PSRule.Rules.Azure.psm1
|
# Copyright (c) Microsoft Corporation. # Licensed under the MIT License. # # PSRule.Rules.Azure module # $m = Import-Module 'Az.Resources' -MinimumVersion 5.6.0 -Global -ErrorAction SilentlyContinue -PassThru; if ($Null -eq $m) { Write-Warning -Message "To use PSRule for Azure export cmdlets please install Az.Resources."; } Set-StrictMode -Version latest; [PSRule.Rules.Azure.Configuration.PSRuleOption]::UseExecutionContext($ExecutionContext); # # Localization # # # Public functions # #region Public functions # .ExternalHelp PSRule.Rules.Azure-help.xml function Export-AzRuleData { [CmdletBinding(SupportsShouldProcess = $True, DefaultParameterSetName = 'Default')] [OutputType([System.IO.FileInfo])] [OutputType([PSObject])] param ( [Parameter(Position = 0, Mandatory = $False)] [String]$OutputPath = $PWD, # Filter by Subscription name or id [Parameter(Mandatory = $False, ParameterSetName = 'Default')] [String[]]$Subscription = $Null, # Filter by Tenant id [Parameter(Mandatory = $False, ParameterSetName = 'Default')] [String[]]$Tenant = $Null, # Filter by Resource Group name [Parameter(Mandatory = $False)] [String[]]$ResourceGroupName = $Null, # Filter by Tag [Parameter(Mandatory = $False)] [Hashtable]$Tag, [Parameter(Mandatory = $False)] [Switch]$PassThru = $False, [Parameter(Mandatory = $False, ParameterSetName = 'All')] [Switch]$All = $False ) begin { Write-Verbose -Message "[Export-AzRuleData] BEGIN::"; } process { # Get subscriptions $context = FindAzureContext -Subscription $Subscription -Tenant $Tenant -All:$All -Verbose:$VerbosePreference; if ($Null -eq $context) { return; } if (!(Test-Path -Path $OutputPath)) { if ($PSCmdlet.ShouldProcess('Create output directory', $OutputPath)) { $Null = New-Item -Path $OutputPath -ItemType Directory -Force; } } $getParams = @{ }; $filterParams = @{ }; if ($PSBoundParameters.ContainsKey('Tag')) { $getParams['Tag'] = $Tag; } if ($PSBoundParameters.ContainsKey('ResourceGroupName')) { $getParams['ResourceGroupName'] = $ResourceGroupName; $filterParams['ResourceGroupName'] = $ResourceGroupName; } foreach ($c in $context) { Write-Verbose -Message "[Export] -- Using subscription: $($c.Subscription.Name)"; $filePath = Join-Path -Path $OutputPath -ChildPath "$($c.Subscription.Id).json"; GetAzureResource @getParams -Context $c -Verbose:$VerbosePreference ` | FilterAzureResource @filterParams -Verbose:$VerbosePreference ` | ExportAzureResource -Path $filePath -PassThru $PassThru -Verbose:$VerbosePreference; } } end { Write-Verbose -Message "[Export-AzRuleData] END::"; } } # .ExternalHelp PSRule.Rules.Azure-help.xml function Export-AzRuleTemplateData { [CmdletBinding()] [OutputType([System.IO.FileInfo])] [OutputType([PSObject])] param ( [Parameter(Position = 0, Mandatory = $False)] [String]$Name, [Parameter(Mandatory = $True, ValueFromPipelineByPropertyName = $True)] [String]$TemplateFile, [Parameter(Mandatory = $False, ValueFromPipelineByPropertyName = $True)] [Alias('TemplateParameterFile')] [String[]]$ParameterFile, [Parameter(Mandatory = $False)] [Alias('ResourceGroupName')] [PSRule.Rules.Azure.Configuration.ResourceGroupReference]$ResourceGroup, [Parameter(Mandatory = $False)] [PSRule.Rules.Azure.Configuration.SubscriptionReference]$Subscription, [Parameter(Mandatory = $False)] [String]$OutputPath = $PWD, [Parameter(Mandatory = $False)] [Switch]$PassThru = $False ) begin { Write-Verbose -Message '[Export-AzRuleTemplateData] BEGIN::'; if ($MyInvocation.InvocationName -eq 'Export-AzTemplateRuleData') { Write-Warning -Message "The cmdlet 'Export-AzTemplateRuleData' is has been renamed to 'Export-AzRuleTemplateData'. Use of 'Export-AzTemplateRuleData' is deprecated and will be removed in the next major version." } $Option = [PSRule.Rules.Azure.Configuration.PSRuleOption]::FromFileOrDefault($PWD); $Option.Output.Path = $OutputPath; # Build the pipeline $builder = [PSRule.Rules.Azure.Pipeline.PipelineBuilder]::Template($Option); $builder.Deployment($Name); $builder.PassThru($PassThru); # Bind to subscription context if ($PSBoundParameters.ContainsKey('Subscription')) { $subscriptionOption = GetSubscription -InputObject $Subscription -ErrorAction SilentlyContinue; if ($Null -ne $subscriptionOption) { $builder.Subscription($subscriptionOption); } } # Bind to resource group if ($PSBoundParameters.ContainsKey('ResourceGroup')) { $resourceGroupOption = GetResourceGroup -InputObject $ResourceGroup -ErrorAction SilentlyContinue; if ($Null -ne $resourceGroupOption) { $builder.ResourceGroup($resourceGroupOption); } } $builder.UseCommandRuntime($PSCmdlet); $builder.UseExecutionContext($ExecutionContext); try { $pipeline = $builder.Build(); $pipeline.Begin(); } catch { $pipeline.Dispose(); } } process { if ($Null -ne (Get-Variable -Name pipeline -ErrorAction SilentlyContinue)) { try { $source = [PSRule.Rules.Azure.Pipeline.TemplateSource]::new($TemplateFile, $ParameterFile); $pipeline.Process($source); } catch { $pipeline.Dispose(); throw; } } } end { if ($Null -ne (Get-Variable -Name pipeline -ErrorAction SilentlyContinue)) { try { $pipeline.End(); } finally { $pipeline.Dispose(); } } Write-Verbose -Message '[Export-AzRuleTemplateData] END::'; } } # .ExternalHelp PSRule.Rules.Azure-help.xml function Get-AzRuleTemplateLink { [CmdletBinding()] [OutputType([PSRule.Rules.Azure.Data.Metadata.ITemplateLink])] param ( [Parameter(Position = 1, Mandatory = $False, ValueFromPipelineByPropertyName = $True)] [Alias('f', 'TemplateParameterFile', 'FullName')] [SupportsWildcards()] [String[]]$InputPath = '*.parameters.json', [Parameter(Mandatory = $False)] [Switch]$SkipUnlinked, [Parameter(Position = 0, Mandatory = $False)] [Alias('p')] [String]$Path = $PWD ) begin { Write-Verbose -Message '[Get-AzRuleTemplateLink] BEGIN::'; # Build the pipeline $builder = [PSRule.Rules.Azure.Pipeline.PipelineBuilder]::TemplateLink($Path); $builder.SkipUnlinked($SkipUnlinked); $builder.UseCommandRuntime($PSCmdlet); $builder.UseExecutionContext($ExecutionContext); $pipeline = $builder.Build(); if ($Null -ne (Get-Variable -Name pipeline -ErrorAction SilentlyContinue)) { try { $pipeline.Begin(); } catch { $pipeline.Dispose(); throw; } } } process { if ($Null -ne (Get-Variable -Name pipeline -ErrorAction SilentlyContinue)) { try { foreach ($p in $InputPath) { $pipeline.Process($p); } } catch { $pipeline.Dispose(); throw; } } } end { if ($Null -ne (Get-Variable -Name pipeline -ErrorAction SilentlyContinue)) { try { $pipeline.End(); } finally { $pipeline.Dispose(); } } Write-Verbose -Message '[Get-AzRuleTemplateLink] END::'; } } function Export-AzPolicyAssignmentData { [CmdletBinding(SupportsShouldProcess = $True, DefaultParameterSetName = 'Default')] [OutputType([System.IO.FileInfo])] [OutputType([PSObject])] param ( # Name of policy assignment [Parameter(ParameterSetName = 'Name', Mandatory = $False)] [String]$Name, # Fully qualified resource ID of policy assignment [Parameter(ParameterSetName = 'Id', Mandatory = $True)] [Alias('AssignmentId')] [String]$Id, # Specifies assignment policy scope [Parameter(ParameterSetName = 'Name', Mandatory = $False)] [Parameter(ParameterSetName = 'IncludeDescendent', Mandatory = $False)] [String]$Scope, # Specifies the policy definition ID of the policy assignment [Parameter(ParameterSetName = 'Name', Mandatory = $False)] [Parameter(ParameterSetName = 'Id', Mandatory = $False)] [String]$PolicyDefinitionId, # Include all assignments related to given scope [Parameter(ParameterSetName = 'IncludeDescendent', Mandatory = $True)] [Switch]$IncludeDescendent = $False, [Parameter(Mandatory = $False)] [String]$OutputPath = $PWD, [Parameter(Mandatory = $False)] [Switch]$PassThru = $False ) begin { Write-Verbose -Message '[Export-AzPolicyAssignmentData] BEGIN::'; } process { $context = GetAzureContext -ErrorAction SilentlyContinue if ($Null -eq $context) { Write-Error -Message 'Could not find an existing context. Use Connect-AzAccount to establish a PowerShell context with Azure.'; return; } if (!