Is it possible to add Client ID as a filter for application registrations?

[bwrogo]

Thank you for all the hard work on this nuke script.

The purpose of this issue is to see if it's possible to update this nuke script to allow its users to specify ClientID as a filter option for application registrations. The reason for this is that there are instances where there may be multiple applications with the same displayName and users may be interested in removing just one of them. Being able to specify the ClientID will make sure that we remove the correct app registration.

If there is a way to do this already, please let me know.

[ekristen]

This should work, the ID is the default ID at the moment.

presets:
  common:
    filters:
      Application:
        - <uuid>

[bwrogo]

Thanks for your prompt response!

I tried using that but it still shows as if they are going to be nuked.

presets:
  common:
    filters:
      Application:
        - "000000-0000-0000-0000-0000000000"

azure-nuke  | tenant - Application - 000000-0000-0000-0000-0000000000 - [Name: "my-app"] - would remove

azure-nuke | Scan complete: 1 total, 1 nukeable, 0 filtered.

[ekristen]

Can you show your entire configuration?

[bwrogo]

Sure, here it is:

tenant-blocklist:
  - 11111111111-1111-1111-1111-11111111111
resource-types:
  targets:
    - Application
  excludes:
    - AzureADUser

tenants:
  22222222-2222-2222-2222-222222222222: 
    presets:
      - common
    resource-types:
      targets:
        - Application

presets:
  common:
    filters:
      Application:
        - "000000-0000-0000-0000-0000000000"

[ekristen]

Odd, that should work. You could try not quoting, not sure how that behaves. I'm in the middle of completely rewriting this tool and I'm working on improving the filter syntax, you could take the new version for a spin.

The Application resource has changed to default to the name as the default property with ClientID and Name as properties you can filter on.

For reference: https://github.com/ekristen/azure-nuke/pull/45

Your configuration will need to change a bit if you want to test the next release

regions:
  - global

blocklist: # tenant-blocklist still works but is deprecated
  - 11111111111-1111-1111-1111-11111111111

resource-types:
  includes: # targets still works but it's deprecated
    - Application
  excludes:
    - AzureADUser

accounts: # tenants still works but it's deprecated
  22222222-2222-2222-2222-222222222222: 
    presets:
      - common

presets:
  common:
    filters:
      Application:
        - property: ClientID
          value: 000000-0000-0000-0000-0000000000

Also if you specify targets you don't need to do excludes as it'll only target what is explicitly in the targets array.

[bwrogo]

I made the change and the issue still happens.

I looked at the code and I think the issue could be in the application.go

func (r *Application) Properties() types.Properties {
    properties := types.NewProperties()

    properties.Set("Name", *r.name)

    return properties
}

[ekristen]

You'd have to use the latest next version which is under the branch next to be able to use the above configuration.

[ekristen]

Under the current 0.x version, https://github.com/ekristen/azure-nuke/blob/main/resources/application.go#L83-L85

The default string is r.id which should make for just specifying the uuid as the filter to work. Of course you've said this isn't working, so tough to say.

[ekristen]

I can cut a new 0.x release to add an ID property if you can't try the next binary or it doesn't work for you.

[bwrogo]

Just to make sure, do you want me to try with v1.0.0-next.2?

[bwrogo]

I pulled the latest build v1.0.0-next.2 and using

presets:
  common:
    filters:
      Application:
        - 000000-0000-0000-0000-0000000000

Worked. Thanks for the help!

[ekristen]

Awesome! next.2 is a complete rewrite @bwrogo looking for feedback on behavior and use especially with the changes to the config with regions (aka locations, etc)