Skip to content

Commit

Permalink
Change displayname with filter (#1084)
Browse files Browse the repository at this point in the history
* change displayname with filter

* change displayname with filter
  • Loading branch information
sondresjolyst authored Nov 7, 2023
1 parent 2c32390 commit de38a35
Show file tree
Hide file tree
Showing 13 changed files with 32 additions and 32 deletions.
4 changes: 2 additions & 2 deletions scripts/add_reply_url_for_cluster.sh
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ function updateWebRedirectUris() {
local additionalWebReplyURL
local newWebRedirectUris

aadAppId="$(az ad app list --display-name "${AAD_APP_NAME}" --only-show-errors --query [].appId -o tsv)"
aadAppId="$(az ad app list --filter "displayname eq '${AAD_APP_NAME}'" --only-show-errors --query [].appId --output tsv)"
if [[ -z $aadAppId ]]; then
echo "ERROR: Could not find app registration. Quitting..." >&2
return 1
Expand Down Expand Up @@ -129,7 +129,7 @@ function updateSpaRedirectUris() {
local additionalSpaReplyURI
local newSpaRedirectUris

aadObjId="$(az ad app list --display-name "${AAD_APP_NAME}" --only-show-errors --query [].id -o tsv)"
aadObjId="$(az ad app list --filter "displayname eq '${AAD_APP_NAME}'" --only-show-errors --query [].id --output tsv)"
if [[ -z $aadObjId ]]; then
echo "ERROR: Could not find app registration. Quitting..." >&2
return 1
Expand Down
6 changes: 3 additions & 3 deletions scripts/aks/teardown.sh
Original file line number Diff line number Diff line change
Expand Up @@ -366,8 +366,8 @@ echo "Delete replyUrls"
# Delete replyUrl for Radix web-console
WEB_CONSOLE_ENV="radix-web-console-$RADIX_WEB_CONSOLE_ENV"
APP_REGISTRATION_WEB_CONSOLE="Omnia Radix Web Console - ${CLUSTER_TYPE^} Clusters" # "Development", "Playground", "Production"
APP_REGISTRATION_ID="$(az ad app list --display-name "${APP_REGISTRATION_WEB_CONSOLE}" --query [].appId --output tsv --only-show-errors)"
APP_REGISTRATION_OBJ_ID="$(az ad app list --display-name "${APP_REGISTRATION_WEB_CONSOLE}" --query [].id --output tsv --only-show-errors)"
APP_REGISTRATION_ID="$(az ad app list --filter "displayname eq '${APP_REGISTRATION_WEB_CONSOLE}'" --query [].appId --output tsv --only-show-errors)"
APP_REGISTRATION_OBJ_ID="$(az ad app list --filter "displayname eq '${APP_REGISTRATION_WEB_CONSOLE}'" --query [].id --output tsv --only-show-errors)"
HOST_NAME_WEB_CONSOLE="auth-${WEB_CONSOLE_ENV}.${CLUSTER_NAME}.${AZ_RESOURCE_DNS}"
REPLY_URL="https://${HOST_NAME_WEB_CONSOLE}/oauth2/callback"
WEB_REDIRECT_URI="https://${HOST_NAME_WEB_CONSOLE}/applications"
Expand All @@ -377,7 +377,7 @@ printf "%s► Execute %s%s\n" "${grn}" "$WORKDIR_PATH/../delete_reply_url_for_cl
wait # wait for subshell to finish

# Delete replyUrl for grafana
APP_REGISTRATION_ID="$(az ad app list --display-name "${APP_REGISTRATION_GRAFANA}" --query [].appId --output tsv --only-show-errors)"
APP_REGISTRATION_ID="$(az ad app list --filter "displayname eq '${APP_REGISTRATION_GRAFANA}'" --query [].appId --output tsv --only-show-errors)"
HOST_NAME_GRAFANA="grafana.${CLUSTER_NAME}.${AZ_RESOURCE_DNS}"
REPLY_URL="https://${HOST_NAME_GRAFANA}/login/generic_oauth"

Expand Down
2 changes: 1 addition & 1 deletion scripts/cicd-canary/update_auth_secret.sh
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ fi

# Generate new secret for App Registration.
printf "Re-generate client secret for App Registration \"$APP_REGISTRATION_NAME\"..."
APP_REGISTRATION_CLIENT_ID=$(az ad app list --display-name "$APP_REGISTRATION_NAME" | jq -r '.[].appId')
APP_REGISTRATION_CLIENT_ID=$(az ad app list --filter "displayname eq '${APP_REGISTRATION_NAME}'" | jq -r '.[].appId')

