azure 在小工具不返回订阅名称时提取订阅名称,或者如何使用哈希表或函数返回订阅名称

ssm49v7z  于 2023-11-21  发布在  其他
关注(0)|答案(1)|浏览(143)

我已经编写了一个PowerShell脚本,它将生成一个报告,其中包含分配给Azure中的用户的所有组。最后一部分是一个按组的报告,其中包含每个订阅中的所有组以及分配给这些组的用户总数。我遇到的问题是订阅ID,我想用订阅名称替换ID,并在其中创建了一个自定义对象。如果我可以将订阅名称而不是ID附加到它,这将允许我使用group-object,这意味着获取订阅名称的工作只需要完成一次。对于报表的用户来说,获取订阅名称要容易得多,因为这更容易作为报表的一部分阅读,而且group-object
我都做了些什么?
根据我的研究,哈希表是一种可行的方法。我实际上需要的是一个查找表或一个函数,如果我提供订阅ID,它将返回订阅名称。然后在生成csv的第一个报表中使用它,也可以在group-object部分使用它。
我已经尝试了这里的散列,但不确定其实现

$subscription_hash = @{}
$subscription_hash = Get-Azsubscription | Select-Object Id, Name

字符串
完整的代码可以在下面找到。

# Set the output CSV file path
$outputFilePath = "C:\output\Report.csv"

# Create an empty array to store the results
$all_results = @()

# Function to retrieve role assignments for a subscription
function Get-RoleAssignmentsForSubscription {
    param (
        [string]$subscriptionId
    )

    try {   
        $all_results2 = @()
        $roleAssignments = Get-AzRoleAssignment -Scope "/subscriptions/$subscriptionId"
        foreach ($assignment in $roleAssignments) {

            if ($null -ne $assignment.DisplayName  -or $null -ne $assignment.SignInName ){
                $result_object = New-Object PSObject
                Add-Member -inputObject $result_object -memberType NoteProperty -name "Subscription" -value $subscriptionId
                Add-Member -inputObject $result_object -memberType NoteProperty -name "Subscription_Name" -value "Unknown"
                Add-Member -inputObject $result_object -memberType NoteProperty -name "Display Name" -value $assignment.DisplayName
                Add-Member -inputObject $result_object -memberType NoteProperty -name "SignIn Name" -value $assignment.SignInName
                Add-Member -inputObject $result_object -memberType NoteProperty -name "Object Type" -value $assignment.ObjectType
                Add-Member -inputObject $result_object -memberType NoteProperty -name "Object ID" -value $assignment.ObjectId
                Add-Member -inputObject $result_object -memberType NoteProperty -name "assignment" -value $assignment.RoleDefinitionName
                Add-Member -inputObject $result_object -memberType NoteProperty -name "RoleDefinition ID" -value $assignment.RoleDefinitionId
                Add-Member -inputObject $result_object -memberType NoteProperty -name "Scope" -value $assignment.Scope
                Add-Member -inputObject $result_object -memberType NoteProperty -name "Description" -value $assignment.Description
                Add-Member -inputObject $result_object -memberType NoteProperty -name "CanDelegate" -value $assignment.CanDelegate
            }

            $all_results2 += $result_object

            }

            Write-Output $all_results2
            return $all_results2
    }
    catch {
        Write-Host "Error retrieving role assignments for subscription $subscriptionId -Error detail $_"
    }
}

# Get all subscriptions in the Azure account
$subscriptions = Get-AzSubscription

# Loop through each subscription
foreach ($subscription in $subscriptions) {
    $subscriptionId = $subscription.Id
    $all_results_get_assignment =  Get-RoleAssignmentsForSubscription -subscriptionId $subscriptionId
    $all_results += $all_results_get_assignment
}

# Export the results to a CSV file

Write-Host "Script execution completed. Results exported to $outputFilePath."
# $all_results | Export-Csv -Path $outputFilePath -NoTypeInformation


$subscription_hash = @{}
$subscription_hash = Get-Azsubscription | Select-Object Id, Name

#breakdown using subscription ID
$all_results | Group-Object -Property assignment, subscription | Select-Object subscription,Name, Count | sort Count -Descending

$all_results | Group-Object -Property assignment, subscription | Select-Object $subscription_hash[subscription],Name, Count | sort Count -Descending

ljsrvy3e

ljsrvy3e1#

你要做的是 joinGet-AzSubscription输出的对象和Get-AzRoleAssignment输出的每个对象,所有的代码都可以简化为:

Get-AzSubscription | ForEach-Object {
    foreach ($assignment in Get-AzRoleAssignment -Scope "/subscriptions/$($_.Id)") {
        if ($assignment.DisplayName -or $assignment.SignInName) {
            [pscustomobject]@{
                'Subscription'      = $_.Id
                'Subscription_Name' = $_.Name
                'Display Name'      = $assignment.DisplayName
                'SignIn Name'       = $assignment.SignInName
                'Object Type'       = $assignment.ObjectType
                'Object ID'         = $assignment.ObjectId
                'assignment'        = $assignment.RoleDefinitionName
                'RoleDefinition ID' = $assignment.RoleDefinitionId
                'Scope'             = $assignment.Scope
                'Description'       = $assignment.Description
                'CanDelegate'       = $assignment.CanDelegate
            }
        }
    }
} | Export-Csv 'C:\output\Report.csv' -NoTypeInformation

字符串
Get-RoleAssignmentsForSubscription是低效的,不需要,它只会让事情变得更难。

相关问题