diff --git a/scripts/README.md b/scripts/README.md index 33775b37..639a4850 100644 --- a/scripts/README.md +++ b/scripts/README.md @@ -18,8 +18,7 @@ The script [checklist_graph.sh](./checklist_graph.sh) can do the automated graph You can download the script in any environment that supports Azure CLI, such as the [Azure Cloud Shell](https://shell.azure.com). In order to download the script and prepare it for execution you can run this command: ```Shell -wget –quiet –output-document ./checklist_graph.sh https://raw.githubusercontent.com/Azure/review-checklists/main/scripts/checklist_graph.sh -chmod +xr ./checklist_graph.sh +wget https://raw.githubusercontent.com/Azure/review-checklists/main/scripts/checklist_graph.sh -–quiet --output-document ./checklist_graph.sh && chmod +xr ./checklist_graph.sh ``` ### Basic usage @@ -27,7 +26,7 @@ chmod +xr ./checklist_graph.sh You can run the script to produce a JSON-formatted output of all the checklist items with documented Azure Resource Graph queries. For example, to run the Azure Resource Graph queries for the AKS checklist: ```Shell -./checklist_graph.sh --technology=aks --format=json > ./graph_results.json +./checklist_graph.sh --checklist=aks --format=json > ./graph_results.json ``` The previous command will generate a JSON file `./graph_results.json`. You can go now to your Excel spreadsheet. Make sure you have loaded up the corresponding checklist already (AKS in this example), and use the Advanced command "Import Graph Results" to import this file into the spreadsheet: @@ -45,7 +44,7 @@ The following sections will show more advanced usage of the script. You can run the script to find out which checklists are available. Note that not all checklists will contain Azure Resource Graph queries: ``` -./checklist_graph.sh --list-technologies +./checklist_graph.sh --list-checklists ``` ### Listing the existing categories in a checklist @@ -53,7 +52,7 @@ You can run the script to find out which checklists are available. Note that not You can run the script as well to generate a more human-readable output. For example, run this in order to execute analysis scoped to a single category. Command: ``` -./checklist_graph.sh --techonology=aks --list-categories +./checklist_graph.sh --checklist=aks --list-categories ``` Output: @@ -73,7 +72,7 @@ Output: This example shows how to run this for analysis on all categories in a single subscription. The output can be copy/pasted to the Excel spreadsheet (category by category). Command: ``` -./checklist_graph.sh --technology=aks --format=text +./checklist_graph.sh --checklist=aks --format=text ``` Output (truncated for brevity). Note that the resources are formatted with the syntax `/`: @@ -93,7 +92,7 @@ CHECKLIST ITEM: Use managed identities instead of Service Principals: All previous commands can be scoped to a management group, instead of to a single subscription by using the `--management-group` flag, to specify a management group name (make sure to specify the **name** and not the **display name** of the management group). Example: ``` -./checklist_graph.sh --technology=aks --category=1 --management-group=mymgmtgroup +./checklist_graph.sh --checklist=aks --category=1 --management-group=mymgmtgroup ``` The output is the same as the previous examples, depending on which flags are used. @@ -103,7 +102,7 @@ The output is the same as the previous examples, depending on which flags are us To troubleshoot the execution of the `checklist_graph.sh` script you can run the command: ``` -./checklist_graph.sh --technology=aks --format=json --debug +./checklist_graph.sh --checklist=aks --format=json --debug ``` and check the debug messages being written in the Azure Cloud Shell console diff --git a/scripts/checklist_graph.sh b/scripts/checklist_graph.sh index deecd3ee..05865b87 100644 --- a/scripts/checklist_graph.sh +++ b/scripts/checklist_graph.sh @@ -17,10 +17,10 @@ # -d/--debug: increase verbosity # # Example: -# ./checklist_graph.sh --list-technologies -# ./checklist_graph.sh --technology=aks --list-categories -# ./checklist_graph.sh --technology=aks --category=0 --format=text -# ./checklist_graph.sh --technology=aks --format=json >graph_results.json +# ./checklist_graph.sh --list-checklists +# ./checklist_graph.sh --checklist=aks --list-categories +# ./checklist_graph.sh --checklist=aks --category=0 --format=text +# ./checklist_graph.sh --checklist=aks --format=json >graph_results.json # # Jose Moreno, October 2021 ################################################################################################### @@ -57,7 +57,7 @@ do base_url="${i#*=}" shift # past argument=value ;; - -t=*|--technology=*) + -t=*|--technology=*|--checklist=*) technology="${i#*=}" shift # past argument=value ;; @@ -65,7 +65,7 @@ do list_categories="yes" shift # past argument with no value ;; - -t*|--list-technologies*) + -t*|--list-technologies*|--list-checklists*) list_technologies="yes" shift # past argument with no value ;; @@ -109,10 +109,10 @@ if [[ "$help" == "yes" ]] then script_name="$0" echo "Please run this script as: - $script_name [--list-technologies] [--base-url=] [--debug] - $script_name [--list-categories] [--base-url=] [--technology=] [--debug] - $script_name [--technology=] [--category=] [--format=json|text] [--management-group=] [--base-url=] [--debug] - $script_name [--technology=] [--category=] [--file=] [--format=json|text] [--management-group=] [--base-url=] [--debug]" + $script_name [--list-checklists] [--base-url=] [--debug] + $script_name [--list-categories] [--base-url=] [--checklist=] [--debug] + $script_name [--checklist=] [--category=] [--format=json|text] [--management-group=] [--base-url=] [--debug] + $script_name [--checklist=] [--category=] [--file=] [--format=json|text] [--management-group=] [--base-url=] [--debug]" exit fi