根据我之前的问题here,我有一个可行的解决方案,但它需要一些微调。我注意到的是,一些路由表和 nsg 与 vnet 不在同一资源组上,当
Get-AzNetworkSecurityGroup
和 Get-AzRouteTable
运行时,它们在错误的位置查找,因此出现空白 NSG/路由表信息。
目前,我知道
$subnet_rg
是不正确的,因为它不会返回资源组,我还需要路由表的资源组。
有没有办法删除某些列末尾的尾随逗号?
$report = @()
$subs = Get-AzSubscription
$path = "C:\Users\xxxx\OneDrive - Microsoft\Desktop\test\khan.csv"
foreach ($Sub in $Subs) {
Select-AzSubscription -SubscriptionName $Sub.Name | Out-Null
$vnets = Get-AzVirtualNetwork
foreach ($vnet in $vnets) {
foreach ($subnet in $vnet.Subnets) {
$vnetInfo = [PSCustomObject]@{
SubscriptionName = $Sub.Name
ResourceGroupName = $vnet.ResourceGroupName
VNetName = $vnet.Name
AddressSpace = $vnet.AddressSpace.AddressPrefixes -join ','
SubnetName = $subnet.Name
SubnetAddressSpace = $subnet.AddressPrefix -join ','
NSG = ""
RouteTable = ""
RoutePropagationDisabled = ""
}
$subnet_rg = Get-AzVirtualNetworkSubnetConfig -Name $subnet.Name -VirtualNetwork $vnet
$nsgs = Get-AzNetworkSecurityGroup -ResourceGroupName $subnet_rg
foreach ($nsg in $nsgs) {
$vnetInfo.NSG += $nsg.Name + ","
}
$routetables = Get-AzRouteTable -ResourceGroupName $subnet_rg
foreach ($routetable in $routetables) {
$vnetInfo.RouteTable += $routetable.Name + ","
$vnetInfo.RoutePropagationDisabled += $routetable.DisableBgpRoutePropagation
}
$report += $vnetInfo
}
}
}
# Export to CSV
$report | Export-Csv -Path $path -NoTypeInformation -Encoding ASCII
我注意到一些路由表和 nsg 与 vnet 不在同一资源组中
您可以使用下面更新的脚本,该脚本直接使用
$subnet.NetworkSecurityGroup
和 $subnet.RouteTable
检查关联的 NSG 和路由表。
$report = @()
$subs = Get-AzSubscription
$path = "C:\Users\xxxxx\OneDrive - Microsoft\Desktop\test\khan.csv"
foreach ($Sub in $Subs) {
Select-AzSubscription -SubscriptionName $Sub.Name | Out-Null
$vnets = Get-AzVirtualNetwork
foreach ($vnet in $vnets) {
foreach ($subnet in $vnet.Subnets) {
$vnetInfo = [PSCustomObject]@{
SubscriptionName = $Sub.Name
ResourceGroupName = $vnet.ResourceGroupName
VNetName = $vnet.Name
AddressSpace = $vnet.AddressSpace.AddressPrefixes -join ','
SubnetName = $subnet.Name
SubnetAddressSpace = $subnet.AddressPrefix -join ','
NSG = ""
RouteTable = ""
RoutePropagationDisabled = ""
}
# Check if the subnet has an associated NSG
if ($subnet.NetworkSecurityGroup -ne $null) {
$vnetInfo.NSG = $subnet.NetworkSecurityGroup.Id.Split('/')[-1]
}
# Check if the subnet has an associated route table
if ($subnet.RouteTable -ne $null) {
$vnetInfo.RouteTable = $subnet.RouteTable.Id.Split('/')[-1]
$vnetInfo.RoutePropagationDisabled = $subnet.RouteTable.DisableBgpRoutePropagation
}
$report += $vnetInfo
}
}
}
# Export to CSV
$report
此脚本首先获取用户有权访问的所有 Azure 订阅,然后循环访问每个订阅。对于每个订阅,它选择该订阅并获取所有虚拟网络。对于每个虚拟网络,它循环遍历每个子网并使用上述信息创建一个 PowerShell 自定义对象。如果子网具有关联的 NSG 或路由表,则会将该信息添加到自定义对象中。最后,它将自定义对象添加到数组中。
输出:
SubscriptionName : xxxxx
ResourceGroupName : imran
VNetName : vnet1
AddressSpace : 10.0.0.0/16,172.0.0.0/16
SubnetName : default
SubnetAddressSpace : 10.0.0.0/24
NSG : vm1-nsg
RouteTable :#If routetable not associate with any subnet it show null
RoutePropagationDisabled :
SubscriptionName : xxxxx
ResourceGroupName : imran
VNetName : vnet1
AddressSpace : 10.0.0.0/16,172.0.0.0/16
SubnetName : sub1
SubnetAddressSpace : 172.0.0.0/16
NSG : Khan-NSG
RouteTable : route2
RoutePropagationDisabled : False
因此,在我的资源组中,我有一个带有 2 个子网的 vnet,第一个子网与相同的资源组 NSG (VM1-NSG) 关联,另一个子网与不同的资源组 NSG (khan-NSG) 和另一个资源路由表关联 ( Route2) 如输出所示。