brandon/oam
1
0
Fork 0
mirror of https://gitea.com/mcereda/oam.git synced 2026-02-09 05:44:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added examples to the Azure CLI's KB

Browse Source
This commit is contained in:
Michele Cereda
2022-09-05 12:15:26 +02:00
parent e20335f884
commit 9a04d1bb85
1 changed files with 169 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

193
knowledge base/az.md
View File

@@ -3,48 +3,193 @@
## TL;DR
```sh
# login
az login
# Install the CLI.
brew install azure-cli
asdf plugin add azure-cli && asdf install azure-cli 2.37.0
# check a user's permissions
# Login to Azure.
az login
az login -u username -p password
az login --service-principal -u app_id -p password_or_certificate --tenant tenant_id
az login --identity --username client_id # or object_id or resource_id
# Gather information on the current user.
az ad signed-in-user show
az ad signed-in-user list-owned-objects
# Gather information on another user.
az ad user show --id user@email.org
# Check a User's permissions.
az ad user get-member-groups --id user@email.org
# list available subscriptions
# List Subscriptions available to the current User.
az account list --refresh --output table
# set a default subscription
az account set --subscription subscription-uuid
# Get the current User's default Subscription's ID.
az account show --query id --output tsv
# set a default resource group
az configure --defaults group=resource-group
# Get the current User's default Subscription.
az account set --subscription subscription_uuid
# get credentials for an aks cluster
az aks get-credentials --resource-group resource-group --name cluster-name --overwrite-existing
# Set the current User's default Resource Group.
az configure --defaults group=resource_group_name
# diagnose container registry connectivity issues
# will run a hello-world image locally
az acr check-health --name acr-name
# Get the ID of a Service Principal.
az ad sp list --display-name service_principal_name --query '[0].id' -o tsv
# list helm charts in an acr
az acr helm list -n acr-name -s acr-subscription
# List available Locations.
az account list-locations -o table
# push a helm chart to an acr
az acr helm push -n acr-name chart.tgz --force
# Get a Resource Group's ID.
az group show resource_group_name
# disable connection verification
# for proxies with doubtful certificates
# Create an Access Token for the current User.
az account get-access-token
# Get a password from a KeyVault.
az keyvault secret show --query value \
--name secret_name --vault-name key_vault_name
# List LogAnalytics' Workspaces.
az monitor log-analytics workspace list \
--resource-group resource_group_name \
| jq -r '.[].name' -
# Login to Azure DevOps with a PAT.
az devops login --organization https://dev.azure.com/org_name
# Get the status of an Azure DevOps Pipeline.
# Give the '--organization' parameter, or use '--detect true' if running the
# command from a git repository to have it guessed automatically.
az pipelines build show --detect true -o tsv \
--project project_name --id pipeline_id --query result
# Validate a bicep template to create a Deployment Group.
az deployment group validate \
-n deployment_group_name -g resource_group_name \
-f template.bicep -p parameter1="value" parameter2="value"
# Check what a bicep template would do.
az deployment group what-if \
-n deployment_group_name -g resource_group_name \
-f template.bicep -p parameter1="value" parameter2="value"
# Create a Deployment Group from a template.
az deployment group create \
-n deployment_group_name -g resource_group_name \
-f template.bicep -p parameter1="value" parameter2="value"
# Cancel the current operation on a Deployment Group.
az deployment group cancel \
-n deployment_group_name -g resource_group_name
# Delete a Deployment Group.
az deployment group delete \
-n deployment_group_name -g resource_group_name
# Login to an ACR.
az acr login --name acr_name
# Diagnose container registry connectivity issues.
# Requires Docker being running.
# Will run a hello-world image locally.
az acr check-health -n acr_name -s subscription_uuid
# List helm charts in an ACR.
az acr helm list -n acr_name -s subscription_uuid
# Get the 5 latest versions of a helm chart in an ACR.
az acr helm list -n acr_name -s subscription_uuid --output json \
| jq \
--arg CHART_REGEXP "kured" \
'to_entries | map(select(.key|test($CHART_REGEXP)))[].value[] | { version: .version, created: .created }' - \
| yq -sy 'sort_by(.created) | reverse | .[0:5]' -
# Push a helm chart to an ACR.
az acr helm push -n acr_name chart.tgz --force
# Get credentials for an AKS cluster.
az aks get-credentials --overwrite-existing \
--resource-group resource_group_name --name cluster_name
# Check if the current User is member of a given Group.
az rest -u https://graph.microsoft.com/v1.0/me/checkMemberObjects \
-m post -b '{"ids":["group_id"]}'
# Check if a Service Principal is member of a given Group.
az rest -u 'https://graph.microsoft.com/v1.0/servicePrincipals/service_principal_id/checkMemberObjects' \
-m post -b '{"ids":["group_id"]}'
# Query the Graph APIs for a specific Member in a Group.
az rest -m get \
-u 'https://graph.microsoft.com/beta/groups/group_id/members?$search="displayName:group_display_name"&$select=displayName' \
--headers consistencylevel=eventual
# Remove a Member from an AAD Group.
# If '/$ref' is missing from the request, the user will be **deleted from AAD**
# if the appropriate permissions are used, otherwise a '403 Forbidden' error is
# returned.
az rest -m delete \
-u 'https://graph.microsoft.com/beta/groups/group_id/members/member_id/$ref'
# List the PATs of a User.
# 'displayFilterOptions' are 'active' (default), 'all', 'expired' or 'revoked'.
# If more then 20, results are paged and a 'continuationToken' will be returned.
az rest -m get \
--headers Authorization='Bearer ey…pw' \
-u 'https://vssps.dev.azure.com/organization_name/_apis/tokens/pats?api-version=7.1-preview.1'
az rest … -u 'https://vssps.dev.azure.com/organization_name/_apis/tokens/pats?api-version=7.1-preview.1&displayFilterOption=revoked&isSortAscending=false'
az rest … -u 'https://vssps.dev.azure.com/organization_name/_apis/tokens/pats' \
--url-parameters api-version=7.1-preview.1 displayFilterOption=expired continuationToken='Hr…in='
# Extend a PAT.
# Works with expired PATs too.
az rest \
-u 'https://vssps.dev.azure.com/organization_name/_apis/tokens/pats?api-version=7.1-preview.1' \
-m put \
--headers \
Authorization='Bearer ey…pw' \
Content-Type='application/json' \
-b '{
"authorizationId": "01234567-abcd-0987-fedc-0123456789ab",
"validTo": "2021-12-31T23:46:23.319Z"
}'
az rest … -b @file.json
# Disable certificates check upon connection.
# Use it for proxies with doubtful certificates.
export AZURE_CLI_DISABLE_CONNECTION_VERIFICATION=1
```
## APIs
One can directly call the APIs with the `rest` command:
```sh
az rest -u https://graph.microsoft.com/v1.0/me/checkMemberObjects \
-m post -b "{\"ids\": [\"${GROUP_ID}\"]}"
az rest -m delete \
-u "https://graph.microsoft.com/beta/groups/${GROUP_id}/members/${MEMBER_ID}/\$ref"
```
## Further readings
- [Pat token APIs]
## Sources
- [Install Azure CLI on macOS]
- [Get started with Azure CLI]
- [Sign in with Azure CLI]
- [How to manage Azure subscriptions with the Azure CLI]
- [Authenticate with an Azure container registry]
- [Remove a member]
[Get started with Azure CLI]: https://docs.microsoft.com/en-us/cli/azure/get-started-with-azure-cli
[How to manage Azure subscriptions with the Azure CLI]: https://docs.microsoft.com/en-us/cli/azure/manage-azure-subscriptions-azure-cli
[Install Azure CLI on macOS]: https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-macos
[Sign in with Azure CLI]: https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli
[authenticate with an azure container registry]: https://docs.microsoft.com/en-us/azure/container-registry/container-registry-authentication?tabs=azure-cli
[get started with azure cli]: https://docs.microsoft.com/en-us/cli/azure/get-started-with-azure-cli
[how to manage azure subscriptions with the azure cli]: https://docs.microsoft.com/en-us/cli/azure/manage-azure-subscriptions-azure-cli
[install azure cli on macos]: https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-macos
[pat token apis]: https://docs.microsoft.com/en-us/rest/api/azure/devops/tokens/pats/list?view=azure-devops-rest-7.1
[remove a member]: https://docs.microsoft.com/en-us/graph/api/group-delete-members?view=graph-rest-1.0&tabs=http
[sign in with azure cli]: https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli