AZ CLI query filter on multiple properties using &&

Asked 15/4, 2020 at 20:17 Answered 16/7 at 14:59

I am trying to create an az cli query that can evaluate if I am logged into the correct tenant and subscription. I know I have to use the ? and && operators but have not been able to get them in the correct combination yet that will work. When I query for just a single value using the line below, works fine:

az account list --query "[?id=='my_subscription_id']" --output json

But when I try either of the lines below, it tells me it is invalid jmespath_type value:

az account list --query "[?id=='my_subscription_id' && ?tenantId=='my_tenant_id']"  --output json
az account list --query "[(?id=='my_subscription_id') && (?tenantId=='my_tenant_id')]"  --output json

when I try the line below, it gives me the error ] was unexpected at this time:

az account list --query "[(?id=='my_subscription_id')&&(?tenantId=='my_tenant_id')]"  --output json

I know this can be done, just can't seem to find the right mixture yet.

UPDATED INFO:

Upon further testing, I made some progress but still not exactly what I was expecting. Assume that the tenant ID is 123, the subscription ID of the sub I am wanting is ABC and my account also has access to the subscription ID EFG. When running the command below:

az account list --query "[].{subscriptionId:id,tenantId:tenantId}"

I get the output:

  {
    "subscriptionId": "ABC",
    "tenantId": "123"
  },
  {
    "subscriptionId": "EFG",
    "tenantId": "123"
  }

I would expect that running the command below, would return just the single record that matches:

az account list --query "[?id == 'ABC' && tenantid == '123'].{subscriptionId:id,tenantId:tenantId}" --output json

But, it does not. It returns [].

Running the command below returns the single record that matches both conditions:

az account list --query "[?id == 'ABC' || tenantid == '123'].{subscriptionId:id,tenantId:tenantId}" --output json

Based on the documentation, && is an AND, and || is an OR. I would think when running the command line that has the || in it would return BOTH records but it only returns the one that contains both values.

Hydromechanics answered 15/4, 2020 at 20:17 Comment(0)

I am trying to create an az cli query that can evaluate if I am logged into the correct tenant and subscription.

In fact, one subscription can only trust one tenant, so you can just filter the subscription Id, it will get the only one match tenant ID. Read more details in this blog.

A directory is the Azure AD service and each directory may have one or more domains. An Azure subscription has a trust relationship with Azure Active Directory which means that the subscription trusts Azure AD to authenticate users, services, and devices.

A directory can have many subscriptions associated with it, but only one tenant. Multiple subscriptions can trust the same Azure AD directory, but each subscription can only trust a single directory.

In this case, you have known the subscription Id. You also got the output of the subscription id and tenant Id mapping records. You can get accurate results by filtering your subscription Id like this. Or use it as you knew it: az account list --query "[?id=='my_subscription_id']" --output json

Then you can verify if you have logged in the correct tenant.

az account list --query "[].{SubID:id,TenantID:tenantId}[?SubID=='my_subscription_id']" -o table

result

Hooray answered 16/4, 2020 at 2:9 Comment(5)

This is the approach I wound up taking. PowerShell is more robust than AZ CLI in this area but I am the only one on my team that uses PowerShell so trying to switch to AZ CLI so they will use some of my stuff. – Hydromechanics 16/4, 2020 at 21:51

how to make the filter work with start with? such as name=='abc-*' seems it does not work – Incondensable 24/10, 2021 at 11:25

use JMESPath functions instead--query "[?contains(name, 'abc-')].{ Name:name }", learn.microsoft.com/en-us/cli/azure/… – Kruller 11/10, 2022 at 2:43

Do I understand it correctly? You're saying that using the logical operations is not available using the "usual" syntax with && nor || in the brackets of the query parameter? I see that you, sort of, emulate the && by [].{...}[?...] approach but it's quite clunky (and doesn't cover the || operation). Seems like I'm blatantly missing your point. Please excuse my confusion... – Forwardlooking 4/8, 2023 at 6:25

@Kruller For some reason I'm not getting the contains(...) to work. It's exemplified in the docs just like you say. However, I get an error form Python about "]" being unexpected. (However, adding a space after the comma in the parameter list makes it work again. Is that the same behavior as you get? Why would contains(a,'b') fail while contains(a, 'b') would work?! – Forwardlooking 4/8, 2023 at 6:56

To combine filter the syntax should be:

az account list --query "[?id=='my_subscription_id' && tenantId=='my_tenant_id']" --output json

Remove the second ? and it should work

General syntax [?filter1==value && filter2==value]

Dont forget in bash you need to add backtick

Real exemple of combining filter using AZ cli in bash:

az vm availability-set list-sizes -g $_rg -n $_avs --query '[?numberOfCores<=1 && memoryInMB <=1024]'

Bipartite answered 16/7 at 14:59 Comment(0)

Recommended topics

Hot tags