rcabr rcabr

## PentahoDI-CreateDocumentDBAuthHeader.js
// Problem:
// Use the DocumentDB REST API from Pentaho DI (Spoon)
// Produce an authorization header for the request
//
// Solution:
// 1. Read this document https://docs.microsoft.com/en-us/rest/api/documentdb/access-control-on-documentdb-resources
// 2. Assuming you have serialized your record to JSON and wish to publish it via a REST Client step
// 3. Add a "Modified Java Script Value" step to your Pentaho Transformation with the following body.

//Input

## keybase.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                rcabr
                / keybase.md
            
            
              Last active
              May 29, 2017 02:29
            
              
                My Keybase Proof
              
          
    Keybase proof

I hereby claim:

I am rcabr on github.
I am rcabr (https://keybase.io/rcabr) on keybase.
I have a public key ASAf5DroJ22Q0-O9RC4mJ7uJxGbHfwiggg2VQIW8ZfOVYQo

To claim this, I am signing this object:

  
## Assign-ArmResourcePolicies.ps1
# Assigns all resource policies in the current folder to the specified resource group.
[CmdletBinding()]
Param(
    [Parameter(Mandatory=$True)]
    [string]$ResourceGroupName
)

# get subscription or ask user to log in
$subscription = Get-AzureRmSubscription;

## Get-AzureRmEarliestDeploymentsByResourceGroup
# Assumes the Azure RM context is already set (logged in, subscription selected).
# Returns a list of Resource Group Names and the Earliest Timestamp (from deployment activity) for each.

((Get-AzureRmResourceGroup | Select-Object ResourceGroupName) | Get-AzureRmResourceGroupDeployment)`
    | Select-Object ResourceGroupName, @{Name="Created"; Expression = {$_.Timestamp}} `
    | Sort-Object ResourceGroupName, Created `
    | Group-Object ResourceGroupName `
    | Select-Object Name, @{Name="EarliestTimestamp"; Expression={`
        $_.Group.Created | Measure-Object -Minimum | Select-Object -ExpandProperty Minimum `
      }}

## Apply-TagsToResourcesInRg.ps1
# Applies these two tags (appId, environment) to all resources in the specified resource group.
# Optional: resourcePattern will be used to select a subset of resources to apply tags to.
[CmdletBinding()]
param(
    [string] $resourceGroupName,
    [string] $appIdValue,
    [string] $environmentValue,
    [string] $resourcePattern = ""
)

## Assign-InitiativeToCurrentSubscription.ps1
#
# Assigns the specified initiative to the currently selected subscription
#
[CmdletBinding()]
Param(
    [Parameter(Mandatory=$true, HelpMessage="The name of the initiative to assign. Example: 'Data Classification'")]
    [string]$InitiativeName
)

Get-AzureRmContext  # print out current context to inform operator

## Get-SubscriptionHierarchyDiagram.ps1
<#
.SYNOPSIS
	Create a Mermaid diagram (https://mermaidjs.github.io/)
	that reflects the Azure management group and subscription hierarchy.

.DESCRIPTION
	This script assumes prerequisites:
	1) The Az module is installed (https://docs.microsoft.com/en-us/powershell/azure/new-azureps-module-az)
	2) Azure sign-in is completed (Connect-AzAccount)
	3) The signed-in user has the required permissions to enumerate the management groups and subscriptions

## Audit-AzureSqlFirewallRules-AzAutomation.ps1
<#
    .Synopsis
        Scans for Azure SQL servers missing our IP addresses in their firewalls and sends a report by e-mail.

    .Description
        Intended for use from an Azure Automation account.

    .NOTES
        AUTHOR: rcabr
        LASTEDIT: 2019-06-04

## arm-deploy-webapp-iprestrictions.json
{
    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "name": {
            "type": "string"
        }
    },
    "resources": [
        {

## WebApp-default-IP-restrictions-deploy.json
{
  "properties": {
    "displayName": "Web App default IP restrictions",
    "mode": "indexed",
    "description": "Configures Web App IP restriction to allow access from specified public IP addresses",
    "metadata": {
      "category": "Security v5"
    },
    "parameters": {},
    "policyRule": {
	// Problem:
	// Use the DocumentDB REST API from Pentaho DI (Spoon)
	// Produce an authorization header for the request
	//
	// Solution:
	// 1. Read this document https://docs.microsoft.com/en-us/rest/api/documentdb/access-control-on-documentdb-resources
	// 2. Assuming you have serialized your record to JSON and wish to publish it via a REST Client step
	// 3. Add a "Modified Java Script Value" step to your Pentaho Transformation with the following body.

	//Input
	# Assigns all resource policies in the current folder to the specified resource group.
	[CmdletBinding()]
	Param(
	[Parameter(Mandatory=$True)]
	[string]$ResourceGroupName
	)

	# get subscription or ask user to log in
	$subscription = Get-AzureRmSubscription;
	# Assumes the Azure RM context is already set (logged in, subscription selected).
	# Returns a list of Resource Group Names and the Earliest Timestamp (from deployment activity) for each.

	((Get-AzureRmResourceGroup \| Select-Object ResourceGroupName) \| Get-AzureRmResourceGroupDeployment)`
	\| Select-Object ResourceGroupName, @{Name="Created"; Expression = {$_.Timestamp}} `
	\| Sort-Object ResourceGroupName, Created `
	\| Group-Object ResourceGroupName `
	\| Select-Object Name, @{Name="EarliestTimestamp"; Expression={`
	$_.Group.Created \| Measure-Object -Minimum \| Select-Object -ExpandProperty Minimum `
	}}
	# Applies these two tags (appId, environment) to all resources in the specified resource group.
	# Optional: resourcePattern will be used to select a subset of resources to apply tags to.
	[CmdletBinding()]
	param(
	[string] $resourceGroupName,
	[string] $appIdValue,
	[string] $environmentValue,
	[string] $resourcePattern = ""
	)
	#
	# Assigns the specified initiative to the currently selected subscription
	#
	[CmdletBinding()]
	Param(
	[Parameter(Mandatory=$true, HelpMessage="The name of the initiative to assign. Example: 'Data Classification'")]
	[string]$InitiativeName
	)

	Get-AzureRmContext # print out current context to inform operator
	<#
	.SYNOPSIS
	Create a Mermaid diagram (https://mermaidjs.github.io/)
	that reflects the Azure management group and subscription hierarchy.

	.DESCRIPTION
	This script assumes prerequisites:
	1) The Az module is installed (https://docs.microsoft.com/en-us/powershell/azure/new-azureps-module-az)
	2) Azure sign-in is completed (Connect-AzAccount)
	3) The signed-in user has the required permissions to enumerate the management groups and subscriptions
	<#
	.Synopsis
	Scans for Azure SQL servers missing our IP addresses in their firewalls and sends a report by e-mail.

	.Description
	Intended for use from an Azure Automation account.

	.NOTES
	AUTHOR: rcabr
	LASTEDIT: 2019-06-04
	{
	"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
	"contentVersion": "1.0.0.0",
	"parameters": {
	"name": {
	"type": "string"
	}
	},
	"resources": [
	{
	{
	"properties": {
	"displayName": "Web App default IP restrictions",
	"mode": "indexed",
	"description": "Configures Web App IP restriction to allow access from specified public IP addresses",
	"metadata": {
	"category": "Security v5"
	},
	"parameters": {},
	"policyRule": {