generated from codebytes/marp-slides-template
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathauth-setup.sh
executable file
·42 lines (34 loc) · 2.53 KB
/
auth-setup.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
#!/bin/sh
#set vars
#codebytes
githubOrganizationName=$(echo $(git remote get-url origin) | cut -f4 -d"/")
#secure-terraform-on-azure
githubRepositoryName=$(basename -s .git `git config --get remote.origin.url`)
#create app registration
applicationRegistrationDetails=$(az ad app create --display-name "${githubRepositoryName}")
applicationRegistrationObjectId=$(echo $applicationRegistrationDetails | jq -r '.id')
applicationRegistrationAppId=$(echo $applicationRegistrationDetails | jq -r '.appId')
#created federated creds
az ad app federated-credential create \
--id $applicationRegistrationObjectId \
--parameters "{\"name\":\"${githubRepositoryName}-pr\",\"issuer\":\"https://token.actions.githubusercontent.com\",\"subject\":\"repo:${githubOrganizationName}/${githubRepositoryName}:pull_request\",\"audiences\":[\"api://AzureADTokenExchange\"]}"
az ad app federated-credential create \
--id $applicationRegistrationObjectId \
--parameters "{\"name\":\"${githubRepositoryName}-env-dev\",\"issuer\":\"https://token.actions.githubusercontent.com\",\"subject\":\"repo:${githubOrganizationName}/${githubRepositoryName}:environment:dev\",\"audiences\":[\"api://AzureADTokenExchange\"]}"
az ad app federated-credential create \
--id $applicationRegistrationObjectId \
--parameters "{\"name\":\"${githubRepositoryName}-env-prod\",\"issuer\":\"https://token.actions.githubusercontent.com\",\"subject\":\"repo:${githubOrganizationName}/${githubRepositoryName}:environment:prod\",\"audiences\":[\"api://AzureADTokenExchange\"]}"
az ad app federated-credential create \
--id $applicationRegistrationObjectId \
--parameters "{\"name\":\"${githubRepositoryName}-branch-main\",\"issuer\":\"https://token.actions.githubusercontent.com\",\"subject\":\"repo:${githubOrganizationName}/${githubRepositoryName}:ref:refs/heads/main\",\"audiences\":[\"api://AzureADTokenExchange\"]}"
az ad sp create --id $applicationRegistrationObjectId
AZURE_CLIENT_ID=$applicationRegistrationAppId
AZURE_TENANT_ID=$(az account show --query tenantId --output tsv)
AZURE_SUBSCRIPTION_ID=$(az account show --query id --output tsv)
az role assignment create --assignee $applicationRegistrationAppId --role Contributor --scope "/subscriptions/$AZURE_SUBSCRIPTION_ID"
echo "AZURE_CLIENT_ID: $AZURE_CLIENT_ID"
echo "AZURE_TENANT_ID: $AZURE_TENANT_ID"
echo "AZURE_SUBSCRIPTION_ID: $AZURE_SUBSCRIPTION_ID"
gh secret set AZURE_CLIENT_ID --body "$AZURE_CLIENT_ID"
gh secret set AZURE_TENANT_ID --body "$AZURE_TENANT_ID"
gh secret set AZURE_SUBSCRIPTION_ID --body "$AZURE_SUBSCRIPTION_ID"