-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathapim-direct-management-api-statistics.sh
More file actions
269 lines (215 loc) · 10 KB
/
apim-direct-management-api-statistics.sh
File metadata and controls
269 lines (215 loc) · 10 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
#!/bin/sh
# Azure CLI script to log into an Azure tenant, loop over all of its subscriptions to search for API Management instances,
# then check which one have the Direct Management API enabled as it is end-of-life March 2025.
# *********************************************
# * CONFIGURATION *
# *********************************************
# Hard-code a test subscription, if you wish.
HARDCODED_SUBSCRIPTION="<your-subscription-id>"
# Default login behavior - will be modified by command line args
# SKIP_LOGIN set to 0 prompts for login; set to 1 skips the login prompt and attempt to use the logged-in Azure tenant. You do not need to pass a tenant ID then.
SKIP_LOGIN=0
TENANT_ID=""
# *********************************************
# * Command Line Argument Parser *
# *********************************************
display_help() {
echo -e "\nAzure API Management Direct Management API Statistics"
echo -e "=====================================================\n"
echo "This script helps identify API Management instances with Direct Management API enabled."
echo -e "\nUsage:"
echo " $0 -t <tenant-id> - Logs into specific Azure tenant and checks all subscriptions"
echo " $0 -sl - Skips login and uses the current Azure CLI session's Azure tenant"
echo -e "\nExamples:"
echo " $0 -t 12345678-1234-1234-1234-123456789012"
}
# Parse command-line arguments
if [ "$#" -eq 0 ]; then
display_help
exit 0
fi
while [ "$#" -gt 0 ]; do
case "$1" in
-t)
if [ -z "$2" ]; then
echo "Error: Azure Tenant ID is required with -t option."
display_help
exit 1
fi
TENANT_ID=$2
shift 2
;;
-sl)
SKIP_LOGIN=1
shift
;;
*)
echo "Error: Unknown option $1"
display_help
exit 1
;;
esac
done
# *********************************************
# * Startup & Prerequisite Checks & Login *
# *********************************************
echo -e "\nAzure API Management Direct Management API Statistics"
echo -e "=====================================================\n"
# Check if Azure CLI is installed
if ! command -v az &> /dev/null; then
echo "Error: Azure CLI is not installed. Please install it first."
echo "Visit: https://docs.microsoft.com/en-us/cli/azure/install-azure-cli"
exit 1
fi
if [ "$SKIP_LOGIN" -eq 0 ]; then
# Log into Azure with the provided Azure tenant ID
# Check if Azure tenant ID is provided
if [ -z "$TENANT_ID" ]; then
echo -e "Error: No tenant ID provided. Use -t option to specify a tenant ID."
display_help
exit 1
fi
# Check if the Azure tenant ID is an all-zero GUID or not in proper GUID format
if [ "$TENANT_ID" = "00000000-0000-0000-0000-000000000000" ] || \
! echo "$TENANT_ID" | grep -Eq '^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$'; then
echo "Error: $TENANT_ID is not a valid tenant GUID."
exit 1
fi
# Log in with the Azure tenant ID
echo -e "Logging into Azure tenant $TENANT_ID...\n"
az login --tenant "$TENANT_ID"
if [ $? -ne 0 ]; then
echo "Error: Failed to log into Azure. Please check your credentials and try again."
exit 1
fi
echo -e "Successfully logged into Azure.\n"
elif [ "$SKIP_LOGIN" -eq 1 ]; then
TENANT_ID=$(az account show --query tenantId -o tsv)
echo -e "Using current tenant ID $TENANT_ID\n"
else
echo "Invalid value for SKIP_LOGIN. Please set it to 0 or 1."
exit 1
fi
# *********************************************
# * Obtaining subscriptions to check *
# *********************************************
# Check if HARDCODED_SUBSCRIPTION has a real value (not empty and not the placeholder)
if [[ -n "$HARDCODED_SUBSCRIPTION" && "$HARDCODED_SUBSCRIPTION" != "<your-subscription-id>" ]]; then
echo -e "Using hard-coded subscription ID $HARDCODED_SUBSCRIPTION\n"
SUBSCRIPTIONS="$HARDCODED_SUBSCRIPTION"
else
# Get all subscriptions
SUBSCRIPTIONS=$(az account list --query '[].id' -o tsv)
if [ $? -ne 0 ]; then
echo "Error: Failed to retrieve subscriptions."
exit 1
fi
echo -e "Found $(echo "$SUBSCRIPTIONS" | wc -l) subscription(s) in tenant.\n"
fi
# *********************************************
# * Checking APIM in subscriptions *
# *********************************************
# Search for API Management instances across all subscriptions
echo -e "Searching for API Management instances across all subscriptions:"
# Count total subscriptions
TOTAL_SUBS=$(echo "$SUBSCRIPTIONS" | wc -l)
CURRENT_SUB=0
FIRST_ENTRY=true
# Initialize JSON array for results
JSON_RESULTS="["
for SUB in $SUBSCRIPTIONS; do
# Increment counter
CURRENT_SUB=$((CURRENT_SUB + 1))
# Trim any whitespace or control characters from the subscription ID
SUB=$(echo "$SUB" | tr -d '\r\n')
echo -e "\n$CURRENT_SUB/$TOTAL_SUBS: Checking subscription: $SUB"
# Set context to current subscription and check if successful
if ! az account set --subscription "$SUB" > /dev/null 2>&1; then
echo -e "\tYou may not have access to this subscription. Skipping."
