Skip to content

Add read-only trust matrix report and -ReportOnly audit mode (v2.1.0)#10

Merged
luigilink merged 3 commits into
mainfrom
feature/trust-matrix-report
Jul 10, 2026
Merged

Add read-only trust matrix report and -ReportOnly audit mode (v2.1.0)#10
luigilink merged 3 commits into
mainfrom
feature/trust-matrix-report

Conversation

@luigilink

Copy link
Copy Markdown
Owner

Summary

Add a read-only trust matrix report to SPSTrust (issue #8), shipped as a backward-compatible 2.1.0 minor release.

What changed

  • Get-SPSTrustStatus (public, read-only) — walks Farms × Trusts × Services × RemoteFarms and resolves each trust dimension (ROOT, STS, Published, Topology permission, SA permission, Proxy) via the existing Get-SPS* getters. Changes nothing. Content services → N/A for STS/Published/SA-perm/Proxy. Getter failures captured as Error + a per-row note without aborting.
  • Export-SPSTrustReport (public) — renders a status object (-Status) or a results JSON (-InputFile) into a self-contained, offline HTML report: summary cards + interactive (search + click-to-sort) matrix with colored status pills.
  • Backup-SPSJsonFile (public) + private HTML helpers (ConvertTo-SPSHtmlEncoded, Get-SPSReportHtmlHead, Get-SPSReportCardHtml, Get-SPSReportHtmlScript).
  • SPSTrust.ps1 — new -ReportOnly (read-only audit) and -HistoryRetentionDays (default 30). The four mutating stages are guarded behind if (-not $ReportOnly); a read-only stage 5 always runs: collect → archive previous results → prune history → write Results\*.json → write Reports\*.html.
  • Docs — new wiki Reports.md; Home/Usage/Sidebar updated. CHANGELOG + RELEASE-NOTES for 2.1.0. Manifest bumped to 2.1.0.
  • .gitignore excludes runtime Logs/, Results/, Reports/.

Compatibility

No breaking changes. Existing -ConfigFile / -FarmAccount / -CleanServices usage is unchanged; the reporting stage is additive and read-only.

Validation

Pester:   Passed=88 Failed=0 Total=88
Analyzer: 0 findings (with PSScriptAnalyzerSettings.psd1)
Manifest: SPSTrust.Common 2.1.0 (21 functions exported)

New tests cover the collector (row shape, N/A handling, error capture, no state-changing calls), the renderer (HTML shape, pills, dir creation, JSON round-trip, HTML-encoding/injection guard), Backup-SPSJsonFile, and the script report wiring.

Closes #8

luigilink and others added 3 commits July 10, 2026 13:57
Introduce the reporting/audit building blocks for the trust matrix (issue #8):

- Get-SPSTrustStatus (public): read-only collector that walks
  Farms x Trusts x Services x RemoteFarms and resolves each trust dimension
  (ROOT, STS, Published, Topology permission, SA permission, Proxy) via the
  existing Get-SPS* getters. Performs no changes; 'Content' services are marked
  N/A for STS/Published/SA-permission/Proxy; getter failures are captured as
  'Error' + a per-row Note without aborting the audit. Returns an ordered
  hashtable ready for ConvertTo-Json / Export-SPSTrustReport.
- Export-SPSTrustReport (public): renders a status object (-Status) or a results
  JSON file (-InputFile) into a self-contained, offline HTML report with summary
  cards and an interactive (search + click-to-sort) trust matrix using status pills.
- Backup-SPSJsonFile (public): ported archive-before-overwrite helper.
- Private HTML helpers: ConvertTo-SPSHtmlEncoded, Get-SPSReportHtmlHead (with pill
  styles), Get-SPSReportCardHtml, Get-SPSReportHtmlScript (DOM-based search/sort).
- Manifest bumped to 2.1.0; the 3 new public functions exported.
- Tests: tests/Modules/SPSTrust.Report.Tests.ps1 covers the collector (row shape,
  N/A handling, error capture, no state-changing calls), the renderer (HTML shape,
  pills, dir creation, JSON round-trip, HTML encoding) and Backup-SPSJsonFile.
  81 tests pass; PSScriptAnalyzer clean.

Refs #8

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…rust.ps1

- Add -ReportOnly switch (read-only audit: skips the four mutating stages and only
  collects state + writes the report) and -HistoryRetentionDays (default 30).
- Initialize Results/ (+ history/) and Reports/ folders; add a run-mode banner line.
- Guard the certificate-exchange / publish / permission / proxy stages behind
  'if (-not $ReportOnly)'.
- Always run a read-only stage 5: Get-SPSTrustStatus -> archive previous results with
  Backup-SPSJsonFile -> prune history via Clear-SPSLogFolder -Extension '*.json' ->
  write Results JSON -> Export-SPSTrustReport HTML. Wrapped in try/catch so a report
  failure never masks the run outcome.
- .gitignore: exclude runtime Logs/, Results/, Reports/.
- Tests: cover the new params (ReportOnly switch, HistoryRetentionDays) and the report
  wiring (guard, Get-SPSTrustStatus, Backup-SPSJsonFile, Export-SPSTrustReport,
  history pruning). 88 tests pass; analyzer clean.

Refs #8

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Wiki: add Reports.md (trust matrix dimensions, read-only guarantee, when the report is
  generated, Results/Reports output layout, regeneration from a saved snapshot, related
  parameters). Link it from _Sidebar and Home; update Usage with -ReportOnly,
  -HistoryRetentionDays, a report example and the new output section.
- CHANGELOG.md: add the 2.1.0 section (Added/Changed).
- RELEASE-NOTES.md: replace with the 2.1.0 section (used verbatim as the Release body),
  noting full backward compatibility with 2.0.0.

Refs #8

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@github-actions

Copy link
Copy Markdown

Pester Test Results

88 tests   88 ✅  2s ⏱️
17 suites   0 💤
 1 files     0 ❌

Results for commit 2953ad6.

@luigilink luigilink merged commit 2214463 into main Jul 10, 2026
3 checks passed
@luigilink luigilink deleted the feature/trust-matrix-report branch July 10, 2026 13:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Trust matrix report: read-only audit mode + HTML output (2.1.0)

1 participant