Is it possible to add Client ID as a filter for application registrations?
Closed this issue · 12 comments
Thank you for all the hard work on this nuke script.
The purpose of this issue is to see if it's possible to update this nuke script to allow its users to specify ClientID as a filter option for application registrations. The reason for this is that there are instances where there may be multiple applications with the same displayName and users may be interested in removing just one of them. Being able to specify the ClientID will make sure that we remove the correct app registration.
If there is a way to do this already, please let me know.
This should work, the ID is the default ID at the moment.
presets:
common:
filters:
Application:
- <uuid>
Thanks for your prompt response!
I tried using that but it still shows as if they are going to be nuked.
presets:
common:
filters:
Application:
- "000000-0000-0000-0000-0000000000"
azure-nuke | tenant - Application - 000000-0000-0000-0000-0000000000 - [Name: "my-app"] - would remove
azure-nuke | Scan complete: 1 total, 1 nukeable, 0 filtered.
Can you show your entire configuration?
Sure, here it is:
tenant-blocklist:
- 11111111111-1111-1111-1111-11111111111
resource-types:
targets:
- Application
excludes:
- AzureADUser
tenants:
22222222-2222-2222-2222-222222222222:
presets:
- common
resource-types:
targets:
- Application
presets:
common:
filters:
Application:
- "000000-0000-0000-0000-0000000000"
Odd, that should work. You could try not quoting, not sure how that behaves. I'm in the middle of completely rewriting this tool and I'm working on improving the filter syntax, you could take the new version for a spin.
The Application resource has changed to default to the name as the default property with ClientID and Name as properties you can filter on.
For reference: #45
Your configuration will need to change a bit if you want to test the next release
regions:
- global
blocklist: # tenant-blocklist still works but is deprecated
- 11111111111-1111-1111-1111-11111111111
resource-types:
includes: # targets still works but it's deprecated
- Application
excludes:
- AzureADUser
accounts: # tenants still works but it's deprecated
22222222-2222-2222-2222-222222222222:
presets:
- common
presets:
common:
filters:
Application:
- property: ClientID
value: 000000-0000-0000-0000-0000000000Also if you specify targets you don't need to do excludes as it'll only target what is explicitly in the targets array.
I made the change and the issue still happens.
I looked at the code and I think the issue could be in the application.go
func (r *Application) Properties() types.Properties {
properties := types.NewProperties()
properties.Set("Name", *r.name)
return properties
}
You'd have to use the latest next version which is under the branch next to be able to use the above configuration.
Under the current 0.x version, https://github.com/ekristen/azure-nuke/blob/main/resources/application.go#L83-L85
The default string is r.id which should make for just specifying the uuid as the filter to work. Of course you've said this isn't working, so tough to say.
I can cut a new 0.x release to add an ID property if you can't try the next binary or it doesn't work for you.
Just to make sure, do you want me to try with v1.0.0-next.2?
I pulled the latest build v1.0.0-next.2 and using
presets:
common:
filters:
Application:
- 000000-0000-0000-0000-0000000000
Worked. Thanks for the help!