feat(m365): add parameter to output all ScubaGear files (#20)

Author: jacdavi

m365/README.adoc

@@ -93,6 +93,7 @@ Optional::
 `tags` (map(string)) [default={}]::: Tags to apply to all resources created. Application is done via policies
 `serial_number` (string) [default=01]::: Increment by 1 when re-provisioning with the same resource group name
 `image_path` (string) [default=./cisa_logo.png]::: Path to image used for app logo. Displayed in Azure console on installed tenants
+`output_all_files` (bool) [default=False]::: If true, will output all files generated by ScubaGear instead of just the ScubaResults.json
 Advanced::
 `create_app` (bool) [default=True]::: If true, the app will be created. If false, the app will be imported
 `prefix_override` (string) [default=None]::: Prefix for resource names. If null, one will be generated from app_name

m365/image/run_container.ps1

@@ -91,11 +91,18 @@ Foreach ($tenantConfig in $(Get-ChildItem 'input\')) {
 
         Write-Output "  Starting Upload"
         $DatePath = Get-Date -Format "yyyy/MM/dd"
-        $OutPath = "$($Env:REPORT_OUTPUT)/$($DatePath)/$($ResultsFile.Name)"
+        if ("true" -eq $Env:OUTPUT_ALL_FILES) {
+            $InPath = "$($ResultsFile.DirectoryName)\*"
+            $OutPath = "$($Env:REPORT_OUTPUT)/$($DatePath)/$($org)-$([int]$(Get-Date).TimeOfDay.TotalSeconds)"
+        }
+        else {
+            $InPath = $ResultsFile.FullName
+            $OutPath = "$($Env:REPORT_OUTPUT)/$($DatePath)/$($ResultsFile.Name)"
+        }
         if ($null -ne $Env:REPORT_SAS) {
             $OutPath += "?$($Env:REPORT_SAS)"
         }
-        .\azcopy copy $ResultsFile.FullName $OutPath --output-level essential
+        .\azcopy copy $InPath $OutPath --output-level essential --recursive
         if ($LASTEXITCODE -gt 0) {
             throw "Error transferring files"
         }
@@ -108,7 +115,7 @@ Foreach ($tenantConfig in $(Get-ChildItem 'input\')) {
         Write-Output $_
     }
 
-    if ($Env:DEBUG_LOG -eq "true") {
+    if ("true" -eq $Env:DEBUG_LOG) {
         Get-Process | Sort-Object -Property WS -Descending | Select-Object -First 10
         (Get-Ciminstance Win32_OperatingSystem).FreePhysicalMemory
     }

m365/terraform/env/example/main.tf

@@ -14,6 +14,7 @@ module "scuba_connect" {
   container_registry           = var.container_registry
   input_storage_container_url  = var.input_storage_container_url
   output_storage_container_url = var.output_storage_container_url
+  output_all_files             = var.output_all_files
   tags                         = var.tags
   secondary_app_info           = var.secondary_app_info
 }

m365/terraform/env/example/provider.tf

@@ -17,7 +17,7 @@ terraform {
 provider "azurerm" {
   features {}
   subscription_id = "<YOUR_SUBSCRIPTION_UUID>"
-  environment = "public"
+  environment     = "public"
 }
 
 provider "azuread" {

m365/terraform/env/example/variables.tf

@@ -79,6 +79,12 @@ variable "image_path" {
   description = "Path to image used for app logo. Displayed in Azure console on installed tenants"
 }
 
+variable "output_all_files" {
+  default     = false
+  type        = bool
+  description = "If true, will output all files generated by ScubaGear instead of just the ScubaResults.json"
+}
+
 ### ADVANCED ###
 
 variable "create_app" {
@@ -143,12 +149,12 @@ variable "secondary_app_info" {
     Set `environment_to_use` to the environment the manual app is in, either "commericial" or "gcchigh"
   EOF
   type = object({
-    app_id = string
+    app_id             = string
     environment_to_use = string
   })
   default = null
   validation {
-    condition = var.secondary_app_info == null ? true : contains(["commercial", "gcchigh"], var.secondary_app_info.environment_to_use)
+    condition     = var.secondary_app_info == null ? true : contains(["commercial", "gcchigh"], var.secondary_app_info.environment_to_use)
     error_message = "Valid values for create_mode are (Default, PointInTimeRestore, Replica)"
   }
 }

m365/terraform/main.tf

@@ -68,6 +68,7 @@ module "container" {
   schedule_interval            = var.schedule_interval
   output_storage_container_url = var.output_storage_container_url
   output_storage_container_sas = var.output_storage_container_sas
+  output_all_files             = var.output_all_files
   input_storage_container_url  = var.input_storage_container_url
   contact_emails               = var.contact_emails
   log_analytics_workspace      = azurerm_log_analytics_workspace.monitor_law

m365/terraform/modules/container/main.tf

@@ -1,7 +1,7 @@
 data "azurerm_client_config" "current" {}
 
 locals {
-  is_us_gov = startswith(lower(var.resource_group.location), "usgov")
+  is_us_gov    = startswith(lower(var.resource_group.location), "usgov")
   aad_endpoint = local.is_us_gov ? "https://login.microsoftonline.us" : "https://login.microsoftonline.com"
 }
 
@@ -69,23 +69,24 @@ resource "azurerm_container_group" "aci" {
     cpu    = "1"
     memory = var.container_memory_gb
     environment_variables = {
-      "DEBUG_LOG"       = "false"
-      "RUN_TYPE"        = each.key
-      "TENANT_ID"       = data.azurerm_client_config.current.tenant_id
-      "APP_ID"          = var.application_client_id
-      "REPORT_OUTPUT"   = local.output_storage_container_url
-      "TENANT_INPUT"    = local.input_storage_container_url
-      "IS_VNET"         = var.subnet_ids != null
-      "IS_GOV"          = local.is_us_gov
-      "VAULT_NAME"      = var.cert_info.vault_name
-      "CERT_NAME"       = var.cert_info.cert_name
-      "MI_PRINCIPAL_ID" = azurerm_user_assigned_identity.container_mi.principal_id
-
-      "SECONDARY_APP_ID" = var.secondary_app_info == null ? null : var.secondary_app_info.app_id
+      "DEBUG_LOG"        = "false"
+      "RUN_TYPE"         = each.key
+      "TENANT_ID"        = data.azurerm_client_config.current.tenant_id
+      "APP_ID"           = var.application_client_id
+      "REPORT_OUTPUT"    = local.output_storage_container_url
+      "TENANT_INPUT"     = local.input_storage_container_url
+      "IS_VNET"          = var.subnet_ids != null
+      "IS_GOV"           = local.is_us_gov
+      "VAULT_NAME"       = var.cert_info.vault_name
+      "CERT_NAME"        = var.cert_info.cert_name
+      "MI_PRINCIPAL_ID"  = azurerm_user_assigned_identity.container_mi.principal_id
+      "OUTPUT_ALL_FILES" = var.output_all_files
+
+      "SECONDARY_APP_ID"  = var.secondary_app_info == null ? null : var.secondary_app_info.app_id
       "SECONDARY_APP_TLD" = var.secondary_app_info == null ? null : (var.secondary_app_info.environment_to_use == "commercial" ? "com" : "us")
     }
     secure_environment_variables = {
-      "REPORT_SAS"      = var.output_storage_container_sas
+      "REPORT_SAS" = var.output_storage_container_sas
     }
     dynamic "ports" {
       for_each = var.subnet_ids == null ? [] : [1]

m365/terraform/modules/container/variables.tf

@@ -40,6 +40,13 @@ variable "output_storage_container_sas" {
   description = "If not null, shared access signature token (query string) to use when writing results to the output storage container. Set this when the container is in an external tenant (the owner of that container will provide the value)."
   sensitive   = true
 }
+
+variable "output_all_files" {
+  default     = false
+  type        = bool
+  description = "If true, will output all files generated by ScubaGear instead of just the ScubaResults.json"
+}
+
 variable "tenants_dir_path" {
   default     = "./tenants"
   type        = string
@@ -87,7 +94,7 @@ variable "container_registry" {
     username = string
     password = string
   })
-  default = null
+  default     = null
   description = "Credentials for logging into registry with container image"
 }
 
@@ -122,12 +129,12 @@ variable "secondary_app_info" {
     Set `environment_to_use` to the environment the manual app is in, either "commericial" or "gcchigh"
   EOF
   type = object({
-    app_id = string
+    app_id             = string
     environment_to_use = string
   })
   default = null
   validation {
-    condition = var.secondary_app_info == null ? true : contains(["commercial", "gcchigh"], var.secondary_app_info.environment_to_use)
+    condition     = var.secondary_app_info == null ? true : contains(["commercial", "gcchigh"], var.secondary_app_info.environment_to_use)
     error_message = "Valid values for create_mode are (Default, PointInTimeRestore, Replica)"
   }
 }

m365/terraform/tagging.tf

@@ -21,17 +21,17 @@ resource "azurerm_resource_group_policy_assignment" "tagging_assignments" {
 }
 
 resource "azurerm_role_assignment" "tag_contributor" {
-  for_each = var.tags
+  for_each             = var.tags
   scope                = azurerm_resource_group.rg.id
   role_definition_name = "Tag Contributor"
   principal_id         = azurerm_resource_group_policy_assignment.tagging_assignments[each.key].identity[0].principal_id
 }
 
 resource "azurerm_resource_group_policy_remediation" "remediation" {
-  for_each = var.tags
-  name                 = "add-tags-policy-remediation-${each.key}"
-  resource_group_id    = azurerm_resource_group.rg.id
-  policy_assignment_id = azurerm_resource_group_policy_assignment.tagging_assignments[each.key].id
+  for_each                = var.tags
+  name                    = "add-tags-policy-remediation-${each.key}"
+  resource_group_id       = azurerm_resource_group.rg.id
+  policy_assignment_id    = azurerm_resource_group_policy_assignment.tagging_assignments[each.key].id
   resource_discovery_mode = "ReEvaluateCompliance"
-  depends_on = [ azurerm_role_assignment.tag_contributor, module.app, module.container, module.networking ]
+  depends_on              = [azurerm_role_assignment.tag_contributor, module.app, module.container, module.networking]
 }

m365/terraform/variables.tf

@@ -79,6 +79,12 @@ variable "image_path" {
   description = "Path to image used for app logo. Displayed in Azure console on installed tenants"
 }
 
+variable "output_all_files" {
+  default     = false
+  type        = bool
+  description = "If true, will output all files generated by ScubaGear instead of just the ScubaResults.json"
+}
+
 ### ADVANCED ###
 
 variable "create_app" {
@@ -151,12 +157,12 @@ variable "secondary_app_info" {
     Set `environment_to_use` to the environment the manual app is in, either "commericial" or "gcchigh"
   EOF
   type = object({
-    app_id = string
+    app_id             = string
     environment_to_use = string
   })
   default = null
   validation {
-    condition = var.secondary_app_info == null ? true : contains(["commercial", "gcchigh"], var.secondary_app_info.environment_to_use)
+    condition     = var.secondary_app_info == null ? true : contains(["commercial", "gcchigh"], var.secondary_app_info.environment_to_use)
     error_message = "Valid values for create_mode are (Default, PointInTimeRestore, Replica)"
   }
 }