-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathRemove-AzWorkspaceManagerAssignmentJob.ps1
More file actions
129 lines (111 loc) · 6.45 KB
/
Remove-AzWorkspaceManagerAssignmentJob.ps1
File metadata and controls
129 lines (111 loc) · 6.45 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
function Remove-AzWorkspaceManagerAssignmentJob {
[cmdletbinding(SupportsShouldProcess = $true, ConfirmImpact = 'High')]
param (
[Parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true)]
[ValidateNotNullOrEmpty()]
[ValidatePattern('^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$', ErrorMessage="It does not match expected pattern '{1}'")]
[Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters.ResourceNameCompleterAttribute(
"Microsoft.OperationalInsights/workspaces",
"ResourceGroupName"
)][string]$WorkspaceName,
[Parameter(Mandatory = $false, ValueFromPipelineByPropertyName = $true)]
[Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters.ResourceGroupCompleterAttribute()]
[string]$ResourceGroupName,
[Parameter(Mandatory = $false, ValueFromPipelineByPropertyName = $true)]
[ValidatePattern('^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$', ErrorMessage = "It does not match expected pattern '{1}'")]
[ValidateNotNullOrEmpty()]
[string]$AssignmentName,
[Parameter(Mandatory = $false, ValueFromPipelineByPropertyName = $true)]
[ValidateNotNullOrEmpty()]
[ValidatePattern('^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$', ErrorMessage = "It does not match expected pattern '{1}'")]
[string]$Name,
[Parameter(Mandatory = $false, ValueFromPipelineByPropertyName = $true)]
[ValidateNotNullOrEmpty()]
[array]$ResourceId,
[Parameter(Mandatory = $false)]
[switch]$Force
)
begin {
Invoke-AzWorkspaceManager -FunctionName $MyInvocation.MyCommand.Name
}
process {
if ($ResourceGroupName) {
$null = Get-AzWorkspaceManager -Name $($WorkspaceName) -ResourceGroupName $ResourceGroupName
}
else {
$null = Get-AzWorkspaceManager -Name $($WorkspaceName)
}
if ($Force) {
$ConfirmPreference = 'None'
}
try {
Write-Verbose "Performing the operation 'Removing workspace manager assignment' on target '$($WorkspaceName)'."
if ($ResourceId) {
$uri = "https://management.azure.com$($ResourceId)?api-version=$($SessionVariables.apiVersion)"
$name = $ResourceId.Split('/')[-1]
} elseif ($Name -and $AssignmentName) {
$uri = "$($SessionVariables.workspace)/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/$($AssignmentName)/jobs/$($Name)?api-version=$($SessionVariables.apiVersion)"
}
else {
Write-Message -FunctionName $($MyInvocation.MyCommand.Name) -Message "No name for the workspace manager assignment or job was provided" -Severity 'Error'
}
$requestParam = @{
Headers = $authHeader
Uri = $uri
Method = 'GET'
ErrorVariable = 'ErrVar'
}
if ($apiResponse -ne '') {
if ($PSCmdlet.ShouldProcess($SessionVariables.workspaceManagerConfiguration -eq 'Enabled', "Remove Workspace Manager Assignment Job '$($Name)'")) {
$requestParam = @{
Headers = $authHeader
Uri = $uri
Method = 'DELETE'
ErrorVariable = 'ErrVar'
}
Invoke-RestMethod @requestParam
if ($null -eq $response) {
Write-Message -FunctionName $($MyInvocation.MyCommand.Name) -Message "Workspace Manager Assignment Job '$($name)' was removed." -Severity 'Information'
}
}
}
else {
Write-Message -FunctionName $($MyInvocation.MyCommand.Name) -Message "The Workspace Manager Assignment Job '$($name)' does not exist" -Severity 'Error'
}
}
catch {
if ($ErrVar.Message -like '*ResourceNotFound*') {
Write-Message -FunctionName $MyInvocation.MyCommand.Name -Message "Workspace Manager Assignment Job '$($name)' was not found under Assignment '$($AssignmentName)'" -Severity 'Error'
}
else {
Write-Message -FunctionName $($MyInvocation.MyCommand.Name) -Message ($return.ErrorRecord | ConvertFrom-Json).error.message -Severity 'Error'
}
}
}
<#
.SYNOPSIS
Get the Microsoft Sentinel Workspace Manager Groups
.DESCRIPTION
The Remove-AzWorkspaceManagerAssignmentJob cmdlet removes the Workspace Manager Assignment Jobs from the Workspace Manager Assignment.
When the Workspace Manager Assignment is removed, all the Workspace Manager Assignment Jobs are removed as well.
.PARAMETER WorkspaceName
The Name of the log analytics workspace
.PARAMETER ResourceGroupName
The name of the ResouceGroup where the log analytics workspace is located
.PARAMETER AssignmentName
The name of the workspace manager assignment (default this has the same value as the Workspace Manager GroupName)
.PARAMETER JobName
The name of the Workspace Manager Assignment Job
.PARAMETER Force
Confirms the removal of the Workspace manager configuration
.EXAMPLE
Remove-AzWorkspaceManagerAssignmentJob -WorkspaceName 'myWorkspace' -ResourceGroupName 'myRG' -AssignmentName 'myAssignment' -JobName 'e53fa65b-1e2d-48cd-b079-a596dc6ea5a1'
This example removes the Workspace Manager Assignment Job 'e53fa65b-1e2d-48cd-b079-a596dc6ea5a1' from the Workspace Manager Assignment 'myAssignment' in the log analytics workspace 'myWorkspace' in the resource group 'myRG'
.EXAMPLE
Get-AzWorkspaceManagerAssignmentJob -WorkspaceName 'myWorkspace' -Name 'MyWorkspaceManagerAssignment' | Remove-AzWorkspaceManagerAssignmentJob -Force
This example removes all the Workspace Manager Assignment Jobs from the Workspace Manager Assignment 'MyWorkspaceManagerAssignment' without prompting for confirmation
.EXAMPLE
Get-AzWorkspaceManagerAssignment -WorkspaceName 'sentinel-playground' | Get-AzWorkspaceManagerAssignmentJob | Remove-AzWorkspaceManagerAssignmentJob -Force
This example removes all the Workspace Manager Assignment Jobs from all the Workspace Manager Assignments in the log analytics workspace 'sentinel-playground' without prompting for confirmation
#>
}