Monday, October 14, 2019

Az DevOps CLI - Fetch all Pull Requests assigned to a user

I wrote a sample PowerShell code snippet to crawl across all opened Pull requests in multiple repositories inside an Azure DevOps project and list the ones out where myself or the team/group I am part of assigned as a reviewer.

End result is this:

Wednesday, October 09, 2019

Az DevOps CLI : Query Release(s) definition for a Task status

Someone, asked me at work if I could generate a list of Release pipelines definitions which did not have a specific task (AzSK SVT task) missing or disabled.

This was more for an internal audit purpose and can definitely be built upon.

I recently read that Az CLI got an extension support for Az DevOps.
Please read on the GitHub repository on how to install this extension for Az CLI.

Time to put this to try.

Below gist describes the steps I used in pwsh (PowerShell Core) with Az CLI & DevOps extension installed.

The above script should be self explanatory (read the comments). Please leave a comment if you have any queries.

Friday, May 17, 2019

Azure + GoLang SDK : Authenticating Part-2

The auth package lives at ""
In the above package, at the moment I have explored below two functions (my notes):

This function definition looks like below :

Tuesday, May 07, 2019

Az.ResourceGraph - Search across all Subscriptions

Azure Resource Graph is an amazing tool in the belt of Az Ops team. It allows to quickly search across all your subscriptions (does it?).

Started using Az Resource graph with that pretext that the queries I ran will be run against all the subscriptions I have read access to, Yes it will but there is a catch here!

I mostly use Az.ResourceGraph PowerShell module (Why? another post)

Found the solution by digging into the source code for the Search-AzGraph cmdlet, if the subscriptions are not specified explicitly then the cmdlet uses a method named GetSubscriptions()

Below is a snippet of the method def:

The catch is that if no subscriptions are supplied it defaults to subscriptions in the default context. I am not really sure but some of the subscriptions which I can see when running Get-AzSubscription were missing when I ran the below:


So, the trick is to set the PSDefaultParameterValues for the Search-AzGraph cmdlet to include all the subscriptions you have access to. I have this set in my Profile

Wednesday, March 06, 2019

Azure + GoLang SDK : Authenticating Part-1

My personal notes on how to authenticate to Azure in the GoLang code. 

The auth package lives at ""
In the above package, at the moment I have explored below two functions:

  • NewAuthorizerFromFile method
  • NewAuthorizerFromEnvironment method

Tuesday, March 27, 2018

Python : Exploring Objects similar to PowerShell

To be fair Python's REPL mode allows you to explore objects pretty easy. But since PowerShell has been my first language, I often tend to crib for similar experience.

P.S. - I do know that PowerShell language specs picked up quite many things from Python. Also, Python is my goto language on Linux platform as well.

So back to cribbing, I tend to miss most the exploring aspects of  PowerShell e.g. Get-Member and Format-* cmdlets until one day I sat down and wrote few functions in Python to give me a similar experience.

Sunday, November 05, 2017

Notes on Azure + PowerShell + Account SAS

Well, below are my notes on using account Shared access signatures in Azure using Azure PowerShell modules.


Let's get the basics out of the way first.

A shared access signature is a way to delegate access to resources in a storage account, without sharing the storage account keys.

SAS gives us granular control over the delegated access by :
  • Specifying the start and expiry time.
  • Specifying the permissions granted e.g Read/Write/Delete
  • Specifying the Source IP address where the requests will originate from.
  • Specifying the protocol to be used e.g HTTP/HTTPS.

Thursday, September 14, 2017

Infrastructure/Ops validation : PnP device running a supported driver version?


We have had this problem statement at hand which requires the field engineer to validate that any engineered solution, when deployed at a customer site, is running the supported versions of the firmware and driver.


Well, we already have Pester tests written and placed inside a validation kit which tests whether a deployment is as per the practices outlined in our deployment guide.
So this was only natural to add the driver version validation under this kit (firmware validation in the future release).

We use Pester (PowerShell unit testing framework) for the Infrastructure/Ops validation and PSRemotely to target all the nodes in our solution for these tests. So the code samples in the post correspond to that.

Wednesday, June 14, 2017

PowerShell + .psd1 files - decouple environment configuration data from code

What is environment configuration data?

Well, you might have heard the term 'configuration data' in usage with PowerShell DSC. The case for using configuration data is wherein all the input arguments are abstracted from the code being written so that this configuration data can be generated on the fly and passed to the underlying scripts or framework like DSC.

For some of our solutions being deployed at the customer site, we require a lot of input parameters e.g. different network subnets for management and storage networks, AD/DNS information etc.

Adding all these parameters to our input argument collector script was an error prone and tedious task since there were far too many input arguments. So instead of having a file to specify all input arguments was the preferred method.

This also helped us while troubleshooting the deployments since a local copy of the input arguments always persisted.

Thursday, March 02, 2017

PowerShell + AzureRM : Using Certificate based automated login

This is a long overdue post (previous one here) on how to use certificates to do an automated login to Azure Resource Manager. Not rocket science but easy to setup, so that you use a cert to authenticate to Azure RM automatically.

It seems the Azure docs are already up to date on how to do few bits involved in this, please read the section 'Create service principal with a certificate' in the docs.

The process is almost the same as mentioned in the docs, except the fact that when we do the role assignment, we instead assign the contributor role definition to the service principal, since we want the ability to manage the resources in Azure RM.
Also, we will author a function add it to our profile so that PowerShell authenticates automatically to Azure RM each time it opens. 
So let's begin with it:
  1. Create the self-signed certificate.

    If you are running this on Windows 8.1, then you have to use the script by MVP Vadims Podans from the gallery.

    # For OS below Windows 10, download the script and use that to generate the self-signed cert.
    Import-Module .\New-SelfSignedCertificateEx.ps1
    New-SelfSignedCertificateEx -StoreLocation CurrentUser -StoreName My -Subject "CN=AutomateLogin" -KeySpec Exchange
    $cert = Get-ChildItem -path Cert:\CurrentUser\my | where {$PSitem.Subject -eq 'CN=AutomateLogin' }

    Otherwise, if you are running Windows 10 then the builtin PKI module would suffice. Note - The cert created below has marked private key to be not exportable.

    Run below:

    $cert = New-SelfSignedCertificate -CertStoreLocation "cert:\CurrentUser\My" -Subject "CN=AutomateLogin" -KeySpec KeyExchange -KeyExportPolicy NonExportable