UPDATED_PRIVATE_IMAGE_HUB_PASSWORD=$(az ad app credential reset --id "$APP_REGISTRATION_CLIENT_ID" --display-name "rdx-cicd-canary" 2>/dev/null | jq -r '.password')
if [[ -z "$UPDATED_PRIVATE_IMAGE_HUB_PASSWORD" ]]; then
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,7 @@ function updateSecret() {
function resetAppRegistrationPassword() {
# Generate new secret for App Registration.
printf "Re-generate client secret for App Registration \"$APP_REGISTRATION_NETWORKPOLICY_CANARY\"...\n"
APP_REGISTRATION_CLIENT_ID=$(az ad app list --display-name "$APP_REGISTRATION_NETWORKPOLICY_CANARY" | jq -r '.[].appId')
APP_REGISTRATION_CLIENT_ID=$(az ad app list --filter "displayname eq '${APP_REGISTRATION_NETWORKPOLICY_CANARY}'" | jq -r '.[].appId')
# For some reason, description can not be too long.
UPDATED_APP_REGISTRATION_PASSWORD=$(az ad app credential reset \
--id "$APP_REGISTRATION_CLIENT_ID" \
Expand Down
4 changes: 2 additions & 2 deletions scripts/radix-zone/base-infrastructure/bootstrap.sh
Original file line number Diff line number Diff line change
Expand Up @@ -402,7 +402,7 @@ function set_permissions_on_dns() {
# Grant 'DNS Zone Contributor' permissions to a specific zone
# https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#dns-zone-contributor
printf "Azure dns zone: Setting permissions for \"${AZ_SYSTEM_USER_DNS}\" on \"${dns}\"..."
id="$(az ad sp list --display-name ${AZ_SYSTEM_USER_DNS} --query [].appId --output tsv)"
id="$(az ad sp list --filter "displayname eq '${AZ_SYSTEM_USER_DNS}'" --query [].appId --output tsv)"
az role assignment create --assignee "${id}" --role "DNS Zone Contributor" --scope "${scope}" --output none
printf "...Done\n"
}
Expand Down Expand Up @@ -532,7 +532,7 @@ function set_permissions_on_log_analytics_workspace() {
printf "Working on log analytics workspace \"${AZ_RESOURCE_LOG_ANALYTICS_WORKSPACE}\": "

printf "Setting permissions for \"${APP_REGISTRATION_LOG_API}\"..." # radix-cr-reader-dev
id="$(az ad sp list --display-name ${APP_REGISTRATION_LOG_API} --query [].appId --output tsv)"
id="$(az ad sp list --filter "displayname eq '${APP_REGISTRATION_LOG_API}'" --query [].appId --output tsv)"
# Delete any existing roles
az role assignment delete --assignee "${id}" --scope "${scope}" --output none
# Configure new roles
Expand Down
4 changes: 2 additions & 2 deletions scripts/radix-zone/base-infrastructure/lib_acr.sh
Original file line number Diff line number Diff line change
Expand Up @@ -69,14 +69,14 @@ function set_permissions_on_acr() {
printf "Working on container registry \"${AZ_RESOURCE_CONTAINER_REGISTRY}\": "

printf "Setting permissions for \"${AZ_SYSTEM_USER_CONTAINER_REGISTRY_READER}\"..." # radix-cr-reader-dev
id="$(az ad sp list --display-name ${AZ_SYSTEM_USER_CONTAINER_REGISTRY_READER} --query [].appId --output tsv)"
id="$(az ad sp list --filter "displayname eq '${AZ_SYSTEM_USER_CONTAINER_REGISTRY_READER}'" --query [].appId --output tsv)"
# Delete any existing roles
az role assignment delete --assignee "${id}" --scope "${scope}" --output none
# Configure new roles
az role assignment create --assignee "${id}" --role AcrPull --scope "${scope}" --output none

printf "Setting permissions for \"${AZ_SYSTEM_USER_CONTAINER_REGISTRY_CICD}\"..." # radix-cr-cicd-dev
id="$(az ad sp list --display-name ${AZ_SYSTEM_USER_CONTAINER_REGISTRY_CICD} --query [].appId --output tsv)"
id="$(az ad sp list --filter "displayname eq '${AZ_SYSTEM_USER_CONTAINER_REGISTRY_CICD}'" --query [].appId --output tsv)"
# Delete any existing roles
az role assignment delete --assignee "${id}" --scope "${scope}" --output none
# Configure new roles
Expand Down
10 changes: 5 additions & 5 deletions scripts/radix-zone/monitoring-infrastructure/create-sp.sh
Original file line number Diff line number Diff line change
Expand Up @@ -115,11 +115,11 @@ function create_monitoring_service_principal() {

