResourceGroupName = $Resource.ResourceGroupName DefaultProfile = $Context ExpandProperties = $True ApiVersion = '2021-05-01-preview' } $resources += Get-AzResource @diagnosticSettingsResourceParams $aa | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } # function VisitDataFactoryV2 { # param ( # [Parameter(Mandatory = $True, ValueFromPipeline = $True)] # [PSObject]$Resource, # [Parameter(Mandatory = $True)] # [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context # ) # process { # $df = $resource; # $resources = @(); # # Get linked services # $resources += Get-AzDataFactoryV2LinkedService -DataFactoryName $resource.Name -ResourceGroupName $resource.ResourceGroupName -DefaultProfile $Context | ForEach-Object -Process { # $linkedService = $_; # $type = $linkedService.Properties.GetType().Name; # $linkedService.Properties.AdditionalProperties = $Null; # if ($Null -ne $linkedService.Properties.EncryptedCredential) { # $linkedService.Properties.EncryptedCredential = $Null; # } # $linkedService | Add-Member -MemberType NoteProperty -Name 'ResourceType' -Value 'linkedServices'; # $linkedService | Add-Member -MemberType NoteProperty -Name 'Type' -Value $type; # $linkedService; # }; # $df | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; # } # } function VisitCDNEndpoint { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $resources += GetSubResourceId @PSBoundParameters -Property 'customdomains' -ApiVersion '2019-04-15'; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitContainerRegistry { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ContainerRegistry/registries/replications' -ApiVersion '2019-12-01-preview'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ContainerRegistry/registries/webhooks' -ApiVersion '2019-12-01-preview'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ContainerRegistry/registries/tasks' -ApiVersion '2019-06-01-preview'; $resources += GetRestProperty @PSBoundParameters -Property 'listUsages' -ApiVersion '2019-05-01' | SetResourceType 'Microsoft.ContainerRegistry/registries/listUsages'; $resources += GetSubProvider @PSBoundParameters -ResourceType 'Microsoft.Security/assessments' -ApiVersion '2019-01-01-preview'; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitAKSCluster { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); # Only add VNET resource if AKS cluster is using Azure CNI network plugin # Supported network plugins: azure or kubenet # https://docs.microsoft.com/en-us/azure/templates/microsoft.containerservice/managedclusters?tabs=json#containerservicenetworkprofile-object if ($Resource.Properties.networkProfile.networkPlugin -eq 'azure') { $nodePools = @($Resource.Properties.agentPoolProfiles); foreach ($nodePool in $nodePools) { $vnetId = $nodePool.vnetSubnetID; $resources += GetResourceById -ResourceId $vnetId -ApiVersion '2020-05-01' -Context $Context; } } $resources += Get-AzResource -Name $Resource.Name -ResourceType 'Microsoft.ContainerService/managedClusters/providers/microsoft.insights/diagnosticSettings' -ResourceGroupName $Resource.ResourceGroupName -DefaultProfile $Context -ApiVersion '2017-05-01-preview' -ExpandProperties; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitPublicIP { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { # Get-AzResource does not return zones, even with latest API version # Had to fetch the zones using ARM REST API and insert them into the resource # Logged an issue with Az PowerShell: https://github.com/Azure/azure-powershell/issues/15905 $publicIp = ((Invoke-AzRestMethod -Path "$($Resource.ResourceId)?api-version=2021-02-01" -Method GET).Content | ConvertFrom-Json).PSObject.Properties['zones']; if ($Null -ne $publicIp) { $Resource | Add-Member -MemberType NoteProperty -Name zones -Value $publicIp.value -PassThru; } else { $Resource; } } } function VisitRedisCache { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { # Get-AzResource does not return zones, even with latest API