计算 Azure 机密的到期时间
Caluculating expiration of Azure secrets
我的脚本所做的是获取 Azure 应用程序注册列表,然后计算距离密钥过期还有多少天。它主要工作正常,除了如果应用程序注册有 2 个秘密,它就会失败。拥有 2 个秘密并不常见,但我们在一个应用程序注册中引入了第二个秘密,只是为了进行短期测试。
在获取应用注册列表后(总共有10个),我的脚本然后遍历每个应用程序以获取到期日期,然后计算剩余天数。下面是一个片段...
foreach ($app in $applications) {
$Appname = $app.displayName
$AppID = $app.Id
$ApplID = $app.AppId
$AppCreds = Get-AzADAppCredential -ObjectId $AppID | select StartDateTime, EndDateTime, Hint
$today = get-date
$StartDate = $AppCreds.StartDateTime
$EndDate = $AppCreds.EndDateTime
$operation = $EndDate - $today
$ODays = $operation.Days
# Check how many days are remaining for secret expiration
if ($ODays -le $Days -and $ODays -ge 0)
一旦获得,如果密码将在 60 天内过期,它会发送一封电子邮件。
当脚本使用两个密钥访问应用程序注册时,它失败并显示...
“出现问题:方法调用失败,因为 [System.Object[]] 不包含名为 'op_Subtraction' 的方法。”
知道为什么会这样吗?
$AppCreds 是数组,以防您拥有的不仅仅是应用程序机密。这是构建报告的完整 re-worked 脚本:
function Get-AzADAppCredentialExpiration(){
$retArray = @()
$applications = Get-AzADApplication
$today = get-date
foreach($app in $applications){
$AppCreds = @(Get-AzADAppCredential -ObjectId $app.Id)
$AppCreds | %{
$retArray += [PSCustomObject]@{
AppName = $app.DisplayName;
ClientSecretId = $_.KeyId
SecretHint = $_.Hint
DaysLeft = ($_.EndDateTime - $today).Days
}
}
}
return $retArray
}
$report = Get-AzADAppCredentialExpiration
$report | ? {$_.DaysLeft -le 30 -and $_.DaysLeft -gt 0} | Group-Object -Property AppName | %{
Write-Host "Key for application $($_.Name) will be expired soon:" -ForegroundColor Yellow
$_.Group | %{
Write-Host "`t$($_.SecretHint) ($($_.ClientSecretId))" -ForegroundColor Yellow
}
}
$report | ? {$_.DaysLeft -le 0} | Group-Object -Property AppName | %{
Write-Host "Key for application $($_.Name) are expired:" -ForegroundColor Red
$_.Group | %{
Write-Host "`t$($_.SecretHint) ($($_.ClientSecretId))" -ForegroundColor Red
}
}
旧答案
$AppCreds 是数组,以防您拥有的不仅仅是应用程序机密。所以你应该检查它是否数组然后相应地计算:
foreach ($app in $applications) {
$Appname = $app.displayName
$AppID = $app.Id
$ApplID = $app.AppId
$AppCreds = Get-AzADAppCredential -ObjectId $AppID | select StartDateTime, EndDateTime, Hint
$today = get-date
if($AppCreds -is [Array]){
$AppCreds | %{
$StartDate = $_.StartDateTime
$EndDate = $_.EndDateTime
$operation = $EndDate - $today
#....
}
}
else{
$StartDate = $AppCreds.StartDateTime
$EndDate = $AppCreds.EndDateTime
$operation = $EndDate - $today
}
我的脚本所做的是获取 Azure 应用程序注册列表,然后计算距离密钥过期还有多少天。它主要工作正常,除了如果应用程序注册有 2 个秘密,它就会失败。拥有 2 个秘密并不常见,但我们在一个应用程序注册中引入了第二个秘密,只是为了进行短期测试。
在获取应用注册列表后(总共有10个),我的脚本然后遍历每个应用程序以获取到期日期,然后计算剩余天数。下面是一个片段...
foreach ($app in $applications) {
$Appname = $app.displayName
$AppID = $app.Id
$ApplID = $app.AppId
$AppCreds = Get-AzADAppCredential -ObjectId $AppID | select StartDateTime, EndDateTime, Hint
$today = get-date
$StartDate = $AppCreds.StartDateTime
$EndDate = $AppCreds.EndDateTime
$operation = $EndDate - $today
$ODays = $operation.Days
# Check how many days are remaining for secret expiration
if ($ODays -le $Days -and $ODays -ge 0)
一旦获得,如果密码将在 60 天内过期,它会发送一封电子邮件。
当脚本使用两个密钥访问应用程序注册时,它失败并显示...
“出现问题:方法调用失败,因为 [System.Object[]] 不包含名为 'op_Subtraction' 的方法。”
知道为什么会这样吗?
$AppCreds 是数组,以防您拥有的不仅仅是应用程序机密。这是构建报告的完整 re-worked 脚本:
function Get-AzADAppCredentialExpiration(){
$retArray = @()
$applications = Get-AzADApplication
$today = get-date
foreach($app in $applications){
$AppCreds = @(Get-AzADAppCredential -ObjectId $app.Id)
$AppCreds | %{
$retArray += [PSCustomObject]@{
AppName = $app.DisplayName;
ClientSecretId = $_.KeyId
SecretHint = $_.Hint
DaysLeft = ($_.EndDateTime - $today).Days
}
}
}
return $retArray
}
$report = Get-AzADAppCredentialExpiration
$report | ? {$_.DaysLeft -le 30 -and $_.DaysLeft -gt 0} | Group-Object -Property AppName | %{
Write-Host "Key for application $($_.Name) will be expired soon:" -ForegroundColor Yellow
$_.Group | %{
Write-Host "`t$($_.SecretHint) ($($_.ClientSecretId))" -ForegroundColor Yellow
}
}
$report | ? {$_.DaysLeft -le 0} | Group-Object -Property AppName | %{
Write-Host "Key for application $($_.Name) are expired:" -ForegroundColor Red
$_.Group | %{
Write-Host "`t$($_.SecretHint) ($($_.ClientSecretId))" -ForegroundColor Red
}
}
旧答案
$AppCreds 是数组,以防您拥有的不仅仅是应用程序机密。所以你应该检查它是否数组然后相应地计算:
foreach ($app in $applications) {
$Appname = $app.displayName
$AppID = $app.Id
$ApplID = $app.AppId
$AppCreds = Get-AzADAppCredential -ObjectId $AppID | select StartDateTime, EndDateTime, Hint
$today = get-date
if($AppCreds -is [Array]){
$AppCreds | %{
$StartDate = $_.StartDateTime
$EndDate = $_.EndDateTime
$operation = $EndDate - $today
#....
}
}
else{
$StartDate = $AppCreds.StartDateTime
$EndDate = $AppCreds.EndDateTime
$operation = $EndDate - $today
}