Fix bugs in Build-Documentation script. (#460)

Azure · Jan 24, 2024 · 1ac259d · 1ac259d
1 parent 5d437a4
commit 1ac259d
Show file tree

Hide file tree

Showing 12 changed files with 169 additions and 108 deletions.
diff --git a/Docs/policy-set-definitions.md b/Docs/policy-set-definitions.md
@@ -72,7 +72,7 @@ This schema is new in v7.4.x and may not be complete. Please let us know if we m
         "defaultValue": []
       }
     },
-    "PolicyDefinitions": [
+    "policyDefinitions": [
       {
         "policyDefinitionReferenceId": "Reference to policy number one",
         "policyDefinitionName": "Name of Policy Number One",

diff --git a/Schemas/policy-exemption-schema.json b/Schemas/policy-exemption-schema.json
@@ -29,16 +29,17 @@
                         "policyAssignmentId": {
                             "type": "string"
                         },
+                        "policyDefinitionReferenceIds": {
+                            "type": "array"
+                        },
+                        "resourceSelectors": {
+                            "type": "array"
+                        },
+                        "assignmentScopeValidation": {
+                            "type": "string"
+                        },
                         "metadata": {
-                            "type": "object",
-                            "properties": {
-                                "stuff": {
-                                    "type": "string"
-                                }
-                            },
-                            "required": [
-                                "stuff"
-                            ]
+                            "type": "object"
                         }
                     },
                     "additionalProperties": false,

diff --git a/Scripts/Helpers/Add-HelperScripts.ps1 b/Scripts/Helpers/Add-HelperScripts.ps1
@@ -31,8 +31,10 @@
 . "$PSScriptRoot/Confirm-PolicySetDefinitionUsedExists.ps1"
 . "$PSScriptRoot/Confirm-ValidPolicyResourceName.ps1"
 
+. "$PSScriptRoot/Convert-AllowedEffectsToCsvString.ps1"
 . "$PSScriptRoot/Convert-EffectToOrdinal.ps1"
-. "$PSScriptRoot/Convert-EffectToString.ps1"
+. "$PSScriptRoot/Convert-EffectToMarkdownString.ps1"
+. "$PSScriptRoot/Convert-EffectToCsvString.ps1"
 . "$PSScriptRoot/Convert-OrdinalToEffectDisplayName.ps1"
 . "$PSScriptRoot/Convert-ListToToCsvRow.ps1"
 . "$PSScriptRoot/Convert-ParametersToString.ps1"

diff --git a/Scripts/Helpers/Convert-AllowedEffectsToCsvString.ps1 b/Scripts/Helpers/Convert-AllowedEffectsToCsvString.ps1
@@ -0,0 +1,41 @@
+function Convert-AllowedEffectsToCsvString {
+    param (
+        $DefaultEffect,
+        [bool] $IsEffectParameterized,
+        $EffectAllowedValues,
+        $EffectAllowedOverrides,
+        [string] $InCellSeparator1,
+        [string] $InCellSeparator2
+    )
+
+    $allowedList = @()
+    $prefix = "default"
+    if ($IsEffectParameterized -and $EffectAllowedValues.Count -gt 1) {
+        $allowedList = $EffectAllowedValues
+        $prefix = "parameter"
+    }
+    elseif ($EffectAllowedOverrides.Count -gt 1) {
+        $allowedList = $EffectAllowedOverrides
+        $prefix = "override"
+    }
+    elseif ($null -ne $DefaultEffect) {
+        $prefix = "default"
+        $allowedList = @( $DefaultEffect )
+    }
+    else {
+        $prefix = "none"
+        $allowedList = @()
+        return "$(prefix)$($InCellSeparator1)No effect allowed$($InCellSeparator2)Error"
+    }
+
+    $effectArray = @()
+    foreach ($effectValue in @( "Modify", "Append", "DenyAction", "Deny", "Audit", "Manual", "DeployIfNotExists", "AuditIfNotExists", "Disabled" )) {
+        # sorted logicaly
+        if ($allowedList -contains $effectValue) {
+            $effectArray += $effectValue
+        }
+    }
+    $effectAllowedText = "$($prefix)$($InCellSeparator1)$($effectArray -join $InCellSeparator2)"
+
+    return $effectAllowedText
+}
diff --git a/Scripts/Helpers/Convert-EffectToCsvString.ps1 b/Scripts/Helpers/Convert-EffectToCsvString.ps1
@@ -0,0 +1,22 @@
+function Convert-EffectToCsvString {
+    param (
+        # Parameter help description
+        [Parameter(Position = 0, Mandatory = $true, ValueFromPipeline = $true, HelpMessage = "The effect to convert to a CSV string")]
+        [string] $Effect
+    )
+
+    # Convert the effect to a CSV string to fix mixed case sensitivity
+    $effectValueText = switch ($Effect) {
+        "Modify" { "Modify" }
+        "Append" { "Append" }
+        "DenyAction" { "DenyAction" }
+        "Deny" { "Deny" }
+        "Audit" { "Audit" }
+        "Manual" { "Manual" }
+        "DeployIfNotExists" { "DeployIfNotExists" }
+        "AuditIfNotExists" { "AuditIfNotExists" }
+        "Disabled" { "Disabled" }
+        default { "Error" }
+    }
+    return $effectValueText
+}
diff --git a/Scripts/Helpers/Convert-EffectToMarkdownString.ps1 b/Scripts/Helpers/Convert-EffectToMarkdownString.ps1
@@ -0,0 +1,22 @@
+function Convert-EffectToMarkdownString {
+    param (
+        [string] $Effect,
+        [array] $AllowedValues
+    )
+
+    [string] $text = ""
+    if ($null -ne $Effect) {
+        if ($AllowedValues.Count -eq 1) {
+            $text = "***$Effect***"
+        }
+        else {
+            $text = "**$Effect**"
+        }
+        foreach ($allowed in $AllowedValues) {
+            if ($allowed -cne $Effect) {
+                $text += "<br/>*$allowed*"
+            }
+        }
+    }
+    return $text
+}
diff --git a/Scripts/Helpers/Convert-EffectToOrdinal.ps1 b/Scripts/Helpers/Convert-EffectToOrdinal.ps1
@@ -4,15 +4,16 @@ function Convert-EffectToOrdinal {
     )
 