version # Had to fetch the zones using ARM REST API and insert them into the resource # Logged an issue with Az PowerShell: https://github.com/Azure/azure-powershell/issues/15905 $redisCacheZones = ((Invoke-AzRestMethod -Path "$($Resource.ResourceId)?api-version=2021-06-01" -Method GET).Content | ConvertFrom-Json).PSObject.Properties['zones']; if ($Null -ne $redisCacheZones) { $Resource | Add-Member -MemberType NoteProperty -Name zones -Value $redisCacheZones.value -PassThru; } else { $Resource; } } } function VisitRedisEnterpriseCache { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { # Get-AzResource does not return zones, even with latest API version # Had to fetch the zones using ARM REST API and insert them into the resource # Logged an issue with Az PowerShell: https://github.com/Azure/azure-powershell/issues/15905 $redisEnterpriseCacheZones = ((Invoke-AzRestMethod -Path "$($Resource.ResourceId)?api-version=2021-08-01" -Method GET).Content | ConvertFrom-Json).PSObject.Properties['zones']; if ($Null -ne $redisEnterpriseCacheZones) { $Resource | Add-Member -MemberType NoteProperty -Name zones -Value $redisEnterpriseCacheZones.value -PassThru; } else { $Resource; } } } function VisitStorageAccount { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); if ($Resource.Kind -ne 'FileStorage') { $blobServices = @(GetSubResource @PSBoundParameters -ResourceType 'Microsoft.Storage/storageAccounts/blobServices' -ApiVersion '2019-04-01'); foreach ($blobService in $blobServices) { $resources += $blobService; $resources += Get-AzResource -Name "$($Resource.Name)/$($blobService.Name)" -ResourceType 'Microsoft.Storage/storageAccounts/blobServices/containers' -ResourceGroupName $Resource.ResourceGroupName -DefaultProfile $Context -ApiVersion '2019-04-01' -ExpandProperties; } } $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitStorageSyncService { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $resources += Get-AzStorageSyncServer -ParentResourceId $Resource.ResourceId -DefaultProfile $Context; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitWebApp { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $configResourceType = 'Microsoft.Web/sites/config'; # Handle slots if ($Resource.ResourceType -eq 'Microsoft.Web/sites/slots') { $configResourceType = 'Microsoft.Web/sites/slots/config'; } $resources += Get-AzResource -Name $Resource.Name -ResourceType $configResourceType -ResourceGroupName $Resource.ResourceGroupName -DefaultProfile $Context -ApiVersion '2018-11-01' -ExpandProperties; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitRecoveryServices { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $resources += Get-AzResource -Name $resource.Name -ResourceType 'Microsoft.RecoveryServices/vaults/replicationRecoveryPlans' -ResourceGroupName $resource.ResourceGroupName -DefaultProfile $Context -ApiVersion '2018-07-10' -ExpandProperties; $resources += Get-AzResource -Name $resource.Name -ResourceType 'Microsoft.RecoveryServices/vaults/replicationAlertSettings' -ResourceGroupName $resource.ResourceGroupName -DefaultProfile $Context -ApiVersion '2018-07-10' -ExpandProperties; $resources += Get-AzResource -Name $resource.Name -ResourceType 'Microsoft.RecoveryServices/vaults/backupstorageconfig/vaultstorageconfig' -ResourceGroupName $resource.ResourceGroupName -DefaultProfile $Context -ApiVersion '2018-07-10' -ExpandProperties; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitVirtualMachine { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $networkInterfaceId = $Resource.Properties.networkProfile.networkInterfaces.id; foreach ($id in $networkInterfaceId) { $resources += Get-AzResource -ResourceId $id -ExpandProperties -DefaultProfile $Context; } $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitKeyVault { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $resources += Get-AzResource -Name $resource.Name -ResourceType 'Microsoft.KeyVault/vaults/providers/microsoft.insights/diagnosticSettings' -ResourceGroupName $resource.ResourceGroupName -DefaultProfile $Context -ApiVersion '2017-05-01-preview' -ExpandProperties; $resources += GetResourceById -ResourceId "$($Resource.Id)/keys" -Context $Context -ApiVersion '2021-11-01-preview'; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitFrontDoor { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { # Patch Front Door properties not fully returned from the default API version $Resource = Get-AzResource -Name $resource.Name -ResourceGroupName $resource.ResourceGroupName -DefaultProfile $Context -ResourceType 'Microsoft.Network/frontdoors' -ExpandProperties -ApiVersion '2018-08-01'; $resources = @(); $resources += Get-AzResource -Name $resource.Name -ResourceType 'Microsoft.Network/frontdoors/providers/microsoft.insights/diagnosticSettings' -ResourceGroupName $resource.ResourceGroupName -DefaultProfile $Context -ApiVersion '2017-05-01-preview' -ExpandProperties; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitFrontDoorWAFPolicy { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { # Patch Front Door WAF policy properties not fully returned from the default API version $Resource = Get-AzResource -Name $resource.Name -ResourceGroupName $resource.ResourceGroupName -DefaultProfile $Context -ResourceType 'Microsoft.Network/FrontDoorWebApplicationFirewallPolicies' -ExpandProperties -ApiVersion '2019-10-01'; $Resource; } } function VisitNetworkConnection { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { # Patch connections if (@($Resource.Properties.PSObject.Properties.Match('sharedKey')).Length -gt 0) { $Resource.Properties.sharedKey = "*** MASKED ***"; } $Resource; } } function VisitSubscription { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $resources += Get-AzRoleAssignment -DefaultProfile $Context -IncludeClassicAdministrators | SetResourceType 'Microsoft.Authorization/roleAssignments'; $resources += Get-AzResource -DefaultProfile $Context -ApiVersion '2017-08-01-preview' -ResourceId "/subscriptions/$($Resource.Id)/providers/Microsoft.Security/autoProvisioningSettings"; $resources += Get-AzResource -DefaultProfile $Context -ApiVersion '2017-08-01-preview' -ResourceId "/subscriptions/$($Resource.Id)/providers/Microsoft.Security/securityContacts"; $resources += Get-AzResource -DefaultProfile $Context -ApiVersion '2018-06-01' -ResourceId "/subscriptions/$($Resource.Id)/providers/Microsoft.Security/pricings"; $resources += Get-AzResource -DefaultProfile $Context -ApiVersion '2019-06-01' -ResourceId "/subscriptions/$($Resource.Id)/providers/Microsoft.Authorization/policyAssignments"; $resources += Get-AzResource -DefaultProfile $Context -ResourceType 'microsoft.insights/activityLogAlerts' -ExpandProperties; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; Get-AzPolicyDefinition -Custom -DefaultProfile $Context; Get-AzPolicySetDefinition -Custom -DefaultProfile $Context; } } function VisitResourceGroup { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $resources += Get-AzRoleAssignment -DefaultProfile $Context -Scope $Resource.ResourceId ` | Where-Object { $_.Scope.StartsWith($Resource.ResourceId) } ` | SetResourceType 'Microsoft.Authorization/roleAssignments'; $resources += Get-AzResourceLock -DefaultProfile $Context -ResourceGroupName $Resource.ResourceGroupName | SetResourceType 'Microsoft.Authorization/locks'; $Resource ` | Add-Member -MemberType NoteProperty -Name Name -Value $Resource.ResourceGroupName -PassThru ` | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitDataExplorerCluster { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $getParams = @{ ResourceGroupName = $Resource.ResourceGroupName DefaultProfile = $Context ErrorAction = 'SilentlyContinue' } $resources += Get-AzResource @getParams -Name $Resource.Name -ResourceType 'Microsoft.Kusto/clusters/databases' -ApiVersion '2021-08-27' -ExpandProperties; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitEventHubNamespaces { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $getParams = @{ ResourceGroupName = $Resource.ResourceGroupName DefaultProfile = $Context ErrorAction = 'SilentlyContinue' } $resources += Get-AzResource @getParams -Name $Resource.Name -ResourceType 'Microsoft.EventHub/namespaces/eventhubs' -ApiVersion '2021-11-01' -ExpandProperties; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitServiceBusNamespaces { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $getParams = @{ ResourceGroupName = $Resource.ResourceGroupName DefaultProfile = $Context ErrorAction = 'SilentlyContinue' } $resources += Get-AzResource @getParams -Name $Resource.Name -ResourceType 'Microsoft.ServiceBus/namespaces/queues' -ApiVersion '2021-06-01-preview' -ExpandProperties; $resources += Get-AzResource @getParams -Name $Resource.Name -ResourceType 'Microsoft.ServiceBus/namespaces/topics' -ApiVersion '2021-06-01-preview' -ExpandProperties; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function ExpandPolicyAssignment { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Assignment, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $policyDefinitionId = $Assignment.Properties.PolicyDefinitionId; Write-Verbose -Message "[Export] -- Expanding: $policyDefinitionId"; $policyDefinitions = [System.Collections.Generic.List[PSObject]]@(); if ($policyDefinitionId -like '*/providers/Microsoft.Authorization/policyDefinitions/*') { $definition = Get-AzPolicyDefinition -Id $policyDefinitionId -DefaultProfile $Context; $policyDefinitions.Add($definition); } elseif ($policyDefinitionId -like '*/providers/Microsoft.Authorization/policySetDefinitions/*') { $policySetDefinition = Get-AzPolicySetDefinition -Id $policyDefinitionId -DefaultProfile $Context; foreach ($definition in $policySetDefinition.Properties.PolicyDefinitions) { $definitionId = $definition.policyDefinitionId; Write-Verbose -Message "[Export] -- Expanding: $definitionId"; $definition = Get-AzPolicyDefinition -Id $definitionId -DefaultProfile $Context; $policyDefinitions.Add($definition); } } $Assignment | Add-Member -MemberType NoteProperty -Name PolicyDefinitions -Value $policyDefinitions -PassThru; } } # Add additional information to resources with child resources function ExpandResource { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resourceId = ''; if ($Resource.ResourceType -eq 'Microsoft.Subscription') { $resourceId = $Resource.Id; } else { $resourceId = $Resource.ResourceId; } Write-Verbose -Message "[Export] -- Expanding: $($resourceId)"; switch ($Resource.ResourceType) { 'Microsoft.ApiManagement/service' { VisitAPIManagement @PSBoundParameters; } 'Microsoft.Automation/automationAccounts' { VisitAutomationAccount @PSBoundParameters; } 'Microsoft.Cdn/profiles/endpoints' { VisitCDNEndpoint @PSBoundParameters; } 'Microsoft.ContainerRegistry/registries' { VisitContainerRegistry @PSBoundParameters; } 'Microsoft.ContainerService/managedClusters' { VisitAKSCluster @PSBoundParameters; } 'Microsoft.Sql/servers' { VisitSqlServer @PSBoundParameters; } 'Microsoft.Sql/servers/databases' { VisitSqlDatabase @PSBoundParameters; } 'Microsoft.DBforPostgreSQL/servers' { VisitPostgreSqlServer @PSBoundParameters; } 'Microsoft.DBforMySQL/servers' { VisitMySqlServer @PSBoundParameters; } # 'Microsoft.Sql/managedInstances' { VisitSqlManagedInstance @PSBoundParameters; } # 'Microsoft.DataFactory/factories' { VisitDataFactoryV2 @PSBoundParameters; } 'Microsoft.Storage/storageAccounts' { VisitStorageAccount @PSBoundParameters; } # "Microsoft.StorageSync/storageSyncServices" { VisitStorageSyncService @PSBoundParameters; } 'Microsoft.Web/sites' { VisitWebApp @PSBoundParameters; } 'Microsoft.Web/sites/slots' { VisitWebApp @PSBoundParameters; } 'Microsoft.RecoveryServices/vaults' { VisitRecoveryServices @PSBoundParameters; } 'Microsoft.Compute/virtualMachines' { VisitVirtualMachine @PSBoundParameters; } 'Microsoft.KeyVault/vaults' { VisitKeyVault @PSBoundParameters; } 