# Skip creation if the sp exist
local testSP
testSP="$(az ad sp list --display-name "${name}" --query [].id --output tsv 2> /dev/null)"
testSP="$(az ad sp list --filter "displayname eq '${name}'" --query [].id --output tsv 2> /dev/null)"
if [ -z "$testSP" ]; then
echo "creating ${name}..."
password="$(az ad sp create-for-rbac --name "${name}" --query password --output tsv)"
id="$(az ad sp list --display-name "${name}" --query [].id --output tsv)"
id="$(az ad sp list --filter "displayname eq '${name}'" --query [].id --output tsv)"
secret="$(az ad sp credential list --id "${id}" --query "sort_by([?displayName=='rbac'], &endDateTime)[-1:].{endDateTime:endDateTime,keyId:keyId}")"
secret_id="$(echo "${secret}" | jq -r .[].keyId)"
expiration_date="$(echo "${secret}" | jq -r .[].endDateTime | sed 's/\..*//')"
Expand All @@ -138,11 +138,11 @@ function create_monitoring_service_principal() {
update_service_principal_owners "${name}"

echo "Update additional SP info..."
id="$(az ad sp list --display-name "${name}" --query [].id --output tsv)"
id="$(az ad sp list --filter "displayname eq '${name}'" --query [].id --output tsv)"
echo "This id ${id} and description: ${description}"
az ad sp update --id "${id}" --set notes="${description}"

echo "Done.\n"
echo "Done."
}

function create_monitoring_ar_secret(){
Expand All @@ -156,7 +156,7 @@ function create_monitoring_ar_secret(){
description="$3"

echo "Create secret for ${name}"
id="$(az ad app list --display-name "${name}" --query [].id --output tsv)"
id="$(az ad app list --filter "displayname eq '${name}'" --query [].id --output tsv)"

password="$(az ad app credential reset --id "${id}" --display-name "${secretname}" --append --query password --output tsv --only-show-errors)"
secret="$(az ad app credential list --id "${id}" --query "sort_by([?displayName=='${secretname}'], &endDateTime)[-1].{endDateTime:endDateTime,keyId:keyId}")"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -128,7 +128,7 @@ function assignRoleForResourceToUser() {

ROLE="${1}"
ROLE_SCOPE="${2}"
USER_ID="$(az ad sp list --display-name "${3}" --query [].appId --output tsv)"
USER_ID="$(az ad sp list --filter "displayname eq '${3}'" --query [].appId --output tsv)"

# Delete any existing roles before creating new roles
CURRENT_ROLES=$(az role assignment list --assignee "${USER_ID}" --scope "${ROLE_SCOPE}")
Expand Down
2 changes: 1 addition & 1 deletion scripts/service-principals-and-aad-apps/bootstrap.sh
Original file line number Diff line number Diff line change
Expand Up @@ -198,7 +198,7 @@ create_github_maintenance_mi() {
create_role_assignment_for_identity "${MI_GITHUB_MAINTENANCE}-${RADIX_ENVIRONMENT}" "${role_name}" "/subscriptions/${AZ_SUBSCRIPTION_ID}/resourceGroups/${AZ_RESOURCE_GROUP_LOGS}"
add-federated-gh-credentials "${MI_GITHUB_MAINTENANCE}-${RADIX_ENVIRONMENT}" "radix-flux" "master" "maintenance-${RADIX_ENVIRONMENT}"

MI_ID=$(az ad sp list --display-name "${MI_GITHUB_MAINTENANCE}-${RADIX_ENVIRONMENT}" --query [].appId --output tsv)
MI_ID=$(az ad sp list --filter "displayname eq '${MI_GITHUB_MAINTENANCE}-${RADIX_ENVIRONMENT}'" --query [].appId --output tsv)
gh_federated_credentials "radix-flux" "${MI_ID}" "${AZ_SUBSCRIPTION_ID}" "maintenance-${RADIX_ENVIRONMENT}"
}

