Skip to content

ikbendion/ARS

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
.github/workflows
.github/workflows
 
 
code
code
 
 
roles
roles
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Azure RoleSync

Maintain azure custom roles via CI/CD in code.

Setup

  • Fork this repository
  • Create a custom role with the following permissions
"Microsoft.Authorization/*/read",
"Microsoft.Authorization/*/write",
"Microsoft.Authorization/roleDefinitions/*"
  • Create an app registration with a clientSecret
  • Create the following github actions secrets
ClientId = Your application id
ClientSecret = Your client Secret
TenantId = Your tenant id
  • Create role assigments on subscriptions that should be managed to the previously created application.
  • Enable GitHub actions runs

Usage

Create a role

Use the following template to create a new role.

{
    "Name": "Custom Role Provisioner",
    "IsCustom": true,
    "Description": "Can provision custom roles.",
    "Actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Authorization/*/write",
        "Microsoft.Authorization/roleDefinitions/*"
    ],
    "NotActions": [
  
    ],
    "AssignableScopes": [
        "/subscriptions/{YourSubscriptionId}",
        "/subscriptions/{YourSubscriptionId}"
    ]
  }

place this template in as a .json file in the roles directory.

Update a role

Edit the configuration and commit to repository, role permissions can take up to 1h to process on the azure side.

Issues and suggestions

Please open an issue describing your input

License

MIT

About

Azure Role Sync (ARS) provisions Azure custom roles using CICD and JSON definitions

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages