Utilizzare gli script descritti in questa sezione per automatizzare il processo di creazione di un report di audit per gli utenti assegnati a ruoli predefiniti in un ambiente e, facoltativamente, inviare via e-mail tale report a un destinatario.
Questo report di audit mostra gli utenti assegnati a ruoli o gruppi predefiniti che sono cambiati dopo l'ultima generazione del report. Per creare un report di audit giornaliero, eseguire questo script a cadenza giornaliera.
Creare provisioningAuditReport.bat copiando lo script seguente. Questo script batch del wrapper chiama lo script di PowerShell provisioningAuditReport.ps1, il codice sorgente per cui viene fornito più avanti in questo scenario.
Nota:
provisioningAuditReport.bat sono: username, password or password_file, service_url e report_email_to_address (facoltativo, obbligatorio solo se si desidera inviare il report a un indirizzo e-mail).@echo off set paramRequiredMessage=Syntax: provisioningAuditReport.bat USERNAME PASSWORD/PASSWORD_FILE URL [REPORT_EMAIL_TO_ADDRESS] if "%~1" == "" ( echo User Name is missing. echo %paramRequiredMessage% exit /b 1 ) if "%~2" == "" ( echo Password or Password_File is missing. echo %paramRequiredMessage% exit /b 1 ) if "%~3" == "" ( echo URL is missing. echo %paramRequiredMessage% exit /b 1 ) PowerShell.exe -File provisioningAuditReport.ps1 %*
provisioningAuditReport.bat chiama provisioningAuditReport.ps1, che può essere creato copiando lo script seguente.
provisioningAuditReport.ps1 crea il report di audit. Posizionarlo nella stessa directory in cui si trova provisioningAuditReport.bat.
$username=$args[0]
$password=$args[1]
$url=$args[2]
$reportemailtoaddress=$args[3]
$date=$(get-date -f dd_MM_yy_HH_mm_ss)
$datedefaultformat=$(get-date)
$logdir="./logs/"
$logfile="$logdir/epmautomate-provisionauditreport-" + $date + ".log"
$reportdir="./reports/"
$provisionreport="provreport-audittest-" + $date + ".csv"
$provisionreporttemp="./provreport-audittest-temp.csv"
$provisionreportunique="./provreport-audittest-unique.csv"
$provisionreportbaselineunique="./provreport-audittest-baseline-unique.csv"
function EchoAndLogMessage
{
$message=$args[0]
echo "$message"
echo "$message" >> $logfile
}
function Init
{
$logdirexists=Test-Path $logdir
if (!($logdirexists)) {
mkdir $logdir 2>&1 | out-null
}
$logfileexists=Test-Path $logfile
if ($logfileexists) {
rm $logfile 2>&1 | out-null
}
$reportdirexists=Test-Path $reportdir
if (!($reportdirexists)) {
mkdir $reportdir 2>&1 | out-null
}
}
function PostProcess
{
rm $provisionreporttemp
mv -Force $provisionreportunique $provisionreportbaselineunique
}
function ProcessCommand
{
$op=$args
echo "EPM Automate operation: epmautomate.bat $op" >> $logfile
epmautomate.bat $op >> $logfile 2>&1
if ($LASTEXITCODE -ne 0) {
echo "EPM Automate operation failed: epmautomate.bat $op. See $logfile for details."
exit
}
}
function RunEpmAutomateCommands
{
EchoAndLogMessage "Running EPM Automate commands to generate the provisioning report."
ProcessCommand login $username $password $url
ProcessCommand provisionreport $provisionreport
ProcessCommand downloadfile $provisionreport
ProcessCommand deletefile $provisionreport
ProcessCommand logout
}
function CreateProvisionReportTempFile
{
# Loop through iteration csv file and parse
Get-Content $provisionreport | ForEach-Object {
$elements=$_.split(',')
echo "$($elements[0]),$($elements[2])" >> $provisionreporttemp
}
}
function CreateUniqueElementsFile
{
gc $provisionreporttemp | sort | get-unique > $provisionreportunique
}
function CheckBaselineAndCreateAuditReport
{
$provisionreportbaselineuniqueexists=Test-Path $provisionreportbaselineunique
if (!($provisionreportbaselineuniqueexists)) {
EchoAndLogMessage "No existing provisioning report, so comparison with a baseline is not possible. Audit report will be created at the next test run."
} else {
CreateAuditReport
}
}
function EmailAuditReport
{
$auditreport=$args[0]
$elements=$auditreport.split('/')
$auditreportname=$elements[2]
if (${reportemailtoaddress} -match "@") {
EchoAndLogMessage "Emailing audit report"
ProcessCommand login $username $password $url
ProcessCommand uploadFile $auditreport
ProcessCommand sendMail $reportemailtoaddress "Provisionining Audit Report" Body="Provisioning Audit Report is attached." Attachments=$auditreportname
ProcessCommand deleteFile $auditreportname
ProcessCommand logout
}
}
function CreateAuditReport
{
$auditreport=$reportdir + "auditreport-"+ $date + ".txt"
$additions = @()
$deletions = @()
EchoAndLogMessage "Comparing previous provisioning report with the current report."
$compare=compare-object (get-content $provisionreportunique) (get-content $provisionreportbaselineunique)
$compare | foreach {
if ($_.sideindicator -eq '<=')
{
$additions += $_.inputobject
} elseif ($_.sideindicator -eq '=>') {
$deletions += $_.inputobject
}
}
echo "Provisioning Audit Report for $datedefaultformat" > $auditreport
echo "------------------------------------------------" >> $auditreport
if ($additions.count -ne 0)
{
echo " " >> $auditreport
echo "Additions:" >> $auditreport
foreach($element in $additions) { echo "$element" >> $auditreport }
}
if ($deletions.count -ne 0)
{
echo " " >> $auditreport
echo "Deletions:" >> $auditreport
foreach($element in $deletions) { echo "$element" >> $auditreport }
}
if (($additions.count -eq 0) -and ($deletions.count -eq 0))
{
echo " " >> $auditreport
echo "No changes from last audit report." >> $auditreport
}
EchoAndLogMessage "Provisioning audit report has been generated: $auditreport."
EmailAuditReport $auditreport
}
Init
EchoAndLogMessage "Starting EPMAutomate provisioning audit reporting"
RunEpmAutomateCommands
CreateProvisionReportTempFile
CreateUniqueElementsFile
CheckBaselineAndCreateAuditReport
PostProcess
EchoAndLogMessage "EPMAutomate provisioning audit reporting completed"