oleewere · February 19, 2020 20:55
diff --git a/get-azure-msi b/get-azure-msi
 #!/usr/bin/env sh

 function main() {
  local defaultMsi=$1
  access_token=$(curl -s -k -H "Metadata: true"  "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com/" | jq .access_token | tr -d '"')
  access_token_status=$?
  if [[ "${access_token_status}" != "0" ]]; then
    echo "$defaultMsi"
    return 0
  fi
  instance_metadata=$(curl -s -k -H "Metadata: true"  "http://169.254.169.254/metadata/instance?api-version=2019-06-01")
  instance_metadata_status=$?
  if [[ "${instance_metadata_status}" != "0" ]]; then
    echo "$defaultMsi"
    return 0
  fi
  subscriptionId=$(echo "${instance_metadata}" | jq .compute.subscriptionId | tr -d '"')
  resourceGroup=$(echo "${instance_metadata}" | jq .compute.resourceGroupName | tr -d '"')
  vmName=$(echo "${instance_metadata}" | jq .compute.name | tr -d '"')
  vmMsiResponse=$(curl -s -k "https://management.azure.com/subscriptions/${subscriptionId}/resourceGroups/${resourceGroup}/providers/Microsoft.Compute/virtualMachines/${vmName}?api-version=2018-06-01" -H "Authorization: Bearer ${access_token}")
  vmMsiResponse_status=$?
  if [[ "${vmMsiResponse_status}" != "0" ]]; then
    echo "$defaultMsi"
    return 0
  fi
  vmAuthFeiled=$(echo "${vmMsiResponse}" | grep -q "AuthorizationFailed")
  vmAuthFeiled_status=$?
  if [[ "${vmAuthFeiled_status}" == "0" ]]; then
    echo "$defaultMsi"
    return 0
  fi

  vmMsi=$(echo "${vmMsiResponse}" | jq -r '.identity.userAssignedIdentities | keys[] as $k | "\($k)"' )
  vmMsi_status=$?
  if [[ "${vmMsi_status}" != "0" ]]; then
    echo "$defaultMsi"
    return 0
  fi
  echo "$vmMsi"
 }

 main "$@"
	#!/usr/bin/env sh

	function main() {
	local defaultMsi=$1
	access_token=$(curl -s -k -H "Metadata: true" "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com/" \| jq .access_token \| tr -d '"')
	access_token_status=$?
	if [[ "${access_token_status}" != "0" ]]; then
	echo "$defaultMsi"
	return 0
	fi
	instance_metadata=$(curl -s -k -H "Metadata: true" "http://169.254.169.254/metadata/instance?api-version=2019-06-01")
	instance_metadata_status=$?
	if [[ "${instance_metadata_status}" != "0" ]]; then
	echo "$defaultMsi"
	return 0
	fi
	subscriptionId=$(echo "${instance_metadata}" \| jq .compute.subscriptionId \| tr -d '"')
	resourceGroup=$(echo "${instance_metadata}" \| jq .compute.resourceGroupName \| tr -d '"')
	vmName=$(echo "${instance_metadata}" \| jq .compute.name \| tr -d '"')
	vmMsiResponse=$(curl -s -k "https://management.azure.com/subscriptions/${subscriptionId}/resourceGroups/${resourceGroup}/providers/Microsoft.Compute/virtualMachines/${vmName}?api-version=2018-06-01" -H "Authorization: Bearer ${access_token}")
	vmMsiResponse_status=$?
	if [[ "${vmMsiResponse_status}" != "0" ]]; then
	echo "$defaultMsi"
	return 0
	fi
	vmAuthFeiled=$(echo "${vmMsiResponse}" \| grep -q "AuthorizationFailed")
	vmAuthFeiled_status=$?
	if [[ "${vmAuthFeiled_status}" == "0" ]]; then
	echo "$defaultMsi"
	return 0
	fi

	vmMsi=$(echo "${vmMsiResponse}" \| jq -r '.identity.userAssignedIdentities \| keys[] as $k \| "\($k)"' )
	vmMsi_status=$?
	if [[ "${vmMsi_status}" != "0" ]]; then
	echo "$defaultMsi"
	return 0
	fi
	echo "$vmMsi"
	}

	main "$@"