jurjen.ladenius/Cloud-20Engineering
1
0
Fork 0
mirror of https://dev.azure.com/effectory/Survey%20Software/_git/Cloud%20Engineering synced 2026-02-27 18:52:18 +01:00
Code Issues Packages Projects Releases Wiki Activity

New key vault and web app settings

Browse Source
This commit is contained in:
Jurjen Ladenius
2024-03-12 17:32:15 +01:00
parent ceeee5a420
commit c1f54bf0f8
9 changed files with 305 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Powershell/Lists/Azure/AlertRules.ps1
View File

@@ -1,6 +1,6 @@
#Connect-AzAccount
$access_token = (Get-AzAccessToken).Token
$access_token = (Get-AzAccessToken -TenantId "e9792fd7-4044-47e7-a40d-3fba46f1cd09").Token
$ofs = ', '
function GetSmartDetectorActionGroupIds {

84
Powershell/Lists/Azure/KeyVaults.ps1 Normal file
View File

@@ -0,0 +1,84 @@
#Connect-AzAccount
class ResourceCheck {
[string] $ResourceId = ""
[string] $Location = ""
[string] $ResourceName = ""
[string] $ResourceGroup = ""
[string] $SubscriptionId = ""
[string] $SubscriptionName = ""
[string] $Tag_Team = ""
[string] $Tag_Product = ""
[string] $Tag_Environment = ""
[string] $Tag_Data = ""
[string] $Tag_Deployment = ""
[string] $Tag_CreatedOnDate = ""
[string] $Prop_EnablePurgeProtection = ""
[string] $Prop_EnableRbacAuthorization = ""
[string] $Prop_EnableSoftDelete = ""
[string] $Prop_PublicNetworkAccess = ""
}
Write-Host "======================================================================================================================================================================"
Write-Host "Creating key vault resource overview."
Write-Host "======================================================================================================================================================================"
$subscriptions = Get-AzSubscription | Where-Object State -eq "Enabled"
[string] $date = Get-Date -Format "yyyy-MM-dd HHmm"
$fileName = ".\$date azure_key_vaults.csv"
# rm $fileName
foreach ($subscription in $subscriptions)
{
Write-Host "----------------------------------------------------------------------------------------------------------------------------------------------------------------------"
Set-AzContext -SubscriptionId $subscription.Id
Write-Host "----------------------------------------------------------------------------------------------------------------------------------------------------------------------"
$allResourceGroups = Get-AzResourceGroup
[ResourceCheck[]]$Result = @()
foreach ($group in $allResourceGroups) {
Write-Host $group.ResourceGroupName
$allVaults = Get-AzKeyVault -ResourceGroupName $group.ResourceGroupName
foreach ($vault in $allVaults) {
$vaultWithAllProps = Get-AzKeyVault -ResourceGroupName $group.ResourceGroupName -Name $vault.VaultName
[ResourceCheck] $resourceCheck = [ResourceCheck]::new()
$resourceCheck.ResourceId = $vaultWithAllProps.ResourceId
$resourceCheck.Location = $vaultWithAllProps.Location
$resourceCheck.ResourceName = $vaultWithAllProps.VaultName
$resourceCheck.ResourceGroup = $vaultWithAllProps.ResourceGroupName
$resourceCheck.SubscriptionId = $subscription.Id
$resourceCheck.SubscriptionName = $subscription.Name
$resourceCheck.Tag_Team = $vaultWithAllProps.Tags.team
$resourceCheck.Tag_Product = $vaultWithAllProps.Tags.product
$resourceCheck.Tag_Environment = $vaultWithAllProps.Tags.environment
$resourceCheck.Tag_Data = $vaultWithAllProps.Tags.data
$resourceCheck.Tag_CreatedOnDate = $vaultWithAllProps.Tags.CreatedOnDate
$resourceCheck.Tag_Deployment = $vaultWithAllProps.Tags.drp_deployment
$resourceCheck.Prop_EnablePurgeProtection = $vaultWithAllProps.EnablePurgeProtection
$resourceCheck.Prop_EnableRbacAuthorization = $vaultWithAllProps.EnableRbacAuthorization
$resourceCheck.Prop_EnableSoftDelete = $vaultWithAllProps.EnableSoftDelete
$resourceCheck.Prop_PublicNetworkAccess = $vaultWithAllProps.PublicNetworkAccess
$Result += $resourceCheck
}
}
$Result | Export-Csv -Path $fileName -Append -NoTypeInformation
}
Write-Host "======================================================================================================================================================================"
Write-Host "Done."

