122 lines
4.5 KiB
Markdown
122 lines
4.5 KiB
Markdown
# SK Azure Tools Commands
|
|
|
|
The `sk-az-tools` package may act as a CLI tool that provides various commands for working with various services. Currently implemented commands support services related to:
|
|
|
|
- Microsoft Entra ID
|
|
- Azure Resource Manager
|
|
- Azure DevOps Services
|
|
|
|
## Login
|
|
|
|
**Command name:** `login`
|
|
|
|
**Usage:** `sk-az-tools login [--resources <csv>] [--use-device-code] [--no-browser] [--browser <name>] [--browser-profile <profile>] [global options]`
|
|
|
|
**Options:**
|
|
|
|
- `--resources` <csv> - Comma-separated resources to authenticate. Allowed values: `graph`, `devops`, `arm`. Default is all three.
|
|
- `--use-device-code` - Use device code flow instead of browser-based interactive flow.
|
|
- `--no-browser` - Do not launch browser automatically. Print the sign-in URL to stderr.
|
|
- `--browser` <name> - Browser keyword used for interactive sign-in. Allowed values: `brave`, `browser`, `browserPrivate`, `chrome`, `edge`, `firefox`.
|
|
- `--browser-profile` <name> - Chromium profile name (for example: `Default`, `Profile 1`).
|
|
|
|
**Description:** The `login` command authenticates user sign-in for selected resource audiences and caches tokens for subsequent commands.
|
|
|
|
## Logout
|
|
|
|
**Command name:** `logout`
|
|
|
|
**Usage:** `sk-az-tools logout [--all] [global options]`
|
|
|
|
**Options:**
|
|
|
|
- `--all` - Clear login state and remove all cached accounts.
|
|
|
|
**Description:** The `logout` command signs out from cached user sessions. By default it signs out the active account; with `--all` it clears all cached accounts.
|
|
|
|
## Get Token
|
|
|
|
**Command name:** `get-token`
|
|
|
|
**Usage:** `sk-az-tools get-token --type|-t <azurerm|devops> [global options]`
|
|
|
|
**Options:**
|
|
|
|
- `--type`, `-t` <azurerm|devops> - Token audience to retrieve.
|
|
|
|
**Description:** The `get-token` command returns an access token for either Azure Resource Manager (`azurerm`) or Azure DevOps (`devops`) using the current login context.
|
|
|
|
## REST
|
|
|
|
**Command name:** `rest`
|
|
|
|
**Usage:** `sk-az-tools rest [--method <httpMethod>] --url <url> [--header <name: value>] [global options]`
|
|
|
|
**Options:**
|
|
|
|
- `--method` <httpMethod> - HTTP method to use. Default: `GET`.
|
|
- `--url` <url> - Full URL to call.
|
|
- `--header` <name: value> - Extra request header to include (for example: `Content-Type: application/json`).
|
|
|
|
**Description:** The `rest` command performs an HTTP request and returns response metadata and body. If `Authorization` is not provided explicitly, a `Bearer` token is added automatically for supported hosts:
|
|
|
|
- `management.azure.com` - uses Azure Resource Manager token
|
|
- `dev.azure.com` - uses Azure DevOps token
|
|
|
|
## List Apps
|
|
|
|
**Command name:** `list-apps`
|
|
|
|
**Usage:** `sk-az-tools list-apps [--display-name|-n <name>] [--app-id|-i <appId>] [--filter|-f <glob>] [global options]`
|
|
|
|
**Options:**
|
|
|
|
- `--display-name`, `-n` <name> - Find applications by display name.
|
|
- `--app-id`, `-i` <appId> - Find application by application (client) ID.
|
|
- `--filter`, `-f` <glob> - Filter results by display name using glob pattern.
|
|
|
|
**Description:** The `list-apps` command queries Microsoft Entra applications and returns matching app registrations.
|
|
|
|
## List App Permissions
|
|
|
|
**Command name:** `list-app-permissions`
|
|
|
|
**Usage:** `sk-az-tools list-app-permissions --app-id|-i <appId> [--resolve|-r] [--short|-s] [--filter|-f <glob>] [global options]`
|
|
|
|
**Options:**
|
|
|
|
- `--app-id`, `-i` <appId> - Application (client) ID. Required.
|
|
- `--resolve`, `-r` - Resolve permission GUIDs to human-readable names.
|
|
- `--short`, `-s` - Output compact result (omits permission GUID columns in output formatting step).
|
|
- `--filter`, `-f` <glob> - Filter permissions by name using glob pattern.
|
|
|
|
**Description:** The `list-app-permissions` command returns required API permissions declared by the target app registration.
|
|
|
|
## List App Grants
|
|
|
|
**Command name:** `list-app-grants`
|
|
|
|
**Usage:** `sk-az-tools list-app-grants --app-id|-i <appId> [global options]`
|
|
|
|
**Options:**
|
|
|
|
- `--app-id`, `-i` <appId> - Application (client) ID. Required.
|
|
|
|
**Description:** The `list-app-grants` command lists OAuth2 delegated permission grants associated with the specified app.
|
|
|
|
## List Resource Permissions
|
|
|
|
**Command name:** `list-resource-permissions`
|
|
|
|
**Usage:** `sk-az-tools list-resource-permissions [--app-id|-i <appId> | --display-name|-n <name>] [--filter|-f <glob>] [global options]`
|
|
|
|
**Options:**
|
|
|
|
- `--app-id`, `-i` <appId> - Resource application ID.
|
|
- `--display-name`, `-n` <name> - Resource application display name.
|
|
- `--filter`, `-f` <glob> - Filter permissions by name using glob pattern.
|
|
|
|
**Description:** The `list-resource-permissions` command returns available delegated and application permissions exposed by a resource app.
|
|
|
|
|