locked
Powershell Looping and Variables/Arrays RRS feed

  • Question

  • Hi All,

    Been editing a script which applies resource locks in Azure (script attached at end of this post) The idea is to automate the script in Azure Automation to apply/reapply resource locks to resource groups once a day.

    I have taken out the parameter block in the script (attached at end of post) and replaced it with variables (see below). I also took out the do/until block of code. The reasons being I want to eliminate manual inputs. 

    $subscriptionName = "My Subscription"
    $targetResourceGroups = "RG1","RG2"
    $lockType = "CanNotDelete"

    It essentially works BUT it only completes the resource locks for the second Resource Group (RG2) specified in the $targetResourceGroups variable. Nothing happens with RG1 ->even if I add a @().

    If you don't edit the script below (take out para block/do/until) the script completes all values you specify in the $targetResourceGroups. I know there is a foreach or do/until somewhere I need to add (its driving me crazy).

    What I am looking to happen is the script runs for RG1 in the $targetResourceGroups variable creating the locks and then loops back up to complete RG2. Right now its only doing RG2. Any help would be greatly appreciated. Cheers, Ivor
    ______________________________________________________________________________________________
    The script below takes the following parameters
    $SubscriptionId please pass the target subscription ID (Get-AzurermSubscription)
    $targetResourceGroups pass all target resource groups
    $locktype pass either CanNotDelete or ReadOnly
    The script will lock all resources passed into the $targetResourceGroups variable.  Please ensure to login with a Azure Owner role account in order to apply locks. 

    < # .SYNOPSIS This script will apply locks to all resources in the passed resource groups .DESCRIPTION This script will grab all resources in the passed resource groups and apply locks to these resources. Please ensure this is run with a user account that has Owner permissions. .PARAMETER subscriptionID Target Azure subscription ID .PARAMETER targetResourceGroup Array of Azure resource groups .PARAMETER lockType allowed values include CanNotDelete and ReadOnly #>

    param(
      [Parameter(Mandatory = $True)]
      [string]$subscriptionId,
      [Parameter(Mandatory = $True)]
      [string[]]$targetResourceGroups,
      [Parameter(Mandatory = $True)]
      [ValidateSet("CanNotDelete","ReadOnly")]
      [string]$lockType
    )

     $resourceGroupObjects = @()

     ##########################
    ## Connect to Azure
    ##########################
    Login-AzureRmAccount
    Select-AzureRmSubscription -SubscriptionId $subscriptionId


    ##########################
    ## Functions
    ##########################
    function Get-Resources($resourceGroup){
      Find-AzureRmResource -ResourceGroupNameEquals $resourceGroup.ResourceGroupName
    }

    function Get-ResourceGroup($resourceGroup){
      $resourceGroupObject = Get-AzureRmResourceGroup -Name $resourceGroup

      if(!($resourceGroupObject)){
        Write-Host "Resource Group not found:$($resourceGroup)"
      }

      return $resourceGroupObject
    }

    function Apply-Lock($resources){
      foreach($resource in $resources){
        New-AzureRmResourceLock -LockLevel $lockType -LockName "$($lockType)$($resource.name)" `
                                -ResourceName $resource.name `
                                -ResourceType $resource.Resourcetype `
                                -ResourceGroupName $resource.ResourceGroupName `
                                -Force `
      }
    }


    ##########################
    ## Main
    ##########################

    foreach($resourceGroup in $targetResourceGroups){
      $resourceGroupObjects += Get-ResourceGroup -resourceGroup $resourceGroup
    }


    foreach($resourceGroupObj in $resourceGroupObjects){
      $resources = Get-Resources -resourceGroup $resourceGroupObj

      if(!($resources)){
        Write-Host "Resource Group $($resourceGroupObj.ResourceGroupName) is empty"
      }
      else{
        foreach($resource in $resources){
          Write-Output "Resource name: $($resource.Name)"
          Write-Output "Resource type: $($resource.ResourceType)`n"
        }

        do{
          $input = Read-Host -Prompt "would you like to apply a $($lockType) lock all resource above? [Y]Yes, [any key]No"
        }
        until($input)
      }
      if($input -like 'y'){
        Write-Host "Locking Resources in $($resourceGroupObj.ResourceGroupName)"
        Apply-Lock -resources $resources

      }
      else{
        Write-Host "Lock update cancelled on $($resourceGroupObj.ResourceGroupName)"
      }
    }

    • Moved by Bill_Stewart Monday, March 12, 2018 9:30 PM Off-topic
    Wednesday, February 7, 2018 12:10 PM

All replies