continue
fi
# First check if there are any APIM instances in this subscription
INSTANCE_COUNT=$(az apim list --subscription "$SUB" --query "length(@)" -o tsv 2>/dev/null || echo "0")
if [ "$INSTANCE_COUNT" -gt 0 ]; then
echo -e "\tFound $INSTANCE_COUNT API Management instance(s).\n"
# Get all APIM instances with details
APIM_INSTANCES=$(az apim list --subscription "$SUB" --query "[].{name:name, resourceGroup:resourceGroup, location:location, sku:sku.name}" -o tsv 2>/dev/null)
# Process and display in table format
while IFS=$'\t' read -r name resourceGroup location sku; do
if [ -n "$name" ]; then
echo -e "\tGetting tenant access information for API Management instance $name in resource group $resourceGroup..."
# Check if we have a V2 SKU as the Direct Management API does not apply there.
if [[ "$sku" == *"V2"* ]]; then
# For V2 SKUs, tenant access is not applicable
ENABLED="Not Applicable"
echo -e "\t\tSKU is V2. Tenant access is not applicable."
else
# For V1 SKUs, check tenant access status
# Call REST API using az rest and capture JSON output
TENANT_ACCESS=$(az rest --method GET \
--uri "https://management.azure.com/subscriptions/$SUB/resourceGroups/$resourceGroup/providers/Microsoft.ApiManagement/service/$name/tenant/access?api-version=2022-08-01" \
--output json 2>/dev/null)
# Check if the REST call was successful
REST_STATUS=$?
if [ $REST_STATUS -eq 0 ] && [ -n "$TENANT_ACCESS" ]; then
# Extract the enabled status - grab text after "enabled": and before comma or }
ENABLED=$(echo "$TENANT_ACCESS" | grep -o '"enabled": *[^,}]*' | awk -F': ' '{print $2}' | tr -d ' "')
echo -e "\t\tTenant access enabled: $ENABLED"
else
ENABLED="UNKNOWN"
fi
fi
# Add comma for JSON array elements except for first element
if [ "$FIRST_ENTRY" = true ]; then
FIRST_ENTRY=false
else
JSON_RESULTS+=","
fi
# Add this instance to the JSON array
JSON_RESULTS+=$(printf '\n {"subscription":"%s","resourceGroup":"%s","name":"%s","location":"%s","sku":"%s","enabled":"%s"}' \
"$SUB" "$resourceGroup" "$name" "$location" "$sku" "$ENABLED")
fi
done <<< "$APIM_INSTANCES"
else
echo -e "\tNo API Management instances found."
fi
done
# Close JSON array
JSON_RESULTS+="\n]"
# *********************************************
# * Display Results *
# *********************************************
echo -e "\n\n"
# Print headers
printf "%-36s | %-45s | %-45s | %-20s | %-12s | %-15s\n" \
"Subscription ID" "Resource Group" "API Management Name" "Location" "SKU" "Enabled"
# Print separator line
printf "%s\n" "$(printf '=%.0s' {1..187})"
# Process each JSON object
echo "$JSON_RESULTS" | grep -o '{[^}]*}' | while read -r line; do
SUB=$(echo "$line" | grep -o '"subscription":"[^"]*"' | cut -d'"' -f4)
RG=$(echo "$line" | grep -o '"resourceGroup":"[^"]*"' | cut -d'"' -f4)
NAME=$(echo "$line" | grep -o '"name":"[^"]*"' | cut -d'"' -f4)
LOC=$(echo "$line" | grep -o '"location":"[^"]*"' | cut -d'"' -f4)
SKU=$(echo "$line" | grep -o '"sku":"[^"]*"' | cut -d'"' -f4)
ENABLED=$(echo "$line" | grep -o '"enabled":"[^"]*"' | cut -d'"' -f4)
printf "%-36s | %-45s | %-45s | %-20s | %-12s | %-15s\n" \
"$SUB" "$RG" "$NAME" "$LOC" "$SKU" "$ENABLED"
done
# Count results by enabled status
TOTAL_COUNT=$(echo -e "$JSON_RESULTS" | grep -c "name")
ENABLED_COUNT=$(echo -e "$JSON_RESULTS" | grep -c '"enabled":"true"')
DISABLED_COUNT=$(echo -e "$JSON_RESULTS" | grep -c '"enabled":"false"')
NA_COUNT=$(echo -e "$JSON_RESULTS" | grep -c '"enabled":"Not Applicable"')
UNKNOWN_COUNT=$(echo -e "$JSON_RESULTS" | grep -c '"enabled":"UNKNOWN"')
echo -e "\n"
echo "Total API Management instances : $TOTAL_COUNT"
echo "-----------------------------------"
echo "Enabled : $ENABLED_COUNT <-- Update any tooling using the enabled Direct Management API!"
echo "Disabled : $DISABLED_COUNT"
echo "Not Applicable : $NA_COUNT"
# There shouldn't be any unknowns, so we don't want to add noise to signal if the count is zero.
if [ "$UNKNOWN_COUNT" -gt 0 ]; then
echo "Unknown : $UNKNOWN_COUNT"
fi
echo -e "\nDone."