mirror of
https://dev.azure.com/effectory/Survey%20Software/_git/Cloud%20Engineering
synced 2026-02-27 18:52:18 +01:00
Cost opmization, key vault, service connection and webapps list updates
This commit is contained in:
Jurjen Ladenius
101
Powershell/Lists/Azure/KeyVaultNonRBACSecrets.ps1
Normal file
101
Powershell/Lists/Azure/KeyVaultNonRBACSecrets.ps1
Normal file
@@ -0,0 +1,101 @@
|
||||
#Connect-AzAccount
|
||||
|
||||
[string] $userObjectId = "c6025a2e-416c-42da-96ef-dd507382793a" #Should be interactive user (this one is Jurjen)
|
||||
|
||||
class ResourceCheck {
|
||||
[string] $ManagementGroupId = ""
|
||||
[string] $ManagementGroupName = ""
|
||||
[string] $SubscriptionId = ""
|
||||
[string] $SubscriptionName = ""
|
||||
[string] $ResourceGroup = ""
|
||||
[string] $ResourceId = ""
|
||||
[string] $Location = ""
|
||||
[string] $ResourceName = ""
|
||||
[string] $Secret_Key = ""
|
||||
[string] $Tag_Team = ""
|
||||
[string] $Tag_Product = ""
|
||||
[string] $Tag_Environment = ""
|
||||
[string] $Tag_Data = ""
|
||||
[string] $Tag_Deployment = ""
|
||||
[string] $Tag_CreatedOnDate = ""
|
||||
}
|
||||
|
||||
Write-Host "======================================================================================================================================================================"
|
||||
Write-Host "Creating key vault secrets overview for key vaults with access policies."
|
||||
Write-Host "======================================================================================================================================================================"
|
||||
|
||||
[string] $date = Get-Date -Format "yyyy-MM-dd HHmm"
|
||||
$fileName = ".\$date azure_key_vault_secrets.csv"
|
||||
|
||||
$managementGroups = Get-AzManagementGroup
|
||||
|
||||
foreach ($managementGroup in $managementGroups)
|
||||
{
|
||||
Write-Host "----------------------------------------------------------------------------------------------------------------------------------------------------------------------"
|
||||
Write-Host "Management group [$($managementGroup.Name)]"
|
||||
|
||||
$subscriptions = Get-AzManagementGroupSubscription -Group $managementGroup.Name | Where-Object State -eq "Active"
|
||||
|
||||
foreach ($subscription in $subscriptions)
|
||||
{
|
||||
Write-Host "----------------------------------------------------------------------------------------------------------------------------------------------------------------------"
|
||||
$scope = $subscription.Id.Substring($subscription.Parent.Length, $subscription.Id.Length - $subscription.Parent.Length)
|
||||
$subscriptionId = $scope.Replace("/subscriptions/", "")
|
||||
Write-Host "Subscription [$($subscription.DisplayName) - $subscriptionId]"
|
||||
Set-AzContext -SubscriptionId $subscriptionId | Out-Null
|
||||
Write-Host "----------------------------------------------------------------------------------------------------------------------------------------------------------------------"
|
||||
|
||||
$allResourceGroups = Get-AzResourceGroup
|
||||
[ResourceCheck[]]$Result = @()
|
||||
|
||||
foreach ($group in $allResourceGroups) {
|
||||
|
||||
$allVaults = Get-AzKeyVault -ResourceGroupName $group.ResourceGroupName
|
||||
|
||||
foreach ($vault in $allVaults) {
|
||||
|
||||
Write-Host $vault.VaultName
|
||||
|
||||
$vaultWithAllProps = Get-AzKeyVault -ResourceGroupName $group.ResourceGroupName -Name $vault.VaultName
|
||||
|
||||
if ($vaultWithAllProps.EnableRbacAuthorization -ne "TRUE") {
|
||||
|
||||
Write-Host " -- processing..."
|
||||
|
||||
Set-AzKeyVaultAccessPolicy -VaultName $vault.VaultName -ObjectId $userObjectId -PermissionsToSecrets "List"
|
||||
|
||||
$secrets = Get-AzKeyVaultSecret -VaultName $vault.VaultName
|
||||
|
||||
foreach($secret in $secrets)
|
||||
{
|
||||
[ResourceCheck] $resourceCheck = [ResourceCheck]::new()
|
||||
$resourceCheck.ManagementGroupId = $managementGroup.Id
|
||||
$resourceCheck.ManagementGroupName = $managementGroup.DisplayName
|
||||
$resourceCheck.SubscriptionId = $subscription.Id
|
||||
$resourceCheck.SubscriptionName = $subscription.Name
|
||||
$resourceCheck.ResourceGroup = $vaultWithAllProps.ResourceGroupName
|
||||
$resourceCheck.ResourceId = $vaultWithAllProps.ResourceId
|
||||
$resourceCheck.Location = $vaultWithAllProps.Location
|
||||
$resourceCheck.ResourceName = $vaultWithAllProps.VaultName
|
||||
$resourceCheck.Secret_Key = $secret.Name
|
||||
$resourceCheck.Tag_Team = $vaultWithAllProps.Tags.team
|
||||
$resourceCheck.Tag_Product = $vaultWithAllProps.Tags.product
|
||||
$resourceCheck.Tag_Environment = $vaultWithAllProps.Tags.environment
|
||||
$resourceCheck.Tag_Data = $vaultWithAllProps.Tags.data
|
||||
$resourceCheck.Tag_CreatedOnDate = $vaultWithAllProps.Tags.CreatedOnDate
|
||||
$resourceCheck.Tag_Deployment = $vaultWithAllProps.Tags.drp_deployment
|
||||
|
||||
$Result += $resourceCheck
|
||||
}
|
||||
|
||||
Remove-AzKeyVaultAccessPolicy -VaultName $vault.VaultName -ObjectId $userObjectId
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$Result | Export-Csv -Path $fileName -Append -NoTypeInformation
|
||||
}
|
||||
}
|
||||
Write-Host "======================================================================================================================================================================"
|
||||
Write-Host "Done."
|
||||
|
||||
Reference in New Issue
Block a user