PSRule.Rules.Azure/BaselineToc.Doc.ps1 at main · BenjaminEngeset/PSRule.Rules.Azure · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.

Export-PSDocumentConvention 'NameBaseline' -Process {
    $PSDocs.Document.InstanceName = $PSDocs.TargetObject.Name;
}

Document 'baseline' -If { $PSDocs.TargetObject.Name -ne 'Azure.MCSB.v1' } {
    $baselineName = $PSDocs.TargetObject.Name;
    $obsolete = $PSDocs.TargetObject.metadata.annotations.obsolete -eq $True;
    $addMaturityColumn = $baselineName -like "Azure.Pillar.*"

    Write-Verbose -Message "[Baseline] -- Processing baseline: $baselineName";
    Write-Verbose -Message "[Baseline] -- Baseline is obsolete: $obsolete";

    Title $baselineName;

    $metadata = [ordered]@{}
    foreach ($key in $PSDocs.TargetObject.metadata.annotations.Keys) {
        $metadata[$key] = $PSDocs.TargetObject.metadata.annotations[$key];
    }
    $metadata['generated'] = 'true';

    Metadata $metadata

    if ($obsolete) {
        '<!-- OBSOLETE -->'
    }

    $rules = $PSDocs.TargetObject.Rules | Sort-Object -Property Name;
    $ruleCount = $rules.Length;

    $PSDocs.TargetObject.Synopsis;

    Write-Verbose -Message "[Baseline] -- Found $ruleCount rules.";

    Section 'Rules' -If { $ruleCount -gt 0 } {
        "The following rules are included within the ``$baselineName`` baseline.";
        "This baseline includes a total of $ruleCount rules.";

        if ($addMaturityColumn) {
            $rules | Table -Property @{ Name = 'Name'; Expression = {
                "[$($_.Name)](../rules/$($_.Name).md)"
            }}, Synopsis, @{ Name = 'Severity'; Expression = {
                $_.Info.Annotations.severity
            }}, @{ Name = 'Maturity'; Expression = {
                if ($Null -ne $_.Labels -and $_.Labels.ContainsKey('Azure.WAF/maturity')) { $_.Labels['Azure.WAF/maturity'] } else { '-' }
            }}
        }
        else {
            $rules | Table -Property @{ Name = 'Name'; Expression = {
                "[$($_.Name)](../rules/$($_.Name).md)"
            }}, Synopsis, @{ Name = 'Severity'; Expression = {
                $_.Info.Annotations.severity
            }}
        }
    }

    $configurationKV = @()
    foreach ($key in $PSDocs.TargetObject.Spec.Configuration.Keys) {
        $configurationKV += [PSCustomObject]@{
            Name  = $key;
            Value = $PSDocs.TargetObject.Spec.Configuration[$key];
        }
    }

    $configurationKV = $configurationKV | Sort-Object -Property Name;

    Section 'Configuration' -If { $configurationKV.Length -gt 0 } {
        "The following configuration settings are included within the ``$baselineName`` baseline.";
        $configurationKV | Table -Property Name, Value
    }
}

Document 'Azure.MCSB.Baseline' -If { $PSDocs.TargetObject.Name -eq 'Azure.MCSB.v1' } {
    $baselineName = $PSDocs.TargetObject.Name;
    $obsolete = $PSDocs.TargetObject.metadata.annotations.obsolete -eq $True;
    $experimental = $PSDocs.TargetObject.metadata.annotations.experimental -eq $True;

    Write-Verbose -Message "[Baseline] -- Processing baseline: $baselineName";
    Write-Verbose -Message "[Baseline] -- Baseline is obsolete: $obsolete";
    Write-Verbose -Message "[Baseline] -- Baseline is experimental: $experimental";

    Title $baselineName;

    $metadata = [ordered]@{}
    foreach ($key in $PSDocs.TargetObject.metadata.annotations.Keys) {
        $metadata[$key] = $PSDocs.TargetObject.metadata.annotations[$key];
    }
    $metadata['generated'] = 'true';

    Metadata $metadata

    if ($experimental) {
        '<!-- EXPERIMENTAL -->'
    }

    if ($obsolete) {
        '<!-- OBSOLETE -->'
    }

    $rules = $PSDocs.TargetObject.Rules | Sort-Object -Property Name;
    $ruleCount = $rules.Length;

    $PSDocs.TargetObject.Synopsis;

    Write-Verbose -Message "[Baseline] -- Found $ruleCount rules.";

    Section 'Controls' -If { $ruleCount -gt 0 } {
        "The following rules are included within the ``$baselineName`` baseline.";
        "This baseline includes a total of $ruleCount rules.";
        $rules | Table -Property @{ Name = 'Name'; Expression = {
            "[$($_.Name)](../rules/$($_.Name).md)"
        }}, Synopsis, @{ Name = 'Severity'; Expression = {
            $_.Info.Annotations.severity
        }}
    }
}