【发布时间】:2021-05-09 06:36:04
【问题描述】:
我能否简化我的 PowerShell Azure Runbook,以便从订阅中的所有 KV 中收集即将到期的机密和证书(相对于重复代码)并在电子邮件中发送格式化的表格?
当前运行手册在订阅中配置到自动化帐户的关联模块上运行良好,但我确信有一种更简洁的方式来运行它并定期向利益相关者发送格式化的电子邮件。
Param(
[string]$SubscriptionID = "",
[int]$DaysNearExpiration = "30",
[string]$VaultName
)
Get-AzureRmSubscription -SubscriptionId $SubscriptionID | Select-AzureRmSubscription | Format-Table -Autosize
$ExpiredSecrets = @()
$NearExpirationSecrets = @()
#gather all key vaults from subscription
if ($VaultName) {
$KeyVaults = Get-AzureRmKeyVault -VaultName $VaultName
}
else {
$KeyVaults = Get-AzureRmKeyVault
}
#check date which will notify about expiration
$ExpirationDate = (Get-Date (Get-Date).AddDays($DaysNearExpiration) -Format yyyyMMdd)
$CurrentDate = (Get-Date -Format yyyyMMdd)
# iterate across all key vaults in subscription
foreach ($KeyVault in $KeyVaults) {
# gather all secrets in each key vault
$SecretsArray = Get-AzureKeyVaultSecret -VaultName $KeyVault.VaultName
foreach ($secret in $SecretsArray) {
# check if expiration date is set
if ($secret.Expires) {
$secretExpiration = Get-date $secret.Expires -Format yyyyMMdd
# check if expiration date set on secret is before notify expiration date
if ($ExpirationDate -gt $secretExpiration) {
# check if secret did not expire yet but will expire soon
if ($CurrentDate -lt $secretExpiration) {
$NearExpirationSecrets += New-Object PSObject -Property @{
Name = $secret.Name;
Category = 'SecretNearExpiration';
KeyVaultName = $KeyVault.VaultName;
ExpirationDate = $secret.Expires;
}
}
# secret is already expired
else {
$ExpiredSecrets += New-Object PSObject -Property @{
Name = $secret.Name;
Category = 'SecretNearExpiration';
KeyVaultName = $KeyVault.VaultName;
ExpirationDate = $secret.Expires;
}
}
}
}
}
}
Write-Output "Total number of expired secrets: $($ExpiredSecrets.Count)"
$ExpiredSecrets
Write-Output "Total number of secrets near expiration: $($NearExpirationSecrets.Count)"
$NearExpirationSecrets
$ExpiredCertificates = @()
$NearExpirationCertificates = @()
#gather all key vaults from subscription
if ($VaultName) {
$KeyVaults = Get-AzureRmKeyVault -VaultName $VaultName
}
else {
$KeyVaults = Get-AzureRmKeyVault
}
#check date which will notify about expiration
$ExpirationDate = (Get-Date (Get-Date).AddDays($DaysNearExpiration) -Format yyyyMMdd)
$CurrentDate = (Get-Date -Format yyyyMMdd)
# iterate across all key vaults in subscription
foreach ($KeyVault in $KeyVaults) {
# gather all certificates in each key vault
$CertificatesArray = Get-AzureKeyVaultCertificate -VaultName $KeyVault.VaultName
foreach ($Certificate in $CertificatesArray) {
# check if expiration date is set
if ($certificate.Expires) {
$certificateExpiration = Get-date $certificate.Expires -Format yyyyMMdd
# check if expiration date set on certificate is before notify expiration date
if ($ExpirationDate -gt $certificateExpiration) {
# check if secret did not expire yet but will expire soon
if ($CurrentDate -lt $certificateExpiration) {
$NearExpirationCertificates += New-Object PSObject -Property @{
Name = $certificate.Name;
Category = 'CertificateNearExpiration';
KeyVaultName = $KeyVault.VaultName;
ExpirationDate = $certificate.Expires;
}
}
# secret is already expired
else {
$ExpiredCertificates += New-Object PSObject -Property @{
Name = $certificate.Name;
Category = 'CertificateNearExpiration';
KeyVaultName = $KeyVault.VaultName;
ExpirationDate = $certificate.Expires;
}
}
}
}
}
}
Write-Output "Total number of expired certificates: $($ExpiredCertificates.Count)"
$ExpiredCertificates
Write-Output "Total number of certificates near expiration: $($NearExpirationCertificates.Count)"
$NearExpirationCertificates
【问题讨论】:
标签: azure powershell certificate azure-keyvault runbook