Last active
November 14, 2017 16:44
-
-
Save ehrnst/b64bc794fedf86a483ed9c5f6e275826 to your computer and use it in GitHub Desktop.
This is a complete script authenticating using AAD application and get all alert rules from a resource group.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
param ( | |
# Your azure ad application ID | |
[Parameter(Mandatory)] | |
[String] | |
$AzureApplicationID, | |
# Azure AD application secret | |
[Parameter(Mandatory)] | |
[String] | |
$ClientSecret, | |
# Azure tenant id. IE: test.no or test.onmicrosoft.com | |
[Parameter(Mandatory)] | |
[String] | |
$TenantId, | |
# Azure subscription ID | |
[Parameter(Mandatory)] | |
[String] | |
$SubscriptionId, | |
# Azure Resource group name | |
[Parameter(Mandatory)] | |
[String] | |
$ResourceGroupName | |
) | |
$ApiVersion = "2016-03-01" | |
#region functions | |
function Get-AADAppoAuthToken { | |
<# | |
.SYNOPSIS | |
Function to connect to the Microsoft login OAuth endpoint and return an OAuth token. | |
.DESCRIPTION | |
Generate Azure AD oauth token. | |
You can specify the resource you want in the paramenter. Default is management.core.windows.net | |
Parts of this function is created from these examples: https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-rest-api-walkthrough | |
.PARAMETER ClientID | |
Azure AD application ID | |
.PARAMETER ClientSecret | |
Your application secret. | |
.PARAMETER TenantId | |
Your tenant domain name. test.onmicrosoft.com | |
.PARAMETER ResourceName | |
Specify if you are accessing other resources than https://management.core.windows.net | |
For example microsoft partner center would have https://api.partnercenter.microsoft.com | |
.EXAMPLE | |
Get-AADAppoAuthToken -ClientID 'xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' -ClientSecret <application secret> -TenantId "test.no" will return | |
token_type : Bearer | |
expires_in : 3600 | |
ext_expires_in : 0 | |
expires_on : 1505133623 | |
not_before : 1505129723 | |
resource : https://management.core.windows.net/ | |
access_token : eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IkhIQnlLVS0wRHFBcU1aaDZaRlBkMlZXYU90ZyIsImtpZCI6IkhIQnlLVS0wRHFBcU1aaDZaRlB | |
kMlZXYU90ZyJ9.eyJhdWQiOiJodHRwczovL21hbmFnZW1lbnQuY29yZS53aW5kb3dzLm5ldC8iLCJpc3MiOiJodHRwczovL3N0cy | |
.NOTES | |
v1.0 | |
Martin Ehrnst 2017 | |
#> | |
[Cmdletbinding()] | |
Param( | |
[Parameter(Mandatory = $true)] | |
[string]$ClientID, | |
[Parameter(Mandatory = $true)] | |
[string]$ClientSecret, | |
[Parameter(Mandatory = $true)] | |
[string]$TenantId, | |
[Parameter(Mandatory = $false)] | |
[string]$ResourceName = "https://management.core.windows.net/" | |
) | |
$LoginURL = 'https://login.windows.net' | |
#Get application access token | |
$Body = @{ | |
grant_type = "client_credentials"; | |
resource = $ResourceName; | |
client_id = $ClientID; | |
client_secret = $ClientSecret | |
} | |
Return Invoke-RestMethod -Method Post -Uri $LoginURL/$TenantId/oauth2/token -Body $Body | |
} | |
#endregion | |
$result = Get-AADAppoAuthToken -ClientID $AzureApplicationID -ClientSecret $ClientSecret -TenantId $TenantId | |
$AuthKey = "Bearer " + ($result.access_token) | |
$authHeader = @{ | |
'Content-Type' = 'application/json' | |
'Accept' = 'application/json' | |
'Authorization' = $AuthKey | |
} | |
#Get all resource group alert rules | |
$AlertRules = (Invoke-RestMethod -Method GET "https://management.azure.com/subscriptions/$SubscriptionId/resourcegroups/$ResourceGroupName/providers/microsoft.insights/alertrules?api-version=$apiversion" -Headers $authHeader).value |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment