AzSDK.Test/TestCases/SubscriptionSecurity/SSProvisioning/SSProvisioningTest.ps1
|
Set-StrictMode -Version Latest class SSProvisioningTest:AzSDKTestBase{ [string]$AlertsRGName = "AzSDKAlertsRG" #This is the standard name used by AzSDK for Alerts RG. SSProvisioningTest([TestCase] $testcase, [TestSettings] $testsettings):Base($testcase, $testsettings){ } [void] Execute(){ switch ($this.testcase.TestMethod.Trim()){ "TestSetAzSDKAlerts"{ $this.TestSetAzSDKAlerts() break } "TestRemoveAzSDKAlertsJustOne"{ $this.TestRemoveAzSDKAlertsJustOne() break } "TestRemoveAzSDKAlerts"{ $this.TestRemoveAzSDKAlerts() break } "TestRemoveAzSDKAlertsAndRG"{ $this.TestRemoveAzSDKAlertsAndRG() break } "TestSetAzSDKARMPolicies"{ $this.TestSetAzSDKARMPolicies() break } "TestRemoveAzSDKARMPolicies"{ $this.TestRemoveAzSDKARMPolicies() break } Default { } } } [TestCaseResult] TestSetAzSDKAlerts(){ try{ try{ $existingalerts=Get-AzureRmAlertRule -ResourceGroup $this.AlertsRGName if(($existingalerts | Measure-Object).Count -ne '0') { Remove-AzSDKAlerts -SubscriptionId $this.settings.SubscriptionId -Tags 'Mandatory' } } catch{ #error while checking previous alerts count } Set-AzSDKAlerts -SubscriptionId $this.settings.SubscriptionId -SecurityContactEmails $this.settings.SecurityPOCEmail $setalerts=Get-AzureRmAlertRule -ResourceGroup AzSDKAlertsRG if(($setalerts | Measure-Object).Count -ge '93') { $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Passed,"Successfully set the AzSDK Alerts.") } else{ $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Failed,"Unable to set the AzSDK Alerts.") } } catch{ $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Failed,"Error while setting AzSDK Alerts.") } return $this.testcaseResult } [TestCaseResult] TestRemoveAzSDKAlertsJustOne(){ try{ $alertsRG = [array] (Get-AzureRmResourceGroup | Where-Object {$_.ResourceGroupName -match "^"+ $this.AlertsRGName + "$"}) if($alertsRG ){ $AlertsPre = Get-AzureRmAlertRule -Name $this.settings.AlertName -ResourceGroup $this.AlertsRGName } else { $AlertsPre=$null #since alertsRG not present } if($null -eq $AlertsPre) { ### set alert either single or whole #Set-AzSDKAlerts -SubscriptionId $this.settings.SubscriptionId -SecurityContactEmails $this.settings.SecurityPOCEmail #or #Add-AzureRmLogAlertRule -Location needtodiscuss -Name $this.settings.AlertName -OperationName $opname -ResourceGroup $this.AlertsRGName } Remove-AzSDKAlerts -SubscriptionId $this.settings.SubscriptionId -AlertNames $this.settings.AlertName $AlertPost = Get-AzureRmAlertRule -Name $this.settings.AlertName -ResourceGroup $this.AlertsRGName # Pass if just one alert was removed if($null -eq $AlertPost){ $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Passed,"Successfully removed only one alert.") } else{ $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Failed,"Remove-AzSDKAlerts with alertName must remove just that alert.") } } catch{ $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Failed,"Error while removing desired AzSDK Alert.") } return $this.testcaseResult } [TestCaseResult] TestRemoveAzSDKAlerts(){ try{ $alertsRG = [array] (Get-AzureRmResourceGroup | Where-Object {$_.ResourceGroupName -match "^"+ $this.AlertsRGName + "$"}) if($alertsRG ) { $existingalerts=Get-AzureRmAlertRule -ResourceGroup $this.AlertsRGName } else { $existingalerts=$null } if(($existingalerts | Measure-Object).Count -eq '0') { Set-AzSDKAlerts -SubscriptionId $this.settings.SubscriptionId -SecurityContactEmails $this.settings.SecurityPOCEmail } $alertsRGpre = [array] (Get-AzureRmResourceGroup | Where-Object {$_.ResourceGroupName -match "^"+ $this.AlertsRGName + "$"}) Remove-AzSDKAlerts -SubscriptionId $this.settings.SubscriptionId -Tags 'Mandatory' ####check if no RG throws exception or not $Alerts = Find-AzureRmResource -ResourceGroupName $this.AlertsRGName $alertsRGpost = [array] (Get-AzureRmResourceGroup | Where-Object {$_.ResourceGroupName -match "^"+ $this.AlertsRGName + "$"}) # Pass only if alerts were removed but not RG $bPass = ((($Alerts| Measure-Object).Count -eq 0) -and (($alertsRGpre| Measure-Object).Count -eq $alertsRGpost.Count)) if($bPass){ $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Passed,"Successfully removed all AzSDK alerts.") } else{ $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Failed,"Failed to remove all AzSDK alerts.") } } catch{ $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Failed,"Error while removing AzSDK Alerts.") } return $this.testcaseResult } [TestCaseResult] TestRemoveAzSDKAlertsAndRG(){ $testRG = $null $alertsRG = [array] (Get-AzureRmResourceGroup | Where-Object {$_.ResourceGroupName -match "^"+ $this.AlertsRGName + "$"}) if($null -eq $alertsRG ) { try{ Set-AzSDKAlerts -SubscriptionId $this.settings.SubscriptionId -SecurityContactEmails $this.settings.SecurityPOCEmail } catch{ # could not set alerts } } try{ Remove-AzSDKAlerts -SubscriptionId $this.settings.SubscriptionId -DeleteResourceGroup try { $testRG = Get-AzureRmResourceGroup -Name $this.AlertsRGName -ErrorAction Stop } catch { #Ignore above error, it is expected } $bPass = ($null -eq $testRG) if($bPass){ $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Passed,"Successfully removed AzSDK alerts and RG.") } else{ $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Failed,"Failed to remove AzSDK alerts and RG.") } } catch{ $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Failed,"Error while removing AzSDK Alerts and RG.") } return $this.testcaseResult } [TestCaseResult[]] TestSetAzSDKARMPolicies(){ try{ $ExistingPolicy = [array](Get-AzureRmPolicyDefinition | Where-Object {$_.Name -match '_ARMPol'}) if(($ExistingPolicy| Measure-Object).Count -ne '0') { try{ Remove-AzSDKARMPolicies -SubscriptionId $this.settings.SubscriptionId -Tags 'Mandatory' } catch { #error while removing ARM policies } } Set-AzSDKARMPolicies -SubscriptionId $this.settings.SubscriptionId $tstPol = [array](Get-AzureRmPolicyDefinition | Where-Object {$_.Name -match '_ARMPol'}) if(($tstPol| Measure-Object).Count -ge '6'){ $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Passed,"Successfully set the AzSDK ARM policy.") } else{ $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Failed,"Failed to set the AzSDK ARM policy.") } } catch{ $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Failed,"Error while setting AzSDK ARM policy.") } return $this.testcaseResult } [TestCaseResult[]] TestRemoveAzSDKARMPolicies(){ try{ $ExistingPolicy = [array](Get-AzureRmPolicyDefinition | Where-Object {$_.Name -match '_ARMPol'}) if(($ExistingPolicy| Measure-Object).Count -eq '0') { try{ Set-AzSDKARMPolicies -SubscriptionId $this.settings.SubscriptionId } catch { #error while setting ARM policies } } Remove-AzSDKARMPolicies -SubscriptionId $this.settings.SubscriptionId -Tags 'Mandatory' $tstPol = [array](Get-AzureRmPolicyDefinition | Where-Object {$_.Name -match 'ARMPol'}) if(($tstPol| Measure-Object).Count -eq 0){ $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Passed,"Successfully removed the AzSDK ARM policy.") } else{ $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Failed,"Failed to remove the AzSDK ARM policy.") } } catch{ $this.testcaseResult = [TestCaseResult]::new($this.testCase,[TestStatus]::Failed,"Error while removing AzSDK ARM policy.") } return $this.testcaseResult } } |