New Snyk overview

2026-02-27 18:52:18 +01:00 · 2023-09-01 15:11:49 +02:00
parent 1d2a40ba50
commit bc24e238d6
4 changed files with 106 additions and 8 deletions
--- a/Powershell/Lists/DevOps/Repositories.ps1
+++ b/Powershell/Lists/DevOps/Repositories.ps1
@@ -10,7 +10,8 @@ class Repository {
    [string] $LastPRUrl = ""
 }

-$fileName =  "c:\temp\2023-05-03 repositories.csv" 
+[string] $date = Get-Date -Format "yyyy-MM-dd HHmm"
+$fileName =  ".\$date repositories.csv" 

 Write-Host "========================================================================================================================================================================"
 Write-Host "Creating repository overview."
@@ -29,12 +30,16 @@ foreach ($repo in $repos)
    $repository.IsDisabled = $repo.isDisabled
    $repository.WebUrl = $repo.webUrl

-    $lastPr = az repos pr list --project "survey software" --repository $repo.name --organization "https://dev.azure.com/effectory/" --status all --top 1 | ConvertFrom-Json | Select-Object
+    if ($true -ne $repo.isDisabled) 
+    {
+        $lastPr = az repos pr list --project "survey software" --repository $repo.name --organization "https://dev.azure.com/effectory/" --status all --top 1 | ConvertFrom-Json | Select-Object

-    if ($lastPr) {
-    $repository.LastPRDate = $lastPr.creationDate
-    $repository.LastPRName = $lastPr.title
-    $repository.LastPRUrl = $lastPr.url
+        if ($lastPr) 
+        {
+            $repository.LastPRDate = $lastPr.creationDate
+            $repository.LastPRName = $lastPr.title
+            $repository.LastPRUrl = $lastPr.url
+        }
    }

    $Result += $repository 
--- a/Powershell/Lists/Snyk/SnykOverview.ps1
+++ b/Powershell/Lists/Snyk/SnykOverview.ps1
@@ -0,0 +1,59 @@
+$access_token = Get-AzKeyVaultSecret -VaultName "consoleapp" -Name "SnykKey" -AsPlainText
+$head = @{ Authorization ="$access_token" }
+$version = "2023-08-29%7Ebeta"
+$ofs = ', '
+
+[string] $date = Get-Date -Format "yyyy-MM-dd HHmm"
+$fileName =  ".\$date snyk projects.csv" 
+
+class SnykOverview {
+    [string] $OrganisationId = ""
+    [string] $OrganisationName = ""
+    [string] $GroupId = ""
+    [string] $OrganisationSlug = ""
+    [string] $ProjectId = ""
+    [string] $ProjectRepo = ""
+    [string] $ProjectName = ""
+    [string] $ProjectType = ""
+    [string] $ProjectCreateDate = ""
+    [string] $ProjectTargetFile = ""
+    [string] $ProjectTargetRunTime = ""
+}
+
+[SnykOverview[]]$Result = @()
+
+$organisationUrl = "https://api.snyk.io/rest/orgs?version=$version"
+$organisationResponse = Invoke-RestMethod -Uri $organisationUrl -Method GET -Headers $head
+
+foreach ($organisation in $organisationResponse.data) 
+{
+    $organisationId = $organisation.id
+
+    $projectUrl = "https://api.snyk.io/rest/orgs/$organisationId/projects?version=$version&limit=100" 
+    $projectResponse = Invoke-RestMethod -Uri $projectUrl -Method GET -Headers $head
+
+    foreach ($project in $projectResponse.data) 
+    {
+        $projectName = $project.attributes.name
+        
+        [SnykOverview] $SnykOverview = [SnykOverview]::new()
+
+        $SnykOverview.OrganisationId = $organisationId
+        $SnykOverview.OrganisationName = $organisation.attributes.name
+        $SnykOverview.GroupId = $organisation.attributes.group_id
+        $SnykOverview.OrganisationSlug = $organisation.attributes.slug
+        $SnykOverview.ProjectId = $project.id
+        $SnykOverview.ProjectRepo = $projectName.Split(":")[0]
+        $SnykOverview.ProjectName = $projectName.Split(":")[1]
+        $SnykOverview.ProjectType = $project.attributes.type
+        $SnykOverview.ProjectCreateDate = $project.attributes.created
+        $SnykOverview.ProjectTargetFile = $project.attributes.target_file
+        $SnykOverview.ProjectTargetRunTime = $project.attributes.target_runtime
+
+        $Result += $SnykOverview
+    }
+}
+
+$Result | Export-Csv -Path $fileName -NoTypeInformation -Force
+
+$Result | Format-Table
--- a/Powershell/Tools/Azure
+++ b/Powershell/Tools/Azure
@@ -8,4 +8,39 @@ Get-AzSubscription | Export-Csv -Path $fileName -NoTypeInformation

