Skip to content

[WIP] Remove Azure Retirements functionality from AzResiliencyScanner.ps1#5

Draft
Copilot wants to merge 1 commit intomasterfrom
copilot/remove-azure-retirements-functionality
Draft

[WIP] Remove Azure Retirements functionality from AzResiliencyScanner.ps1#5
Copilot wants to merge 1 commit intomasterfrom
copilot/remove-azure-retirements-functionality

Conversation

Copy link
Copy Markdown

Copilot AI commented Apr 5, 2026

Thanks for asking me to work on this. I will get started on it and keep this PR's description up to date as I form a plan and make progress.

Original prompt

Objective

Remove all Azure Retirements functionality from OMSSolutions/ResiliencyScannerPublic/AzResiliencyScanner.ps1. The new version focuses exclusively on resiliency scanning and no longer needs retirement detection.

Changes Required in OMSSolutions/ResiliencyScannerPublic/AzResiliencyScanner.ps1

1. Remove the Get-AllRetirements function (lines 131–241)

Delete the entire function block:

Function Get-AllRetirements {
    param (
        [string[]]$subscriptionId
        #,[string]$query 
    )
    ...
    return  $allResources 
}

2. Remove the $retirements variable initialisation

On the line that reads:

$retirements = @()

Delete this line entirely.

3. Remove the $RetirementsDownloadUri variable

On the line that reads:

$RetirementsDownloadUri='https://raw.githubusercontent.com/Volkanco/AzureDeploy/refs/heads/master/ReliabilityAssessment/AzureRetirements.json'

Delete this line entirely.

4. Remove the Get-AllRetirements call inside the per-subscription loop

On the line that reads:

    $retirements += Get-AllRetirements -subscriptionId $sub.Id

Delete this line entirely (including the #add resource type comment on the line immediately after it, if it solely relates to retirements context — use judgement; if the comment is still relevant to other code below it, leave it).

What to Leave Unchanged

  • Everything else in the file must remain exactly as-is:
    • Get-AllAzGraphResource function
    • Get-AzBAckupASR function
    • parse-object function
    • Invoke-ResiliencyRules function
    • Invoke-CatchAllResiliency function
    • All authentication and subscription discovery logic
    • All per-subscription loop logic (backup/ASR collection, zone mapping, resource enrichment, resiliency engine invocation, CSV exports)
    • The duplicate storage parameter validation block (leave as-is, do not fix)

The following is the prior conversation context from the user's chat exploration (may be truncated):

User: analyze and explain what azresiliencyscannerscript does

Assistant: ## AzResiliencyScanner — What It Does

This is an Azure resiliency assessment tool that scans all resources across one or more Azure subscriptions and classifies each resource's high-availability/redundancy configuration. Here's a full breakdown:

🎯 Purpose

It produces a set of CSV reports answering: "For every Azure resource in my environment, how resilient is it — is it zone-redundant, locally redundant, non-zonal, retiring, etc.?"

⚙️ Parameters

Parameter Purpose
$tenantscope Scope scan to a specific Azure tenant
$subscriptionList Filter to specific subscriptions (by name or ID)
$customerTags Extra tag columns to include in the report
$localexport $true = save CSVs locally; $false = export to Azure Storage
$exportstoragesubid / $exportstorageAccount Required when $localexport=$false

🔄 Execution Flow

1. Authentication & Subscription Discovery

  • Connects to Azure (supports both Managed Identity for Automation Accounts and interactive login)
  • Discovers all subscriptions, then filters out DEV/UAT/POC environments to focus on production

2. Per-Subscription Data Collection (main loop)

For each enabled subscription, it collects four datasets using Azure Resource Graph (Search-AzGraph) with automatic pagination via skip tokens:

Function What it fetches
Get-AllAzGraphResource All ARM resources (id, name, location, SKU, zones, tags, properties)
Get-AzBackupASR Azure Backup items + ASR (Site Recovery) replication items
Get-AllRetirements Resources flagged for Azure service retirement (mapped to retirement Service IDs)
Invoke-AzRestMethod Availability Zone → physical zone mappings per region

3. Resource Enrichment

Each resource gets additional properties stamped on it:

  • ResourceType / ResourceSubType (parsed from the ARM resource ID)
  • Subscription, ReportDate
  • All Azure tags flattened as individual columns
  • Load balancer frontend IP zone info → lbreport
  • Public IP zone/allocation info → pipreport
  • Backup status (BackupEnabled, LastBackup) and ASR config (ASREnabled, ASRConfig) joined by resource ID

4. Resiliency Classification Engine

This is the core logic — a rule-based engine (Invoke-ResiliencyRules) that processes each resource against rules defined in ResiliencyRules.ps1:

  • Resources are grouped by ResourceSubType for efficient lookup
  • Each rule can have:
    • DefaultResiliency — a static value (e.g., RedundantbyDefault for VNets, Key Vaults)
    • ResiliencyLogic — a scriptblock that dynamically evaluates and returns a ResiliencyConfig (and optionally ResiliencyDetail, BackupDetails, etc.)
    • MatchFilter — optional pre-filter (e.g., SQL databases only, not master)
    • SkipExtensions — s...

This pull request was created from Copilot chat.

Copilot stopped work on behalf of Volkanco due to an error April 5, 2026 20:37
Job was cancelled
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@Volkanco Volkanco

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Volkanco