Utilisez le script PowerShell de cette section pour automatiser le processus de création d'un rapport d'audit qui décrit en détail l'affectation et la révocation de rôle dans un environnement.
Créez AuditReportRoleAssignment.bat
en copiant le script suivant. Ce script de lot d'enveloppe appelle le script de PowerShell AuditReportRoleAssignment.ps1
, le code source qui est fourni plus loin dans ce scénario.
Remarque :
AuditReportRoleAssignment.bat
: username
, password
ou password_file
, et service_url
.Script : AuditReportRoleAssignment.bat
@echo off set paramRequiredMessage=Syntax: AuditReportRoleAssignment.bat USERNAME PASSWORD/PASSWORD_FILE URL if "%~1" == "" ( echo User Name is missing. echo %paramRequiredMessage% exit /b 1 ) if "%~2" == "" ( echo Password or Password_File is missing. echo %paramRequiredMessage% exit /b 1 ) if "%~3" == "" ( echo URL is missing. echo %paramRequiredMessage% exit /b 1 ) PowerShell.exe -File AuditReportRoleAssignment.ps1 %*
Script : AuditReportRoleAssignment.ps1
# EPM Automate Role Assignment Audit Report Script $username=$args[0] $password=$args[1] $url=$args[2] # Generic variables $date=$(get-date -f dd_MM_yy_HH_mm_ss) $datedefaultformat=$(get-date) $logdir="./logs/" $logfile="$logdir/epmautomate-provisionauditreport-" + $date + ".log" $reportdir="./reports/" $provisionreport="provreport-audittest-" + $date + ".csv" $provisionreporttemp="./provreport-audittest-temp.csv" $provisionreportunique="./provreport-audittest-unique.csv" $provisionreportbaselineunique="./provreport-audittest-baseline-unique.csv" function EchoAndLogMessage { $message=$args[0] echo "$message" echo "$message" >> $logfile } function Init { $logdirexists=Test-Path $logdir if (!($logdirexists)) { mkdir $logdir 2>&1 | out-null } $logfileexists=Test-Path $logfile if ($logfileexists) { rm $logfile 2>&1 | out-null } $reportdirexists=Test-Path $reportdir if (!($reportdirexists)) { mkdir $reportdir 2>&1 | out-null } } function PostProcess { rm $provisionreporttemp mv -Force $provisionreportunique $provisionreportbaselineunique } function ProcessCommand { $op=$args echo "EPM Automate operation: epmautomate.bat $op" >> $logfile epmautomate.bat $op >> $logfile 2>&1 if ($LASTEXITCODE -ne 0) { echo "EPM Automate operation failed: epmautomate.bat $op. See $logfile for details." exit } } function RunEpmAutomateCommands { EchoAndLogMessage "Running EPM Automate commands to generate the audit report." ProcessCommand login $username $password $url ProcessCommand provisionreport $provisionreport ProcessCommand downloadfile $provisionreport ProcessCommand deletefile $provisionreport ProcessCommand logout } function CreateProvisionReportTempFile { # Loop through iteration csv file and parse Get-Content $provisionreport | ForEach-Object { $elements=$_.split(',') echo "$($elements[0]),$($elements[2])" >> $provisionreporttemp } } function CreateUniqueElementsFile { gc $provisionreporttemp | sort | get-unique > $provisionreportunique } function CheckBaselineAndCreateAuditReport { $provisionreportbaselineuniqueexists=Test-Path $provisionreportbaselineunique if (!($provisionreportbaselineuniqueexists)) { EchoAndLogMessage "Could not find a baseline audit report to compare with. Audit report will be created next time you run test." } else { CreateAuditReport } } function CreateAuditReport { $auditreport=$reportdir + "auditreport-"+ $date + ".txt" $additions = @() $deletions = @() EchoAndLogMessage "Comparing previous audit report with the current one." $compare=compare-object (get-content $provisionreportunique) (get-content $provisionreportbaselineunique) $compare | foreach { if ($_.sideindicator -eq '<=') { $additions += $_.inputobject } elseif ($_.sideindicator -eq '=>') { $deletions += $_.inputobject } } echo "Provisioning Audit Report for $datedefaultformat" > $auditreport echo "------------------------------------------------" >> $auditreport if ($additions.count -ne 0) { echo " " >> $auditreport echo "Additions:" >> $auditreport foreach($element in $additions) { echo "$element" >> $auditreport } } if ($deletions.count -ne 0) { echo " " >> $auditreport echo "Deletions:" >> $auditreport foreach($element in $deletions) { echo "$element" >> $auditreport } } if (($additions.count -eq 0) -and ($deletions.count -eq 0)) { echo " " >> $auditreport echo "No changes from last audit report." >> $auditreport } EchoAndLogMessage "Role audit report generated: $auditreport." } Init EchoAndLogMessage "Starting EPMAutomate role audit report generation" RunEpmAutomateCommands CreateProvisionReportTempFile CreateUniqueElementsFile CheckBaselineAndCreateAuditReport PostProcess EchoAndLogMessage "EPMAutomate role audit report completed"