6.4.0

cloudoven · Feb 6, 2024 · 10fd18d · 10fd18d
1 parent 2f22aaa
commit 10fd18d
Show file tree

Hide file tree

Showing 24 changed files with 2,406 additions and 1,992 deletions.
diff --git a/README.md b/README.md
@@ -8,7 +8,7 @@ From the collected data it generates enriched insights for capabilities such as
 
 Within an HTML output it provides visibility on your __HierarchyMap__, creates a __TenantSummary__, creates __DefinitionInsights__ and builds granular __ScopeInsights__ on Azure Management Groups and Subscriptions. 
 
-Further, CSV exports with enriched information per capability will be generated and detailed JSON files are exported which document your entire Azure tenant setup for Management Groups, Subscriptions, Azure RBAC definitions and assignments, Azure policy definitions and assignments. These exports come in handy for change tracking scenarios as well as redeployment of configuration (e.g. tenant migration scenrio) and can even serve as a backup. 
+Further, CSV exports with enriched information per capability will be generated and detailed JSON files are exported which document your entire Azure tenant setup for Management Groups, Subscriptions, Azure RBAC definitions and assignments, Azure policy definitions and assignments. These exports come in handy for change tracking scenarios as well as redeployment of configuration (e.g. tenant migration scenario) and can even serve as a backup. 
 
 The technical requirements as well as the required permissions are minimal.
 
@@ -87,9 +87,16 @@ As an alternative, you can use the [Azure Governance Visualizer accelerator](htt
 
 ## Release history
 
-__Changes__ (2024-Jan-08 / 6.3.7 Minor)
+__Changes__ (2024-Feb-06 / 6.4.0 Minor)
 
-* fix: Ignore `ARMLocation` in case not Public Cloud (AzureCloud)
+* change PowerShell parallel handling / batches
+* add addition JSON outputs  'definitions_tracking' and 'assignments_tracking' (JSON filenames have no displayName included; GUIDs only)
+* update ARM API-version for RBAC Role definitions. Using `2022-05-01-preview` instead of `2018-11-01-preview` consequently
+* fix *_roleDefinitions.csv - description partially missing
+* optimize array handling / best practices
+* optimize getting private endpoint capacle resource types / in case resource provider 'microsoft.network' is not registered, try with next available subscription instead of throwing
+* use [AzAPICall](https://aka.ms/AzAPICall) PowerShell module version 1.2.0
+* documentation update - style guidance, links updates - kudos @ckittel
 
 [Full release history](history.md)
 

diff --git a/history.md b/history.md
@@ -4,6 +4,17 @@
 
 ### Azure Governance Visualizer version 6
 
+__Changes__ (2024-Feb-06 / 6.4.0 Minor)
+
+* change PowerShell parallel handling / batches
+* add addition JSON outputs  'definitions_tracking' and 'assignments_tracking' (JSON filenames have no displayName included; GUIDs only)
+* update ARM API-version for RBAC Role definitions. Using `2022-05-01-preview` instead of `2018-11-01-preview` consequently
+* fix *_roleDefinitions.csv - description partially missing
+* optimize array handling / best practices
+* optimize getting private endpoint capacle resource types / in case resource provider 'microsoft.network' is not registered, try with next available subscription instead of throwing
+* use [AzAPICall](https://aka.ms/AzAPICall) PowerShell module version 1.2.0
+* documentation update - style guidance, links updates - kudos @ckittel
+
 __Changes__ (2024-Jan-08 / 6.3.7 Minor)
 
 * fix: Ignore `ARMLocation` in case not Public Cloud (AzureCloud)

diff --git a/pwsh/AzGovVizParallel.ps1 b/pwsh/AzGovVizParallel.ps1
diff --git a/pwsh/dev/devAzGovVizParallel.ps1 b/pwsh/dev/devAzGovVizParallel.ps1
@@ -365,14 +365,14 @@ Param
     $Product = 'AzGovViz',
 