(Test-Path -Path $OutputPath)) { if ($PSCmdlet.ShouldProcess('Create output directory', $OutputPath)) { $Null = New-Item -Path $OutputPath -ItemType Directory -Force; } } $getParams = @{ }; Write-Verbose -Message "Parameter Set: $($PSCmdlet.ParameterSetName)"; if ($PSCmdlet.ParameterSetName -eq 'Name') { if ($PSBoundParameters.ContainsKey('Name')) { $getParams['Name'] = $Name; } if ($PSBoundParameters.ContainsKey('PolicyDefinitionId')) { $getParams['PolicyDefinitionId'] = $PolicyDefinitionId; } if ($PSBoundParameters.ContainsKey('Scope')) { $getParams['Scope'] = $Scope; } else { $getParams['Scope'] = GetDefaultSubscriptionScope -Context $context } Write-Verbose -Message "Scope: $($getParams['Scope'])"; } elseif ($PSCmdlet.ParameterSetName -eq 'Id') { $getParams['Id'] = $Id; if ($PSBoundParameters.ContainsKey('PolicyDefinitionId')) { $getParams['PolicyDefinitionId'] = $PolicyDefinitionId; } } elseif ($PSCmdlet.ParameterSetName -eq 'IncludeDescendent') { $getParams['IncludeDescendent'] = $IncludeDescendent; if ($PSBoundParameters.ContainsKey('Scope')) { $getParams['Scope'] = $Scope; } else { $getParams['Scope'] = GetDefaultSubscriptionScope -Context $context } } Write-Verbose -Message "[Export] -- Using subscription: $($context.Subscription.Name)"; $filePath = Join-Path -Path $OutputPath -ChildPath "$($context.Subscription.Id).assignment.json"; Get-AzPolicyAssignment @getParams -Verbose:$VerbosePreference ` | ExpandPolicyAssignment -Context $context -Verbose:$VerbosePreference ` | ExportAzureResource -Path $filePath -PassThru $PassThru -Verbose:$VerbosePreference; } end { Write-Verbose -Message "[Export-AzPolicyAssignmentData] END::"; } } function Export-AzPolicyAssignmentRuleData { [CmdletBinding(DefaultParameterSetName = 'Default')] [OutputType([System.IO.FileInfo])] [OutputType([PSObject])] param ( # Name of Policy assignment [Parameter(Mandatory = $False)] [String]$Name, # Assignment file path [Parameter(Mandatory = $True, ValueFromPipelineByPropertyName = $True)] [String]$AssignmentFile, [Parameter(Mandatory = $False)] [Alias('ResourceGroupName')] [PSRule.Rules.Azure.Configuration.ResourceGroupReference]$ResourceGroup, [Parameter(Mandatory = $False)] [PSRule.Rules.Azure.Configuration.SubscriptionReference]$Subscription, [Parameter(Mandatory = $False)] [String]$OutputPath = $PWD, [Parameter(Mandatory = $False)] [Switch]$PassThru = $False ) begin { Write-Verbose -Message '[Export-AzPolicyAssignmentRuleData] BEGIN::'; $option = [PSRule.Rules.Azure.Configuration.PSRuleOption]::FromFileOrDefault($PWD); $option.Output.Path = $OutputPath; # Build the pipeline $builder = [PSRule.Rules.Azure.Pipeline.PipelineBuilder]::Assignment($option); $builder.Assignment($Name); $builder.PassThru($PassThru); # Bind to subscription context if ($PSBoundParameters.ContainsKey('Subscription')) { $subscriptionOption = GetSubscription -InputObject $Subscription -ErrorAction SilentlyContinue; if ($Null -ne $subscriptionOption) { $builder.Subscription($subscriptionOption); } } # Bind to resource group if ($PSBoundParameters.ContainsKey('ResourceGroup')) { $resourceGroupOption = GetResourceGroup -InputObject $ResourceGroup -ErrorAction SilentlyContinue; if ($Null -ne $resourceGroupOption) { $builder.ResourceGroup($resourceGroupOption); } } $builder.UseCommandRuntime($PSCmdlet); $builder.UseExecutionContext($ExecutionContext); try { $pipeline = $builder.Build(); $pipeline.Begin(); } catch { $pipeline.Dispose(); } } process { if ($Null -ne (Get-Variable -Name pipeline -ErrorAction SilentlyContinue)) { try { $source = [PSRule.Rules.Azure.Pipeline.PolicyAssignmentSource]::new($AssignmentFile); $pipeline.Process($source); } catch { $pipeline.Dispose(); throw; } } } end { if ($Null -ne (Get-Variable -Name pipeline -ErrorAction SilentlyContinue)) { try { $pipeline.End(); } finally { $pipeline.Dispose(); } } Write-Verbose -Message '[Export-AzPolicyAssignmentRuleData] END::'; } } function Get-AzPolicyAssignmentDataSource { [CmdletBinding(DefaultParameterSetName = 'Default')] [OutputType([PSRule.Rules.Azure.Pipeline.PolicyAssignmentSource])] param ( [Parameter(Mandatory = $False, ValueFromPipelineByPropertyName = $True)] [Alias('f', 'AssignmentFile', 'FullName')] [SupportsWildcards()] [String[]]$InputPath = '*.assignment.json', [Parameter(Mandatory = $False)] [Alias('p')] [String]$Path = $PWD ) begin { Write-Verbose -Message '[Get-AzPolicyAssignmentDataSource] BEGIN::'; # Build the pipeline $builder = [PSRule.Rules.Azure.Pipeline.PipelineBuilder]::AssignmentSearch($Path); $builder.UseCommandRuntime($PSCmdlet); $builder.UseExecutionContext($ExecutionContext); $pipeline = $builder.Build(); if ($Null -ne (Get-Variable -Name pipeline -ErrorAction SilentlyContinue)) { try { $pipeline.Begin(); } catch { $pipeline.Dispose(); throw; } } } process { if ($Null -ne (Get-Variable -Name pipeline -ErrorAction SilentlyContinue)) { try { foreach ($p in $InputPath) { $pipeline.Process($p); } } catch { $pipeline.Dispose(); throw; } } } end { if ($Null -ne (Get-Variable -Name pipeline -ErrorAction SilentlyContinue)) { try { $pipeline.End(); } finally { $pipeline.Dispose(); } } Write-Verbose -Message '[Get-AzPolicyAssignmentDataSource] END::'; } } #endregion Public functions # # Helper functions # function GetDefaultSubscriptionScope { [CmdletBinding()] param ( [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { return [string]::Concat('/subscriptions/', $context.Subscription.Id); } } function GetResourceGroup { [CmdletBinding()] [OutputType([PSRule.Rules.Azure.Configuration.ResourceGroupOption])] param ( [Parameter(Mandatory = $True)] [PSRule.Rules.Azure.Configuration.ResourceGroupReference]$InputObject ) process { $result = $InputObject.ToResourceGroupOption(); if ($InputObject.FromName) { $o = Get-AzResourceGroup -Name $InputObject.Name -ErrorAction SilentlyContinue; if ($Null -ne $o) { $result.Name = $o.ResourceGroupName $result.Location = $o.Location $result.ManagedBy = $o.ManagedBy $result.Properties.ProvisioningState = $o.ProvisioningState $result.Tags = $o.Tags } } return $result; } } function GetSubscription { [CmdletBinding()] [OutputType([PSRule.Rules.Azure.Configuration.SubscriptionOption])] param ( [Parameter(Mandatory = $True)] [PSRule.Rules.Azure.Configuration.SubscriptionReference]$InputObject ) process { $result = $InputObject.ToSubscriptionOption(); if ($InputObject.FromName) { $o = (Set-AzContext -Subscription $InputObject.DisplayName -ErrorAction SilentlyContinue).Subscription; if ($Null -ne $o) { $result.DisplayName = $o.Name $result.SubscriptionId = $o.SubscriptionId $result.State = $o.State $result.TenantId = $o.TenantId } } return $result; } } function FindAzureContext { [CmdletBinding()] [OutputType([Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer[]])] param ( [Parameter(Mandatory = $False)] [String[]]$Subscription = $Null, [Parameter(Mandatory = $False)] [String[]]$Tenant = $Null, [Parameter(Mandatory = $False)] [System.Boolean]$All = $False ) process { $listAvailable = $False; if ($Null -ne $Subscription -or $Null -ne $Tenant -or $All) { $listAvailable = $True; } # Get subscription contexts $context = @(GetAzureContext -ListAvailable:$listAvailable); if ($Null -eq $context -and $context.Length -gt 0) { Write-Error -Message 'Could not find an existing context. Use Connect-AzAccount to establish a