     $ordinal = switch ($Effect) {
-        "Modify" { $ordinal = 0 }
-        "Append" { $ordinal = 0 }
-        "DeployIfNotExists" { $ordinal = 0 }
-        "Deny" { $ordinal = 1 }
-        "Audit" { $ordinal = 2 }
-        "Manual" { $ordinal = 2 }
-        "AuditIfNotExists" { $ordinal = 2 }
-        "Disabled" { $ordinal = 9 }
-        default { $ordinal = 9 }
+        "Modify" { 0 }
+        "Append" { 1 }
+        "DeployIfNotExists" { 2 }
+        "DenyAction" { 3 }
+        "Deny" { 4 }
+        "Audit" { 5 }
+        "Manual" { 6 }
+        "AuditIfNotExists" { 7 }
+        "Disabled" { 8 }
+        default { 98 }
     }
     return $ordinal
 }
diff --git a/Scripts/Helpers/Convert-EffectToString.ps1 b/Scripts/Helpers/Convert-EffectToString.ps1
diff --git a/Scripts/Helpers/Out-PolicyAssignmentDocumentationToFile.ps1 b/Scripts/Helpers/Out-PolicyAssignmentDocumentationToFile.ps1
@@ -39,6 +39,7 @@ function Out-PolicyAssignmentDocumentationToFile {
         $flatPolicyList = $perEnvironment.flatPolicyList
         foreach ($policyTableId in $flatPolicyList.Keys) {
             $flatPolicyEntry = $flatPolicyList.$policyTableId
+            $isEffectParameterized = $flatPolicyEntry.isEffectParameterized
 
             $flatPolicyEntryAcrossEnvironments = @{}
             if ($flatPolicyListAcrossEnvironments.ContainsKey($policyTableId)) {
@@ -59,6 +60,7 @@ function Out-PolicyAssignmentDocumentationToFile {
                     isEffectParameterized  = $isEffectParameterized
                     ordinal                = 99
                     effectAllowedValues    = @{}
+                    effectAllowedOverrides = $flatPolicyEntry.effectAllowedOverrides
                     environmentList        = @{}
                     groupNames             = [System.Collections.ArrayList]::new()
                     policySetList          = @{}
@@ -81,10 +83,10 @@ function Out-PolicyAssignmentDocumentationToFile {
             }
 
             # Collect union of all group names
-            $groupNames = $flatPolicyEntry.groupNames
-            if ($null -ne $groupNames -and $groupNames.Count -gt 0) {
+            $groupNamesList = $flatPolicyEntry.groupNamesList
+            if ($null -ne $groupNamesList -and $groupNamesList.Count -gt 0) {
                 $existingGroupNames = $flatPolicyEntryAcrossEnvironments.groupNames
-                $existingGroupNames.AddRange($groupNames.Keys)
+                $existingGroupNames.AddRange($groupNamesList)
             }
 