18
Powershell/Lists/Azure/Resources.ps1
View File

@@ -18,6 +18,8 @@ class ResourceCheck {
[string] $Tag_Split = ""
[string] $Tag_CreatedOnDate = ""
[string] $Tag_Deployment = ""
[string] $ManagedIndentity_Name = ""
[string] $ManagedIndentity_PrincipalId = ""
}
Write-Host "========================================================================================================================================================================"
@@ -36,8 +38,8 @@ Set-AzContext -SubscriptionId $subscription.Id
$allResources = Get-AzResource
[ResourceCheck[]]$Result = @()
foreach ($resource in $allResources) {
foreach ($resource in $allResources)
{
[ResourceCheck] $resourceCheck = [ResourceCheck]::new()
$resourceCheck.ResourceId = $resource.ResourceId
$resourceCheck.Id = $resource.Id
@@ -56,6 +58,18 @@ Set-AzContext -SubscriptionId $subscription.Id
$resourceCheck.Tag_Split = $resource.Tags.split
$resourceCheck.Tag_CreatedOnDate = $resource.Tags.CreatedOnDate
$resourceCheck.Tag_Deployment = $resource.Tags.drp_deployment
try {
$managedIdentity = $null
$managedIdentity = Get-AzSystemAssignedIdentity -Scope $resource.ResourceId -erroraction 'silentlycontinue'
$resourceCheck.ManagedIndentity_Name = $managedIdentity.Name
$resourceCheck.ManagedIndentity_PrincipalId = $managedIdentity.PrincipalId
}
catch {
$resourceCheck.ManagedIndentity_Name = ""
$resourceCheck.ManagedIndentity_PrincipalId = ""
}
$Result += $resourceCheck
}

47
Powershell/Lists/Azure/WebApps.ps1
View File

@@ -1,5 +1,38 @@
#Connect-AzAccount
function GetDeployment {
param (
[string] $siteName,
[string] $resourceGroupName,
[string] $subscriptionId,
[string] $slotName = ""
)
$access_token = (Get-AzAccessToken -TenantId "e9792fd7-4044-47e7-a40d-3fba46f1cd09").Token
$url = ""
if ($slotName -ne "") {
$url = "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Web/sites/$siteName/slots/$slotName/deployments?api-version=2022-03-01"
}
else {
$url = "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Web/sites/$siteName/deployments?api-version=2022-03-01"
}
# GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{name}/slots/{slot}/deploymentStatus/{deploymentStatusId}?api-version=2022-03-01
$head = @{ Authorization =" Bearer $access_token" }
$response = Invoke-RestMethod -Uri $url -Method GET -Headers $head
$response | ForEach-Object {
$responseValue = $_.value
if ($responseValue.Length -gt 0) {
return $responseValue[0].properties.last_success_end_time
}
else {
return ""
}
}
}
class ResourceCheck {
[string] $ResourceId = ""
[string] $Kind = ""
@@ -14,12 +47,16 @@ class ResourceCheck {
[string] $Tag_Product = ""
[string] $Tag_Environment = ""
[string] $Tag_Data = ""
[string] $Tag_Deployment = ""
[string] $Tag_CreatedOnDate = ""
[string] $Prop_HttpsOnly = ""
[string] $Prop_PhpVersion = ""
[string] $Prop_RemoteDebuggingEnabled = ""
[string] $Prop_MinTlsVersion = ""
[string] $Prop_FtpsState = ""
[string] $Prop_Http20Enabled = ""
[string] $Prop_Identity = ""
[string] $LastDeployDate = ""
}
@@ -69,11 +106,15 @@ foreach ($subscription in $subscriptions)
$resourceCheck.Tag_Environment = $webApp.Tags.environment
$resourceCheck.Tag_Data = $webApp.Tags.data
$resourceCheck.Tag_CreatedOnDate = $webApp.Tags.CreatedOnDate
$resourceCheck.Tag_Deployment = $webApp.Tags.drp_deployment
$resourceCheck.Prop_HttpsOnly = $webApp.HttpsOnly
$resourceCheck.Prop_PhpVersion = $webApp.SiteConfig.PhpVersion
$resourceCheck.Prop_RemoteDebuggingEnabled = $webApp.SiteConfig.RemoteDebuggingEnabled
$resourceCheck.Prop_MinTlsVersion = $webApp.SiteConfig.MinTlsVersion
$resourceCheck.Prop_FtpsState = $webApp.SiteConfig.FtpsState
$resourceCheck.Prop_Http20Enabled = $webApp.SiteConfig.Http20Enabled
$resourceCheck.Prop_Identity = $webApp.Identity.Type
$resourceCheck.LastDeployDate = GetDeployment -siteName $webApp.Name -resourceGroupName $group.ResourceGroupName -subscriptionId $subscription.Id
$Result += $resourceCheck
@@ -99,11 +140,16 @@ foreach ($subscription in $subscriptions)
$resourceCheck.Tag_Environment = $slot.Tags.environment
$resourceCheck.Tag_Data = $slot.Tags.data
$resourceCheck.Tag_CreatedOnDate = $slot.Tags.CreatedOnDate
$resourceCheck.Tag_Deployment = $slot.Tags.drp_deployment
$resourceCheck.Prop_HttpsOnly = $slot.HttpsOnly
$resourceCheck.Prop_PhpVersion = $slot.SiteConfig.PhpVersion
$resourceCheck.Prop_RemoteDebuggingEnabled = $slot.SiteConfig.RemoteDebuggingEnabled
$resourceCheck.Prop_MinTlsVersion = $slot.SiteConfig.MinTlsVersion
$resourceCheck.Prop_FtpsState = $slot.SiteConfig.FtpsState
$resourceCheck.Prop_Http20Enabled = $slot.SiteConfig.Http20Enabled
$resourceCheck.Prop_Identity = $slot.Identity.Type
$resourceCheck.LastDeployDate = GetDeployment -siteName $webApp.Name -resourceGroupName $group.ResourceGroupName -subscriptionId $subscription.Id -slotName $slotName
$Result += $resourceCheck
}
@@ -114,3 +160,4 @@ foreach ($subscription in $subscriptions)
Write-Host "======================================================================================================================================================================"
Write-Host "Done."