Cert scan Azure App Gateway

From UVOO Tech Wiki
Jump to navigation Jump to search

vim .env 

set -a
AZ_SUBSCRIPTION_ID=mysub-id-blah

. .env

cert-scan-agws-be-certs.sh 

#!/bin/bash
set -eu

if [[ "$#" -ne 1 ]]; then
  echo "Usage: $0 <resource group name>"
  echo "Example: $0 my-rgrp"
  exit
fi

rg=$1
agws=($(az network application-gateway list --resource-group $rg --subscription ${AZ_SUBSCRIPTION_ID} --query "[].name" --output tsv))
outfile="backend-hosts.txt"

get_be_targets(){
  echo "" > $outfile
  for agw in "${agws[@]}"; do
    az network application-gateway show-backend-health --name $agw --resource-group $rg --subscription ${AZ_SUBSCRIPTION_ID} --query 'backendAddressPools[].backendHttpSettingsCollection[].servers[].address' --output tsv >> "${outfile}"
  done
  echo "Your hosts are in ${outfile}"
}
# get_be_targets

hosts=$(cat $outfile | sed 's/$textToRemove//g')
cert -f json -skip-verify $hosts |  jq -r '(. | map(leaf_paths) | unique) as $cols | map (. as $row | ($cols | map(. as $col | $row | getpath($col)))) as $rows | ([($cols | map(. | map(tostring) | join(".")))] + $rows) | map(@csv) | .[]' > ${outfile}.csv

echo "Your cert scan results in csv are in ${outfile}.csv"
Retrieved from "https://tech.uvoo.io/index.php?title=Cert_scan_Azure_App_Gateway&oldid=4913"