Some AZ CLI snippets
who is currently logged in
az ad signed-in-user show
show current environment configuration
az devops configure --list
az devops configure --defaults --project=name-of-project
show service endpoints
az devops service-endpoint list
list all managed system identity resources
az resource list --query "[?identity.type=='SystemAssigned'].{Name:name, principalId:identity.principalId}" --output table
add az cli extensions
az extension list-available
ssh into webapp (assumes ssh is enabled)
az webapp create-remote-connection -g my-resource-group -n my-web-app
searching service principals
az ad sp list --query "[?starts_with(displayName, 'sp-')].{appId:appId, displayName:displayName}" --all
sorting results
az ad sp list --all --output table --query "sort_by([].{displayName:displayName, appId:appId}, &displayName)"
creating a service principal
creating a certifcate directly into the key vault is possible, but it saves in a format not compatible with logging in from the CLI. this is the reason i create the certificate locally and upload it.
create a service principal with certificate
certName=<my name>
vaultName=<my vault name>
sp=$(az ad sp create-for-rbac --name $certName --create-cert -o json)
az keyvault certificate import --vault-name $vaultName -n $certName -f $(echo $sp | jq -r ".fileWithCertAndPrivateKey")
echo az login --service-principal --username $(echo $sp | jq -r ".appId") --tenant $(echo $sp | jq -r ".tenant") --password $(echo $sp | jq -r ".fileWithCertAndPrivateKey")
how to download the certificate
az keyvault secret download --name certName --vault-name $vaultName --file ${certName}.pem
Check the default AZ account
clear && echo "The configuration validation returns => " $(az account list --query "[?name=='<NAME_OF_ACCOUNT>'].{isDefault:isDefault}[0]" -o json | jq -r ". | .isDefault")