     [string]
-    $ProductVersion = '6.3.71',
+    $ProductVersion = '6.4.0',
 
     [string]
     $GithubRepository = 'aka.ms/AzGovViz',
 
     # <--- AzAPICall related parameters #consult the AzAPICall GitHub repository for details aka.ms/AzAPICall
     [string]
-    $AzAPICallVersion = '1.1.85',
+    $AzAPICallVersion = '1.2.0',
 
     [switch]
     $DebugAzAPICall,
@@ -1156,36 +1156,83 @@ if (-not $HierarchyMapOnly) {
         #region Getting Available Private Endpoint Types
         $startGetAvailablePrivateEndpointTypes = Get-Date
 
-        $currentTask = 'Getting Locations'
-        Write-Host $currentTask
-        $uri = "$($azAPICallConf['azAPIEndpointUrls'].ARM)/subscriptions/$($azAPICallConf['checkcontext'].Subscription.Id)/locations?api-version=2020-01-01"
-        $method = 'GET'
-        $getLocations = AzAPICall -AzAPICallConfiguration $azAPICallConf -uri $uri -method $method -currentTask $currentTask
-        Write-Host " Returned $($getLocations.Count) locations"
-
-        Write-Host "Getting 'Available Private Endpoint Types' for $($getLocations.Count) locations"
-        $getLocations | ForEach-Object -Parallel {
-            $location = $_
-            $azAPICallConf = $using:azAPICallConf
-            $htAvailablePrivateEndpointTypes = $using:htAvailablePrivateEndpointTypes
-            $currentTask = "Getting 'Available Private Endpoint Types' for location $($location.name)"
-            #Write-Host $currentTask
-            $uri = "$($azAPICallConf['azAPIEndpointUrls'].ARM)/subscriptions/$($azAPICallConf['checkcontext'].Subscription.Id)/providers/Microsoft.Network/locations/$($location.name)/availablePrivateEndpointTypes?api-version=2022-07-01"
+        $subsToProcessForGettingPrivateEndpointTypes = [System.Collections.ArrayList]@()
+        $prioCounter = 0
+        foreach ($subscription in $subsToProcessInCustomDataCollection) {
+            $prioCounter++
+            if ($subscription.subscriptionId -eq $azAPICallConf['checkcontext'].Subscription.Id) {
+                $null = $subsToProcessForGettingPrivateEndpointTypes.Add([PSCustomObject]@{
+                        subscriptionInfo = $subscription
+                        prio             = 0
+                    })
+            }
+            else {
+                $null = $subsToProcessForGettingPrivateEndpointTypes.Add([PSCustomObject]@{
+                        subscriptionInfo = $subscription
+                        prio             = $prioCounter
+                    })
+            }
+        }
+
+        foreach ($subscription in $subsToProcessForGettingPrivateEndpointTypes | Sort-Object -Property prio) {
+
+            if ($privateEndpointAvailabilityCheckCompleted) {
+                continue
+            }
+
+            $subscriptionId = $subscription.subscriptionInfo.subscriptionId
+            $subscriptionName = $subscription.subscriptionInfo.subscriptionName
+
+            $currentTask = "Getting Locations for Subscription '$($subscriptionName)' ($($subscriptionId))"
+            Write-Host $currentTask
+            $uri = "$($azAPICallConf['azAPIEndpointUrls'].ARM)/subscriptions/$($subscriptionId)/locations?api-version=2020-01-01"
             $method = 'GET'
-            $availablePrivateEndpointTypes = AzAPICall -AzAPICallConfiguration $azAPICallConf -uri $uri -method $method -currentTask $currentTask -skipOnErrorCode 400, 409
-            Write-Host " Returned $($availablePrivateEndpointTypes.Count) 'Available Private Endpoint Types' for location $($location.name)"
-            foreach ($availablePrivateEndpointType in $availablePrivateEndpointTypes) {
-                if (-not $htAvailablePrivateEndpointTypes.(($availablePrivateEndpointType.resourceName).ToLower())) {
-                    $script:htAvailablePrivateEndpointTypes.(($availablePrivateEndpointType.resourceName).ToLower()) = @{}
+            $getLocations = AzAPICall -AzAPICallConfiguration $azAPICallConf -uri $uri -method $method -currentTask $currentTask