             # Collect environment category specific items
@@ -115,18 +117,19 @@ function Out-PolicyAssignmentDocumentationToFile {
                 $policySetInfo = $flatPolicyEntryPolicySetList.$shortName
                 if (-not $policySetList.ContainsKey($shortName)) {
                     $policySetEntry = @{
-                        shortName             = $shortName
-                        id                    = $policySetInfo.id
-                        name                  = $policySetInfo.name
-                        displayName           = $policySetInfo.displayName
-                        description           = $policySetInfo.description
-                        policyType            = $policySetInfo.policyType
-                        effectParameterName   = $policySetInfo.effectParameterName
-                        effectDefault         = $policySetInfo.effectDefault
-                        effectAllowedValues   = $policySetInfo.effectAllowedValues
-                        effectReason          = $policySetInfo.effectReason
-                        isEffectParameterized = $policySetInfo.isEffectParameterized
-                        parameters            = $policySetInfo.parameters
+                        shortName              = $shortName
+                        id                     = $policySetInfo.id
+                        name                   = $policySetInfo.name
+                        displayName            = $policySetInfo.displayName
+                        description            = $policySetInfo.description
+                        policyType             = $policySetInfo.policyType
+                        effectParameterName    = $policySetInfo.effectParameterName
+                        effectDefault          = $policySetInfo.effectDefault
+                        effectAllowedValues    = $policySetInfo.effectAllowedValues
+                        effectAllowedOverrides = $policySetInfo.effectAllowedOverrides
+                        effectReason           = $policySetInfo.effectReason
+                        isEffectParameterized  = $policySetInfo.isEffectParameterized
+                        parameters             = $policySetInfo.parameters
                     }
                     $null = $policySetList.Add($shortName, $policySetEntry)
                 }
@@ -202,10 +205,9 @@ function Out-PolicyAssignmentDocumentationToFile {
                 $environmentCategoryValues = $environmentList.$environmentCategory
                 $effectValue = $environmentCategoryValues.effectValue
                 $effectAllowedValues = $_.effectAllowedValues
-                $text = Convert-EffectToString `
+                $text = Convert-EffectToMarkdownString `
                     -Effect $effectValue `
-                    -AllowedValues $effectAllowedValues.Keys `
-                    -Markdown
+                    -AllowedValues $effectAllowedValues.Keys
                 $addedEffectColumns += " $text |"
 
                 # $parameters = $environmentCategoryValues.parameters
@@ -272,11 +274,16 @@ function Out-PolicyAssignmentDocumentationToFile {
     }
 
     # deal with multi value cells
-    $inCellSeparator = ","
+    $inCellSeparator1 = ": "
+    $inCellSeparator2 = ","
+    $inCellSeparator3 = ","
     if ($WindowsNewLineCells) {
-        $inCellSeparator = ",`n"
+        $inCellSeparator1 = ":`n  "
+        $inCellSeparator2 = ",`n  "
+        $inCellSeparator3 = ",`n"
     }
 
+
     $allRows.Clear()
 
     # Process the table
@@ -288,8 +295,14 @@ function Out-PolicyAssignmentDocumentationToFile {
         }
 
         # Cache loop values
+        # $effectAllowedValues = $_.effectAllowedValues
+        # $groupNames = $_.groupNames
+        # $policySetEffectStrings = $_.policySetEffectStrings
         $effectAllowedValues = $_.effectAllowedValues
+        $isEffectParameterized = $_.isEffectParameterized
+        $effectAllowedOverrides = $_.effectAllowedOverrides
         $groupNames = $_.groupNames
+        $effectDefault = $_.effectDefault
         $policySetEffectStrings = $_.policySetEffectStrings
 
         # Build common columns
@@ -302,25 +315,29 @@ function Out-PolicyAssignmentDocumentationToFile {
         $groupNames = $_.groupNames
         if ($groupNames.Count -gt 0) {
             $sortedGroupNameList = $groupNames | Sort-Object -Unique
-            $rowObj.groupNames = $sortedGroupNameList -join $inCellSeparator
+            $rowObj.groupNames = $sortedGroupNameList -join $inCellSeparator3
         }
         if ($policySetEffectStrings.Count -gt 0) {
-            $rowObj.policySets = $policySetEffectStrings -join $inCellSeparator
-        }
-        if ($effectAllowedValues.Count -gt 0) {
-            $rowObj.allowedEffects = $effectAllowedValues.Keys -join $inCellSeparator
+            $rowObj.policySets = $policySetEffectStrings -join $inCellSeparator3
         }
+        $rowObj.allowedEffects = Convert-AllowedEffectsToCsvString `
+            -DefaultEffect $effectDefault `
+            -IsEffectParameterized $isEffectParameterized `
+            -EffectAllowedValues $effectAllowedValues.Keys `
+            -EffectAllowedOverrides $effectAllowedOverrides `
+            -InCellSeparator1 $inCellSeparator1 `
+            -InCellSeparator2 $inCellSeparator2
 
