Skip to content

Commit

Permalink
add offboarding script
Browse files Browse the repository at this point in the history
  • Loading branch information
@gaalmeida
gaalmeida committed Feb 6, 2024
1 parent 78345dc commit 1544275
Show file tree
Hide file tree
Showing 3 changed files with 1,097 additions and 0 deletions.
175 changes: 175 additions & 0 deletions scripts/azure_offboarding/azure_offboarding.ps1
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,175 @@
function Set-AzureContext {
param (
[string]$subscriptionId
)
if ($subscriptionId -and $subscriptionId.Length -gt 0) {
Write-Host "Setting context by subscription id: $subscriptionId"
return Set-AzContext -Subscription $subscriptionId
}
Write-Host "Setting the default context"
return (Get-AzContext)
}

function Set-AppNameParameter {
param (
[string]$appName,
[string]$subscriptionId
)
if ($appName -and $appName.Length -gt 0) {
Write-Host "Received AppName as parameter: $appName"
return $appName
}
return "firefly-" + $subscriptionId
}

Connect-AzureAD
$context = Set-AzureContext -subscriptionId $subscriptionId

$appName = Set-AppNameParameter -appName $appName -subscriptionId $subscriptionId
$sp = Get-AzADServicePrincipal -DisplayName $appName

if ($isEventDriven) {
Write-Host "Removing Diagnostic setting..."
try {
Remove-AzSubscriptionDiagnosticSetting -Name firefly
} catch {
Write-Host "Not able to remove DiagnosticSetting, reason: $_" -ForegroundColor Red
Write-Host "Continuing..."
}

Write-Host "Removing EventGrid Subscription setting..."
try {
Remove-AzEventGridSubscription -EventSubscriptionName fireflyevents
} catch {
Write-Host "Not able to remove EventGrid Subscription, reason: $_" -ForegroundColor Red
Write-Host "Continuing..."
}

$saName = ("firefly" + $subscriptionId -replace '-', '').Substring(0,[Math]::Min(("firefly-" + $subscriptionId -replace '-', '').Length, 23))

$storageAccount = Get-AzStorageAccount -ResourceGroupName "firefly" -Name $saName

if ($storageAccount -ne $null) {
$roleName = Storage Blob Data Reader

Write-Host "Removing $roleName Role assignment..."
try {
$roleAssignment = Remove-AzRoleAssignment -ObjectId $sp.Id -RoleDefinitionName $roleName -Scope $storageAccount.Id.Trim()
if ($roleAssignment -And $roleAssignment.ObjectType -eq "Unknown") {
Write-Host "Unable to remove $roleName role assignment from service principal. Continuing" -ForegroundColor Red
}
} catch {
Write-Host "Not able to remove Storage Account role assignment, reason: $_" -ForegroundColor Red
Write-Host "Continuing..."
}

Write-Host "Removing Storage Account..."
try {
Remove-AzStorageAccount -ResourceGroupName firefly -Name $saName -Force
} catch {
Write-Host "Not able to remove Storage Account, reason: $_" -ForegroundColor Red
Write-Host "Continuing..."
}
}

Write-Host "Removing Resource Group..."
try {
Remove-AzResourceGroup -Name firefly -Force
} catch {
Write-Host "Not able to remove Resource group, reason: $_" -ForegroundColor Red
Write-Host "Continuing..."
}
}

$roleName = 'Firefly-'+$subscriptionId

Write-Host "Removing $roleName Role assignment..."
try {
$roleAssignment = Remove-AzRoleAssignment -ObjectId $sp.Id -RoleDefinitionName $roleName
if ($roleAssignment -And $roleAssignment.ObjectType -eq "Unknown") {
Write-Host "Unable to remove $roleName role assignment from service principal. Continuing" -ForegroundColor Red
}
} catch {
Write-Host "Not able to remove $roleName Role Assignment, reason: $_" -ForegroundColor Red
Write-Host "Continuing..."
}

Write-Host "Removing $roleName Role definition..."
try {
$rd = Get-AzRoleDefinition -Name $roleName
if ($rd) {
Remove-AzRoleDefinition -Id $rd.Id -Force
} else {
Write-Host "$roleName Role definition not found, continuing..."
}
} catch {
Write-Host "Not able to remove $roleName Role Definition, reason: $_" -ForegroundColor Red
Write-Host "Continuing..."
}

$roles = @("Reader", "Security Reader", "Billing Reader")
foreach($roleName in $roles) {
Write-Host "Removing $roleName Role assignment..."
try {
$ra = Get-AzRoleAssignment -ObjectId $sp.Id -RoleDefinitionName $roleName
if ($ra) {
$roleAssignment = Remove-AzRoleAssignment -ObjectId $sp.Id -RoleDefinitionName $roleName
if ($roleAssignment -And $roleAssignment.ObjectType -eq "Unknown") {
Write-Host "Unable to remove $roleName role assignment from service principal. Continuing" -ForegroundColor Red
}
}
} catch {
Write-Host "Not able to remove $roleName Role Assignment, reason: $_" -ForegroundColor Red
Write-Host "Continuing..."
}
}

$app = Get-AzADApplication -DisplayName $appName

if ($app -ne $null) {
if ($app -is [array]) {
Write-Host "Removing applications..."
foreach ($a in $app) {
try {
Remove-AzADApplication -ObjectId $a.Id
} catch {
Write-Host "Not able to remove application, reason: $_" -ForegroundColor Red
Write-Host "Continuing..."
}

$permissions = Get-AzAdAppPermission -ApplicationId $a.AppId

Write-Host "Removing app permissions..."
foreach ($permission in $permissions) {
try {
Remove-AzADAppPermission -PermissionId $permission.Id -ApplicationId $a.AppId
} catch {
Write-Host "Not able to remove permission from app, reason: $_" -ForegroundColor Red
Write-Host "Continuing..."
}
}
}
} else {
Write-Host "Removing application..."
try {
Remove-AzADApplication -ObjectId $app.Id
} catch {
Write-Host "Not able to remove application, reason: $_" -ForegroundColor Red
Write-Host "Continuing..."
}

$permissions = Get-AzAdAppPermission -ApplicationId $app.AppId

Write-Host "Removing app permissions..."
foreach ($permission in $permissions) {
try {
Remove-AzADAppPermission -PermissionId $permission.Id -ApplicationId $app.AppId
} catch {
Write-Host "Not able to remove permission from app, reason: $_" -ForegroundColor Red
Write-Host "Continuing..."
}
}
}
}

Write-Host "Done!"
Loading

0 comments on commit 1544275

Please sign in to comment.