Jay Thomas
asked on
Script snippet error perhaps?
I have written a script which includes logging into Azure, looking at the resources within the subscription, and then I want to pull out the resource names of resources that do not have a resource manager 'lock' applied to it. The script only appears to do exactly the opposite, runs without error, producing the text file but only reports just the single locked resource in my subscription, and hence, not the resources without locks. I'm hoping someone can spot an obvious error here?
Thank you for looking:
Login-AzureRmAccount
select-azurermsubscription NameOfAzureSubHere
$rgs = Get-AzureRMResourceGroup
foreach ($rg in $rgs) {$Resourcess = Get-AzureRMResource}
foreach ($rgs in $resources) { if ($rg.Lock -eq $null) { echo $rg.Name, $rg.ResourceType } }
get-azurermresourcelock | out-file -FilePath C:\Temp\unlocked.txt
Thank you for looking:
Login-AzureRmAccount
select-azurermsubscription
$rgs = Get-AzureRMResourceGroup
foreach ($rg in $rgs) {$Resourcess = Get-AzureRMResource}
foreach ($rgs in $resources) { if ($rg.Lock -eq $null) { echo $rg.Name, $rg.ResourceType } }
get-azurermresourcelock | out-file -FilePath C:\Temp\unlocked.txt
Something like this.
Login-AzureRmAccount
select-azurermsubscription NameOfAzureSubHere
$rgs = Get-AzureRMResourceGroup
foreach ($rg in $rgs) {
$Resources = Get-AzureRMResource
foreach ($resource in $resources) {
if ($rg.Lock -eq $null) {
"$($rg.Name), $($rg.ResourceType)" | Add-Content C:\Temp\unlocked.txt
}
}
}
# get-azurermresourcelock | out-file -FilePath C:\Temp\unlocked.txt
ASKER
Hi both and thank you. I appreciate the feedback @ footech, that will help me to understand what I am doing wrong vs just getting the answer.
@ DBAduck- thank you. I just ran the new script and watched the unlocked.txt file size going up and up, so was very hopeful. I only have one resource with a lock on so I should get a list of all other resources if it works. But take a look at what was returned - I get the only resource WITH a lock and then these weird characters that go on down the page, note, I have not copied the entire results as those characters go on a couple of hundread times. . It's as though the $null is being ignored?
Name : oorttest
ResourceId : /subscriptions/*********** ********** **
c2979beb635d/resourceGroup s/OORT/pro viders/Mic rosoft.Net work/virtu alNetworks /OORT/prov id
ers/Microsoft.Authorizatio n/locks/oo rttest
ResourceName : OORT
ResourceType : Microsoft.Network/virtualN etworks
ExtensionResourceName : oorttest
ExtensionResourceType : Microsoft.Authorization/lo cks
ResourceGroupName : OORT
SubscriptionId : ************************** ****
Properties : @{level=ReadOnly; notes=}
LockId : /subscriptions/3772683f-1d 36-4b8b-94 0e-c2979be b635d/reso urceGroups /OORT/prov iders/Micr osoft.Netw ork/virtua lNetworks/ OORT/provi d
ers/Microsoft.Authorizatio n/locks/oo rttest
,
,
,
,
,
,
,
,
,
@ DBAduck- thank you. I just ran the new script and watched the unlocked.txt file size going up and up, so was very hopeful. I only have one resource with a lock on so I should get a list of all other resources if it works. But take a look at what was returned - I get the only resource WITH a lock and then these weird characters that go on down the page, note, I have not copied the entire results as those characters go on a couple of hundread times. . It's as though the $null is being ignored?
Name : oorttest
ResourceId : /subscriptions/***********
c2979beb635d/resourceGroup
ers/Microsoft.Authorizatio
ResourceName : OORT
ResourceType : Microsoft.Network/virtualN
ExtensionResourceName : oorttest
ExtensionResourceType : Microsoft.Authorization/lo
ResourceGroupName : OORT
SubscriptionId : **************************
Properties : @{level=ReadOnly; notes=}
LockId : /subscriptions/3772683f-1d
ers/Microsoft.Authorizatio
,
,
,
,
,
,
,
,
,
I was doing a little research here.
If you have a lock on single resource, I don't think there's any property of the resource that reflects that. The $rg.lock check might work if you locked the resource group, but I don't know.
