azverify

command module
v0.0.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 19, 2021 License: MIT Imports: 1 Imported by: 0

README

[Under developing] Azure Resource Verifier with Resource Graph

Table of Contents

About

You can verify if there is a difference between your desired properties and actual with this CLI. This CLI read your desired properties as JSON files, and query to Azure Resource Graph API, then check the difference.

Azure Resource Graph table and resource type reference

Getting Started

Prerequisites
  • Go 1.16 or later (if you will build)
  • Azure Resource Graph permissions
Installing
go install github.com/ToruMakabe/azverify@latest

Or download binary

Usage

Global
  azverify [command]

Available Commands:
  help        Help about any command
  match       Matching check the difference between desired and actual
  version     Display the version

Flags:
      --cert-password string     cert file password
      --cert-path string         PKCS12 (.pfx) cert file path
      --client-id string         Azure AD service principal App ID
      --client-secret string     Azure AD service principal App secret
      --config string            config file path (default "$HOME/.azverify/config.toml")
      --env-prefix string        env prefix (default "AZV")
      --environment string       Azure environment ([public]/usgovernment/german/china)
  -h, --help                     help for azverify
      --log-level string         log level (DEBUG/[INFO]/ERROR)
      --subscription-id string   Azure subscription ID
      --tenant-id string         Azure AD tenant ID
Config options and the evaluation order

Each item takes precedence over the item below it.

  • flag
  • env. var
    • default prefix is "AZV_". e.g. AZV_TENANT_ID
  • config file
Auth methods and the evaluation order

It is determined by elements set with flags, env variables and config file.

  • Service Principal Client Certificate
    • tenant-id, subscription-id, cert-path, cert-password
  • Service Principal Client Secret
    • tenant-id, subscription-id, client-id, client-secret
  • Managed Identiy
    • --use-msi flag in subcommand
  • Azure CLI token
    • just run without auth options on the machine has valid Azure CLI token
subcommand [match]
  azverify match [flags]

Flags:
  -f, --file string   path(glob) of the file(s) where the desired resources are written
  -h, --help          help for match
      --use-msi       flag for using Managed Identity to auth (defalut: false)

You have to prepare your "desired" resources as JSON(array) file. "id" is mandatry to identify target resource, but do not have to describe all keys/values. You can write only keys/values you want to verify. Sample is in testdata.

Then, run match command.

azverify match -f ./desired.json

If the result of matching desired resources against to the actual returns from Resource Graph API is SupersetMatch or FullMatch, result of the match command will be successful. On the other hand, if there was any other matching result, exits with status code 1. If all matching(s) was successful, exit code is 0.

Limitations

  • Currently do not have a subcommand to generate template of desired resource by resource types. Investigating the feasibility.

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.