What is all this?
This is a PoC, useful for some cases. It generates a Service Principal (ENterprise App) with Global Reader / Viewer on a specified Azure Subscription
Checklist
Pending: New PS script to delete everything -
cleanup.ps1Pending: Patch the SP with an icon.
Active Directory Requirements (Future)
This does not come with Entra ID permissions.
script execution
Generates a TUI that allows for Subscription selection
‣
Azure Roles
reader ID: acdd72a7-3385-48ef-bd42-f606fba81ae7
security reader ID: 39bc4728-0917-49c7-9d2c-d95423bc2eb4
To list (generic) and list those (predefined) roles, filtered by searched names:
az role definition list --query "[].{name:name, roleType:roleType, roleName:roleName}" --output tsv | Select-String -Pattern "glob"Execution Tests
AppId = Client ID (AZURE_CLIENT_ID)
password = Client Password (AZURE_CLIENT_SECRET)
Output Sample:
{
"appId": "22a13b47-DEAD-BEEF-a173-5d74ea08854a",
"displayName": "Test-App",
"password": "XXXXX~6V7Zgbsh1mwNyPB8u-dAqLMTdl3ElPUaoE",
"tenant": "bad684a6-DEAD-BEEF-9bf5-1d9822565e2c"
}