function Get-Appliedto-Any-Rule {
    param (
        $nsxtmanager,
        $username,
        [securestring]$securedValue,
        $policyexclusions,
        $ruleexclusions
    )
    

    #SSL Check Ignore
    add-type @"
    using System.Net;
    using System.Security.Cryptography.X509Certificates;
    public class TrustAllCertsPolicy : ICertificatePolicy {
        public bool CheckValidationResult(
            ServicePoint srvPoint, X509Certificate certificate,
            WebRequest request, int certificateProblem) {
            return true;
        }
    }
"@
    [System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Ssl3, [Net.SecurityProtocolType]::Tls, [Net.SecurityProtocolType]::Tls11, [Net.SecurityProtocolType]::Tls12

    ###
   
    $password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($securedValue))
    $userpass = $username + ":" + $password

    $bytes = [System.Text.Encoding]::UTF8.GetBytes($userpass)
    $encodedlogin = [Convert]::ToBase64String($bytes)
    $authheader = "Basic " + $encodedlogin
    $header = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
    $header.Add("Authorization", $authheader)

    #api request
    #get excluded dFW List
    $policies = Invoke-RestMethod -Uri "https://$nsxtmanager/policy/api/v1/infra/domains/default/security-policies" -Headers $header -Method 'GET'

    $output = @()

    foreach ($policy in $policies.results) {
        if ($policy.id -notin $policyexclusions) {
            $rules = Invoke-RestMethod -Uri "https://$nsxtmanager/policy/api/v1/infra/domains/default/security-policies/$($policy.id)/rules" -Headers $header -Method 'GET'
            foreach($rule in $rules.results){
                if ($rule.id -notin $ruleexclusions) {
                    if ($rule.scope -like "ANY" -and $policy.scope -like "ANY") {
                        $obj = "" | Select Policy,Rule,AppliedTo
                        $obj.Policy = $policy.id
                        $obj.Rule = $rule.id
                        $obj.AppliedTo = $rule.scope
                        $output += $obj
                    }
                }
            }
        }
    }
    return $output
}

##### 
#var nsx-t
$username = "admin"
$nsxtmanager = "nsxsdbx04.hob.local"
$credstore = "C:\Users\user\Downloads\vCheck-vSphere-6.25\nsxtcred.secure"

#check if credentials exists
if (Test-Path $credstore) {
    $securedValue = Get-Content $credstore | ConvertTo-SecureString
}else {
    $securedValue = Read-Host "Enter password" -AsSecureString 
    $securedValue | ConvertFrom-SecureString | Out-File $credstore
}

#####
#var
$policyexclusions = @("default-layer3-section", "default-layer2-section")
#$ruleexclusions = @("global_test")

Get-Appliedto-Any-Rule -nsxtmanager $nsxtmanager -username $username -securedValue $securedValue -policyexclusions $policyexclusions -ruleexclusions $ruleexclusions


$Title = "90 NSX-T dFW Applied to Any Check"
$Header = "90 NSX-T dFW Applied to Any Check"
$Comments = "Following Policy/Rules are applied to ANY"
$Display = "Table"
$Author = "evoila GmbH"
$PluginVersion = 1.0
$PluginCategory = "vSphere"