Issue
Code backup
This commit is contained in:
@@ -0,0 +1,121 @@
|
||||
##########################
|
||||
# Writer: Claudio Boggian
|
||||
# Company: PAL s.r.l.
|
||||
#-------------------------
|
||||
# Date: 2024/02/20
|
||||
# v: 1.0
|
||||
# Reason: Emission
|
||||
#-------------------------
|
||||
##########################
|
||||
|
||||
Param(
|
||||
[string] $ApplicationId = "",
|
||||
[string] $Secured = "",
|
||||
[string] $tenantID = "",
|
||||
[Int64] $warn = 30,
|
||||
[Int64] $crit = 15
|
||||
)
|
||||
|
||||
if ("" -eq $ApplicationId){
|
||||
Write-Host "First param - ApplicationId not set" -ForegroundColor red
|
||||
exit (2)
|
||||
} elseif ("" -eq $Secured){
|
||||
Write-Host "Second param - SecuredId not set" -ForegroundColor red
|
||||
exit (2)
|
||||
} elseif ("" -eq $TenantID){
|
||||
Write-Host "Third param - TenantID not set" -ForegroundColor red
|
||||
exit (2)
|
||||
}
|
||||
|
||||
$ExitCode = 0
|
||||
|
||||
$SecuredPasswordPassword = ConvertTo-SecureString -String $Secured -AsPlainText -Force
|
||||
$ClientSecretCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $ApplicationId, $SecuredPasswordPassword
|
||||
|
||||
Connect-MgGraph -TenantId $tenantID -ClientSecretCredential $ClientSecretCredential -NoWelcome
|
||||
|
||||
$Applications = Get-MgApplication -all
|
||||
$Logs = @()
|
||||
$ExpiredSecrets = @()
|
||||
$Res = @()
|
||||
|
||||
foreach ($App in $Applications) {
|
||||
$AppName = $App.DisplayName
|
||||
$AppID = $App.Id
|
||||
$ApplID = $App.AppId
|
||||
|
||||
if ($null -eq $AppID) { continue }
|
||||
$AppCreds = Get-MgApplication -ApplicationId $AppID | Select-Object PasswordCredentials, KeyCredentials
|
||||
|
||||
$Secrets = $AppCreds.PasswordCredentials
|
||||
|
||||
foreach ($Secret in $Secrets) {
|
||||
$StartDate = $Secret.StartDateTime
|
||||
$EndDate = $Secret.EndDateTime
|
||||
$SecretName = $Secret.DisplayName
|
||||
$RemainingDaysCount = ($EndDate - (Get-Date)).Days
|
||||
|
||||
if($RemainingDaysCount -le $warn -and $RemainingDaysCount -ge 0){
|
||||
$Logs += [PSCustomObject]@{
|
||||
ApplicationName = $AppName
|
||||
ApplicationID = $ApplID
|
||||
SecretName = $SecretName
|
||||
SecretStartDate = $StartDate
|
||||
SecretEndDate = ($EndDate).ToString("dd/MM/yyyy")
|
||||
RemainingDaysCount = $RemainingDaysCount
|
||||
}
|
||||
} elseif ($null -ne $EndDate -and $RemainingDaysCount -lt -1) {
|
||||
$ExpiredSecrets += [PSCustomObject]@{
|
||||
ApplicationName = $AppName
|
||||
EndDate = ($EndDate).ToString("dd/MM/yyyy")
|
||||
ApplicationID = $ApplID
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($Logs.Length -gt 0) {
|
||||
Write-Host 'WARN!' $Logs.Length ' Secret need attention!'
|
||||
} else {
|
||||
Write-Host 'OK! All secret are in range'
|
||||
}
|
||||
|
||||
if ($ExpiredSecrets.Length -gt 0) {
|
||||
Write-Host $ExpiredSecrets.Length ' Secret expired!'
|
||||
Write-Host ''
|
||||
Write-Host 'Expired:'
|
||||
$ExpiredSecrets | Sort-Object -Property 'ApplicationName' | Format-Table
|
||||
}
|
||||
|
||||
if ($Logs.Length -gt 0) {
|
||||
Write-Host 'Expiring:'
|
||||
Write-Host ''
|
||||
}
|
||||
|
||||
foreach ($GLog in $Logs | Sort-Object -Property 'ApplicationName' | Group-Object -Property 'ApplicationName'){
|
||||
|
||||
Write-Host '/!\' $GLog.Name -ForegroundColor yellow
|
||||
|
||||
foreach ($Log in $GLog.Group){
|
||||
if ($null -ne $Log.SecretEndDate){
|
||||
|
||||
if ($Log.RemainingDaysCount -cle $crit) {
|
||||
$ExitCode = 2
|
||||
} elseif($Log.RemainingDaysCount -cle $warn){
|
||||
if($ExitCode -ne 2){
|
||||
$ExitCode = 1
|
||||
}
|
||||
}
|
||||
|
||||
$Res = [PSCustomObject]@{
|
||||
DaysLeft = $Log.RemainingDaysCount
|
||||
SecretName = $Log.SecretName
|
||||
EndDate = $Log.SecretEndDate
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$Res | Format-Table
|
||||
}
|
||||
|
||||
exit ($ExitCode)
|
||||
Reference in New Issue
Block a user