Skip to content

Commit 774840d

Browse files
codebytescodebytes
committed
Refactor auth-setup script to use dynamic variables and improve readability
1 parent 7805ad0 commit 774840d

File tree

2 files changed

+42
-35
lines changed

2 files changed

+42
-35
lines changed

auth-setup.md

Lines changed: 0 additions & 35 deletions
This file was deleted.

auth-setup.sh

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,42 @@
1+
#!/bin/sh
2+
3+
#set vars
4+
#codebytes
5+
githubOrganizationName=$(echo $(git remote get-url origin) | cut -f4 -d"/")
6+
#secure-terraform-on-azure
7+
githubRepositoryName=$(basename -s .git `git config --get remote.origin.url`)
8+
9+
#create app registration
10+
applicationRegistrationDetails=$(az ad app create --display-name "${githubRepositoryName}")
11+
applicationRegistrationObjectId=$(echo $applicationRegistrationDetails | jq -r '.id')
12+
applicationRegistrationAppId=$(echo $applicationRegistrationDetails | jq -r '.appId')
13+
14+
#created federated creds
15+
az ad app federated-credential create \
16+
--id $applicationRegistrationObjectId \
17+
--parameters "{\"name\":\"${githubRepositoryName}-pr\",\"issuer\":\"https://token.actions.githubusercontent.com\",\"subject\":\"repo:${githubOrganizationName}/${githubRepositoryName}:pull_request\",\"audiences\":[\"api://AzureADTokenExchange\"]}"
18+
az ad app federated-credential create \
19+
--id $applicationRegistrationObjectId \
20+
--parameters "{\"name\":\"${githubRepositoryName}-env-dev\",\"issuer\":\"https://token.actions.githubusercontent.com\",\"subject\":\"repo:${githubOrganizationName}/${githubRepositoryName}:environment:dev\",\"audiences\":[\"api://AzureADTokenExchange\"]}"
21+
az ad app federated-credential create \
22+
--id $applicationRegistrationObjectId \
23+
--parameters "{\"name\":\"${githubRepositoryName}-env-prod\",\"issuer\":\"https://token.actions.githubusercontent.com\",\"subject\":\"repo:${githubOrganizationName}/${githubRepositoryName}:environment:prod\",\"audiences\":[\"api://AzureADTokenExchange\"]}"
24+
az ad app federated-credential create \
25+
--id $applicationRegistrationObjectId \
26+
--parameters "{\"name\":\"${githubRepositoryName}-branch-main\",\"issuer\":\"https://token.actions.githubusercontent.com\",\"subject\":\"repo:${githubOrganizationName}/${githubRepositoryName}:ref:refs/heads/main\",\"audiences\":[\"api://AzureADTokenExchange\"]}"
27+
28+
29+
AZURE_CLIENT_ID=$applicationRegistrationAppId
30+
AZURE_TENANT_ID=$(az account show --query tenantId --output tsv)
31+
AZURE_SUBSCRIPTION_ID=$(az account show --query id --output tsv)
32+
33+
az ad sp create --id $applicationRegistrationObjectId
34+
az role assignment create --assignee $applicationRegistrationAppId --role Contributor --scope /subscriptions/$AZURE_SUBSCRIPTION_ID
35+
36+
echo "AZURE_CLIENT_ID: $AZURE_CLIENT_ID"
37+
echo "AZURE_TENANT_ID: $AZURE_TENANT_ID"
38+
echo "AZURE_SUBSCRIPTION_ID: $AZURE_SUBSCRIPTION_ID"
39+
40+
gh secret set AZURE_CLIENT_ID --body "$AZURE_CLIENT_ID"
41+
gh secret set AZURE_TENANT_ID --body "$AZURE_TENANT_ID"
42+
gh secret set AZURE_SUBSCRIPTION_ID --body "$AZURE_SUBSCRIPTION_ID"

0 commit comments

Comments
 (0)