PowerShell context with Azure.'; return; } Write-Verbose "[Context] -- Found ($($context.Length)) subscription contexts"; $filteredContext = @($context | ForEach-Object -Process { if ( ($Null -eq $Tenant -or $Tenant.Length -eq 0 -or ($_.Tenant.Id -in $Tenant)) -and ($Null -eq $Subscription -or $Subscription.Length -eq 0 -or ($_.Subscription.Id -in $Subscription) -or ($_.Subscription.Name -in $Subscription)) ) { $_; Write-Verbose "[Context] -- Using subscription: $($_.Subscription.Name)"; } }) Write-Verbose "[Context] -- Using [$($filteredContext.Length)/$($context.Length)] subscription contexts"; return $filteredContext; } } function GetAzureContext { [CmdletBinding()] [OutputType([Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer[]])] param ( [Parameter(Mandatory = $False)] [System.Boolean]$ListAvailable = $False ) process { $getParams = @{ }; if ($ListAvailable) { $getParams['ListAvailable'] = $True; } # Get contexts return Get-AzContext @getParams; } } function GetAzureResource { [CmdletBinding()] [OutputType([PSObject])] param ( [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context, [Parameter(Mandatory = $False)] [Hashtable]$Tag, [Parameter(Mandatory = $False)] [String[]]$ResourceGroupName = $Null ) begin { $watch = New-Object -TypeName System.Diagnostics.Stopwatch; } process { $resourceParams = @{ }; $rgParams = @{ }; if ($PSBoundParameters.ContainsKey('Tag')) { $resourceParams['Tag'] = $Tag; $rgParams['Tag'] = $Tag; } try { Write-Verbose -Message "[Export] -- Getting Azure resources"; $watch.Restart(); if ($PSBoundParameters.ContainsKey('ResourceGroupName')) { foreach ($rg in $ResourceGroupName) { Write-Verbose -Message "[Export] -- Getting Azure resources for Resource Group: $rg"; Get-AzResource @resourceParams -ResourceGroupName $rg -ExpandProperties -ODataQuery "SubscriptionId EQ '$($Context.DefaultContext.Subscription.Id)'" -DefaultProfile $Context ` | ExpandResource -Context $Context -Verbose:$VerbosePreference; Get-AzResourceGroup @rgParams -Name $rg -DefaultProfile $Context | SetResourceType 'Microsoft.Resources/resourceGroups' | ExpandResource -Context $Context -Verbose:$VerbosePreference; } } else { Get-AzResource @resourceParams -ExpandProperties -DefaultProfile $Context | ExpandResource -Context $Context -Verbose:$VerbosePreference; Get-AzResourceGroup @rgParams -DefaultProfile $Context | SetResourceType 'Microsoft.Resources/resourceGroups' | ExpandResource -Context $Context -Verbose:$VerbosePreference; } Write-Verbose -Message "[Export] -- Azure resources exported in [$($watch.ElapsedMilliseconds) ms]"; $watch.Restart(); Write-Verbose -Message "[Export] -- Getting Azure subscription: $($Context.DefaultContext.Subscription.Id)"; Get-AzSubscription -SubscriptionId $Context.DefaultContext.Subscription.Id | SetResourceType 'Microsoft.Subscription' | ExpandResource -Context $Context -Verbose:$VerbosePreference; Write-Verbose -Message "[Export] -- Azure subscription exported in [$($watch.ElapsedMilliseconds) ms]"; } finally { $watch.Stop(); } } } function FilterAzureResource { [CmdletBinding()] [OutputType([PSObject])] param ( [Parameter(Mandatory = $False)] [String[]]$ResourceGroupName = $Null, [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$InputObject ) process { if (($Null -eq $ResourceGroupName) -or ($InputObject.ResourceType -eq 'Microsoft.Subscription') -or (@($InputObject.PSObject.Properties | Where-Object { $_.Name -eq 'ResourceGroupName' }).Length -eq 0)) { return $InputObject; } elseif ($InputObject.ResourceGroupName -in $ResourceGroupName) { return $InputObject; } } } function ExportAzureResource { [CmdletBinding(SupportsShouldProcess = $True)] [OutputType([System.IO.FileInfo])] [OutputType([PSObject])] param ( [Parameter(Mandatory = $True)] [String]$Path, [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$InputObject, [Parameter(Mandatory = $False)] [System.Boolean]$PassThru = $False ) begin { $resources = @(); } process { if ($PassThru) { $InputObject; } else { # Collect passed through resources $resources += $InputObject; } } end { $watch = New-Object -TypeName System.Diagnostics.Stopwatch; Write-Verbose -Message "[Export] -- Exporting to JSON"; $watch.Restart(); if (!$PassThru) { # Save to JSON ConvertTo-Json -InputObject $resources -Depth 100 | Set-Content -Path $Path; Get-Item -Path $Path; } $watch.Stop(); Write-Verbose -Message "[Export] -- Exported to JSON in [$($watch.ElapsedMilliseconds) ms]"; } } function GetSubResource { [CmdletBinding()] param ( [Parameter(Mandatory = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context, [Parameter(Mandatory = $True)] [String]$ResourceType, [Parameter(Mandatory = $True)] [String]$ApiVersion ) process { $getParams = @{ Name = $Resource.Name ResourceType = $ResourceType ResourceGroupName = $Resource.ResourceGroupName DefaultProfile = $Context ApiVersion = $ApiVersion } try { Get-AzResource @getParams -ExpandProperties; } catch { Write-Warning -Message "Failed to read $($Resource.Name): $ResourceType"; } } } function GetResourceById { [CmdletBinding()] param ( [Parameter(Mandatory = $True)] [PSObject]$ResourceId, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context, [Parameter(Mandatory = $True)] [String]$ApiVersion ) process { $getParams = @{ ResourceId = $ResourceId DefaultProfile = $Context ApiVersion = $ApiVersion } try { Get-AzResource @getParams -ExpandProperties; } catch { Write-Warning -Message "Failed to read $ResourceId"; } } } function GetSubResourceId { [CmdletBinding()] param ( [Parameter(Mandatory = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context, [Parameter(Mandatory = $True)] [String]$Property, [Parameter(Mandatory = $True)] [String]$ApiVersion ) process { $getParams = @{ ResourceId = [String]::Concat($Resource.Id, '/', $Property) DefaultProfile = $Context ApiVersion = $ApiVersion } try { Get-AzResource @getParams -ExpandProperties; } catch { Write-Warning -Message "Failed to read $($Resource.Name): $Property"; } } } function GetRestProperty { [CmdletBinding()] param ( [Parameter(Mandatory = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context, [Parameter(Mandatory = $True)] [String]$Property, [Parameter(Mandatory = $True)] [String]$ApiVersion ) process { try { $token = GetRestToken -Context $Context; $getParams = @{ Uri = [String]::Concat('https://management.azure.com', $Resource.Id, '/', $Property, '?api-version=', $ApiVersion) Headers = @{ Authorization = "Bearer $($token)" } } Invoke-RestMethod -Method Get @getParams -UseBasicParsing -Verbose:$VerbosePreference; } catch { Write-Warning -Message "Failed to read $($Resource.Name): $Property"; } } } function GetRestToken { [CmdletBinding()] [OutputType([String])] param ( [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { return ($Context.DefaultContext.TokenCache.ReadItems() | Where-Object { $_.TenantId -eq $Context.DefaultContext.Tenant.Id -and $_.Resource -eq 'https://management.core.windows.net/' -and $_.Authority -eq "https://login.windows.net/$($Context.DefaultContext.Tenant.Id)/" }).AccessToken; } } function GetSubProvider { [CmdletBinding()] param ( [Parameter(Mandatory = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context, [Parameter(Mandatory = $True)] [String]$ResourceType, [Parameter(Mandatory = $True)] [String]$ApiVersion, [Parameter(Mandatory = $False)] [Switch]$ExpandProperties ) process { $getParams = @{ ResourceId = [String]::Concat($Resource.Id, '/providers/', $ResourceType) DefaultProfile = $Context ApiVersion = $ApiVersion } try { Get-AzResource @getParams -ExpandProperties:$ExpandProperties; } catch { Write-Warning -Message "Failed to read $($Resource.Name): $ResourceType"; } } } function VisitAPIManagement { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $apis += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ApiManagement/service/apis' -ApiVersion '2019-12-01'; foreach ($api in $apis) { $resources += $api; $apiParams = @{ Name = "$($Resource.Name)/$($api.Name)" ResourceType = 'Microsoft.ApiManagement/service/apis/policies' ResourceGroupName = $Resource.ResourceGroupName DefaultProfile = $Context ApiVersion = '2019-12-01' }; $resources += Get-AzResource @apiParams; } # Add zones in from REST API because they are not included from Get-AzResource $apiManagementServicePrimaryZones = ((Invoke-AzRestMethod -Path "$($Resource.ResourceId)?api-version=2020-12-01" -Method GET).Content | ConvertFrom-Json).zones; $Resource = $Resource | Add-Member -MemberType NoteProperty -Name zones -Value $apiManagementServicePrimaryZones -PassThru; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ApiManagement/service/backends' -ApiVersion '2019-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ApiManagement/service/products' -ApiVersion '2019-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ApiManagement/service/policies' -ApiVersion '2019-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ApiManagement/service/identityProviders' -ApiVersion '2019-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ApiManagement/service/diagnostics' -ApiVersion '2019-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ApiManagement/service/loggers' -ApiVersion '2019-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ApiManagement/service/certificates' -ApiVersion '2019-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ApiManagement/service/namedValues' -ApiVersion '2019-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ApiManagement/service/portalsettings' -ApiVersion '2019-12-01'; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitSqlServer { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $sqlServer = $resource; $resources = @(); # Get SQL Server firewall rules $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.Sql/servers/firewallRules' -ApiVersion '2015-05-01-preview'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.Sql/servers/administrators' -ApiVersion '2014-04-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.Sql/servers/securityAlertPolicies' -ApiVersion '2017-03-01-preview'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.Sql/servers/vulnerabilityAssessments' -ApiVersion '2018-06-01-preview'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.Sql/servers/auditingSettings' -ApiVersion '2017-03-01-preview'; $sqlServer | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitSqlDatabase { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $getParams = @{ ResourceGroupName = $Resource.ResourceGroupName DefaultProfile = $Context ErrorAction = 'SilentlyContinue' } $idParts = $Resource.ResourceId.Split('/'); $serverName = $idParts[-3]; $resourceName = "$serverName/$($Resource.Name)"; $resources += Get-AzResource @getParams -Name $resourceName -ResourceType 'Microsoft.Sql/servers/databases/dataMaskingPolicies' -ApiVersion '2014-04-01' -ExpandProperties $resources += Get-AzResource @getParams -Name $resourceName -ResourceType 'Microsoft.Sql/servers/databases/transparentDataEncryption' -ApiVersion '2014-04-01' -ExpandProperties; $resources += Get-AzResource @getParams -Name $resourceName -ResourceType 'Microsoft.Sql/servers/databases/connectionPolicies' -ApiVersion '2014-04-01' -ExpandProperties; $resources += Get-AzResource @getParams -Name $resourceName -ResourceType 'Microsoft.Sql/servers/databases/geoBackupPolicies' -ApiVersion '2014-04-01' -ExpandProperties; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitPostgreSqlServer { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $sqlServer = $resource; $resources = @(); # Get Postgre SQL Server firewall rules $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.DBforPostgreSQL/servers/firewallRules' -ApiVersion '2017-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.DBforPostgreSQL/servers/securityAlertPolicies' -ApiVersion '2017-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.DBforPostgreSQL/servers/configurations' -ApiVersion '2017-12-01'; $sqlServer | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitMySqlServer { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $sqlServer = $resource; $resources = @(); # Get MySQL Server firewall rules $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.DBforMySQL/servers/firewallRules' -ApiVersion '2017-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.DBforMySQL/servers/securityAlertPolicies' -ApiVersion '2017-12-01'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.DBforMySQL/servers/configurations' -ApiVersion '2017-12-01'; $sqlServer | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitSqlManagedInstance { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $sqlMI = $resource; $resources = @(); $resources += Get-AzResource -Name $resource.Name -ResourceType 'Microsoft.Sql/managedInstances/securityAlertPolicies' -ResourceGroupName $resource.ResourceGroupName -DefaultProfile $Context -ApiVersion '2017-03-01-preview' -ExpandProperties; $resources += Get-AzResource -Name $resource.Name -ResourceType 'Microsoft.Sql/managedInstances/vulnerabilityAssessments' -ResourceGroupName $resource.ResourceGroupName -DefaultProfile $Context -ApiVersion '2018-06-01-preview' -ExpandProperties; $resources += Get-AzResource -Name $resource.Name -ResourceType 'Microsoft.Sql/managedInstances/administrators' -ResourceGroupName $resource.ResourceGroupName -DefaultProfile $Context -ApiVersion '2017-03-01-preview' -ExpandProperties; $sqlMI | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitAutomationAccount { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $aa = $Resource $resources = @(); $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.Automation/AutomationAccounts/variables' -ApiVersion '2015-10-31'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.Automation/AutomationAccounts/webhooks' -ApiVersion '2015-10-31'; $diagnosticSettingsResourceParams = @{ Name = $Resource.Name ResourceType = 'Microsoft.Automation/automationAccounts/providers/microsoft.insights/diagnosticSettings' ResourceGroupName = $Resource.ResourceGroupName DefaultProfile = $Context ExpandProperties = $True ApiVersion = '2021-05-01-preview' } $resources += Get-AzResource @diagnosticSettingsResourceParams $aa | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } # function VisitDataFactoryV2 { # param ( # [Parameter(Mandatory = $True, ValueFromPipeline = $True)] # [PSObject]$Resource, # [Parameter(Mandatory = $True)] # [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context # ) # process { # $df = $resource; # $resources = @(); # # Get linked services # $resources += Get-AzDataFactoryV2LinkedService -DataFactoryName $resource.Name -ResourceGroupName $resource.ResourceGroupName -DefaultProfile $Context | ForEach-Object -Process { # $linkedService = $_; # $type = $linkedService.Properties.GetType().Name; # $linkedService.Properties.AdditionalProperties = $Null; # if ($Null -ne $linkedService.Properties.EncryptedCredential) { # $linkedService.Properties.EncryptedCredential = $Null; # } # $linkedService | Add-Member -MemberType NoteProperty -Name 'ResourceType' -Value 'linkedServices'; # $linkedService | Add-Member -MemberType NoteProperty -Name 'Type' -Value $type; # $linkedService; # }; # $df | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; # } # } function VisitCDNEndpoint { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $resources += GetSubResourceId @PSBoundParameters -Property 'customdomains' -ApiVersion '2019-04-15'; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitContainerRegistry { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ContainerRegistry/registries/replications' -ApiVersion '2019-12-01-preview'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ContainerRegistry/registries/webhooks' -ApiVersion '2019-12-01-preview'; $resources += GetSubResource @PSBoundParameters -ResourceType 'Microsoft.ContainerRegistry/registries/tasks' -ApiVersion '2019-06-01-preview'; $resources += GetRestProperty @PSBoundParameters -Property 'listUsages' -ApiVersion '2019-05-01' | SetResourceType 'Microsoft.ContainerRegistry/registries/listUsages'; $resources += GetSubProvider @PSBoundParameters -ResourceType 'Microsoft.Security/assessments' -ApiVersion '2019-01-01-preview'; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitAKSCluster { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); # Only add VNET resource if AKS cluster is using Azure CNI network plugin # Supported network plugins: azure or kubenet # https://docs.microsoft.com/en-us/azure/templates/microsoft.containerservice/managedclusters?tabs=json#containerservicenetworkprofile-object if ($Resource.Properties.networkProfile.networkPlugin -eq 'azure') { $nodePools = @($Resource.Properties.agentPoolProfiles); foreach ($nodePool in $nodePools) { $vnetId = $nodePool.vnetSubnetID; $resources += GetResourceById -ResourceId $vnetId -ApiVersion '2020-05-01' -Context $Context; } } $resources += Get-AzResource -Name $Resource.Name -ResourceType 'Microsoft.ContainerService/managedClusters/providers/microsoft.insights/diagnosticSettings' -ResourceGroupName $Resource.ResourceGroupName -DefaultProfile $Context -ApiVersion '2017-05-01-preview' -ExpandProperties; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitPublicIP { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { # Get-AzResource does not return zones, even with latest API version # Had to fetch the zones using ARM REST API and insert them into the resource # Logged an issue with Az PowerShell: https://github.com/Azure/azure-powershell/issues/15905 $publicIp = ((Invoke-AzRestMethod -Path "$($Resource.ResourceId)?api-version=2021-02-01" -Method GET).Content | ConvertFrom-Json).PSObject.Properties['zones']; if ($Null -ne $publicIp) { $Resource | Add-Member -MemberType NoteProperty -Name zones -Value $publicIp.value -PassThru; } else { $Resource; } } } function VisitRedisCache { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { # Get-AzResource does not return zones, even with latest API version # Had to fetch the zones using ARM REST API and insert them into the resource # Logged an issue with Az PowerShell: https://github.com/Azure/azure-powershell/issues/15905 $redisCacheZones = ((Invoke-AzRestMethod -Path "$($Resource.ResourceId)?api-version=2021-06-01" -Method GET).Content | ConvertFrom-Json).PSObject.Properties['zones']; if ($Null -ne $redisCacheZones) { $Resource | Add-Member -MemberType NoteProperty -Name zones -Value $redisCacheZones.value -PassThru; } else { $Resource; } } } function VisitRedisEnterpriseCache { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { # Get-AzResource does not return zones, even with latest API version # Had to fetch the zones using ARM REST API and insert them into the resource # Logged an issue with Az PowerShell: https://github.com/Azure/azure-powershell/issues/15905 $redisEnterpriseCacheZones = ((Invoke-AzRestMethod -Path "$($Resource.ResourceId)?api-version=2021-08-01" -Method GET).Content | ConvertFrom-Json).PSObject.Properties['zones']; if ($Null -ne $redisEnterpriseCacheZones) { $Resource | Add-Member -MemberType NoteProperty -Name zones -Value $redisEnterpriseCacheZones.value -PassThru; } else { $Resource; } } } function VisitStorageAccount { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); if ($Resource.Kind -ne 'FileStorage') { $blobServices = @(GetSubResource @PSBoundParameters -ResourceType 'Microsoft.Storage/storageAccounts/blobServices' -ApiVersion '2019-04-01'); foreach ($blobService in $blobServices) { $resources += $blobService; $resources += Get-AzResource -Name "$($Resource.Name)/$($blobService.Name)" -ResourceType 'Microsoft.Storage/storageAccounts/blobServices/containers' -ResourceGroupName $Resource.ResourceGroupName -DefaultProfile $Context -ApiVersion '2019-04-01' -ExpandProperties; } } $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitStorageSyncService { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $resources += Get-AzStorageSyncServer -ParentResourceId $Resource.ResourceId -DefaultProfile $Context; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitWebApp { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $configResourceType = 'Microsoft.Web/sites/config'; # Handle slots if ($Resource.ResourceType -eq 'Microsoft.Web/sites/slots') { $configResourceType = 'Microsoft.Web/sites/slots/config'; } $resources += Get-AzResource -Name $Resource.Name -ResourceType $configResourceType -ResourceGroupName $Resource.ResourceGroupName -DefaultProfile $Context -ApiVersion '2018-11-01' -ExpandProperties; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitRecoveryServices { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $resources += Get-AzResource -Name $resource.Name -ResourceType 'Microsoft.RecoveryServices/vaults/replicationRecoveryPlans' -ResourceGroupName $resource.ResourceGroupName -DefaultProfile $Context -ApiVersion '2018-07-10' -ExpandProperties; $resources += Get-AzResource -Name $resource.Name -ResourceType 'Microsoft.RecoveryServices/vaults/replicationAlertSettings' -ResourceGroupName $resource.ResourceGroupName -DefaultProfile $Context -ApiVersion '2018-07-10' -ExpandProperties; $resources += Get-AzResource -Name $resource.Name -ResourceType 'Microsoft.RecoveryServices/vaults/backupstorageconfig/vaultstorageconfig' -ResourceGroupName $resource.ResourceGroupName -DefaultProfile $Context -ApiVersion '2018-07-10' -ExpandProperties; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitVirtualMachine { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $networkInterfaceId = $Resource.Properties.networkProfile.networkInterfaces.id; foreach ($id in $networkInterfaceId) { $resources += Get-AzResource -ResourceId $id -ExpandProperties -DefaultProfile $Context; } $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitKeyVault { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $resources += Get-AzResource -Name $resource.Name -ResourceType 'Microsoft.KeyVault/vaults/providers/microsoft.insights/diagnosticSettings' -ResourceGroupName $resource.ResourceGroupName -DefaultProfile $Context -ApiVersion '2017-05-01-preview' -ExpandProperties; $resources += GetResourceById -ResourceId "$($Resource.Id)/keys" -Context $Context -ApiVersion '2021-11-01-preview'; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitFrontDoor { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { # Patch Front Door properties not fully returned from the default API version $Resource = Get-AzResource -Name $resource.Name -ResourceGroupName $resource.ResourceGroupName -DefaultProfile $Context -ResourceType 'Microsoft.Network/frontdoors' -ExpandProperties -ApiVersion '2018-08-01'; $resources = @(); $resources += Get-AzResource -Name $resource.Name -ResourceType 'Microsoft.Network/frontdoors/providers/microsoft.insights/diagnosticSettings' -ResourceGroupName $resource.ResourceGroupName -DefaultProfile $Context -ApiVersion '2017-05-01-preview' -ExpandProperties; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitFrontDoorWAFPolicy { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { # Patch Front Door WAF policy properties not fully returned from the default API version $Resource = Get-AzResource -Name $resource.Name -ResourceGroupName $resource.ResourceGroupName -DefaultProfile $Context -ResourceType 'Microsoft.Network/FrontDoorWebApplicationFirewallPolicies' -ExpandProperties -ApiVersion '2019-10-01'; $Resource; } } function VisitNetworkConnection { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { # Patch connections if (@($Resource.Properties.PSObject.Properties.Match('sharedKey')).Length -gt 0) { $Resource.Properties.sharedKey = "*** MASKED ***"; } $Resource; } } function VisitSubscription { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $resources += Get-AzRoleAssignment -DefaultProfile $Context -IncludeClassicAdministrators | SetResourceType 'Microsoft.Authorization/roleAssignments'; $resources += Get-AzResource -DefaultProfile $Context -ApiVersion '2017-08-01-preview' -ResourceId "/subscriptions/$($Resource.Id)/providers/Microsoft.Security/autoProvisioningSettings"; $resources += Get-AzResource -DefaultProfile $Context -ApiVersion '2017-08-01-preview' -ResourceId "/subscriptions/$($Resource.Id)/providers/Microsoft.Security/securityContacts"; $resources += Get-AzResource -DefaultProfile $Context -ApiVersion '2018-06-01' -ResourceId "/subscriptions/$($Resource.Id)/providers/Microsoft.Security/pricings"; $resources += Get-AzResource -DefaultProfile $Context -ApiVersion '2019-06-01' -ResourceId "/subscriptions/$($Resource.Id)/providers/Microsoft.Authorization/policyAssignments"; $resources += Get-AzResource -DefaultProfile $Context -ResourceType 'microsoft.insights/activityLogAlerts' -ExpandProperties; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; Get-AzPolicyDefinition -Custom -DefaultProfile $Context; Get-AzPolicySetDefinition -Custom -DefaultProfile $Context; } } function VisitResourceGroup { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $resources += Get-AzRoleAssignment -DefaultProfile $Context -Scope $Resource.ResourceId ` | Where-Object { $_.Scope.StartsWith($Resource.ResourceId) } ` | SetResourceType 'Microsoft.Authorization/roleAssignments'; $resources += Get-AzResourceLock -DefaultProfile $Context -ResourceGroupName $Resource.ResourceGroupName | SetResourceType 'Microsoft.Authorization/locks'; $Resource ` | Add-Member -MemberType NoteProperty -Name Name -Value $Resource.ResourceGroupName -PassThru ` | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitDataExplorerCluster { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $getParams = @{ ResourceGroupName = $Resource.ResourceGroupName DefaultProfile = $Context ErrorAction = 'SilentlyContinue' } $resources += Get-AzResource @getParams -Name $Resource.Name -ResourceType 'Microsoft.Kusto/clusters/databases' -ApiVersion '2021-08-27' -ExpandProperties; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitEventHubNamespaces { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $getParams = @{ ResourceGroupName = $Resource.ResourceGroupName DefaultProfile = $Context ErrorAction = 'SilentlyContinue' } $resources += Get-AzResource @getParams -Name $Resource.Name -ResourceType 'Microsoft.EventHub/namespaces/eventhubs' -ApiVersion '2021-11-01' -ExpandProperties; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function VisitServiceBusNamespaces { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resources = @(); $getParams = @{ ResourceGroupName = $Resource.ResourceGroupName DefaultProfile = $Context ErrorAction = 'SilentlyContinue' } $resources += Get-AzResource @getParams -Name $Resource.Name -ResourceType 'Microsoft.ServiceBus/namespaces/queues' -ApiVersion '2021-06-01-preview' -ExpandProperties; $resources += Get-AzResource @getParams -Name $Resource.Name -ResourceType 'Microsoft.ServiceBus/namespaces/topics' -ApiVersion '2021-06-01-preview' -ExpandProperties; $Resource | Add-Member -MemberType NoteProperty -Name resources -Value $resources -PassThru; } } function ExpandPolicyAssignment { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Assignment, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $policyDefinitionId = $Assignment.Properties.PolicyDefinitionId; Write-Verbose -Message "[Export] -- Expanding: $policyDefinitionId"; $policyDefinitions = [System.Collections.Generic.List[PSObject]]@(); if ($policyDefinitionId -like '*/providers/Microsoft.Authorization/policyDefinitions/*') { $definition = Get-AzPolicyDefinition -Id $policyDefinitionId -DefaultProfile $Context; $policyDefinitions.Add($definition); } elseif ($policyDefinitionId -like '*/providers/Microsoft.Authorization/policySetDefinitions/*') { $policySetDefinition = Get-AzPolicySetDefinition -Id $policyDefinitionId -DefaultProfile $Context; foreach ($definition in $policySetDefinition.Properties.PolicyDefinitions) { $definitionId = $definition.policyDefinitionId; Write-Verbose -Message "[Export] -- Expanding: $definitionId"; $definition = Get-AzPolicyDefinition -Id $definitionId -DefaultProfile $Context; $policyDefinitions.Add($definition); } } $Assignment | Add-Member -MemberType NoteProperty -Name PolicyDefinitions -Value $policyDefinitions -PassThru; } } # Add additional information to resources with child resources function ExpandResource { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True)] [Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer]$Context ) process { $resourceId = ''; if ($Resource.ResourceType -eq 'Microsoft.Subscription') { $resourceId = $Resource.Id; } else { $resourceId = $Resource.ResourceId; } Write-Verbose -Message "[Export] -- Expanding: $($resourceId)"; switch ($Resource.ResourceType) { 'Microsoft.ApiManagement/service' { VisitAPIManagement @PSBoundParameters; } 'Microsoft.Automation/automationAccounts' { VisitAutomationAccount @PSBoundParameters; } 'Microsoft.Cdn/profiles/endpoints' { VisitCDNEndpoint @PSBoundParameters; } 'Microsoft.ContainerRegistry/registries' { VisitContainerRegistry @PSBoundParameters; } 'Microsoft.ContainerService/managedClusters' { VisitAKSCluster @PSBoundParameters; } 'Microsoft.Sql/servers' { VisitSqlServer @PSBoundParameters; } 'Microsoft.Sql/servers/databases' { VisitSqlDatabase @PSBoundParameters; } 'Microsoft.DBforPostgreSQL/servers' { VisitPostgreSqlServer @PSBoundParameters; } 'Microsoft.DBforMySQL/servers' { VisitMySqlServer @PSBoundParameters; } # 'Microsoft.Sql/managedInstances' { VisitSqlManagedInstance @PSBoundParameters; } # 'Microsoft.DataFactory/factories' { VisitDataFactoryV2 @PSBoundParameters; } 'Microsoft.Storage/storageAccounts' { VisitStorageAccount @PSBoundParameters; } # "Microsoft.StorageSync/storageSyncServices" { VisitStorageSyncService @PSBoundParameters; } 'Microsoft.Web/sites' { VisitWebApp @PSBoundParameters; } 'Microsoft.Web/sites/slots' { VisitWebApp @PSBoundParameters; } 'Microsoft.RecoveryServices/vaults' { VisitRecoveryServices @PSBoundParameters; } 'Microsoft.Compute/virtualMachines' { VisitVirtualMachine @PSBoundParameters; } 'Microsoft.KeyVault/vaults' { VisitKeyVault @PSBoundParameters; } 'Microsoft.Network/frontDoors' { VisitFrontDoor @PSBoundParameters; } 'Microsoft.Network/FrontDoorWebApplicationFirewallPolicies' { VisitFrontDoorWAFPolicy @PSBoundParameters; } 'Microsoft.Network/connections' { VisitNetworkConnection @PSBoundParameters; } 'Microsoft.Subscription' { VisitSubscription @PSBoundParameters; } 'Microsoft.Resources/resourceGroups' { VisitResourceGroup @PSBoundParameters; } 'Microsoft.Network/publicIPAddresses' { VisitPublicIP @PSBoundParameters; } 'Microsoft.Cache/Redis' { VisitRedisCache @PSBoundParameters; } 'Microsoft.Cache/redisEnterprise' { VisitRedisEnterpriseCache @PSBoundParameters; } 