This script helps you create an application in Azure, set up a service principal, and assign a custom role with the required permissions.
- Azure CLI installed and configured on your machine.
- Access to an Azure subscription.
-
Clone the repository:
git clone https://github.com/Hrouhani/your-repository-name.git cd your-repository-name
-
Run the script:
python3 azure-app.py
-
Follow the prompts to input your Azure subscription ID, role name, and application name.
-
Sets the Azure subscription: The script starts by setting the specified Azure subscription using the Azure CLI command az account set --subscription.
-
Logs in to Azure: It prompts the user to log in to Azure, which opens a browser window for authentication using the Azure CLI command az login.
-
Creates an application, service principal, and certificate: The script creates an Azure AD application, a service principal, and a certificate using the command az ad sp create-for-rbac --name.
-
Copies the certificate file to the script's directory: The certificate file created is copied to the directory where the script is running.
-
Creates a custom role (mondoo-role.json): It generates a JSON file defining a custom role with specific permissions required for the application.
-
Assigns the custom role to the application: The custom role is assigned to the newly created application using the command az role assignment create.
-
Creates an application manifest (app-manifest.json): The script creates a JSON file defining the required resource accesses for the application.
-
Updates the application with the required resource accesses: It updates the application to include the necessary permissions defined in the manifest using the command az ad app update.
-
Grants administrator consent: Finally, the script grants administrator consent to the application for the required permissions using the command az ad app permission admin-consent.