From bc24e238d6390b622390dbbc078020a65c66717f Mon Sep 17 00:00:00 2001 From: Jurjen Ladenius Date: Fri, 1 Sep 2023 15:11:49 +0200 Subject: [PATCH] New Snyk overview --- Powershell/Lists/DevOps/Repositories.ps1 | 17 ++++--- Powershell/Lists/Snyk/SnykOverview.ps1 | 59 ++++++++++++++++++++++++ Powershell/Tools/Azure Custom Roles.ps1 | 37 ++++++++++++++- format.json | 1 - 4 files changed, 106 insertions(+), 8 deletions(-) create mode 100644 Powershell/Lists/Snyk/SnykOverview.ps1 diff --git a/Powershell/Lists/DevOps/Repositories.ps1 b/Powershell/Lists/DevOps/Repositories.ps1 index fe7b61d..3caefc3 100644 --- a/Powershell/Lists/DevOps/Repositories.ps1 +++ b/Powershell/Lists/DevOps/Repositories.ps1 @@ -10,7 +10,8 @@ class Repository { [string] $LastPRUrl = "" } -$fileName = "c:\temp\2023-05-03 repositories.csv" +[string] $date = Get-Date -Format "yyyy-MM-dd HHmm" +$fileName = ".\$date repositories.csv" Write-Host "========================================================================================================================================================================" Write-Host "Creating repository overview." @@ -29,12 +30,16 @@ foreach ($repo in $repos) $repository.IsDisabled = $repo.isDisabled $repository.WebUrl = $repo.webUrl - $lastPr = az repos pr list --project "survey software" --repository $repo.name --organization "https://dev.azure.com/effectory/" --status all --top 1 | ConvertFrom-Json | Select-Object + if ($true -ne $repo.isDisabled) + { + $lastPr = az repos pr list --project "survey software" --repository $repo.name --organization "https://dev.azure.com/effectory/" --status all --top 1 | ConvertFrom-Json | Select-Object - if ($lastPr) { - $repository.LastPRDate = $lastPr.creationDate - $repository.LastPRName = $lastPr.title - $repository.LastPRUrl = $lastPr.url + if ($lastPr) + { + $repository.LastPRDate = $lastPr.creationDate + $repository.LastPRName = $lastPr.title + $repository.LastPRUrl = $lastPr.url + } } $Result += $repository diff --git a/Powershell/Lists/Snyk/SnykOverview.ps1 b/Powershell/Lists/Snyk/SnykOverview.ps1 new file mode 100644 index 0000000..ccbbf86 --- /dev/null +++ b/Powershell/Lists/Snyk/SnykOverview.ps1 @@ -0,0 +1,59 @@ +$access_token = Get-AzKeyVaultSecret -VaultName "consoleapp" -Name "SnykKey" -AsPlainText +$head = @{ Authorization ="$access_token" } +$version = "2023-08-29%7Ebeta" +$ofs = ', ' + +[string] $date = Get-Date -Format "yyyy-MM-dd HHmm" +$fileName = ".\$date snyk projects.csv" + +class SnykOverview { + [string] $OrganisationId = "" + [string] $OrganisationName = "" + [string] $GroupId = "" + [string] $OrganisationSlug = "" + [string] $ProjectId = "" + [string] $ProjectRepo = "" + [string] $ProjectName = "" + [string] $ProjectType = "" + [string] $ProjectCreateDate = "" + [string] $ProjectTargetFile = "" + [string] $ProjectTargetRunTime = "" +} + +[SnykOverview[]]$Result = @() + +$organisationUrl = "https://api.snyk.io/rest/orgs?version=$version" +$organisationResponse = Invoke-RestMethod -Uri $organisationUrl -Method GET -Headers $head + +foreach ($organisation in $organisationResponse.data) +{ + $organisationId = $organisation.id + + $projectUrl = "https://api.snyk.io/rest/orgs/$organisationId/projects?version=$version&limit=100" + $projectResponse = Invoke-RestMethod -Uri $projectUrl -Method GET -Headers $head + + foreach ($project in $projectResponse.data) + { + $projectName = $project.attributes.name + + [SnykOverview] $SnykOverview = [SnykOverview]::new() + + $SnykOverview.OrganisationId = $organisationId + $SnykOverview.OrganisationName = $organisation.attributes.name + $SnykOverview.GroupId = $organisation.attributes.group_id + $SnykOverview.OrganisationSlug = $organisation.attributes.slug + $SnykOverview.ProjectId = $project.id + $SnykOverview.ProjectRepo = $projectName.Split(":")[0] + $SnykOverview.ProjectName = $projectName.Split(":")[1] + $SnykOverview.ProjectType = $project.attributes.type + $SnykOverview.ProjectCreateDate = $project.attributes.created + $SnykOverview.ProjectTargetFile = $project.attributes.target_file + $SnykOverview.ProjectTargetRunTime = $project.attributes.target_runtime + + $Result += $SnykOverview + } +} + +$Result | Export-Csv -Path $fileName -NoTypeInformation -Force + +$Result | Format-Table \ No newline at end of file diff --git a/Powershell/Tools/Azure Custom Roles.ps1 b/Powershell/Tools/Azure Custom Roles.ps1 index c7c2ef9..df9d74d 100644 --- a/Powershell/Tools/Azure Custom Roles.ps1 +++ b/Powershell/Tools/Azure Custom Roles.ps1 @@ -8,4 +8,39 @@ Get-AzSubscription | Export-Csv -Path $fileName -NoTypeInformation Set-AzRoleDefinition -InputFile 'C:\Repository\Cloud Engineering\Custom roles\Storage Data Contributor.json' Set-AzRoleDefinition -InputFile 'C:\Repository\Cloud Engineering\Custom roles\Storage Data Reader.json' -New-AzRoleDefinition -InputFile 'C:\Repository\Cloud Engineering\Custom roles\Resource Lock Administrator.json' \ No newline at end of file +New-AzRoleDefinition -InputFile 'C:\Repository\Cloud Engineering\Custom roles\Resource Lock Administrator.json' + + + + +#https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-setup-rbac#built-in-role-definitions +set-azcontext -SubscriptionId 2161debe-6042-4633-b10e-de77c06cabc6 + +$resourceGroupName = "phasedrelease" +$accountName = "phasedrelease" + +New-AzCosmosDBSqlRoleDefinition -AccountName $accountName -ResourceGroupName $resourceGroupName -Type CustomRole -RoleName "Cosmos Data Reader" ` + -DataAction @( ` + 'Microsoft.DocumentDB/databaseAccounts/readMetadata', + 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/read', ` + 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/executeQuery', ` + 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/readChangeFeed') ` + -AssignableScope "/" + + +New-AzCosmosDBSqlRoleDefinition -AccountName $accountName -ResourceGroupName $resourceGroupName -Type CustomRole -RoleName "Cosmos Data Contributor" ` + -DataAction @( ` + 'Microsoft.DocumentDB/databaseAccounts/readMetadata', + 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/*', ` + 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/*') ` + -AssignableScope "/" + + +Get-AzCosmosDBSqlRoleDefinition -AccountName $accountName -ResourceGroupName $resourceGroupName + +$principalId = "99dbd99f-9165-46a3-94d7-d8467121f0d1" # jimmy.van.den.berg@effectory.com +New-AzCosmosDBSqlRoleAssignment -AccountName $accountName -PrincipalId $principalId -ResourceGroupName $resourceGroupName -RoleDefinitionName "Cosmos Data Contributor" -Scope "/subscriptions/2161debe-6042-4633-b10e-de77c06cabc6/resourceGroups/phasedrelease/providers/Microsoft.DocumentDB/databaseAccounts/phasedrelease" + +Get-AzCosmosDBSqlRoleAssignment -AccountName $accountName -ResourceGroupName $resourceGroupName + +Remove-AzCosmosDBSqlRoleAssignment -AccountName $accountName -Id "/subscriptions/2161debe-6042-4633-b10e-de77c06cabc6/resourceGroups/phasedrelease/providers/Microsoft.DocumentDB/databaseAccounts/phasedrelease/sqlRoleAssignments/cbc3170d-f815-4164-9044-eb9913eb909a" -ResourceGroupName $resourceGroupName \ No newline at end of file diff --git a/format.json b/format.json index 46b134b..e69de29 100644 --- a/format.json +++ b/format.json @@ -1 +0,0 @@ -ÿþ \ No newline at end of file