         $environmentList = $_.environmentList
         # Build environmentCategory columns
         foreach ($environmentCategory in $environmentCategories) {
             if ($environmentList.ContainsKey($environmentCategory)) {
                 $perEnvironment = $environmentList.$environmentCategory
                 if ($null -ne $perEnvironment.effectValue) {
-                    $rowObj["$($environmentCategory)Effect"] = $perEnvironment.effectValue
+                    $rowObj["$($environmentCategory)Effect"] = Convert-EffectToCsvString $perEnvironment.effectValue
                 }
                 else {
-                    $rowObj["$($environmentCategory)Effect"] = $_.effectDefault
+                    $rowObj["$($environmentCategory)Effect"] = Convert-EffectToCsvString $_.effectDefault
                 }
 
                 $text = Convert-ParametersToString -Parameters $perEnvironment.parameters -OutputType "csvValues"

diff --git a/Scripts/Helpers/Out-PolicySetsDocumentationToFile.ps1 b/Scripts/Helpers/Out-PolicySetsDocumentationToFile.ps1
@@ -55,10 +55,9 @@ function Out-PolicySetsDocumentationToFile {
                 $perPolicySet = $policySetList.$shortName
                 $effectValue = $perPolicySet.effectValue
                 $effectAllowedValues = $perPolicySet.effectAllowedValues
-                $text = Convert-EffectToString `
+                $text = Convert-EffectToMarkdownString `
                     -Effect $effectValue `
-                    -AllowedValues $effectAllowedValues `
-                    -Markdown
+                    -AllowedValues $effectAllowedValues
                 $addedEffectColumns += " $text |"
 
                 [array] $groupNames = $perPolicySet.groupNames
@@ -152,18 +151,20 @@ function Out-PolicySetsDocumentationToFile {
         if ($policySetEffectStrings.Count -gt 0) {
             $rowObj.policySets = $policySetEffectStrings -join $inCellSeparator3
         }
-        if ($isEffectParameterized -and $effectAllowedValues.Count -gt 1) {
-            $rowObj.allowedEffects = "parameter$inCellSeparator1$($effectAllowedValues.Keys -join $inCellSeparator2)"
-        }
-        elseif ($effectAllowedOverrides.Count -gt 0) {
-            $rowObj.allowedEffects = "override$inCellSeparator1$($effectAllowedOverrides -join $inCellSeparator2)"
-        }
+        $rowObj.allowedEffects = Convert-AllowedEffectsToCsvString `
+            -DefaultEffect $effectDefault `
+            -IsEffectParameterized $isEffectParameterized `
+            -EffectAllowedValues $effectAllowedValues.Keys `
+            -EffectAllowedOverrides $effectAllowedOverrides `
+            -InCellSeparator1 $inCellSeparator1 `
+            -InCellSeparator2 $inCellSeparator2
 
         # Per environment columns
         $parameters = $_.parameters
         $parametersValueString = Convert-ParametersToString -Parameters $parameters -OutputType "csvValues"
+        $normalizedEffectDefault = Convert-EffectToCsvString -Effect $effectDefault
         foreach ($environmentCategory in $EnvironmentColumnsInCsv) {
-            $rowObj["$($environmentCategory)Effect"] = $effectDefault
+            $rowObj["$($environmentCategory)Effect"] = $normalizedEffectDefault
             $rowObj["$($environmentCategory)Parameters"] = $parametersValueString
         }
 

diff --git a/Scripts/Operations/Build-PolicyDocumentation.ps1 b/Scripts/Operations/Build-PolicyDocumentation.ps1
@@ -308,6 +308,11 @@ foreach ($file in $files) {
                     -WindowsNewLineCells:$WindowsNewLineCells `
                     -DocumentationSpecification $documentationSpecification `
                     -AssignmentsByEnvironment $assignmentsByEnvironment
+                # Out-PolicyAssignmentDocumentationToFile `
+                #     -OutputPath $outputPath `
+                #     -WindowsNewLineCells:$true `
+                #     -DocumentationSpecification $documentationSpecification `
+                #     -AssignmentsByEnvironment $assignmentsByEnvironment
             }
         }