Some AZ CLI snippets

Some useful AZ CLI snippets

Some AZ CLI snippets


who is currently logged in

az ad signed-in-user show

show current environment configuration

az devops configure --list
az devops configure --defaults --project=name-of-project

show service endpoints

az devops service-endpoint list

list all managed system identity resources

az resource list --query "[?identity.type=='SystemAssigned'].{Name:name, principalId:identity.principalId}" --output table

add az cli extensions

az extension list-available

ssh into webapp (assumes ssh is enabled)

az webapp create-remote-connection -g my-resource-group -n my-web-app

searching service principals

az ad sp list --query "[?starts_with(displayName, 'sp-')].{appId:appId, displayName:displayName}" --all

sorting results

az ad sp list --all --output table --query "sort_by([].{displayName:displayName, appId:appId}, &displayName)"

creating a service principal

helpful link
helpful link

creating a certifcate directly into the key vault is possible, but it saves in a format not compatible with logging in from the CLI. this is the reason i create the certificate locally and upload it.

create a service principal with certificate

certName=<my name>
vaultName=<my vault name>

sp=$(az ad sp create-for-rbac --name $certName --create-cert -o json)
az keyvault certificate import --vault-name $vaultName -n $certName -f $(echo $sp | jq -r ".fileWithCertAndPrivateKey")
echo az login --service-principal --username $(echo $sp | jq -r ".appId") --tenant $(echo $sp | jq -r ".tenant") --password $(echo $sp | jq -r ".fileWithCertAndPrivateKey")

how to download the certificate

az keyvault secret download --name certName --vault-name $vaultName --file ${certName}.pem

Check the default AZ account

clear && echo "The configuration validation returns => " $(az account list --query "[?name=='<NAME_OF_ACCOUNT>'].{isDefault:isDefault}[0]" -o json | jq -r ". | .isDefault")