Collection of handy Azure CLI and Bash scripts

/ Pascal Naber

More and more people are using the Azure CLI to provision resources on Azure. Since my blogpost about the Azure CLI, I received so many reactions of people who are using the Azure CLI now. It’s readable, easy and is idempotent. Sometimes you want to use the more advanced syntax. This blog post is a collection of Azure CLI Commands and bash scripts that took me more time then I wanted and collect them so it doesn’t take you that much time (and me as well, next time 🙂 ). I will add to this blogpost if necessary.

Azure_CLI_101

There are 4 sections:

  • JMESPATH
  • Bash using Azure CLI
  • Azure resources
  • Azure DevOps

Please let me know if I can do something easier or better.

JMESPath

Apply multiple filters (with an And) using JMESPath

--query "ipSecurityRestrictions[?action == 'Allow' && action == 'Deny']"

Apply multiple filters (with an Or) using JMESPath

--query "ipSecurityRestrictions[?action == 'Allow' || action == 'Deny']"

Filter on numeric value using JMESPath

note: In the Azure CLI use backticks and escape them

--query "ipSecurityRestrictions[?priority >= \`100\`]"

Filter on a nested (or child) array using JMESPath

 "txtRecords": [
    {
      "value": [
        "abc"
      ]
    },
    {
      "value": [
        "def"
      ]
    }
  ]
--query "txtRecords[*].value[?starts_with(@, 'abc')]"

Filter on a substring using JMESPath

--query "[?contains(name, '$NODEPOOL_NAME')]"

Filter on an equal string using JMESPath

--query "[?keyVaultSecretName == '$SECRETNAME']

Filter on an item in nested (or child) array. And read child value

--query "[].resourceAccess[?id == '$MAINGUID'] | [].id"

Bash using Azure CLI

Execute Azure CLI command with filter and iterate over the results as array, per item

az webapp config access-restriction show --resource-group $RESOURCEGROUP \
  --name $WEBAPP_NAME \
  --query "ipSecurityRestrictions[name, ip_address]" -o tsv |
while read -r name ipaddress; do
    az webapp config access-restriction remove \
        --resource-group $RESOURCEGROUP \
        --name $WEBAPP_NAME \
        --rule-name $name \
        --ip-address $ipaddress
done

Iterate over array with foreach

$STORAGE_CONTAINERS=(books magazines literature)
for container in $STORAGE_CONTAINERS; do
    az storage container create --name $container 
        --account-name $STORAGE_ACCOUNT_NAME
done

Iterate over keyvalue pairs

Key value pairs are handy for whitelisting for example:

POSTGRESSERVER_WHITELIST="office=10.20.30.40 home=5.6.7.8"
# OR
POSTGRESSERVER_WHITELIST=
(
  "office=10.20.30.40"
  "home=5.6.7.8"
)
for i in $POSTGRESSERVER_WHITELIST
do 
    WHITELISTNAME="${i%=*}"
    WHITELISTIPADDRESS="${i#*=}" 
    az postgres server firewall-rule create -g $RESOURCEGROUP 
        -s $POSTGRESSERVER_NAME \
        -n $WHITELISTNAME \
        --start-ip-address $WHITELISTIPADDRESS \
        --end-ip-address $WHITELISTIPADDRESS
done

Iterate over array with more than 2 items per line

Note: a comma is used as separator here

POSTGRESSERVER_WHITELIST=
(
"office,10.20.30.40,10.20.30.90"
"home,5.6.7.8,5.6.7.40"
)
for LINE in "${POSTGRESSERVER_WHITELIST[@]}"; do
    TMPARR=(`echo $LINE| tr ',' ' '`)

    DESCRIPTION=${TMPARR[0]}
    START_IPADDRESS=${TMPARR[1]}
    END_IPADDRESS=${TMPARR[2]}

done

Check if a resource exists

SPN_ID=$(az ad sp list --display-name $SPN_NAME --query "[].appId" -o tsv)
if [ -z "$SPN_BACKEND_ID" ]; then

fi

Wait till a property has a certain value

Wait till property “State” has the value “Registered”. Then we continue.
while [ $(az feature list -o tsv --query "[?contains(name, 'Microsoft.ContainerService/MultiAgentpoolPreview')].properties.state") != "Registered" ]
do    
    echo -n "."
    sleep 5   
done
echo "Preview is registered"

Azure resources

Get Application Insights InstrumentationKey using the Azure CLI

APPINSIGHTS_INSTRUMENTATONKEY=$(az resource show \
    --resource-group $RESOURCEGROUP \
    --name $APPINSIGHTS_NAME \    
    --namespace Microsoft.Insights \
    --resource-type components \
    --query properties.InstrumentationKey \
    --output tsv)

or

APPINSIGHTS_INSTRUMENTATONKEY=$(az resource show \
    -g $(RESOURCEGROUP) \
    -n $(APPINSIGHTS_NAME) \
    --resource-type "Microsoft.Insights/components" \
    --query properties.InstrumentationKey 
    --out tsv)

Delete a public certificate on a webapp

az resource delete --ids "/subscriptions/$SUBSCRIPTION/resourceGroups/$RESOURCEGROUP/providers/Microsoft.Web/sites/$WEBAPP_NAME/publicCertificates/$CERTIFICATENAME"

Get public certificate on a webapp

properties.thumbprint or properties.blob or all without query

az resource show --ids "/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RESOURCEGROUP/providers/Microsoft.Web/sites/$WEBAPP_NAME/publicCertificates/$CERTIFICATE_NAME" \
    --query "properties.thumbprint" \
    -o tsv

Get the Azure Container Registry password

CONTAINERREGISTRY_PASSWORD=$(az acr credential show -n $CONTAINERREGISTRY_NAME \
  -g $RESOURCEGROUP \
  --query passwords[0].value --o tsv)

Azure DevOps

Set a variable based on output of CLI
echo "##vso[task.setvariable variable=CONTAINERREGISTRY_PASSWORD;]$CONTAINERREGISTRY_PASSWORD"
Advertentie

2 gedachtes over “Collection of handy Azure CLI and Bash scripts

  1. You are an Azure CLI magician, Pascal, thanks for sharing this best-practice knowledge which covers many needed aspects and saves me the pain and hours of frustration when automating things in our cloud – extremely well done and a big thank you for this brilliant focus on the most relevant things, explained using examples – really impressive!

    Like

    Beantwoorden

Geef een reactie

Vul je gegevens in of klik op een icoon om in te loggen.

Gravatar
WordPress.com logo

Je reageert onder je WordPress.com account. Log uit /  Bijwerken )

Facebook foto

Je reageert onder je Facebook account. Log uit /  Bijwerken )

Annuleren

Verbinden met %s

Deze site gebruikt Akismet om spam te bestrijden. Ontdek hoe de data van je reactie verwerkt wordt.