'Microsoft.Network/frontDoors' { VisitFrontDoor @PSBoundParameters; } 'Microsoft.Network/FrontDoorWebApplicationFirewallPolicies' { VisitFrontDoorWAFPolicy @PSBoundParameters; } 'Microsoft.Network/connections' { VisitNetworkConnection @PSBoundParameters; } 'Microsoft.Subscription' { VisitSubscription @PSBoundParameters; } 'Microsoft.Resources/resourceGroups' { VisitResourceGroup @PSBoundParameters; } 'Microsoft.Network/publicIPAddresses' { VisitPublicIP @PSBoundParameters; } 'Microsoft.Cache/Redis' { VisitRedisCache @PSBoundParameters; } 'Microsoft.Cache/redisEnterprise' { VisitRedisEnterpriseCache @PSBoundParameters; } 'Microsoft.Kusto/Clusters' { VisitDataExplorerCluster @PSBoundParameters; } 'Microsoft.EventHub/namespaces' { VisitEventHubNamespaces @PSBoundParameters; } 'Microsoft.ServiceBus/namespaces' { VisitServiceBusNamespaces @PSBoundParameters; } default { $Resource; } } } } function SetResourceType { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True, Position = 0)] [String]$ResourceType ) process { if ($ResourceType -eq 'Microsoft.Resources/resourceGroups') { $Resource = $Resource | Add-Member -MemberType NoteProperty -Name Id -Value $Resource.ResourceId -PassThru -Force; } $Resource | Add-Member -MemberType NoteProperty -Name ResourceType -Value $ResourceType -PassThru -Force; } } # # Export module # New-Alias -Name 'Export-AzTemplateRuleData' -Value 'Export-AzRuleTemplateData' -Force; Export-ModuleMember -Function @( 'Export-AzRuleData' 'Export-AzRuleTemplateData' 'Get-AzRuleTemplateLink' 'Export-AzPolicyAssignmentData' 'Export-AzPolicyAssignmentRuleData' 'Get-AzPolicyAssignmentDataSource' ); Export-ModuleMember -Alias @( 'Export-AzTemplateRuleData' ); # SIG # Begin signature block # MIInnwYJKoZIhvcNAQcCoIInkDCCJ4wCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCDcwydHHwpHsXYU # +feOx0uEWn0WZhFXlIuiA16ZtT/YMaCCDXYwggX0MIID3KADAgECAhMzAAACURR2 # zMWFg24LAAAAAAJRMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjEwOTAyMTgzMjU5WhcNMjIwOTAxMTgzMjU5WjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQDBIpXR3b1IYAMunV9ZYBVYsaA7S64mqacKy/OJUf0Lr/LW/tWlJDzJH9nFAhs0 # zzSdQQcLhShOSTUxtlwZD9dnfIcx4pZgu0VHkqQw2dVc8Ob21GBo5sVrXgEAQxZo # rlEuAl20KpSIFLUBwoZFGFSQNSMcqPudXOw+Mhvn6rXYv/pjXIjgBntn6p1f+0+C # 2NXuFrIwjJIJd0erGefwMg//VqUTcRaj6SiCXSY6kjO1J9P8oaRQBHIOFEfLlXQ3 # a1ATlM7evCUvg3iBprpL+j1JMAUVv+87NRApprPyV75U/FKLlO2ioDbb69e3S725 # XQLW+/nJM4ihVQ0BHadh74/lAgMBAAGjggFzMIIBbzAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQUMLgM7NX5EnpPfK5uU6FPvn2g/Ekw # RQYDVR0RBD4wPKQ6MDgxHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEW # MBQGA1UEBRMNMjMwMDEyKzQ2NzU5NjAfBgNVHSMEGDAWgBRIbmTlUAXTgqoXNzci # tW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3JsMGEG # CCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQu # Y29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3J0 # MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAIVJlff+Fp0ylEJhmvap # NVv1bYLSWf58OqRRIDnXbHQ+FobsOwL83/ncPC3xl8ySR5uK/af4ZDy7DcDw0yEd # mKbRLzHIfcztZVSrlsg0GKwZuaB2MEI1VizNCoZlN+HlFZa4DNm3J0LhTWrZjVR0 # M6V57cFW0GsV4NlqmtelT9JFEae7PomwgAV9xOScz8HzvbZeERcoSRp9eRsQwOw7 # 8XeCLeglqjUnz9gFM7RliCYP58Fgphtkht9LNEcErLOVW17m6/Dj75zg/IS+//6G # FEK2oXnw5EIIWZraFHqSaee+NMgOw/R6bwB8qLv5ClOJEpGKA3XPJvS9YgOpF920 # Vu4Afqa5Rv5UJKrsxA7HOiuH4TwpkP3XQ801YLMp4LavXnvqNkX5lhFcITvb01GQ # lcC5h+XfCv0L4hUum/QrFLavQXJ/vtirCnte5Bediqmjx3lswaTRbr/j+KX833A1 # l9NIJmdGFcVLXp1en3IWG/fjLIuP7BqPPaN7A1tzhWxL+xx9yw5vQiT1Yn14YGmw # OzBYYLX0H9dKRLWMxMXGvo0PWEuXzYyrdDQExPf66Fq/EiRpZv2EYl2gbl9fxc3s # qoIkyNlL1BCrvmzunkwt4cwvqWremUtqTJ2B53MbBHlf4RfvKz9NVuh5KHdr82AS # MMjU4C8KNTqzgisqQdCy8unTMIIHejCCBWKgAwIBAgIKYQ6Q0gAAAAAAAzANBgkq # hkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x # EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv # bjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5 # IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEwOTA5WjB+MQswCQYDVQQG # EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG # A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYDVQQDEx9NaWNyb3NvZnQg # Q29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC # CgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+laUKq4BjgaBEm6f8MMHt03 # a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc6Whe0t+bU7IKLMOv2akr # rnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4Ddato88tt8zpcoRb0Rrrg # OGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+lD3v++MrWhAfTVYoonpy # 4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nkkDstrjNYxbc+/jLTswM9 # sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6A4aN91/w0FK/jJSHvMAh # dCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmdX4jiJV3TIUs+UsS1Vz8k # A/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL5zmhD+kjSbwYuER8ReTB # w3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zdsGbiwZeBe+3W7UvnSSmn # Eyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3T8HhhUSJxAlMxdSlQy90 # lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS4NaIjAsCAwEAAaOCAe0w # ggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRIbmTlUAXTgqoXNzcitW2o # ynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYD # VR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBDuRQFTuHqp8cx0SOJNDBa # BgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2Ny # bC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3JsMF4GCCsG # AQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29t # L3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3J0MIGfBgNV # HSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEFBQcCARYzaHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1hcnljcHMuaHRtMEAGCCsG # AQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkAYwB5AF8AcwB0AGEAdABl # AG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn8oalmOBUeRou09h0ZyKb # C5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7v0epo/Np22O/IjWll11l # hJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0bpdS1HXeUOeLpZMlEPXh6 # I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/KmtYSWMfCWluWpiW5IP0 # wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvyCInWH8MyGOLwxS3OW560 # STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBpmLJZiWhub6e3dMNABQam # ASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJihsMdYzaXht/a8/jyFqGa # J+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYbBL7fQccOKO7eZS/sl/ah # XJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbSoqKfenoi+kiVH6v7RyOA # 9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sLgOppO6/8MO0ETI7f33Vt # Y5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtXcVZOSEXAQsmbdlsKgEhr # /Xmfwb1tbWrJUnMTDXpQzTGCGX8wghl7AgEBMIGVMH4xCzAJBgNVBAYTAlVTMRMw # EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN # aWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNp # Z25pbmcgUENBIDIwMTECEzMAAAJRFHbMxYWDbgsAAAAAAlEwDQYJYIZIAWUDBAIB # BQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEO # MAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIJzpQZLvywfsdzIjrdnlubAO # HPdHg41AQzV9DJamlLvqMEIGCisGAQQBgjcCAQwxNDAyoBSAEgBNAGkAYwByAG8A # cwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20wDQYJKoZIhvcNAQEB # BQAEggEAY33Otewol+dJODFGqBtueTcgTq0EJDvnCi5RMefA16jHz/nkldkbxwD4 # grC+WluxPtnMNh/yqShzgXzpwkSvK4FYgPp1xVshgEVuGbLZR6iLisO1BtYMmyQN # EA7XrKfzAUSA71x8dpojDDDWQY1qDFp3NNb77EsDaRJz2WBowTnkLZd5edH/3WHl # DD8/zF78wrs9Iho3+fUry0JwzRgzODslf+wLWBTuPPFC+m9dlQ2hX4EXLdvfIP4Q # ZtJ977uv0+sV7ZQlfWpJXI7SsOZLGx6SxLHLvdAe0uR0hl3oyQ3Vvqe5VCOoS1f8 # Em8MbwUSh9VMQZMvIbLkbidZBR4Tf6GCFwkwghcFBgorBgEEAYI3AwMBMYIW9TCC # FvEGCSqGSIb3DQEHAqCCFuIwghbeAgEDMQ8wDQYJYIZIAWUDBAIBBQAwggFVBgsq # hkiG9w0BCRABBKCCAUQEggFAMIIBPAIBAQYKKwYBBAGEWQoDATAxMA0GCWCGSAFl # AwQCAQUABCDLgDzkLdlLRXU3zyufbLOK5hDLtakMnZryOSv9STfk5gIGYrHu2hHm # GBMyMDIyMDcwNjExNDIzNS44MTNaMASAAgH0oIHUpIHRMIHOMQswCQYDVQQGEwJV # UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE # ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSkwJwYDVQQLEyBNaWNyb3NvZnQgT3Bl # cmF0aW9ucyBQdWVydG8gUmljbzEmMCQGA1UECxMdVGhhbGVzIFRTUyBFU046Rjc3 # Ri1FMzU2LTVCQUUxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZp # Y2WgghFcMIIHEDCCBPigAwIBAgITMwAAAaqlMZsLy7IIDgABAAABqjANBgkqhkiG # 9w0BAQsFADB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4G # A1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYw # JAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDAeFw0yMjAzMDIx # ODUxMjZaFw0yMzA1MTExODUxMjZaMIHOMQswCQYDVQQGEwJVUzETMBEGA1UECBMK # V2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0 # IENvcnBvcmF0aW9uMSkwJwYDVQQLEyBNaWNyb3NvZnQgT3BlcmF0aW9ucyBQdWVy # dG8gUmljbzEmMCQGA1UECxMdVGhhbGVzIFRTUyBFU046Rjc3Ri1FMzU2LTVCQUUx # JTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2UwggIiMA0GCSqG # SIb3DQEBAQUAA4ICDwAwggIKAoICAQCgT+xyudW1h3/hQ0ofTu2Mq0LZDTL3R8x4 # ms7znSPTzho8iSGK7NVjjJkgqd6P5r7Lj5xUj+XNHQngblKuruid9DPNWWjTj/2m # 2a08GK2DfjeZ0razhnQrUQbpu+ocu069wGQ1AKy8L4bBpV4S5Q1NcIqGsTPgVcAj # SOy5k2mCqo5ufIRILGLSiB5OfS8zpyOGnp2zywT/1WGIyOmuCiHLp9BGRKwLpLeT # wv5ilGjqYVDBmJtD8X6WPQZBubD33MxciHwNdyy0UuLBoW1K3DOeBLxNhZVgUGia # O36yluwlYyEyxF+BNpccEBvzLmftcA2IPTjhK0+Yfus3nI+u3np8MXlKGjhGyrYl # MWiVGJ8kCsQlk5DXVkV0ykpiMcdLW7D+Yq1o6l70+rf83iSsNOTWPIT0+er1ttKt # A2CtjbXjggw9FA+mTQBS1fOxjpJdHgal3E6BVXXicMDkxOmgOEamKDa9kFDwSFOi # RIlBgbPXOKguZgR02OOlWkf6HWhQy3MUCODj5J+WpfyD7HfP62g5jHyopOusXDYd # qjeMsrWDN7og3p1+anhXcd6XYuN6WABTf0tf91UTZPvxkVVFGFmAYw2UqsbJYnRP # IbMQuyvKi35jaGkNmgLLtd4dX2kzEmSBFcaLM9W/ciHl5rTOjZa41d3rcEuyV2MB # oRzHVWBC9QIDAQABo4IBNjCCATIwHQYDVR0OBBYEFD+aFLxThy7YX3dFs94RrZ0F # RqSeMB8GA1UdIwQYMBaAFJ+nFV0AXmJdg/Tl0mWnG1M1GelyMF8GA1UdHwRYMFYw # VKBSoFCGTmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY3JsL01pY3Jv # c29mdCUyMFRpbWUtU3RhbXAlMjBQQ0ElMjAyMDEwKDEpLmNybDBsBggrBgEFBQcB # AQRgMF4wXAYIKwYBBQUHMAKGUGh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lv # cHMvY2VydHMvTWljcm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBDQSUyMDIwMTAoMSku # Y3J0MAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwgwDQYJKoZIhvcN # AQELBQADggIBAN8MgE2QRRAaIK3MB7OMyO6l9stI2ygiOmYnhgCEfekYjK42b1ht # /WDwPxS9r4RkgrTu3mt4gZcIYU8iRD3sS7oE+IweFtK5XTiz+WxHNM8MbPTbUxUv # FJds2ye48+VsUp4Uh7H2lRVKe0ugdmtW4ypliKP0r3d1tVd5nCGM4W6SyFFZT9wm # 0yRBPnAt4V/iYIJ0mERE8qPpiOx8/yjFhWkVgVGCOINAa8IldpWKisnpIzaeq4+2 # /JejoW4F/yT9G8zcb+oqNGOIjZSM8/z3SIfxNqY96Vz4kCT0ZRJDJLEXnBPFZxcq # oUeH2/xenOcsGOPphKbISAINmFF7MBaqmyvRb/lPGGHJWD74Sv8EWbPv+WriuBTP # kE48sI9Aua5q/DM4qplBoALsGUGMh0QqKZ1XZWjv8cUmQn2mUe8OwdzgRJfI/laK # H7NSn6vQJpkAFmTo7eA5zZOTZ8U4T740FbjlP8vh0xK8Kg/8CkQpdACd1D0yfDz2 # Kfo2xF5CpqBYVOCRnq+Xmo9tp19fabozWSqqmq7eMi4zVDpKlo1ZOCh6XWERnCTF # V5CpEAIpY1J/XB0cDbj8/07u2Jn4EV1jeB7wnE9ptUAA4pzmT7Dub+Y/2xMcNFph # a1tgrQxAKZwpZogCnIRa9MUihORE/gMrmy2qXoxDa/b7e0Fzaumj9V1nMIIHcTCC # BVmgAwIBAgITMwAAABXF52ueAptJmQAAAAAAFTANBgkqhkiG9w0BAQsFADCBiDEL # MAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1v # bmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWlj # cm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTAwHhcNMjEwOTMw # MTgyMjI1WhcNMzAwOTMwMTgzMjI1WjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMK # V2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0 # IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0Eg # MjAxMDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOThpkzntHIhC3mi # y9ckeb0O1YLT/e6cBwfSqWxOdcjKNVf2AX9sSuDivbk+F2Az/1xPx2b3lVNxWuJ+ # Slr+uDZnhUYjDLWNE893MsAQGOhgfWpSg0S3po5GawcU88V29YZQ3MFEyHFcUTE3 # oAo4bo3t1w/YJlN8OWECesSq/XJprx2rrPY2vjUmZNqYO7oaezOtgFt+jBAcnVL+ # tuhiJdxqD89d9P6OU8/W7IVWTe/dvI2k45GPsjksUZzpcGkNyjYtcI4xyDUoveO0 # hyTD4MmPfrVUj9z6BVWYbWg7mka97aSueik3rMvrg0XnRm7KMtXAhjBcTyziYrLN # ueKNiOSWrAFKu75xqRdbZ2De+JKRHh09/SDPc31BmkZ1zcRfNN0Sidb9pSB9fvzZ # nkXftnIv231fgLrbqn427DZM9ituqBJR6L8FA6PRc6ZNN3SUHDSCD/AQ8rdHGO2n # 6Jl8P0zbr17C89XYcz1DTsEzOUyOArxCaC4Q6oRRRuLRvWoYWmEBc8pnol7XKHYC # 4jMYctenIPDC+hIK12NvDMk2ZItboKaDIV1fMHSRlJTYuVD5C4lh8zYGNRiER9vc # G9H9stQcxWv2XFJRXRLbJbqvUAV6bMURHXLvjflSxIUXk8A8FdsaN8cIFRg/eKtF # tvUeh17aj54WcmnGrnu3tz5q4i6tAgMBAAGjggHdMIIB2TASBgkrBgEEAYI3FQEE # BQIDAQABMCMGCSsGAQQBgjcVAgQWBBQqp1L+ZMSavoKRPEY1Kc8Q/y8E7jAdBgNV # HQ4EFgQUn6cVXQBeYl2D9OXSZacbUzUZ6XIwXAYDVR0gBFUwUzBRBgwrBgEEAYI3 # TIN9AQEwQTA/BggrBgEFBQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3Br # aW9wcy9Eb2NzL1JlcG9zaXRvcnkuaHRtMBMGA1UdJQQMMAoGCCsGAQUFBwMIMBkG # CSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8E # BTADAQH/MB8GA1UdIwQYMBaAFNX2VsuP6KJcYmjRPZSQW9fOmhjEMFYGA1UdHwRP # ME0wS6BJoEeGRWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvY3JsL3Byb2R1 # Y3RzL01pY1Jvb0NlckF1dF8yMDEwLTA2LTIzLmNybDBaBggrBgEFBQcBAQROMEww # SgYIKwYBBQUHMAKGPmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvY2VydHMv # TWljUm9vQ2VyQXV0XzIwMTAtMDYtMjMuY3J0MA0GCSqGSIb3DQEBCwUAA4ICAQCd # VX38Kq3hLB9nATEkW+Geckv8qW/qXBS2Pk5HZHixBpOXPTEztTnXwnE2P9pkbHzQ # dTltuw8x5MKP+2zRoZQYIu7pZmc6U03dmLq2HnjYNi6cqYJWAAOwBb6J6Gngugnu # e99qb74py27YP0h1AdkY3m2CDPVtI1TkeFN1JFe53Z/zjj3G82jfZfakVqr3lbYo # VSfQJL1AoL8ZthISEV09J+BAljis9/kpicO8F7BUhUKz/AyeixmJ5/ALaoHCgRlC # GVJ1ijbCHcNhcy4sa3tuPywJeBTpkbKpW99Jo3QMvOyRgNI95ko+ZjtPu4b6MhrZ # lvSP9pEB9s7GdP32THJvEKt1MMU0sHrYUP4KWN1APMdUbZ1jdEgssU5HLcEUBHG/ # ZPkkvnNtyo4JvbMBV0lUZNlz138eW0QBjloZkWsNn6Qo3GcZKCS6OEuabvshVGtq # RRFHqfG3rsjoiV5PndLQTHa1V1QJsWkBRH58oWFsc/4Ku+xBZj1p/cvBQUl+fpO+ # y/g75LcVv7TOPqUxUYS8vwLBgqJ7Fx0ViY1w/ue10CgaiQuPNtq6TPmb/wrpNPgk # NWcr4A245oyZ1uEi6vAnQj0llOZ0dFtq0Z4+7X6gMTN9vMvpe784cETRkPHIqzqK # Oghif9lwY1NNje6CbaUFEMFxBmoQtB1VM1izoXBm8qGCAs8wggI4AgEBMIH8oYHU # pIHRMIHOMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE # BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSkwJwYD # VQQLEyBNaWNyb3NvZnQgT3BlcmF0aW9ucyBQdWVydG8gUmljbzEmMCQGA1UECxMd # VGhhbGVzIFRTUyBFU046Rjc3Ri1FMzU2LTVCQUUxJTAjBgNVBAMTHE1pY3Jvc29m # dCBUaW1lLVN0YW1wIFNlcnZpY2WiIwoBATAHBgUrDgMCGgMVAOBtJtCeHgJZY3D/ # 47zr/f6Zv+vGoIGDMIGApH4wfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hp # bmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jw # b3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAw # DQYJKoZIhvcNAQEFBQACBQDmb4rCMCIYDzIwMjIwNzA2MDgxNDU4WhgPMjAyMjA3 # MDcwODE0NThaMHQwOgYKKwYBBAGEWQoEATEsMCowCgIFAOZvisICAQAwBwIBAAIC # FmUwBwIBAAICEV4wCgIFAOZw3EICAQAwNgYKKwYBBAGEWQoEAjEoMCYwDAYKKwYB # BAGEWQoDAqAKMAgCAQACAwehIKEKMAgCAQACAwGGoDANBgkqhkiG9w0BAQUFAAOB # gQDJlMstKJPPO8eo3i76OZA0xh5spych/NCl9+pXiTspEiFEkk7/Phxtk4UqkbUm # hiGfvfaoNN4aFpODRJ28n8hdhfW324AtcEBrp3GfLu/1wiMcQhzno0btiN6HV5q+ # U8NMmNl5SgbLnzOipjXS7bR2AxBTlfvCL5z1Oq0WU/cXuDGCBA0wggQJAgEBMIGT # MHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdS # ZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMT # HU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMzAAABqqUxmwvLsggOAAEA # AAGqMA0GCWCGSAFlAwQCAQUAoIIBSjAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQ # AQQwLwYJKoZIhvcNAQkEMSIEIK0J1qUDhAQd6FY/vMbXLb6tW21bGNqgNHs0fg8e # HJgSMIH6BgsqhkiG9w0BCRACLzGB6jCB5zCB5DCBvQQgVrUCQxxavBHgc9017oAq # kYUiPyQmWwE2BCMExvGzHsAwgZgwgYCkfjB8MQswCQYDVQQGEwJVUzETMBEGA1UE # CBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9z # b2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQ # Q0EgMjAxMAITMwAAAaqlMZsLy7IIDgABAAABqjAiBCDs4n9JFgUAJU8HlbyXxQKy # 03LwbZ5ruUtn8lQ5S/E2bDANBgkqhkiG9w0BAQsFAASCAgBLw9rcBo+4fiIzKrNI # zbnQA69a/cB7g8rWpAU1V3PXaRs6EpBThMlBt63DQQ6UCWuXYkZJ1k/KCMj3XUSV # 70Nzi3Jnmkp8YwmzPrcmnuB5uaHJu69fs+N5ZFPGheIvj/v9rFKMMCCVFmp9bKxF # HG90eC7vlA+XYPWDLVqggfD0PQX1+h/pZI8W2Krt611J7rAuq63XpThPJ3eQxVln # dGJaHV1zOzOkqsNprWBgRkIlrhg6ioD+pVSF9Dk9rBCehnr2NdYZeHjcKHdegM34 # aHfRJB0g6v/DD+a8+q9zMsEwCaw8L4YPTa3j4LgoeUYy2bw9X8dFHtTzL2utpN8J # Rpx+RJKaWG9OPoNZR43UaBFhpkuwFBI78aoKR2ZPyGSP67X9EfftJ5qkLvcTrrNQ # b+Jja8z56puW6XFfOS9/A4ddjFKOAuzSjAQt4bRpT+Dge3ti2q9nuLxswyCpH49N # eV0fEKs7Ejo1ki4+xszxDarsaD3wTz1moWHeqor+g2ti58VIMC5jC256QjGln9vt # lDrNDc07NTo5vJpB48Org2B0u2uRVbld6lOhkDmzh6hTyKJe/dszj6VaKV4hP0x1 # NAyd3HEFYFvkyUMXCTMOxEReJwb5V6UmhN8LbID0X/Wg/nX1TWdCPLegrBUg2a56 # KdJE0NGt5MyEOUCrZXSEqns7Fg== # SIG # End signature block |