Skip to content

Instantly share code, notes, and snippets.

@heaths

heaths/azure-cli.md

Last active November 14, 2023 20:07
Show Gist options
  • Save heaths/0bbd02cd6e0480e02acc2ef8603d31e4 to your computer and use it in GitHub Desktop.
Save heaths/0bbd02cd6e0480e02acc2ef8603d31e4 to your computer and use it in GitHub Desktop.
Download ZIP
Tips and other useful commands for the Azure CLI
Raw
azure-cli.md

Some useful commands for the Azure CLI. Also check out JMESPath specifications for other functions you can use.

Principals

Get the principal OID for a given client ID in a tenant:

# add `--output tsv` to get the raw value without quotes
az ad sp show --id $id --query objectId

Get the user OID for a given user in a tenant:

# upn is typically your corporate email address
# add `--output tsv` to get the raw value without quotes:
az ad user show --id $upn --query id

Providers

To view information about a single provider namespace like "Microsoft.KeyVault":

az provider show --namespace Microsoft.KeyVault

To view display names of locations of a particular resource provider liked "Microsoft.KeyVault/managedHSMs":

az provider show --namespace Microsoft.KeyVault --query 'sort(resourceTypes[?resourceType==`managedHSMs`].locations[])'

To view resource provider namespaces and their resource types they define:

az provider list --query 'sort_by(@, &namespace)[*].{"namespace": namespace, "resourceTypes": sort(resourceTypes[].resourceType)}'

Provider locations

Combined with PowerShell, you can get the location name required by ARM templates based on the display name shown above:

$hsmLocations = az provider show --namespace Microsoft.KeyVault --query 'sort(resourceTypes[?resourceType==`managedHSMs`].locations[])' | ConvertFrom-Json
$locations = az account list-locations --query 'sort_by(@, &name)[].{name: name, displayName: displayName, geographyGroup: metadata.geographyGroup}' | ConvertFrom-Json | Group-Object displayName -AsHashTable -AsString
$locations[$hsmLocations].name | ConvertTo-Json

Roles

To view a list of role definitions matching a partial name e.g., "Key Vault":

az role definition list --query '[?contains(@.roleName, `Key Vault`)] | sort_by(@, &roleName)'
az role definition list --query '[?contains(@.roleName, `Key Vault`)] | [].{roleName: roleName, name: name} | sort_by(@, &roleName)' -o table

Resources

To view a list of abbreviated resource information sorted by changedTime:

az resource list --resource-type Microsoft.KeyVault/vaults --query 'sort_by(@, &changedTime)[].{name: name, location: location, changedTime: changedTime, resourceGroup: resourceGroup}'

To view soft-deleted Managed HSMs in the default subscription:

az keyvault list-deleted --resource-type hsm --query '[].{name: name, location: properties.location, deleted: properties.deletionDate}'

To view provisioned Managed HSMs in the default subscription:

az keyvault list --resource-type hsm --query '[].{name: name, resourceGroup: resourceGroup, location: location, created: systemData.createdAt}'

Key Vault

...and Managed HSM.

To purge a soft-delete Key Vault or Managed HSM (the latter still costs money in a deleted state):

az keyvault purge --name $keyVaultName
az keyvault purge --hsm-name $hsmName

Subscriptions

To view an abbreviated list of locations:

az account list-locations --query 'sort_by(@, &name)[].{name: name, displayName: displayName, geographyGroup: metadata.geographyGroup}' -o table

To view information for a single location by its displayName returned in provider information:

az account list-locations --query '[?displayName==`West US`] | [0]'

To view the subscription ID and name of subscriptions matching a particular prefix:

az account list --query '[?starts_with(name, `Azure SDK`)] | [].{name: name, id: id} | sort_by(@, &name)'

You can also format the output as a table using either the default columns or your own:

az account list --query 'sort_by(@, &name)' -o table
az account list --query '[].{name: name, id: id} | sort_by(@, &name)' -o tsv | column -ts $'\t'

Clouds

To list domain suffixes for Key Vault and Managed HSMs across clouds:

az cloud list --query '[].{name:name,keyvaultDns:suffixes.keyvaultDns,mhsmDns:suffixes.mhsmDns}' -o table
az cloud list --query '[].{name:name,suffixes:suffixes.{keyvaultDns:keyvaultDns,mhsmDns:mhsmDns}}'

DevOps

Combined with PowerShell, you can get schedules for related service pipelines:

[int[]] $ids = az pipelines list --org https://dev.azure.com/azure-sdk -p internal --name *cognitivelanguage* --query '[].id' | ConvertFrom-Json
$ids += az pipelines list --org https://dev.azure.com/azure-sdk -p internal --name *textanalytics* --query '[].id' | ConvertFrom-Json

$pipelines = @()
foreach ($id in $ids) {
  $pipelines += az pipelines show --org https://dev.azure.com/azure-sdk -p internal --id $id --query '{name: name, schedules: triggers[].schedules[].{startHours: startHours, startMinutes: startMinutes}} | {name: name, hours: schedules[0].startHours, minutes: schedules[0].startMinutes}' | ConvertFrom-Json
}

$pipelines | sort hours, minutes | select name, @{l='time'; e={"{0}:{1}" -f $_.hours, $_.minutes}}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment