通过遵循堆栈溢出答案,我们可以成功找到密钥保管库中过期的机密,并将到期日期延长至未来两年。正如答案中给出的,它循环遍历秘密并过滤过期的秘密,我们还尝试进一步查找并首先循环遍历给定订阅中的所有密钥保管库,然后按照脚本给出的方式循环每个密钥保管库秘密,但其破坏脚本和天蓝色管道语法结构。
循环密钥保管库失败
inlineScript: |
#Azure Key Vault details
keyvaults=$(az keyvault list --query "[].{Name:name}")
echo "keyvaults are as below $keyvaults"
#Iterate through the kvs
for row in $(echo "${keyvaults}" | jq -c '.[]'); do
keyVaultName=$(echo "$row" | jq -r '.Name')
done
#Get the current date in UTC
currentDate=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
echo "currentDate is $currentDate".....
.................<As same as given in the same accepted answer>.......................
您可以使用下面的bash脚本(稍微修改了您的代码和参考代码),这对我有用,我遵循了SO-Thread:
rith_keyvaults=$(az keyvault list --query "[].{Name:name}")
for rith_row in $(echo "${rith_keyvaults}" | jq -c '.[]'); do
rith_keyVaultName=$(echo "$rith_row" | jq -r '.Name')
currentDate=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
rith_secrets=$(az keyvault secret list --vault-name $rith_keyVaultName --query "[].{Name:name, Expires:attributes.expires}")
for secret_row in $(echo "${rith_secrets}" | jq -c '.[]'); do
secretName=$(echo "$secret_row" | jq -r '.Name')
expirationDate=$(echo "$secret_row" | jq -r '.Expires')
if [ "$(date -u +"%s")" -gt "$(date -u -d "$expirationDate" +"%s")" ]; then
echo "Output-------------------------------------"
echo "Expired: Secret $secretName has already expired on $expirationDate."
else
remainingDays=$(( ($(date -u -d "$expirationDate" +"%s") - $(date -u -d "$currentDate" +"%s")) / 86400 ))
if [ $remainingDays -lt 60 ]; then
echo "About to Expire in 60 days : Secret $secretName is about to expire in $remainingDays days. Expiration Date: $expirationDate"
echo "Triggering Azure DevOps release pipeline..."
else
echo "Not Expiring Soon: Secret $secretName is not expiring in 60 days. It's about to expire in $remainingDays days. Expiration Date: $expirationDate"
fi
fi
done
done
Output: