Forum Topic

Thanks for your participation and contribution.


Back to Azure

Azure CLI

Post a reply
700 views
i90runner1
i90runner1

Application Gateway Check SSL Expiration date

$publiccert=`az network application-gateway ssl-cert show -g MyResourceGroup --gateway-name MyAppGateway --name mywebsite.com --query publicCertData -o tsv`|echo -e "-----BEGIN CERTIFICATE-----\n$publiccert\n-----END CERTIFICATE-----" | fold -w 64 | openssl pkcs7 -print_certs | openssl x509 -noout -enddate

Purge Front Door cache

for frontdoors in frontdoor1   frontdoor2 frontdoor3 
do 
echo "Purging frontdoor cache for " $frontdoors 
echo "------------------------------------------------------------ "
echo "                                                              "
echo 'az network  --content-paths "/*"  --name '$frontdoors  '--resource-group  your-resource-group' 
done 

Last updated

i90runner1
i90runner1

az cli query

[https://techcommunity.microsoft.com/t5/itops-talk-blog/how-to-query-azure-resources-using-the-azure-cli/ba-p/360147]

$ az mysql server list --query "[].{Name:name,FQDN:fullyQualifiedDomainName}" --output table

Last updated

i90runner1
i90runner1

Active Directory ACL List

#resourcegroups="$(az group list --query [].id)"
resourcegroups="$(az group list | jq -r -c .[].id)"
adgroups="$(az ad group list | jq -c '.[] | select(.securityEnabled ==true)'| jq -r -c .objectId)"

for resourcegroup in $resourcegroups
{
    echo "Getting ACL list for Resource Group " $resourcegroup

    for adgroup in $adgroups
         {
            #  echo "Getting ACL list for AD Group  " $adgroup 
            #  acllist="$(az role assignment  list --assignee $adgroup  --include-inherited --scope $resourcegroup  --subscription eMetric | jq .)"
            #  echo $acllist

            #  if [[ "$adgroup" =~ .*"4a2ddddd-fffff-448a-fff-gggggrfdfd".* ]]; then
            if [[ "$adgroup" =~ .*"-".* ]]; then

                    az role assignment  list --assignee $adgroup  --include-inherited --scope $resourcegroup | jq  '.[] | {Role: .roleDefinitionName, name: .principalName , resourceGroup : .resourceGroup }'
             fi 
         }
}
i90runner1
i90runner1
### https://www.azurecitadel.com/cli/jmespath/
az ad group list --output table --query "[?securityEnabled].{name:displayName, description:description, objectId:objectId , securityEnabled:securityEnabled}"
i90runner1
i90runner1

Resource Groups and ACL's

rgs="$(az group list --query [].name -o tsv)"

for rg in $rgs ; do az role assignment list --resource-group \
 $rg --query "[].{resourceGroup:resourceGroup ,scope:scope , principalName:principalName ,principalType:principalType, roleDefinitionName:roleDefinitionName}"  \
-o tsv  ; done 

Include inherited roles

for rg in $rgs ; do az role assignment list --include-groups --include-inherited --resource-group \
 $rg --query "[].{resourceGroup:resourceGroup ,scope:scope , principalName:principalName ,principalType:principalType, roleDefinitionName:roleDefinitionName}"  \
-o tsv  ; done 

Last updated

i90runner1
i90runner1

Azure AD Groups and Members

## Groups and Members

groups="$(az ad group list --query  "[?securityEnabled] [].{displayName:displayName}" -o tsv )" 
for group in $groups ; 
do  
  echo $group \
  $(az ad group member list --group "$group" --query  "[].{displayName:displayName , mail:mail,createdDateTime:createdDateTime } "  -o tsv )\
  ; \
done
i90runner1
i90runner1

Enumerate Key Vault Entries Powershell

Function GetKeyVaultEntries(
    [string]$subscriptionName,
    [string]$keyVaultName
)
{
    az account set --subscription $subscriptionName
    $keyVaultEntries = (az keyvault secret list --vault-name $keyVaultName | ConvertFrom-Json) | Select-Object id, name

    Write-Host "Secret values of '$($subscriptionName)' for key vault '$($keyVaultName)'"
    Write-Host "| key | secret value |"
    Write-Host "| --- | ------------ |"
    foreach($entry in $keyVaultEntries)
    {
        $secretValue = (az keyvault secret show --id $entry.id | ConvertFrom-Json) | Select-Object name, value
        Write-Host "| " $secretValue.name " | " $secretValue.value " |"
    }
    Write-Host ""
}

1-7 of 7

Reply to this discussion

You cannot edit posts or make replies: You should be logged in before you can post.