booyaa · March 2, 2020 14:51
diff --git a/vm_jit_request_access.sh b/vm_jit_request_access.sh
 #!/bin/bash

 # Inspired by this API example: https://docs.microsoft.com/en-us/rest/api/securitycenter/jitnetworkaccesspolicies/initiate#examples

 SCRIPT_NAME=$(basename "$0")
 echo "$SCRIPT_NAME: Requests JIT (ssh) access to vm via the Security Center API."

 if [[ "$#" -lt 1 ]]; then
  echo "Error! Usage: $SCRIPT_NAME <vm name> (<justification>)"
  exit 1
 fi

 AZURE_CLI=$(command -v az)
 if [[ -z $AZURE_CLI ]]; then
  echo "Erro! Failed to find Azure CLI. Please install."
  exit 1
 fi

 jit_vm_name=$1
 jit_justification=${2:-testing jit via vm_jit_request_access.sh}

 jit_vm_id=$(az vm list --query "[?name=='$jit_vm_name'].id" --output tsv)
 if [[ -z $jit_vm_id ]]; then
  echo "Error: Failed to find $jit_vm_name!"
  exit 1
 fi

 jit_vm_rg=$(az vm list --query "[?name=='$jit_vm_name'].resourceGroup" --output tsv | tr '[:upper:]' '[:lower:]') # lower case, there appears to be a bug in az vm data that uppercases some resource group references

 jit_my_ip=$(curl -s ifconfig.me)
 jit_id=$(az security jit-policy list --query "[?resourceGroup=='$jit_vm_rg'].id" --output tsv)
 jit_management_uri="https://management.azure.com$jit_id/initiate?api-version=2015-06-01-preview"

 jit_payload=$(cat <<  EOF
 {
    "virtualMachines": [
      {
        "id": "$jit_vm_id",
        "ports": [
          {
            "number": 22,
            "duration": "PT1H",
            "allowedSourceAddressPrefix": "$jit_my_ip"
          }
        ]
      }
    ],
    "justification": "$jit_justification"
  }  
 EOF
 )

 az rest --method post --uri "$jit_management_uri" --body "$jit_payload"
 exit $?
	#!/bin/bash

	# Inspired by this API example: https://docs.microsoft.com/en-us/rest/api/securitycenter/jitnetworkaccesspolicies/initiate#examples

	SCRIPT_NAME=$(basename "$0")
	echo "$SCRIPT_NAME: Requests JIT (ssh) access to vm via the Security Center API."

	if [[ "$#" -lt 1 ]]; then
	echo "Error! Usage: $SCRIPT_NAME <vm name> (<justification>)"
	exit 1
	fi

	AZURE_CLI=$(command -v az)
	if [[ -z $AZURE_CLI ]]; then
	echo "Erro! Failed to find Azure CLI. Please install."
	exit 1
	fi

	jit_vm_name=$1
	jit_justification=${2:-testing jit via vm_jit_request_access.sh}

	jit_vm_id=$(az vm list --query "[?name=='$jit_vm_name'].id" --output tsv)
	if [[ -z $jit_vm_id ]]; then
	echo "Error: Failed to find $jit_vm_name!"
	exit 1
	fi

	jit_vm_rg=$(az vm list --query "[?name=='$jit_vm_name'].resourceGroup" --output tsv \| tr '[:upper:]' '[:lower:]') # lower case, there appears to be a bug in az vm data that uppercases some resource group references

	jit_my_ip=$(curl -s ifconfig.me)
	jit_id=$(az security jit-policy list --query "[?resourceGroup=='$jit_vm_rg'].id" --output tsv)
	jit_management_uri="https://management.azure.com$jit_id/initiate?api-version=2015-06-01-preview"

	jit_payload=$(cat << EOF
	{
	"virtualMachines": [
	{
	"id": "$jit_vm_id",
	"ports": [
	{
	"number": 22,
	"duration": "PT1H",
	"allowedSourceAddressPrefix": "$jit_my_ip"
	}
	]
	}
	],
	"justification": "$jit_justification"
	}
	EOF
	)

	az rest --method post --uri "$jit_management_uri" --body "$jit_payload"
	exit $?