 Set-AzRoleDefinition -InputFile 'C:\Repository\Cloud Engineering\Custom roles\Storage Data Contributor.json'
 Set-AzRoleDefinition -InputFile 'C:\Repository\Cloud Engineering\Custom roles\Storage Data Reader.json'
-New-AzRoleDefinition -InputFile 'C:\Repository\Cloud Engineering\Custom roles\Resource Lock Administrator.json'
+New-AzRoleDefinition -InputFile 'C:\Repository\Cloud Engineering\Custom roles\Resource Lock Administrator.json'
+
+
+
+
+#https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-setup-rbac#built-in-role-definitions
+set-azcontext -SubscriptionId 2161debe-6042-4633-b10e-de77c06cabc6
+
+$resourceGroupName = "phasedrelease"
+$accountName = "phasedrelease"
+
+New-AzCosmosDBSqlRoleDefinition -AccountName $accountName -ResourceGroupName $resourceGroupName -Type CustomRole -RoleName "Cosmos Data Reader" `
+    -DataAction @( `
+        'Microsoft.DocumentDB/databaseAccounts/readMetadata',
+        'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/read', `
+        'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/executeQuery', `
+        'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/readChangeFeed') `
+    -AssignableScope "/"
+
+
+New-AzCosmosDBSqlRoleDefinition -AccountName $accountName -ResourceGroupName $resourceGroupName -Type CustomRole -RoleName "Cosmos Data Contributor" `
+    -DataAction @( `
+        'Microsoft.DocumentDB/databaseAccounts/readMetadata',
+        'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/*', `
+        'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/*') `
+    -AssignableScope "/"
+
+
+Get-AzCosmosDBSqlRoleDefinition -AccountName $accountName -ResourceGroupName $resourceGroupName
+
+$principalId = "99dbd99f-9165-46a3-94d7-d8467121f0d1" # jimmy.van.den.berg@effectory.com
+New-AzCosmosDBSqlRoleAssignment -AccountName $accountName -PrincipalId $principalId -ResourceGroupName $resourceGroupName -RoleDefinitionName "Cosmos Data Contributor" -Scope "/subscriptions/2161debe-6042-4633-b10e-de77c06cabc6/resourceGroups/phasedrelease/providers/Microsoft.DocumentDB/databaseAccounts/phasedrelease"
+
+Get-AzCosmosDBSqlRoleAssignment -AccountName $accountName -ResourceGroupName $resourceGroupName
+
+Remove-AzCosmosDBSqlRoleAssignment -AccountName $accountName -Id "/subscriptions/2161debe-6042-4633-b10e-de77c06cabc6/resourceGroups/phasedrelease/providers/Microsoft.DocumentDB/databaseAccounts/phasedrelease/sqlRoleAssignments/cbc3170d-f815-4164-9044-eb9913eb909a" -ResourceGroupName $resourceGroupName
--- a/format.json
+++ b/format.json
@@ -1 +0,0 @@
-