+            Write-Host " Returned $($getLocations.Count) locations"
+
+            Write-Host "Getting 'Available Private Endpoint Types' for Subscription '$($subscriptionName)' ($($subscriptionId)) for $($getLocations.Count) locations"
+
+            $batchSize = [math]::ceiling($getLocations.Count / $ThrottleLimit)
+            Write-Host "Optimal batch size: $($batchSize)"
+            $counterBatch = [PSCustomObject] @{ Value = 0 }
+            $getLocationsBatch = ($getLocations) | Group-Object -Property { [math]::Floor($counterBatch.Value++ / $batchSize) }
+            Write-Host "Processing data in $($getLocationsBatch.Count) batches"
+
+            $getLocationsBatch | ForEach-Object -Parallel {
+                $subscriptionId = $using:subscriptionId
+                $azAPICallConf = $using:azAPICallConf
+                $htAvailablePrivateEndpointTypes = $using:htAvailablePrivateEndpointTypes
+
+                foreach ($location in $_.Group) {
+                    $currentTask = "Getting 'Available Private Endpoint Types' for location $($location.name)"
+                    #Write-Host $currentTask
+                    $uri = "$($azAPICallConf['azAPIEndpointUrls'].ARM)/subscriptions/$($subscriptionId)/providers/Microsoft.Network/locations/$($location.name)/availablePrivateEndpointTypes?api-version=2022-07-01"
+                    $method = 'GET'
+                    $availablePrivateEndpointTypes = AzAPICall -AzAPICallConfiguration $azAPICallConf -uri $uri -method $method -currentTask $currentTask -skipOnErrorCode 400, 409
+                    Write-Host " Returned $($availablePrivateEndpointTypes.Count) 'Available Private Endpoint Types' for location $($location.name)"
+                    foreach ($availablePrivateEndpointType in $availablePrivateEndpointTypes) {
+                        if (-not $htAvailablePrivateEndpointTypes.(($availablePrivateEndpointType.resourceName).ToLower())) {
+                            $script:htAvailablePrivateEndpointTypes.(($availablePrivateEndpointType.resourceName).ToLower()) = @{}
+                        }
+                    }
                 }
+            } -ThrottleLimit $ThrottleLimit
+
+            if ($htAvailablePrivateEndpointTypes.Keys.Count -gt 0) {
+                #Write-Host " Created ht for $($htAvailablePrivateEndpointTypes.Keys.Count) 'Available Private Endpoint Types'"
+                $privateEndpointAvailabilityCheckCompleted = $true
+            }
+            else {
+                Write-Host " $($htAvailablePrivateEndpointTypes.Keys.Count) 'Available Private Endpoint Types' - likely the Resource Provider 'Microsoft.Network' is not registered - trying next available subscription"
+                $privateEndpointAvailabilityCheckCompleted = $false
             }
-        } -ThrottleLimit $ThrottleLimit
+        }
 
         if ($htAvailablePrivateEndpointTypes.Keys.Count -gt 0) {
             Write-Host " Created ht for $($htAvailablePrivateEndpointTypes.Keys.Count) 'Available Private Endpoint Types'"
         }
         else {
-            $throwmsg = "$($htAvailablePrivateEndpointTypes.Keys.Count) 'Available Private Endpoint Types' - Please use another Subscription for the AzContext (current subscriptionId: '$($azAPICallConf['checkcontext'].Subscription.Id)') -> use parameter: -SubscriptionId4AzContext '<subscriptionId>'"
+            $throwmsg = "$($htAvailablePrivateEndpointTypes.Keys.Count) 'Available Private Endpoint Types' - Checked for $($subsToProcessForGettingPrivateEndpointTypes.Count) Subscriptions with no success. Make sure that for at least one Subscription the Resource Provider 'Microsoft.Network' is registered. Once you registered the Resource Provider for Subscription 'subscriptionEnabled' it may be a good idea to use the parameter: -SubscriptionId4AzContext '<subscriptionId of subscriptionEnabled>'"
             Write-Host $throwmsg -ForegroundColor DarkRed
             Throw $throwmsg
         }