-
Notifications
You must be signed in to change notification settings - Fork 15
/
Copy pathTagManagement-AzFunction.ps1
133 lines (120 loc) · 5.41 KB
/
TagManagement-AzFunction.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
<#
.SYNOPSIS
Tag management through an Azure function configured with an Http trigger.
.DESCRIPTION
REQUIRED : Azure function with an Http trigger
REQUIRED : The Azure function is configured with a sytem identity and the privilege to manage the tags within your resource group.
.PARAMETER action
Mandatory
Supported values : inherit_from_rg
.PARAMETER resource_group
Mandatory
Resource group name of the resource you want to get, start or stop
.NOTES
AUTHOR: James Dumont le Douarec
HttpStatusCode Enum: https://docs.microsoft.com/en-us/dotnet/api/system.net.httpstatuscode?view=netframework-4.8
.LINK
https://github.com/JamesDLD/AzureRm-PowerShell
https://docs.microsoft.com/en-us/azure/azure-functions/functions-create-first-function-powershell
https://github.com/sympa18/CheckandApplyTags
.EXAMPLE
1. Inherit all tags of the resource group "apps-jdld-sand1-rg1" to all it's sub resources
curl --header "Content-Type: application/json" --request POST --data '{"action":"inherit_from_rg","resource_group":"apps-jdld-sand1-rg1"}' https://demo-pwsh-azfun1.azurewebsites.net/api/tag?code=<API Token>
#>
using namespace System.Net
# Input bindings are passed in via param block.
param($Request, $TriggerMetadata)
# Write to the Azure Functions log stream.
Write-Output "PowerShell HTTP trigger function processed a request."
# Interact with query parameters or the body of the request.
$body = $Request.Body
$action = $body.action
$resource_group = $body.resource_group
$count=0
# Ensure that the system identity is enable.
if ($env:MSI_SECRET -and (Get-Module -ListAvailable Az.Accounts)) {
Try{
Write-Output "Connecting to Azure using the Azure function MSI."
$body = Connect-AzAccount -Identity -ErrorAction Stop
$status = [HttpStatusCode]::OK
}
Catch {$body = $_.Exception.Message;$status = [HttpStatusCode]::Unauthorized}
if ($action -and $resource_group) {
switch($action){
inherit_from_rg {
Try{
#List all Resources within the Resource Group
$RGTags = (Get-AzResourceGroup -Name $resource_group).Tags
$Resources = Get-AzResource -ResourceGroupName $resource_group -ErrorAction Stop
#For each Resource apply the Tag of the Resource Group
Foreach ($resource in $Resources)
{
$resourceid = $resource.resourceId
$resourcetags = $resource.Tags
If ($null -eq $resourcetags)
{
Write-Output "---------------------------------------------"
Write-Output "NEW - Applying the following Tags to $($resourceid)" $RGTags
Write-Output "---------------------------------------------"
Set-AzResource -ResourceId $resourceid -Tag $RGTagS -Force
$count++
}
Else
{
$TagUpdate=$false
Foreach ($RGTag in $RGTags.GetEnumerator())
{
#Checking if Tags keys of the resource group are all in the resource's tag keys
If ($resourcetags.Keys -inotcontains $RGTag.Key)
{
Write-Output "------------------------------------------------"
Write-Output "Key = $($RGTag.Key) doesn't exist"
$resourcetags.Add($RGTag.Key,$RGTag.Value)
$TagUpdate=$true
}
Else
{
if ($resourcetags.Item($RGTag.Key) -ne $RGTag.Value)
{
Write-Output "------------------------------------------------"
Write-Output "Key = $($RGTag.Key) doesn't have the RG Tag value = $($RGTag.Value), it's value is = $($resourcetags.Item($RGTag.Key))"
$resourcetags.Remove($RGTag.Key)
$resourcetags.Add($RGTag.Key,$RGTag.Value)
$TagUpdate=$true
}
}
}
if($TagUpdate)
{
Write-Output "UPDTATE - Applying the following Tags to $($resourceid)" $resourcetags
Write-Output "---------------------------------------------"
Set-AzResource -ResourceId $resourceid -Tag $resourcetags -Force
$count++
}
}
}
$body = "$count resources have been tagged"
$status = [HttpStatusCode]::OK
}
Catch {$body = $_.Exception.Message;$status = [HttpStatusCode]::Unauthorized}
}
default {
$status = [HttpStatusCode]::BadRequest
$body="Invalid action. Allowed values : inherit_from_rg."
}
}
}
else {
$status = [HttpStatusCode]::BadRequest
$body = "Please pass the following parameters : action, resource_group."
}
}
else {
$status = [HttpStatusCode]::Unauthorized
$body = "Please make that you have enabled the System assigned identity on your Azure function."
}
# Associate values to output bindings by calling 'Push-OutputBinding'.
Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
StatusCode = $status
Body = $body
})