amandadebler · February 13, 2019 07:39
diff --git a/CVE-2019-5736-hotfix.ps1 b/CVE-2019-5736-hotfix.ps1
 # works with both Get-AzAks cluster object and az aks list | ConvertFrom-Json PSCustomObjects
 function Get-AKSHotfixVersion {
    param($AKSCluster)
    $hotfixVersions = @{'12'='1.12.5'; '11'='1.11.7'; '10'='1.10.12'; '9'='1.9.11'}
    foreach ($cluster in $AKSCluster) {
        $currentVersion = $cluster.KubernetesVersion
        [string]$majorRelease = $currentVersion.split('.')[1]
        $hotfixVersion = $hotfixVersions.$majorRelease
        $hotfixVersion
    }
 }

 $mySubscriptions = $(az account list --query [].id -o tsv)
 foreach ($subscription in $mySubscriptions) {
    $clusters = $(az aks list --subscription $subscription) | ConvertFrom-Json
    foreach ($cluster in $clusters) {
        $targetVersion = Get-AKSHotfixVersion -AKSCluster $cluster
        az aks upgrade --resource-group $($cluster.resourceGroup) --name $($cluster.name) --kubernetes-version $targetVersion --subscription $subscription --no-wait --yes
    }
 }
	# works with both Get-AzAks cluster object and az aks list \| ConvertFrom-Json PSCustomObjects
	function Get-AKSHotfixVersion {
	param($AKSCluster)
	$hotfixVersions = @{'12'='1.12.5'; '11'='1.11.7'; '10'='1.10.12'; '9'='1.9.11'}
	foreach ($cluster in $AKSCluster) {
	$currentVersion = $cluster.KubernetesVersion
	[string]$majorRelease = $currentVersion.split('.')[1]
	$hotfixVersion = $hotfixVersions.$majorRelease
	$hotfixVersion
	}
	}

	$mySubscriptions = $(az account list --query [].id -o tsv)
	foreach ($subscription in $mySubscriptions) {
	$clusters = $(az aks list --subscription $subscription) \| ConvertFrom-Json
	foreach ($cluster in $clusters) {
	$targetVersion = Get-AKSHotfixVersion -AKSCluster $cluster
	az aks upgrade --resource-group $($cluster.resourceGroup) --name $($cluster.name) --kubernetes-version $targetVersion --subscription $subscription --no-wait --yes
	}
	}