138 lines
5.4 KiB
Markdown
138 lines
5.4 KiB
Markdown
# SK Azure Tools Commands
|
|
|
|
The `sk-az-tools` package may act as a CLI tool that provides various commands for working with various services. Currently implemented commands support services related to:
|
|
|
|
- Microsoft Entra ID
|
|
- Azure Resource Manager
|
|
- Azure DevOps Services
|
|
|
|
## Global Options
|
|
|
|
These options apply to all commands unless stated otherwise:
|
|
|
|
- `--query`, `-q` <jmespath> - Apply JMESPath filter before output rendering.
|
|
- `--output`, `-o` <format> - Output format: `table|t|alignedtable|at|prettytable|pt|tsv`.
|
|
- `--columns`, `-C` <definition> - Column selection for table outputs:
|
|
- `col1` - Select column (case-insensitive match), keep raw header label.
|
|
- `col1:` - Select column (case-insensitive match), use auto-generated header label.
|
|
- `col1: Label 1` - Select column (case-insensitive match), use custom header label.
|
|
- Prefix token with `=` for exact column-name match: `=col1`, `=col1:`, `=col1:Label`.
|
|
- Tokens are comma-separated and rendered in the specified order.
|
|
- `--help`, `-h` - Show command help.
|
|
|
|
Note: `rest --header` is a command-specific HTTP header option and is unrelated to `--columns`.
|
|
|
|
## Login
|
|
|
|
**Command name:** `login`
|
|
|
|
**Usage:** `sk-az-tools login [resource...] [--use-device-code] [--no-browser] [--browser-name <name>] [--browser-profile <profile>] [global options]`
|
|
|
|
**Options:**
|
|
|
|
- `[resource...]` - One or more resources to authenticate. Allowed values: `graph`, `devops`, `azurerm`. Default is `azurerm`.
|
|
- `--use-device-code` - Use device code flow instead of browser-based interactive flow.
|
|
- `--no-browser` - Do not launch browser automatically. Print the sign-in URL to stderr.
|
|
- `--browser-name` <name> - Browser keyword used for interactive sign-in. Allowed values: `brave`, `browser`, `browserPrivate`, `chrome`, `edge`, `firefox`.
|
|
- `--browser-profile` <name> - Chromium profile name (for example: `Default`, `Profile 1`).
|
|
|
|
**Description:** The `login` command authenticates user sign-in for selected resource audiences and caches tokens for subsequent commands.
|
|
|
|
## Logout
|
|
|
|
**Command name:** `logout`
|
|
|
|
**Usage:** `sk-az-tools logout [--all] [global options]`
|
|
|
|
**Options:**
|
|
|
|
- `--all` - Clear login state and remove all cached accounts.
|
|
|
|
**Description:** The `logout` command signs out from cached user sessions. By default it signs out the active account; with `--all` it clears all cached accounts.
|
|
|
|
## Get Token
|
|
|
|
**Command name:** `get-token`
|
|
|
|
**Usage:** `sk-az-tools get-token --type|-t <azurerm|devops> [global options]`
|
|
|
|
**Options:**
|
|
|
|
- `--type`, `-t` <azurerm|devops> - Token audience to retrieve.
|
|
|
|
**Description:** The `get-token` command returns an access token for either Azure Resource Manager (`azurerm`) or Azure DevOps (`devops`) using the current login context.
|
|
|
|
## REST
|
|
|
|
**Command name:** `rest`
|
|
|
|
**Usage:** `sk-az-tools rest [--method <httpMethod>] --url <url> [--header <name: value>] [global options]`
|
|
|
|
**Options:**
|
|
|
|
- `--method` <httpMethod> - HTTP method to use. Default: `GET`.
|
|
- `--url` <url> - Full URL to call.
|
|
- `--header` <name: value> - Extra request header to include (for example: `Content-Type: application/json`).
|
|
|
|
**Description:** The `rest` command performs an HTTP request and returns response metadata and body. If `Authorization` is not provided explicitly, a `Bearer` token is added automatically for supported hosts:
|
|
|
|
- `management.azure.com` - uses Azure Resource Manager token
|
|
- `dev.azure.com` - uses Azure DevOps token
|
|
|
|
## List Apps
|
|
|
|
**Command name:** `list-apps`
|
|
|
|
**Usage:** `sk-az-tools list-apps [--display-name|-n <name>] [--app-id|-i <appId>] [--filter|-f <glob>] [global options]`
|
|
|
|
**Options:**
|
|
|
|
- `--display-name`, `-n` <name> - Find applications by display name.
|
|
- `--app-id`, `-i` <appId> - Find application by application (client) ID.
|
|
- `--filter`, `-f` <glob> - Filter results by display name using glob pattern.
|
|
|
|
**Description:** The `list-apps` command queries Microsoft Entra applications and returns matching app registrations.
|
|
|
|
## List App Permissions
|
|
|
|
**Command name:** `list-app-permissions`
|
|
|
|
**Usage:** `sk-az-tools list-app-permissions --app-id|-i <appId> [--resolve|-r] [--short|-s] [--filter|-f <glob>] [global options]`
|
|
|
|
**Options:**
|
|
|
|
- `--app-id`, `-i` <appId> - Application (client) ID. Required.
|
|
- `--resolve`, `-r` - Resolve permission GUIDs to human-readable names.
|
|
- `--short`, `-s` - Output compact result (omits permission GUID columns in output formatting step).
|
|
- `--filter`, `-f` <glob> - Filter permissions by name using glob pattern.
|
|
|
|
**Description:** The `list-app-permissions` command returns required API permissions declared by the target app registration.
|
|
|
|
## List App Grants
|
|
|
|
**Command name:** `list-app-grants`
|
|
|
|
**Usage:** `sk-az-tools list-app-grants --app-id|-i <appId> [global options]`
|
|
|
|
**Options:**
|
|
|
|
- `--app-id`, `-i` <appId> - Application (client) ID. Required.
|
|
|
|
**Description:** The `list-app-grants` command lists OAuth2 delegated permission grants associated with the specified app.
|
|
|
|
## List Resource Permissions
|
|
|
|
**Command name:** `list-resource-permissions`
|
|
|
|
**Usage:** `sk-az-tools list-resource-permissions [--app-id|-i <appId> | --display-name|-n <name>] [--filter|-f <glob>] [global options]`
|
|
|
|
**Options:**
|
|
|
|
- `--app-id`, `-i` <appId> - Resource application ID.
|
|
- `--display-name`, `-n` <name> - Resource application display name.
|
|
- `--filter`, `-f` <glob> - Filter permissions by name using glob pattern.
|
|
|
|
**Description:** The `list-resource-permissions` command returns available delegated and application permissions exposed by a resource app.
|
|
|
|
|