The Start-AzPolicyComplianceScan works fine in PowerShell. I am trying to achieve the same using az cli but am unable to find an equivalent.
Looks there is no built-in command in azure cli, the workaround is to use az rest to call the REST API directly.
Sample:
1.Start a compliance scan at resource group scope - https://learn.microsoft.com/en-us/rest/api/policy-insights/policystates/triggerresourcegroupevaluation
az rest --method POST --uri https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.PolicyInsights/policyStates/latest/triggerEvaluation?api-version=2019-10-01
2.Start a compliance scan at subscription scope - https://learn.microsoft.com/en-us/rest/api/policy-insights/policystates/triggersubscriptionevaluation
az rest --method POST --uri https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.PolicyInsights/policyStates/latest/triggerEvaluation?api-version=2019-10-01
After running the command, you could check the result in the Activity log in the resource group/subscription, it works fine.
This is currently possible using:
az policy state trigger-scan
More in the documentation: https://learn.microsoft.com/en-us/cli/azure/policy/state?view=azure-cli-latest#az-policy-state-trigger-scan
Related
I know how to get repositories, we can use
az acr repository list --name myregistry.
But, how to get repositories with tags that are having security/vulnerability issues after security scans using azure cli?
There is no way to get repositories with tags that are having security/vulnerability issues after security scans using Azure CLI.
You can get the scan results (security vulnerabilities, recommendations) of the scanned resource using Azure Portal, Azure Resource Graph and REST API as given in this MS Doc.
If you have the assessment Ids, then you can get the scan results using combination of REST API and Az CLI Cmdlets:
REST API:
Azure CLI:
az rest --method get --url GET {api to get security vuls} --url-parameters
I am trying to create an Azure Key Vault but I am getting below error:
az keyvault create --location ${regionName} --name ${MyKeyVault} --resource-group ${resourceGroupName}
Error: (VaultAlreadyExists) The name 'check' is already in use.
Please help me write a code to check if the Key Vault name is avaialable.
There is no built-in CLI command to do this, your option is to use az rest call the REST API directly.
Sample:
az rest --method post --uri 'https://management.azure.com/subscriptions/<subscription-id>/providers/Microsoft.KeyVault/checkNameAvailability?api-version=2019-09-01' --headers 'Content-Type=application/json' --body '{"name": "joykeyvault","type": "Microsoft.KeyVault/vaults"}'
You can use Azure API to check that Keyvault name is valid and is not already in use.
https://learn.microsoft.com/en-us/rest/api/keyvault/vaults/checknameavailability
I am trying to make a dynamic Azure CLI Task in Azure DevOps that will let us reuse the task. My biggest issue right now is dynamically setting the --advanced-filter on the command.
I have looked at the documentation here, https://learn.microsoft.com/en-us/azure/event-grid/how-to-filter-events, and the only place it shows using a variable for the filter is in the PowerShell command not the Azure CLI. I have tried to replicate that syntax for the CLI, but it fails.
Here is the command I am trying to run. I took the syntax for the filter from the above Microsoft doc.
$eventSubscriptionFilter = #{operator="StringContains"; key="data.messageTypeUri"; Value=#("myUriHere")}
az eventgrid event-subscription create --endpoint-type azurefunction --name $topicSubName --source-resource-id $topicid --endpoint $functionEndPoint --deadletter-endpoint $storageid/blobServices/default/containers/$containername --advanced-filter #($eventSubscriptionFilter)
If I run this without the --advanced-filter it works perfectly, but as soon as I add --advanced-filter I get this error:
az : usage error: --advanced-filter KEY[.INNERKEY] FILTEROPERATOR VALUE [VALUE ...]
Is this what I am going to have to do?
--advanced-filter data.$myMember StringContains $myValue
I am not even sure if that is going to work. I am going to have to hard code it in there, and that kills the ability to make this dynamic.
Any thoughts?
If you want to specify --advanced-filter in Azure CLI command, it should be like --advanced-filter [key] [operation] [value]. For more details, please refer to the document
For example(I test it in Powershell)
$key="data.Message"
$opreation="StringContains"
$value=#("test","test1")
az eventgrid event-subscription create
--name $topicSubName
--source-resource-id $topicid
--endpoint $functionEndPoint
--deadletter-endpoint $storageid/blobServices/default/containers/$containername
--advanced-filter $key $opreation $value
Could someone please let me know how to list all the DBR workspaces under a particualr subscription in Azure.
I have tried Az Cli Option but it doesn't have any option to list any workspace.
you can always use something like this:
az resource list --resource-type "Microsoft.Databricks/workspaces"
so use a generic command to query the rest api directly (what the other answer suggests) but using Azure CLI, so you dont need to handle the auth\tokens\etc
ps. you'd first need to change your Azure CLI context to that subscription with:
az account set -s "sub_name_goes_here"
You can use the REST API,
GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Databricks/workspaces?api-version=2018-04-01
I can get we apps using the Az cmdlets by using az webapp list.
I have logic apps , I tried using az logicapp list
but its not recognised in Powershell.
Is there a manual listing the cmdlets to list logic apps ,sqlservers and sqldatabases ?
I wanted to provide an update to #4c74356b41's answer since it has been almost 3 years. For the Azure CLI there are now (as of at least June 2022) commands for managing Logic Apps, both of the "standard" and "consumption" varieties.
For "standard" Logic Apps you can manage them with the az logicapp command. E.g.:
az logicapp list --resource-group MyResourceGroup
For all the operations, run az logicapp --help.
For "consumption" Logic Apps, there is a (currently in preview) command of az logic workflow that requires a logic extension to be installed for the Azure CLI. E.g.:
az logic workflow list --resource-group MyResourceGroup
For all the operations, run az logic workflow --help.
#4c74356b41's answer is definitely still valid, but better support for managing Logic Apps is now a part of the Azure CLI (which is also not directly tied to PowerShell as indicated by the OP's question...the Azure CLI does not have to be run in PowerShell).
See Microsoft's official docs for these Azure CLI commands (and others) at:
Standard Logic Apps
Consumption Logic Apps
the AZ cli equivalent of Get-AzLogicApp is the following:
az resource list --resource-type 'Microsoft.Logic/workflows'
there are no dedicated cmdlets for managing logic apps in Az cli yet.
You could use below method to get logic app list.
Get-AzResource -ResourceType "Microsoft.Logic/workflows" -ResourceGroupName resourcegroupname
As for the sqlservers and sqldatabase, you could just use the method provided.
Get-AzSqlDatabase and Get-AzSqlServer support to list the servers and the databases.