'Microsoft.Kusto/Clusters' { VisitDataExplorerCluster @PSBoundParameters; } 'Microsoft.EventHub/namespaces' { VisitEventHubNamespaces @PSBoundParameters; } 'Microsoft.ServiceBus/namespaces' { VisitServiceBusNamespaces @PSBoundParameters; } default { $Resource; } } } } function SetResourceType { [CmdletBinding()] param ( [Parameter(Mandatory = $True, ValueFromPipeline = $True)] [PSObject]$Resource, [Parameter(Mandatory = $True, Position = 0)] [String]$ResourceType ) process { if ($ResourceType -eq 'Microsoft.Resources/resourceGroups') { $Resource = $Resource | Add-Member -MemberType NoteProperty -Name Id -Value $Resource.ResourceId -PassThru -Force; } $Resource | Add-Member -MemberType NoteProperty -Name ResourceType -Value $ResourceType -PassThru -Force; } } # # Export module # New-Alias -Name 'Export-AzTemplateRuleData' -Value 'Export-AzRuleTemplateData' -Force; Export-ModuleMember -Function @( 'Export-AzRuleData' 'Export-AzRuleTemplateData' 'Get-AzRuleTemplateLink' 'Export-AzPolicyAssignmentData' 'Export-AzPolicyAssignmentRuleData' 'Get-AzPolicyAssignmentDataSource' ); Export-ModuleMember -Alias @( 'Export-AzTemplateRuleData' ); # SIG # Begin signature block # MIInogYJKoZIhvcNAQcCoIInkzCCJ48CAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCDcwydHHwpHsXYU # +feOx0uEWn0WZhFXlIuiA16ZtT/YMaCCDXYwggX0MIID3KADAgECAhMzAAACy7d1 # OfsCcUI2AAAAAALLMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjIwNTEyMjA0NTU5WhcNMjMwNTExMjA0NTU5WjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQC3sN0WcdGpGXPZIb5iNfFB0xZ8rnJvYnxD6Uf2BHXglpbTEfoe+mO//oLWkRxA # wppditsSVOD0oglKbtnh9Wp2DARLcxbGaW4YanOWSB1LyLRpHnnQ5POlh2U5trg4 # 3gQjvlNZlQB3lL+zrPtbNvMA7E0Wkmo+Z6YFnsf7aek+KGzaGboAeFO4uKZjQXY5 # RmMzE70Bwaz7hvA05jDURdRKH0i/1yK96TDuP7JyRFLOvA3UXNWz00R9w7ppMDcN # lXtrmbPigv3xE9FfpfmJRtiOZQKd73K72Wujmj6/Su3+DBTpOq7NgdntW2lJfX3X # a6oe4F9Pk9xRhkwHsk7Ju9E/AgMBAAGjggFzMIIBbzAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQUrg/nt/gj+BBLd1jZWYhok7v5/w4w # RQYDVR0RBD4wPKQ6MDgxHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEW # MBQGA1UEBRMNMjMwMDEyKzQ3MDUyODAfBgNVHSMEGDAWgBRIbmTlUAXTgqoXNzci # tW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3JsMGEG # CCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQu # Y29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3J0 # MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAJL5t6pVjIRlQ8j4dAFJ # ZnMke3rRHeQDOPFxswM47HRvgQa2E1jea2aYiMk1WmdqWnYw1bal4IzRlSVf4czf # zx2vjOIOiaGllW2ByHkfKApngOzJmAQ8F15xSHPRvNMmvpC3PFLvKMf3y5SyPJxh # 922TTq0q5epJv1SgZDWlUlHL/Ex1nX8kzBRhHvc6D6F5la+oAO4A3o/ZC05OOgm4 # EJxZP9MqUi5iid2dw4Jg/HvtDpCcLj1GLIhCDaebKegajCJlMhhxnDXrGFLJfX8j # 7k7LUvrZDsQniJZ3D66K+3SZTLhvwK7dMGVFuUUJUfDifrlCTjKG9mxsPDllfyck # 4zGnRZv8Jw9RgE1zAghnU14L0vVUNOzi/4bE7wIsiRyIcCcVoXRneBA3n/frLXvd # jDsbb2lpGu78+s1zbO5N0bhHWq4j5WMutrspBxEhqG2PSBjC5Ypi+jhtfu3+x76N # mBvsyKuxx9+Hm/ALnlzKxr4KyMR3/z4IRMzA1QyppNk65Ui+jB14g+w4vole33M1 # pVqVckrmSebUkmjnCshCiH12IFgHZF7gRwE4YZrJ7QjxZeoZqHaKsQLRMp653beB # fHfeva9zJPhBSdVcCW7x9q0c2HVPLJHX9YCUU714I+qtLpDGrdbZxD9mikPqL/To # /1lDZ0ch8FtePhME7houuoPcMIIHejCCBWKgAwIBAgIKYQ6Q0gAAAAAAAzANBgkq # hkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x # EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv # bjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5 # IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEwOTA5WjB+MQswCQYDVQQG # EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG # A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYDVQQDEx9NaWNyb3NvZnQg # Q29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC # CgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+laUKq4BjgaBEm6f8MMHt03 # a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc6Whe0t+bU7IKLMOv2akr # rnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4Ddato88tt8zpcoRb0Rrrg # OGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+lD3v++MrWhAfTVYoonpy # 4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nkkDstrjNYxbc+/jLTswM9 # sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6A4aN91/w0FK/jJSHvMAh # dCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmdX4jiJV3TIUs+UsS1Vz8k # A/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL5zmhD+kjSbwYuER8ReTB # w3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zdsGbiwZeBe+3W7UvnSSmn # Eyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3T8HhhUSJxAlMxdSlQy90 # lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS4NaIjAsCAwEAAaOCAe0w # ggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRIbmTlUAXTgqoXNzcitW2o # ynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYD # VR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBDuRQFTuHqp8cx0SOJNDBa # BgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2Ny # bC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3JsMF4GCCsG # AQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29t # L3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3J0MIGfBgNV # HSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEFBQcCARYzaHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1hcnljcHMuaHRtMEAGCCsG # AQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkAYwB5AF8AcwB0AGEAdABl # AG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn8oalmOBUeRou09h0ZyKb # C5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7v0epo/Np22O/IjWll11l # hJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0bpdS1HXeUOeLpZMlEPXh6 # I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/KmtYSWMfCWluWpiW5IP0 # wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvyCInWH8MyGOLwxS3OW560 # STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBpmLJZiWhub6e3dMNABQam # ASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJihsMdYzaXht/a8/jyFqGa # J+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYbBL7fQccOKO7eZS/sl/ah # XJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbSoqKfenoi+kiVH6v7RyOA # 9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sLgOppO6/8MO0ETI7f33Vt # Y5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtXcVZOSEXAQsmbdlsKgEhr # /Xmfwb1tbWrJUnMTDXpQzTGCGYIwghl+AgEBMIGVMH4xCzAJBgNVBAYTAlVTMRMw # EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN # aWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNp # Z25pbmcgUENBIDIwMTECEzMAAALLt3U5+wJxQjYAAAAAAsswDQYJYIZIAWUDBAIB # BQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEO # MAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIJzpQZLvywfsdzIjrdnlubAO # HPdHg41AQzV9DJamlLvqMEIGCisGAQQBgjcCAQwxNDAyoBSAEgBNAGkAYwByAG8A # cwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20wDQYJKoZIhvcNAQEB # BQAEggEAZe0MMq7fOJ6AzuHT8/RPVFzh+GxGReinUvVGWh5tVLYLoxCKa8x0EEEO # TPfDZu8CIhZH7x7+y7p40nchF81Y8xNljAiHCZbTIQBepe8oj2+CQ0DljeVxUnEX # 3tUbTFWH9DMTQFeK2dnj2TcJj0xfc0cE4b5F9NJL8HuqU3PRhi9TZQy0INbxHsgl # vDYZn18R774wpu5clCC4bvsx91Y/DDmDT7Zo1MQNgRCWxqpdc0/xS3mBwN/8Q1iR # f5RhtHCFgM1bPPVYpqUXB3N6/cUqSb8mFzanmkliJ5Q13jj4f6GduLJrJOV+Xulh # YNqOwBnpW2JsAiXCuZa5T3hqi6TRFKGCFwwwghcIBgorBgEEAYI3AwMBMYIW+DCC # FvQGCSqGSIb3DQEHAqCCFuUwghbhAgEDMQ8wDQYJYIZIAWUDBAIBBQAwggFVBgsq # hkiG9w0BCRABBKCCAUQEggFAMIIBPAIBAQYKKwYBBAGEWQoDATAxMA0GCWCGSAFl # AwQCAQUABCCO8DB2t5SZFpt8Wf4svTj9b25GZfo/GmGg/Ue4O0NNdQIGYxFQNESI # GBMyMDIyMDkxMjIzMDgzOC4zMTFaMASAAgH0oIHUpIHRMIHOMQswCQYDVQQGEwJV # UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE # ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSkwJwYDVQQLEyBNaWNyb3NvZnQgT3Bl # cmF0aW9ucyBQdWVydG8gUmljbzEmMCQGA1UECxMdVGhhbGVzIFRTUyBFU046Nzg4 # MC1FMzkwLTgwMTQxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZp # Y2WgghFfMIIHEDCCBPigAwIBAgITMwAAAahV8GGpzDAYXAABAAABqDANBgkqhkiG # 9w0BAQsFADB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4G # A1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYw # JAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDAeFw0yMjAzMDIx # ODUxMjNaFw0yMzA1MTExODUxMjNaMIHOMQswCQYDVQQGEwJVUzETMBEGA1UECBMK # V2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0 # IENvcnBvcmF0aW9uMSkwJwYDVQQLEyBNaWNyb3NvZnQgT3BlcmF0aW9ucyBQdWVy # dG8gUmljbzEmMCQGA1UECxMdVGhhbGVzIFRTUyBFU046Nzg4MC1FMzkwLTgwMTQx # JTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2UwggIiMA0GCSqG # SIb3DQEBAQUAA4ICDwAwggIKAoICAQCj2m3KwC4l1/KY8l6XDDfPSk73JpQIg8OK # VPh3o2YYm1HqPx1Mvj/VcVoQl+6IHnijyeu+/i3lXT3RuYU7xg4ErqN8PgHJs3F2 # dkAhlIFEXi1Cm5q69OmwdMYb7WcKHpYcbT5IyRbG0xrUrflexOFQoz3WKkGf4jdA # K115oGxH1cgsEvodrqKAYTOVHGz6ILa+VaYHc21DOP61rqZhVYzwdWrJ9/sL+2gQ # ivI/UFCa6GOMtaZmUn9ErhjFmO3JtnL623Zu15XZY6kXR1vgkAAeBKojqoLpn0fm # kqaOU++ShtPp7AZI5RkrFNQYteaeKz/PKWZ0qKe9xnpvRljthkS8D9eWBJyrHM8Y # RmPmfDRGtEMDDIlZZLHT1OyeaivYMQEIzic6iEic4SMEFrRC6oCaB8JKk8Xpt4K2 # Owewzs0E50KSlqC9B1kfSqiL2gu4vV5T7/rnvPY/Xu35geJ4dYbpcxCc1+kTFPUx # yTJWzujqz9zTRCiVvI4qQp8vB9X7r0rhX7ge7fviivYNnNjSruRM0rNZyjarZeCj # t1M8ly1r00QzuA+T1UDnWtLao0vwFqFK8SguWT5ZCxPmD7EuRvhP1QoAmoIT8gWb # BzSu8B5Un/9uroS5yqel0QCK6IhGJf+cltJkoY75wET69BiJUptCq6ksAo0eXJFk # 9bCmhG/MNwIDAQABo4IBNjCCATIwHQYDVR0OBBYEFDbH2+Pi+FLrZTYfzMYxpI9J # CyLVMB8GA1UdIwQYMBaAFJ+nFV0AXmJdg/Tl0mWnG1M1GelyMF8GA1UdHwRYMFYw # VKBSoFCGTmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY3JsL01pY3Jv # c29mdCUyMFRpbWUtU3RhbXAlMjBQQ0ElMjAyMDEwKDEpLmNybDBsBggrBgEFBQcB # AQRgMF4wXAYIKwYBBQUHMAKGUGh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lv # cHMvY2VydHMvTWljcm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBDQSUyMDIwMTAoMSku # Y3J0MAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwgwDQYJKoZIhvcN # AQELBQADggIBAHE7gktkaqpn9pj6+jlMnYZlMfpur6RD7M1oqCV257EW58utpxfW # F0yrkjVh9UBX8nP9jd2ExKeIRPGLYWCoAzPx1IVERF91k8BrHmLrg3ksVkSVgqKw # BxdZMEMyCoK1HNxvrlcAJhvxCNRC0RMQOH7cdBIa3+fWiZuzp4J9JU0koilHrhgP # jMuqAov1fBE8c/nm5b0ADWpbSYBn6abll2E+I4rEChE76CYwb+cfgQNKBBbu4Bmn # jA5GY5zub3X+h3ip3iC7PWb8CFpIGEItmXqM28YJRuWMBMaIsXpMa0Uw2cDKJCGM # V5nHLHENMV5ofiN76O4VfWTCk2vT2s+Z3uHHPDncNU/utuJgdFmlvRwBNYaIwegm # 37p3bVf48MZnSodeaZSV5zdcjOzi/duB6gIiYrB2p6ThCeFJvW94RVFxNrhCS/Wm # LiIJLFWCKtT9va0eF+5c97hCR+gjpKBOvlHGrjeiWBYITfSPCUQVgIR1+BkB5Z4L # HX7Viy4g2TMp5YEQmc5GCNuDfXMfg9+u2MHJajWOgmbgIM8MtdrkWBUGrGB2CtYa # c8k7biPwNgfHBvhzOl9Y39nfbgEcB+voS5D7bd/+TQZS16TpeYmckZQYu4g15FjW # t47hnywCdyEg8jYe8rvh+MkGMkbPzFawpFlCbPRIryyrDSdgfyIza0rWMIIHcTCC # BVmgAwIBAgITMwAAABXF52ueAptJmQAAAAAAFTANBgkqhkiG9w0BAQsFADCBiDEL # MAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1v # bmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWlj # cm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTAwHhcNMjEwOTMw # MTgyMjI1WhcNMzAwOTMwMTgzMjI1WjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMK # V2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0 # IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0Eg # MjAxMDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOThpkzntHIhC3mi # y9ckeb0O1YLT/e6cBwfSqWxOdcjKNVf2AX9sSuDivbk+F2Az/1xPx2b3lVNxWuJ+ # Slr+uDZnhUYjDLWNE893MsAQGOhgfWpSg0S3po5GawcU88V29YZQ3MFEyHFcUTE3 # oAo4bo3t1w/YJlN8OWECesSq/XJprx2rrPY2vjUmZNqYO7oaezOtgFt+jBAcnVL+ # tuhiJdxqD89d9P6OU8/W7IVWTe/dvI2k45GPsjksUZzpcGkNyjYtcI4xyDUoveO0 # hyTD4MmPfrVUj9z6BVWYbWg7mka97aSueik3rMvrg0XnRm7KMtXAhjBcTyziYrLN # ueKNiOSWrAFKu75xqRdbZ2De+JKRHh09/SDPc31BmkZ1zcRfNN0Sidb9pSB9fvzZ # nkXftnIv231fgLrbqn427DZM9ituqBJR6L8FA6PRc6ZNN3SUHDSCD/AQ8rdHGO2n # 6Jl8P0zbr17C89XYcz1DTsEzOUyOArxCaC4Q6oRRRuLRvWoYWmEBc8pnol7XKHYC # 4jMYctenIPDC+hIK12NvDMk2ZItboKaDIV1fMHSRlJTYuVD5C4lh8zYGNRiER9vc # G9H9stQcxWv2XFJRXRLbJbqvUAV6bMURHXLvjflSxIUXk8A8FdsaN8cIFRg/eKtF # tvUeh17aj54WcmnGrnu3tz5q4i6tAgMBAAGjggHdMIIB2TASBgkrBgEEAYI3FQEE # BQIDAQABMCMGCSsGAQQBgjcVAgQWBBQqp1L+ZMSavoKRPEY1Kc8Q/y8E7jAdBgNV # HQ4EFgQUn6cVXQBeYl2D9OXSZacbUzUZ6XIwXAYDVR0gBFUwUzBRBgwrBgEEAYI3 # TIN9AQEwQTA/BggrBgEFBQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3Br # aW9wcy9Eb2NzL1JlcG9zaXRvcnkuaHRtMBMGA1UdJQQMMAoGCCsGAQUFBwMIMBkG # CSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8E # BTADAQH/MB8GA1UdIwQYMBaAFNX2VsuP6KJcYmjRPZSQW9fOmhjEMFYGA1UdHwRP # ME0wS6BJoEeGRWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvY3JsL3Byb2R1 # Y3RzL01pY1Jvb0NlckF1dF8yMDEwLTA2LTIzLmNybDBaBggrBgEFBQcBAQROMEww # SgYIKwYBBQUHMAKGPmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvY2VydHMv # TWljUm9vQ2VyQXV0XzIwMTAtMDYtMjMuY3J0MA0GCSqGSIb3DQEBCwUAA4ICAQCd # VX38Kq3hLB9nATEkW+Geckv8qW/qXBS2Pk5HZHixBpOXPTEztTnXwnE2P9pkbHzQ # dTltuw8x5MKP+2zRoZQYIu7pZmc6U03dmLq2HnjYNi6cqYJWAAOwBb6J6Gngugnu # e99qb74py27YP0h1AdkY3m2CDPVtI1TkeFN1JFe53Z/zjj3G82jfZfakVqr3lbYo # VSfQJL1AoL8ZthISEV09J+BAljis9/kpicO8F7BUhUKz/AyeixmJ5/ALaoHCgRlC # GVJ1ijbCHcNhcy4sa3tuPywJeBTpkbKpW99Jo3QMvOyRgNI95ko+ZjtPu4b6MhrZ # lvSP9pEB9s7GdP32THJvEKt1MMU0sHrYUP4KWN1APMdUbZ1jdEgssU5HLcEUBHG/ # ZPkkvnNtyo4JvbMBV0lUZNlz138eW0QBjloZkWsNn6Qo3GcZKCS6OEuabvshVGtq # RRFHqfG3rsjoiV5PndLQTHa1V1QJsWkBRH58oWFsc/4Ku+xBZj1p/cvBQUl+fpO+ # y/g75LcVv7TOPqUxUYS8vwLBgqJ7Fx0ViY1w/ue10CgaiQuPNtq6TPmb/wrpNPgk # NWcr4A245oyZ1uEi6vAnQj0llOZ0dFtq0Z4+7X6gMTN9vMvpe784cETRkPHIqzqK # Oghif9lwY1NNje6CbaUFEMFxBmoQtB1VM1izoXBm8qGCAtIwggI7AgEBMIH8oYHU # pIHRMIHOMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE # BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSkwJwYD # VQQLEyBNaWNyb3NvZnQgT3BlcmF0aW9ucyBQdWVydG8gUmljbzEmMCQGA1UECxMd # VGhhbGVzIFRTUyBFU046Nzg4MC1FMzkwLTgwMTQxJTAjBgNVBAMTHE1pY3Jvc29m # dCBUaW1lLVN0YW1wIFNlcnZpY2WiIwoBATAHBgUrDgMCGgMVAGy6/MSfQQeKy+GI # OfF9S2eYkHcsoIGDMIGApH4wfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hp # bmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jw # b3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAw # DQYJKoZIhvcNAQEFBQACBQDmyaX/MCIYDzIwMjIwOTEyMTYzNTExWhgPMjAyMjA5 # MTMxNjM1MTFaMHcwPQYKKwYBBAGEWQoEATEvMC0wCgIFAObJpf8CAQAwCgIBAAIC # E9ECAf8wBwIBAAICEoAwCgIFAObK938CAQAwNgYKKwYBBAGEWQoEAjEoMCYwDAYK # KwYBBAGEWQoDAqAKMAgCAQACAwehIKEKMAgCAQACAwGGoDANBgkqhkiG9w0BAQUF # AAOBgQDPfFXgZKeLs/FBTxvBYsd7DnLGKZbbdsJUBokVdeM6fVhBJW/cV2a4dwhK # 57e23HAtTHRwATwj4hcC7Pc9/Yy4xj0ZuJitlPfzbm4764bAVuhP2C0smE95XzNv # lr0DWi9r/Sl10HqE7bMY+cwKcQnnJw1wEglPoK0zBBS7GsFCfTGCBA0wggQJAgEB # MIGTMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH # EwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNV # BAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMzAAABqFXwYanMMBhc # AAEAAAGoMA0GCWCGSAFlAwQCAQUAoIIBSjAaBgkqhkiG9w0BCQMxDQYLKoZIhvcN # AQkQAQQwLwYJKoZIhvcNAQkEMSIEIDW89qH4Y9gTcWEgrQZZkPkEjs753VDbSrcr # c8JOVV7gMIH6BgsqhkiG9w0BCRACLzGB6jCB5zCB5DCBvQQgdP7LHQDLB8JzcIXx # QVz5RZ0b1oR6kl/WC1MQQ5dcZaYwgZgwgYCkfjB8MQswCQYDVQQGEwJVUzETMBEG # A1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWlj # cm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFt # cCBQQ0EgMjAxMAITMwAAAahV8GGpzDAYXAABAAABqDAiBCCeMyVJijO3KVYPsXUe # O/1tVKITZG3rQn3SQvdycrXeXzANBgkqhkiG9w0BAQsFAASCAgATBdgpUPk4U7en # As5zvPbr2Wz5bGuRS/X8Vm/8kp3wzVohxBhoIfnpxcPbDoXHzMkRLTeO/UZDIgKQ # WLD+NMbA/XOLKdkbyDOYaA3y19lD/BKRgxr8bnHzEzt7ufJsWZfOiCem38AHIkin # 1W54jjXRZcLIknil7Ex4lWvG6wHjdf9vxHKBsC393sfA42sM0EdXGBiXxoxOa4Ny # psauC6dGx16SjUkLm3ITm/RRloYHzUfAX0MmgxP4ELbDjAg8QZrOXSZwTL+/m7S6 # U4M9mF3Mp9VzUca2uzTp92tpDc07t6MGtYI0zqYTMpo2SEXmycw1DkbrJnggX1hg # P/v0rDveDrh4cFlrBOm2th3zbnNOt5Snj3Z4n1E5Gt6SRAR9J4WIHNDDuC1/ZqM2 # lZ7mDnSBVfAr/P28UYEooLCdh4xPe+WsBz5QiJal3tEgYDRhGuKxWLYF4bExQ5G6 # Pxvg3aj1gONDwE/nekQRXnflCvVmaKEdOXxP9cF0q0aX65WTK9QiImh9eA1yyqUK # qob4rxR7ro2UWgvI/ioYpr5IzvY5PRwC2ww+NKx9zKqJHu0RxGSLkpiyOaPPqkWO # EvAX76fooWnY0Ebe34XFT8nuRJGInt/1za/Cus/YHHSrh2j5bcp1VD43Onb1ANQD # 29cJf3RdYTSB1kGxvJlEdtyMIRj9AA== # SIG # End signature block |