Include GPLinks in publishing process

nyanhp · nyanhp · commit d7b0abcd54eb · 2023-06-18T18:46:55.000+02:00
diff --git a/templates/AppLockerProject/azurepipelines.yml b/templates/AppLockerProject/azurepipelines.yml
@@ -73,7 +73,7 @@ jobs:
             displayName: Publish policies
             inputs:
               filePath: '.\build\publish.ps1'
-              arguments: '-DependencyPath (Join-Path $(Build.SourcesDirectory) build\requiredModules.psd1) -OutputPath (Join-Path $(Build.SourcesDirectory) output)'
+              arguments: '-DependencyPath (Join-Path $(Build.SourcesDirectory) build\requiredModules.psd1) -SourcePath (Join-Path $(Build.SourcesDirectory) configurationdata) -OutputPath (Join-Path $(Build.SourcesDirectory) output)'
           - task: PowerShell@2
             name: validateintegration
             displayName: Validate Integration
diff --git a/templates/AppLockerProject/build/publish.ps1 b/templates/AppLockerProject/build/publish.ps1
@@ -4,15 +4,19 @@ param
     $DependencyPath = (Resolve-Path "$PSScriptRoot\requiredModules.psd1").Path,
 
     [string]
-    $OutputPath = (Resolve-Path "$PSScriptRoot\..\output").Path
+    $OutputPath = (Resolve-Path "$PSScriptRoot\..\output").Path,
+
+    [string]
+    $SourcePath = "$PSScriptRoot\..\configurationdata"
 )
 
 $psdependConfig = Import-PowerShellDataFile -Path $DependencyPath
 $modPath = Resolve-Path -Path $psdependConfig.PSDependOptions.Target
 $modOld = $env:PSModulePath
 $pathSeparator = [System.IO.Path]::PathSeparator
 $env:PSModulePath = "$modPath$pathSeparator$modOld"
-$rsops = Get-DatumRsopCache
+$datum = New-DatumStructure -DefinitionFile (Join-Path $SourcePath Datum.yml)
+[hashtable[]] $rsops = Get-DatumRsop $datum (Get-DatumNodesRecursive -AllDatumNodes $Datum.AllNodes)
 
 foreach ($policy in (Get-ChildItem -Path (Join-Path -Path $OutputPath -ChildPath Policies) -Recurse -Filter *.xml))
 {
@@ -25,10 +29,30 @@ foreach ($policy in (Get-ChildItem -Path (Join-Path -Path $OutputPath -ChildPath
         $null = New-GPO -Name $policy.BaseName -Comment "Auto-updated applocker policy" -Domain $policy.Directory.Name
     }
 
-    $rsop = $rsops | Where-Object { $_.Name -eq $policy.BaseName }
+    $rsop = $rsops | Where-Object { $_['PolicyName'] -eq $policy.BaseName }
     foreach ($link in $rsop.Links)
     {
-        Set-GPLink -Name $rsop.PolicyName -Target $link.OrgUnitDn -LinkEnabled $link.Enabled -Enforced $link.Enforced -Order $link.Order -Domain $policy.Directory.Name -Confirm:0
+        $param = @{
+            Name    = $rsop.PolicyName
+            Target  = $link.OrgUnitDn
+            Domain  = $policy.Directory.Name
+            Confirm = $false
+        }
+
+        if ($rsop.ContainsKey('Enabled'))
+        {
+            $param['LinkEnabled'] = $link.Enabled
+        }
+        if ($rsop.ContainsKey('Enforced'))
+        {
+            $param['Enforced'] = $link.Enforced
+        }
+        if ($rsop.ContainsKey('Order'))
+        {
+            $param['Order'] = $link.Order
+        }
+
+        Set-GPLink @param
     }
 
     $policyFound = $searcher.FindOne()