From what I know, I would suggest just running Get-AzureRmResource to get all resources in a subscription, and comparing that with Get-AzureRmResourceLock.
If you have a lock on single resource, I don't think there's any property of the resource that reflects that. The $rg.lock check might work if you locked the resource group, but I don't know.
From what I know, I would suggest just running Get-AzureRmResource to get all resources in a subscription, and comparing that with Get-AzureRmResourceLock.
Compare-Object -ReferenceObject (Get-AzureRmResource) -DifferenceObject (Get-AzureRmResourceLock) -Property ResourceName -Passthru | Select Name,ResourceType | Export-Csv unlocked.csv -notype
My script may have been flawed. I left the Resource Group $rg.Lock in the mix, it should have been the resource.
Login-AzureRmAccount
select-azurermsubscription NameOfAzureSubHere
$rgs = Get-AzureRMResourceGroup
foreach ($rg in $rgs) {
$Resources = Get-AzureRMResource
foreach ($resource in $resources) {
if ($resource.Lock -eq $null) {
"$($resource.Name), $($resource.ResourceType)" | Add-Content C:\Temp\unlocked.txt
}
}
}
# get-azurermresourcelock | out-file -FilePath C:\Temp\unlocked.txt
ASKER
Thank you both. I'll try these tomorrow. Appreciate your time.
ASKER
Hi both. Tested both options this morning, both produce the same result, they include all resources despite whether a lock is applied or not. I tested this by running the script, producing the results and then locked additional resources these new locked resources still get displayed in the result.
I think footech is right, perhaps there is not property type to lock onto for the script to run. The only think that may suggest other, if I run this: get-azurermresourcelock | out-file -FilePath C:\Temp\unlocked3.txt It produces the only 2 resources with a lock. And if you look at the output below, there is a property called "LockID" shouldn't we be able to use this in our search?
Name : MySub
ResourceId : /subscriptions/*********** ********** ****-c2979 beb635d/re sourceGrou ps/OORT/pr oviders/Mi crosoft.Ne twork/virt ualNetwork s/MySub/pr oviders/Mi crosoft.Au thorizatio n/locks/My Sub
ResourceName : OORT
ResourceType : Microsoft.Network/virtualN etworks
ExtensionResourceName : oorttest
ExtensionResourceType : Microsoft.Authorization/lo cks
ResourceGroupName : OORT
SubscriptionId : ************************** **
Properties : @{level=ReadOnly; notes=}
LockId : /subscr******************* *********
resourceGroups/OORT/provid ers/Micros oft.Networ k/virtualN etworks/OO RT/provide rs/Microso ft.Authori zation/loc ks/MySub
Thanks both for looking.
I think footech is right, perhaps there is not property type to lock onto for the script to run. The only think that may suggest other, if I run this: get-azurermresourcelock | out-file -FilePath C:\Temp\unlocked3.txt It produces the only 2 resources with a lock. And if you look at the output below, there is a property called "LockID" shouldn't we be able to use this in our search?
Name : MySub
ResourceId : /subscriptions/***********
ResourceName : OORT
ResourceType : Microsoft.Network/virtualN
ExtensionResourceName : oorttest
ExtensionResourceType : Microsoft.Authorization/lo
ResourceGroupName : OORT
SubscriptionId : **************************
Properties : @{level=ReadOnly; notes=}
LockId : /subscr*******************
resourceGroups/OORT/provid
Thanks both for looking.
What about using the ResourceName in the loop?
Login-AzureRmAccount
select-azurermsubscription NameOfAzureSubHere
$rgs = Get-AzureRMResourceGroup
foreach ($rg in $rgs) {
$Resources = Get-AzureRMResource
foreach ($resource in $resources) {
if ( (Get-AzureRMResourceLock -ResourceName $resource.Name) -eq $null) {
"$($resource.Name), $($resource.ResourceType)" | Add-Content C:\Temp\unlocked.txt
}
}
}
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Oh! I just retried both snippets and as you say footech, it appears to work :) Let me re-test, make sure i haven't missed anything.
ASKER
Thanks so much and sorry for the late feedback I've been away. Those 2 lines of code worked great for what I was after.
$Resourcess vs. $resources
Your loop foreach ($rg in $rgs) {$Resourcess = Get-AzureRMResource} will overwrite $Resourcess each time.
Later you query $rg.Lock inside a foreach loop where the current variable is $rgs.