jurjen.ladenius/Cloud-20Engineering
1
0
Fork 0
mirror of https://dev.azure.com/effectory/Survey%20Software/_git/Cloud%20Engineering synced 2026-02-27 18:52:18 +01:00
Code Issues Packages Projects Releases Wiki Activity

Restructured, deleted lists, added service connection list

Browse Source
This commit is contained in:
Jurjen Ladenius
2023-08-22 15:28:16 +02:00
parent e93d481b0a
commit 54545021e8
44 changed files with 152 additions and 176163 deletions
Download Patch File Download Diff File Expand all files Collapse all files

121
Powershell/Lists/Azure/AzureRBAC.ps1 Normal file
View File

@@ -0,0 +1,121 @@
#Connect-AzAccount
Import-Module Az.Accounts
Import-Module Az.Resources
class ResourceCheck {
[string] $ResourceId = ""
[string] $Id = ""
[string] $Kind = ""
[string] $Location = ""
[string] $ResourceName = ""
[string] $ResourceGroupName = ""
[string] $ResourceType = ""
[string] $SubscriptionId = ""
[string] $SubscriptionName = ""
[string] $Tag_Team = ""
[string] $Tag_Product = ""
[string] $Tag_Environment = ""
[string] $Tag_Data = ""
[string] $Tag_Delete = ""
[string] $Tag_Split = ""
[string] $RBAC_RoleAssignmentId = ""
[string] $RBAC_Scope = ""
[string] $RBAC_DisplayName = ""
[string] $RBAC_SignInName = ""
[string] $RBAC_RoleDefinitionName = ""
}
Write-Host "========================================================================================================================================================================"
Write-Host "Creating resource RBAC assignment overview."
Write-Host "========================================================================================================================================================================"
$subscriptions = Get-AzSubscription | Where-Object State -eq "Enabled"
$fileName = "2022-08-05 azure_rbac.csv"
$fileExists = Test-Path $fileName
If ($fileExists -eq $True) {
Remove-Item $fileName
}
foreach ($subscription in $subscriptions)
{
Set-AzContext -SubscriptionId $subscription.Id
$resourceGroups = Get-AzResourceGroup
foreach ($resourceGroup in $resourceGroups) {
[ResourceCheck[]]$Result = @()
try {
$roleAssignments = Get-AzRoleAssignment -Scope $resourceGroup.ResourceId
foreach($roleAssignment in $roleAssignments) {
[ResourceCheck] $resourceCheck = [ResourceCheck]::new()
$resourceCheck.ResourceId = $resourceGroup.ResourceId
$resourceCheck.Kind = "ResourceGroup"
$resourceCheck.Location = $resourceGroup.Location
$resourceCheck.ResourceGroupName = $resourceGroup.ResourceGroupName
$resourceCheck.SubscriptionId = $subscription.Id
$resourceCheck.SubscriptionName = $subscription.Name
$resourceCheck.Tag_Team = $resourceGroup.Tags.team
$resourceCheck.Tag_Product = $resourceGroup.Tags.product
$resourceCheck.Tag_Environment = $resourceGroup.Tags.environment
$resourceCheck.Tag_Data = $resourceGroup.Tags.data
$resourceCheck.Tag_Delete = $resourceGroup.Tags.delete
$resourceCheck.Tag_Split = $resourceGroup.Tags.split
$resourceCheck.RBAC_RoleAssignmentId = $roleAssignment.RoleAssignmentId
$resourceCheck.RBAC_Scope = $roleAssignment.Scope
$resourceCheck.RBAC_DisplayName = $roleAssignment.DisplayName
$resourceCheck.RBAC_SignInName = $roleAssignment.SignInName
$resourceCheck.RBAC_RoleDefinitionName = $roleAssignment.RoleDefinitionName
$Result += $resourceCheck
}
} catch {
}
$Result | Export-Csv -Path $fileName -Append -NoTypeInformation
}
$allResources = Get-AzResource
foreach ($resource in $allResources) {
[ResourceCheck[]]$Result = @()
try {
$roleAssignments = Get-AzRoleAssignment -Scope $resource.ResourceId
foreach($roleAssignment in $roleAssignments) {
[ResourceCheck] $resourceCheck = [ResourceCheck]::new()
$resourceCheck.ResourceId = $resource.ResourceId
$resourceCheck.Id = $resource.Id
$resourceCheck.Kind = $resource.Kind
$resourceCheck.Location = $resource.Location
$resourceCheck.ResourceName = $resource.ResourceName
$resourceCheck.ResourceGroupName = $resource.ResourceGroupName
$resourceCheck.ResourceType = $resource.ResourceType
$resourceCheck.SubscriptionId = $subscription.Id
$resourceCheck.SubscriptionName = $subscription.Name
$resourceCheck.Tag_Team = $resource.Tags.team
$resourceCheck.Tag_Product = $resource.Tags.product
$resourceCheck.Tag_Environment = $resource.Tags.environment
$resourceCheck.Tag_Data = $resource.Tags.data
$resourceCheck.Tag_Delete = $resource.Tags.delete
$resourceCheck.Tag_Split = $resource.Tags.split
$resourceCheck.RBAC_RoleAssignmentId = $roleAssignment.RoleAssignmentId
$resourceCheck.RBAC_Scope = $roleAssignment.Scope
$resourceCheck.RBAC_DisplayName = $roleAssignment.DisplayName
$resourceCheck.RBAC_SignInName = $roleAssignment.SignInName
$resourceCheck.RBAC_RoleDefinitionName = $roleAssignment.RoleDefinitionName
$Result += $resourceCheck
}
} catch {
}
$Result | Export-Csv -Path $fileName -Append -NoTypeInformation
}
}
Write-Host "========================================================================================================================================================================"
Write-Host "Done."