Skip to content

Commit 7d82b9d

Browse files
authored
Merge pull request #4 from martijnvdp/update
fix duplicate search result
2 parents 3d62037 + 1d0f3f1 commit 7d82b9d

1 file changed

Lines changed: 24 additions & 20 deletions

File tree

runbooks/az_aa_client_secret_rotation.ps1

Lines changed: 24 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -2,20 +2,19 @@ param
22
(
33
[Parameter (Mandatory = $false)]
44
[object] $WebhookData,
5-
$clientSecretDisplayName = "created_by_az_aa_client_secret_rotation",
6-
$deleteClientSecret,
5+
[string]$clientSecretDisplayName = "created_by_az_aa_client_secret_rotation",
6+
[string]$deleteClientSecret,
77
[int]$keepExistingClientSecrets = 1,
8-
$eventType = "manual",
9-
$secretName,
10-
$vaultName
8+
[string]$eventType = "manual",
9+
[string]$secretName,
10+
[string]$vaultName
1111
)
1212

13-
1413
function remove-passwordCredentials {
1514
param
1615
(
17-
$appID,
18-
$passwordCredentials,
16+
[string]$appID,
17+
[string]$passwordCredentials,
1918
[int]$keepExistingClientSecrets = 1
2019
)
2120

@@ -32,11 +31,11 @@ function remove-passwordCredentials {
3231

3332
function set-password {
3433
param (
35-
$appID,
36-
$clientSecretDisplayName,
34+
[string]$appID,
35+
[string]$clientSecretDisplayName,
3736
[int]$expirationInDays,
38-
$secretName,
39-
$vaultName
37+
[string]$secretName,
38+
[string]$vaultName
4039
)
4140

4241
$Expires = (Get-Date).AddDays($expirationInDays)
@@ -55,16 +54,16 @@ function set-password {
5554

5655
function get-daysLeft {
5756
param (
58-
$endDateTime
57+
[datetime]$endDateTime
5958
)
6059
return ($endDateTime - (Get-Date)).Days
6160
}
6261

6362
function add-ipToKeyvaultRule {
6463
param (
65-
$pubIpSource = "ipinfo.io/ip",
66-
$resourceGroupName,
67-
$vaultName
64+
[string]$pubIpSource = "ipinfo.io/ip",
65+
[string]$resourceGroupName,
66+
[string]$vaultName
6867
)
6968

7069
$ipAddress = (Invoke-WebRequest -uri $PubIPSource -UseBasicParsing).content.TrimEnd()
@@ -79,9 +78,9 @@ function add-ipToKeyvaultRule {
7978

8079
function remove-ipFromKeyVaultRule {
8180
param (
82-
$ipAddress,
83-
$resourceGroupName,
84-
$vaultName
81+
[string]$ipAddress,
82+
[string]$resourceGroupName,
83+
[string]$vaultName
8584
)
8685

8786
if ($ipAddress) {
@@ -159,7 +158,12 @@ if ($eventType -match "Microsoft.KeyVault.SecretExpired|Microsoft.KeyVault.Secre
159158
if ($secret.tags["az_aa_client_secret_rotation.expiration_in_days"]) { $expirationInDays = $secret.tags["az_aa_client_secret_rotation.expiration_in_days"] }
160159
if ($secret.tags["az_aa_client_secret_rotation.client_secret_display_name"]) { $clientSecretDisplayName = $secret.tags["az_aa_client_secret_rotation.client_secret_display_name"] }
161160
Write-Output "[info] Processing: $($secret.name) for application: $appName"
162-
$app = Get-MgApplication -Search "DisplayName:$appName" -ConsistencyLevel "eventual"
161+
$app = Get-MgApplication -filter "displayName eq '$($appName)'"
162+
163+
if ( $($app | measure-object).count -ge 2) {
164+
Write-Error "[error] Application: more than one app found with displayName $appName for $($secret.name)"
165+
return
166+
}
163167

164168
if (!$app.Id ) {
165169
Write-Error "[error] Application: $appName not found for $($secret.name)"

0 commit comments

Comments
 (0)