-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathlist_service_connection_identities.ps1
132 lines (114 loc) · 3.95 KB
/
list_service_connection_identities.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
#!/usr/bin/env pwsh
<#
.SYNOPSIS
List Azure DevOps Service Connections
.DESCRIPTION
Use the Microsoft Graph API to find Azure DevOps Service Connections by organization & project, using Azure DevOps Service Connection naming convention
#>
#Requires -Version 7
param (
[parameter(Mandatory=$false,ParameterSetName="Organization",HelpMessage="Name of the Azure DevOps Organization")]
[string]
$Organization=(($env:AZDO_ORG_SERVICE_URL ?? $env:SYSTEM_COLLECTIONURI) -split '/' | Select-Object -Index 3),
[parameter(Mandatory=$false,ParameterSetName="Organization",HelpMessage="Name of the Azure DevOps Project")]
[string]
$Project,
[parameter(Mandatory=$false)]
[switch]
$HasCertificates=$false,
[parameter(Mandatory=$false)]
[switch]
$HasNoCertificates=$false,
[parameter(Mandatory=$false)]
[switch]
$HasFederation=$false,
[parameter(Mandatory=$false)]
[switch]
$HasNoFederation=$false,
[parameter(Mandatory=$false)]
[switch]
$HasSecrets=$false,
[parameter(Mandatory=$false)]
[switch]
$HasNoSecrets=$false,
[parameter(Mandatory=$false)]
[guid[]]
$AppId,
[parameter(Mandatory=$false,HelpMessage="Azure subscription id")]
[ValidateNotNullOrEmpty()]
[guid]
$SubscriptionId,
[parameter(Mandatory=$false,HelpMessage="Azure Active Directory tenant id")]
[guid]
$TenantId=($env:ARM_TENANT_ID ?? $env:AZURE_TENANT_ID ?? [guid]::Empty),
[parameter(Mandatory=$false)]
[ValidateSet('List', 'Table')]
[string]
$Format='Table'
)
Write-Debug $MyInvocation.line
. (Join-Path $PSScriptRoot .. functions.ps1)
# Login to Azure CLI
Write-Verbose "Logging into Azure..."
Login-Az -Tenant ([ref]$TenantId)
$message = "Identities of type 'Application' in Azure DevOps"
if ($Organization) {
$federationPrefix += "sc://${Organization}/"
$namePrefix = "${Organization}-"
$message += " organization '${Organization}'"
} elseif (!$HasFederation) {
Write-Warning "Organization not specified, listing all Service Connections with federation instead"
$HasFederation = $true
}
if ($Project) {
if (!$Organization) {
Write-Warning "Project '${Project}' requires Organization to be specified"
exit 1
}
$federationPrefix += "${Project}/"
$namePrefix += "${Project}-"
$message += " and project '${Project}'"
}
$federationPrefix ??= "sc://"
if ($HasFederation) {
$message += " using federation"
Write-Host "Searching for ${message}..."
Find-ApplicationsByFederation -StartsWith $federationPrefix | Set-Variable msftGraphObjects
} else {
Write-Host "Searching for ${message}..."
Find-ApplicationsByName -StartsWith $namePrefix | Set-Variable msftGraphObjects
}
# Filters
if ($AppId) {
$AppId | Foreach-Object {$_.ToString().ToLower()} | Set-Variable AppId
}
Write-Host "${message}:"
$msftGraphObjects | Where-Object {
# We already check federation on organization/project, so we can ignore it here
!$AppId -or ($_.appId.ToLower() -in $AppId)
# } | Where-Object {
# # We already check federation on organization/project, so we can ignore it here
# !$HasFederation -or $_.name -match "${Organization}-[^-]+-[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"
} | Where-Object {
!$SubscriptionId -or $_.name -match $SubscriptionId
} | Where-Object {
$_.certCount -ge ($HasCertificates ? 1 : 0)
} | Where-Object {
!$HasNoCertificates -or $_.certCount -eq 0
} | Where-Object {
!$HasFederation -or $_.federatedSubjects -match "sc://[^/]+/[^/]+/[^/]+"
} | Where-Object {
!$HasNoFederation -or [string]::IsNullOrEmpty($_.federatedSubjects)
} | Where-Object {
$_.secretCount -ge ($HasSecrets ? 1 : 0)
} | Where-Object {
!$HasNoSecrets -or $_.secretCount -eq 0
} | Set-Variable msftGraphFilteredObjects
switch ($Format) {
'List' {
$msftGraphFilteredObjects | Format-List
}
'Table' {
$msftGraphFilteredObjects | Format-Table -AutoSize
}
}