49 lines
1.5 KiB
YAML
49 lines
1.5 KiB
YAML
---
|
|
# tasks file for linux_get-expiring-tokens-az
|
|
# - name: Get list of expiring app registration secret keys
|
|
# uri:
|
|
# url: https://graph.microsoft.com/v1.0/applications
|
|
# headers:
|
|
# Authorization: "Bearer {{ access_token }}"
|
|
# Content-Type: "application/json"
|
|
# return_content: yes
|
|
# register: app_registrations
|
|
|
|
|
|
# - name: Get all Azure app registrations
|
|
# azure.azcollection.azure_rm_adserviceprincipal_info:
|
|
# tenant: 03a0b8f2-7896-4d4d-bd81-9d6314ae3e15
|
|
# register: service_principals
|
|
|
|
# - name: Get expiring secrets
|
|
# set_fact:
|
|
# expiring_secrets: "{{ service_principals | json_query(query) }}"
|
|
# vars:
|
|
# query: "[?has(passwordCredentials[?endDate<=`{{ date_to_check }}`])].{displayName: displayName, objectId: objectId, expiring_secrets: passwordCredentials[?endDate<=`{{ date_to_check }}`].{startDate: startDate, endDate: endDate}}"
|
|
|
|
# - name: Print expiring secrets
|
|
# debug:
|
|
# var: expiring_secrets
|
|
# when: expiring_secrets | length > 0
|
|
|
|
|
|
|
|
- name: get az app regs
|
|
azure.azcollection.azure_rm_adserviceprincipal_info:
|
|
tenant: "{{AZURE_TENANT}}"
|
|
register: service_principals
|
|
|
|
|
|
- name: try to print all sp's
|
|
debug:
|
|
var: service_principals
|
|
|
|
- name: get ad password info
|
|
azure.azcollection.azure_rm_adpassword_info:
|
|
app_id: 140ddce1-f5e1-45a3-84e0-38e8ec16e72b
|
|
tenant: "{{AZURE_TENANT}}"
|
|
#key_id: c13469d5-46bd-4faa-b9dc-b18cbacd144e
|
|
app_object_id: b1d67282-fc59-4a7d-8aab-178a6e3a8e2f
|
|
|
|
|