add: Zero Trust Assessment integration#1775
Open
vaculikjiri wants to merge 4 commits into
Open
Conversation
Up to standards ✅🟢 Issues
|
Contributor
There was a problem hiding this comment.
Pull request overview
Adds documentation and supporting tooling for the Maester “Zero Trust Assessment (ZTA) integration”, including new MT.Zta.* test documentation pages and updates to user-facing docs describing how to run ZTA-aware test flows.
Changes:
- Adds multiple new
website/docs/tests/maester/MT.Zta.*.mdpages documenting ZTA-related tests. - Updates
Invoke-Maestercommand docs and the repo README with ZTA usage and behavior details. - Introduces a PowerShell generator script intended to produce the MT.Zta.* test doc pages from
tests/Zta/*.Tests.ps1.
Reviewed changes
Copilot reviewed 92 out of 92 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
README.md |
Documents ZTA integration, usage, and component locations. |
website/docs/commands/Invoke-Maester.mdx |
Adds ZTA-related examples and describes outputs. |
build/Update-MtZtaTestDocs.ps1 |
Generates MT.Zta.* test documentation pages from ZTA Pester tests. |
tests/Zta/Test-MtZta.OperatorDriftCheck.Tests.ps1 |
Contains MT.Zta.1305 test and its operator-facing description text. |
powershell/tests/functions/Zta/Read-MtZtaJsonExport.Tests.ps1 |
Adds tests for the ZTA JSON export reader, including an acceptance fixture toggle. |
website/docs/tests/maester/MT.Zta.1402.md |
New ZTA test documentation page. |
website/docs/tests/maester/MT.Zta.1305.md |
New ZTA test documentation page. |
website/docs/tests/maester/MT.Zta.1304.md |
New ZTA test documentation page. |
website/docs/tests/maester/MT.Zta.1303.md |
New ZTA test documentation page. |
website/docs/tests/maester/MT.Zta.1302.md |
New ZTA test documentation page. |
website/docs/tests/maester/MT.Zta.1301.md |
New ZTA test documentation page. |
website/docs/tests/maester/MT.Zta.1203.md |
New ZTA test documentation page. |
website/docs/tests/maester/MT.Zta.1202.md |
New ZTA test documentation page. |
website/docs/tests/maester/MT.Zta.1201.md |
New ZTA test documentation page. |
website/docs/tests/maester/MT.Zta.1200.md |
New ZTA test documentation page. |
website/docs/tests/maester/MT.Zta.1181.md |
New ZTA test documentation page. |
website/docs/tests/maester/MT.Zta.1180.md |
New ZTA test documentation page. |
website/docs/tests/maester/MT.Zta.1170.md |
New ZTA test documentation page. |
website/docs/tests/maester/MT.Zta.1160.md |
New ZTA test documentation page. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+95
to
+102
| - **After Pester** — `Build-MtZtaBundle` compiles per-tenant analytics (inventory, auth-method posture, CA coverage, privileged snapshot, sign-in funnel) and attaches as `$results.ZtaBundle` so HTML / JSON / Markdown outputs all carry it. | ||
|
|
||
| ### Where the pieces live | ||
|
|
||
| - `powershell/public/*Zta*.ps1` — 8 public cmdlets (`Get-MtZta`, `Import-MtZtaResult`, `Build-MtZtaBundle`, `Get-MtZtaAuthMethodSet`, `Get-MtZtaRecommendedTag`, `Get-MtZtaThreshold`, `Test-MtZtaIsEmergencyAccess`, `Update-MtSeverityFromZta`) | ||
| - `powershell/internal/*Zta*.ps1` — 5 internal helpers (Tier 1 / Tier 2 readers, freshness, artifact resolver, bucketing) | ||
| - `tests/Zta/*.Tests.ps1` — 11 test files, 38 distinct `MT.Zta.*` tests | ||
| - `report/src/pages/ZtaPage.tsx` + `report/src/components/MtZta*.{jsx,tsx}` — ZTA tab UI |
Comment on lines
+158
to
+162
| Loads a Zero Trust Assessment result bundle (local folder, `.tar.gz`, `.zip`, | ||
| blob URI, or `upkg://`) before running tests so the 38 `MT.Zta.*` tests under | ||
| `tests/Zta/` can consume it. After Pester finishes, attaches a `ZtaBundle` | ||
| analytics object to the result so the HTML report renders a dedicated ZTA tab | ||
| and the JSON output carries the data. See [Zero Trust Assessment](../zero-trust-assessment.md). |
| $ErrorActionPreference = 'Stop' | ||
|
|
||
| $testsDir = Join-Path $ForkRoot 'tests/Zta' | ||
| $docsDir = Join-Path $ForkRoot 'website/docs/tests/maester' |
Comment on lines
+16
to
+18
| Smoke-tests the SeverityEscalationRules block by reporting how many rules exist and how many are wired with concrete selectors. This is mostly informational — failures of MT.Zta.1303 / 1304 already cover rule-shape correctness. This test exists to give the operator an at-a-glance summary in the report tab. | ||
|
|
||
| (Note: the actual escalation mutation runs inside `Update-MtSeverityFromZta` which is invoked from `Invoke-Maester`. PR-E does not yet wire that call from the customer pipeline — it lands once the upstream Maester PR adds the `-ZtaResultsPath` parameter natively.) |
| # Tests that require a real export bundle skip at discovery time when the fixture | ||
| # path is not present, so the suite remains portable across machines. | ||
|
|
||
| $global:MtZtaJsonExportFixturePath = 'F:\ALZ\exports\assessments\platform\zta-report\zta-report' |
Comment on lines
+168
to
+170
| sidebar_class_name: hidden | ||
| --- | ||
|
|
Comment on lines
+47
to
+51
| ## What this test checks | ||
| Smoke-tests the SeverityEscalationRules block by reporting how many rules exist and how many are wired with concrete selectors. This is mostly informational — failures of MT.Zta.1303 / 1304 already cover rule-shape correctness. This test exists to give the operator an at-a-glance summary in the report tab. | ||
|
|
||
| (Note: the actual escalation mutation runs inside `Update-MtSeverityFromZta` which is invoked from `Invoke-Maester`. PR-E does not yet wire that call from the customer pipeline — it lands once the upstream Maester PR adds the `-ZtaResultsPath` parameter natively.) | ||
| '@ |
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
📑 Description
Closes #
✅ Checks
/powershell/tests/pester.ps1locally.ℹ️ Additional Information
How to Contribute
🏗️ Read our full contributing guide for the Maester project.
🧪 We also have additional instructions and a checklist for creating tests.
Join us at the Maester repository discussions or Entra Discord for more help and conversations!
While you wait for a review, why not spread some Maester love on social media? Thank you! 💖