Skip to content

Instantly share code, notes, and snippets.

@ehrnst

ehrnst/Get-AzureMonitorResourceGroupAlertRules.ps1

Last active November 14, 2017 16:44
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ehrnst/b64bc794fedf86a483ed9c5f6e275826 to your computer and use it in GitHub Desktop.
Save ehrnst/b64bc794fedf86a483ed9c5f6e275826 to your computer and use it in GitHub Desktop.
Download ZIP
This is a complete script authenticating using AAD application and get all alert rules from a resource group.
Raw
Get-AzureMonitorResourceGroupAlertRules.ps1
param (
# Your azure ad application ID
[Parameter(Mandatory)]
[String]
$AzureApplicationID,
# Azure AD application secret
[Parameter(Mandatory)]
[String]
$ClientSecret,
# Azure tenant id. IE: test.no or test.onmicrosoft.com
[Parameter(Mandatory)]
[String]
$TenantId,
# Azure subscription ID
[Parameter(Mandatory)]
[String]
$SubscriptionId,
# Azure Resource group name
[Parameter(Mandatory)]
[String]
$ResourceGroupName
)
$ApiVersion = "2016-03-01"
#region functions
function Get-AADAppoAuthToken {
<#
.SYNOPSIS
Function to connect to the Microsoft login OAuth endpoint and return an OAuth token.
.DESCRIPTION
Generate Azure AD oauth token.
You can specify the resource you want in the paramenter. Default is management.core.windows.net
Parts of this function is created from these examples: https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-rest-api-walkthrough
.PARAMETER ClientID
Azure AD application ID
.PARAMETER ClientSecret
Your application secret.
.PARAMETER TenantId
Your tenant domain name. test.onmicrosoft.com
.PARAMETER ResourceName
Specify if you are accessing other resources than https://management.core.windows.net
For example microsoft partner center would have https://api.partnercenter.microsoft.com
.EXAMPLE
Get-AADAppoAuthToken -ClientID 'xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' -ClientSecret <application secret> -TenantId "test.no" will return
token_type : Bearer
expires_in : 3600
ext_expires_in : 0
expires_on : 1505133623
not_before : 1505129723
resource : https://management.core.windows.net/
access_token : eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IkhIQnlLVS0wRHFBcU1aaDZaRlBkMlZXYU90ZyIsImtpZCI6IkhIQnlLVS0wRHFBcU1aaDZaRlB
kMlZXYU90ZyJ9.eyJhdWQiOiJodHRwczovL21hbmFnZW1lbnQuY29yZS53aW5kb3dzLm5ldC8iLCJpc3MiOiJodHRwczovL3N0cy
.NOTES
v1.0
Martin Ehrnst 2017
#>
[Cmdletbinding()]
Param(
[Parameter(Mandatory = $true)]
[string]$ClientID,
[Parameter(Mandatory = $true)]
[string]$ClientSecret,
[Parameter(Mandatory = $true)]
[string]$TenantId,
[Parameter(Mandatory = $false)]
[string]$ResourceName = "https://management.core.windows.net/"
)
$LoginURL = 'https://login.windows.net'
#Get application access token
$Body = @{
grant_type = "client_credentials";
resource = $ResourceName;
client_id = $ClientID;
client_secret = $ClientSecret
}
Return Invoke-RestMethod -Method Post -Uri $LoginURL/$TenantId/oauth2/token -Body $Body
}
#endregion
$result = Get-AADAppoAuthToken -ClientID $AzureApplicationID -ClientSecret $ClientSecret -TenantId $TenantId
$AuthKey = "Bearer " + ($result.access_token)
$authHeader = @{
'Content-Type' = 'application/json'
'Accept' = 'application/json'
'Authorization' = $AuthKey
}
#Get all resource group alert rules
$AlertRules = (Invoke-RestMethod -Method GET "https://management.azure.com/subscriptions/$SubscriptionId/resourcegroups/$ResourceGroupName/providers/microsoft.insights/alertrules?api-version=$apiversion" -Headers $authHeader).value
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment