pfs-onsite-automation's Introduction

PFS On-Site Automation Guidelines

Prerequisites

Powershell V5 + and a client to run it.

Standards

All PowerShell comitted to this repo must meet the following requirements:

All scripts need the header as documented here. This must be present before commit and updated on each commit.
It must be a single script for all Prisons. Variables are defined and discovered within the script. If this is not possible, it must be documented why and be agreed with the team. A example of this

Get-ADComputer -SearchBase 'OU=Laptops,OU=Prisoners,OU=Workstations,OU=WLI,OU=Prisons,DC=WLI,DC=DPN,DC=GOV,DC=UK' -Property Name,lastLogonDate -Filter {lastLogonDate -lt $date} | Set-ADComputer -Enabled $false

Should be changed to

#What domain?

If (($env:USERDOMAIN) -eq "WLI")
{
    $Global:Domain = "WLI"
}
elseif (($env:USERDOMAIN) -eq "BWI")
{
    $Global:Domain = "BWI"
}

Get-ADComputer -SearchBase "OU=Laptops,OU=Prisoners,OU=Workstations,OU=$domain,OU=Prisons,DC=$domain,DC=DPN,DC=GOV,DC=UK" -Property Name,lastLogonDate -Filter {lastLogonDate -lt $date} | Set-ADComputer -Enabled $false

Audit Audit Audit! - We have a requirement to audit as much as possible in a script. The following should be used to keep things consistent.

# PowerShell function - Add-Log
# Author: Rich Dakin
Function Add-Log
        {Param ([string]$logstring)
        $logfile = "D:\AD-Automation\Logfile.txt"
        $date = Get-date
        $Global:date = $date.ToString("dd-MM-yyyy-HH-mm")
        add-content $logfile -value "$date :: $logstring"
        }

Further examples of this is taking a one liner script that cannot be fully audited and breaking it out into more cleaner foreach

Get-ADComputer -SearchBase "OU=Laptops,OU=Prisoners,OU=Workstations,OU=$domain,OU=Prisons,DC=$domain,DC=DPN,DC=GOV,DC=UK" -Property Name,lastLogonDate -Filter {lastLogonDate -lt $date} | Set-ADComputer -Enabled $false

Becomes

$GetComputer  = Get-ADComputer -SearchBase "OU=Laptops,OU=Prisoners,OU=Workstations,OU=$domain,OU=Prisons,DC=$domain,DC=DPN,DC=GOV,DC=UK" -Property Name,lastLogonDate -Filter {lastLogonDate -lt $date}

Foreach ($Computer in $GetComputer)
{
    ###Audit
    Add-log "$Computer is being disabled"
    Set-ADComputer -Identity $Computer -Enabled $False
}

Your script must be able to run everytime. Without throwing errors. Example

New-Item -Path "c:\" -Name "logfiles" -ItemType "directory"

#The second time this script runs it will fail on the directory existing. Thus you must complete a test path and use a IF Statement.

If ((Test-path "c:\Logfiles") -ne $True)

{
    New-Item -path c:\Logfiles -ItemType Directory
}

###Now the script will not fail on the subsequent  runs.

All functions should be documented inline, as shown in point 3.
Code should be self documenting, with comments in the appropriate.

pfs-onsite-automation's People

Contributors

Stargazers

Watchers

pfs-onsite-automation's Issues

Default branch is not main

Hi there
The default branch for this repository is not set to main
See repository settings/settings/branches to rename the default branch to main and ensure the Branch protection rules is set to main as well
See the repository standards: https://github.com/ministryofjustice/github-repository-standards
See the report: https://operations-engineering-reports.cloud-platform.service.justice.gov.uk/github_repositories
Please contact Operations Engineering on Slack #ask-operations-engineering, if you need any assistance

A branch protection setting is not enabled: codeowners require reviews

Hi there
The default branch protection setting called codeowners require review is not enabled for this repository
This option affects a pull request, i.e a PR will need to be reviewed and approved by a CODEOWNER before it can be merged.
See repository settings/Branches/Branch protection rules
Either add a new Branch protection rule or edit the existing branch protection rule and select the Require review from Code Owners option
Create a .github/CODEOWNERS file
Add a or multiple entries of @ministryofjustice/team_name to the CODEOWNERS file
The team_name shall be a team from within the MoJ teams: https://github.com/orgs/ministryofjustice/teams
See GH Codeowners documentation: https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
See the repository standards: https://github.com/ministryofjustice/github-repository-standards
See the report: https://operations-engineering-reports.cloud-platform.service.justice.gov.uk/github_repositories
Please contact Operations Engineering on Slack #ask-operations-engineering, if you need any assistance

Recommend Projects