Expand Down
22 changes: 11 additions & 11 deletions scripts/service-principals-and-aad-apps/lib_service_principal.sh
Original file line number Diff line number Diff line change
Expand Up @@ -147,7 +147,7 @@ function update_ad_app_owners() {
ad_group="Radix"
fi

id="$(az ad app list --display-name "${name}" --query [].appId --output tsv --only-show-errors)"
id="$(az ad app list --filter "displayname eq '${name}'" --query [].appId --output tsv --only-show-errors)"
printf "Updating owners of app registration \"${name}\"..."

ad_group_users=$(az ad group member list --group "${ad_group}" --query "[].[id,userPrincipalName]" --output tsv --only-show-errors)
Expand Down Expand Up @@ -196,7 +196,7 @@ function update_service_principal_owners() {
ad_group="Radix"
fi

sp_obj_id="$(az ad sp list --display-name "${name}" --query [].id --output tsv --only-show-errors)"
sp_obj_id="$(az ad sp list --filter "displayname eq '${name}'" --query [].id --output tsv --only-show-errors)"

printf "Updating owners of service principal \"${name}\"..."

Expand Down Expand Up @@ -245,11 +245,11 @@ function create_service_principal_and_store_credentials() {

# Skip creation if the sp exist
local testSP
testSP="$(az ad sp list --display-name "${name}" --query [].appId --output tsv 2>/dev/null)"
testSP="$(az ad sp list --filter "displayname eq '${name}'" --query [].appId --output tsv 2>/dev/null)"
if [ -z "$testSP" ]; then
printf "creating ${name}..."
password="$(az ad sp create-for-rbac --name "${name}" --query password --output tsv)"
id="$(az ad sp list --display-name "${name}" --query [].appId --output tsv)"
id="$(az ad sp list --filter "displayname eq '${name}'" --query [].appId --output tsv)"
secret="$(az ad sp credential list --id "${id}" --query "sort_by([?displayName=='rbac'], &endDateTime)[-1:].{endDateTime:endDateTime,keyId:keyId}")"
secret_id="$(echo "${secret}" | jq -r .[].keyId)"
expiration_date="$(echo "${secret}" | jq -r .[].endDateTime | sed 's/\..*//')"
Expand Down Expand Up @@ -282,10 +282,10 @@ function create_app_registration_and_service_principal() {
fi

printf "\nCreate AAD app registration and service principal "${name}"... "
app_id="$(az ad app list --display-name "${name}" --only-show-errors --query [0].appId -o tsv)"
app_id="$(az ad app list --filter "displayname eq '${name}'" --only-show-errors --query [0].appId -o tsv)"
if [[ -z $app_id ]]; then
printf "creating app registration... "
app_id=$(az ad app create --display-name $name --query appId -o tsv) || return
app_id=$(az ad app create --filter "displayname eq '${name}'" --query appId -o tsv) || return

app_objectId=$(az ad app list \
--filter "displayName eq '$name'" \
Expand Down Expand Up @@ -321,7 +321,7 @@ function set_app_registration_identifier_uris {

printf "\nUpdating identifierUris for app "${name}"... "

app_id="$(az ad app list --display-name "${name}" --only-show-errors --query [0].appId -o tsv)"
app_id="$(az ad app list --filter "displayname eq '${name}'" --only-show-errors --query [0].appId -o tsv)"
if [[ -z $app_id ]]; then
echo "ERROR: Could not find app registration "${name}". Quitting..." >&2
return 1
Expand Down Expand Up @@ -350,7 +350,7 @@ function set_app_registration_api_scopes {

printf "\nUpdating oauth2PermissionScopes for app "${name}"... "

app_obj_id="$(az ad app list --display-name "${name}" --only-show-errors --query [0].id -o tsv)"
app_obj_id="$(az ad app list --filter "displayname eq '${name}'" --only-show-errors --query [0].id -o tsv)"
if [[ -z $app_obj_id ]]; then
echo "ERROR: Could not find app registration "${name}". Quitting..." >&2
return 1
Expand Down Expand Up @@ -484,7 +484,7 @@ function refresh_service_principal_and_store_credentials_in_ad_and_keyvault() {

printf "Working on \"${name}\": Appending new credentials in Azure AD..."

id="$(az ad sp list --display-name "${name}" --query [].appId --output tsv)"
id="$(az ad sp list --filter "displayname eq '${name}'" --query [].appId --output tsv)"
password="$(az ad sp credential reset --name "${id}" --display-name "rbac" --append --query password --output tsv)"
secret="$(az ad sp credential list --id "${id}" --query "sort_by([?displayName=='rbac'], &endDateTime)[-1:].{endDateTime:endDateTime,keyId:keyId}")"
secret_id="$(echo "${secret}" | jq -r .[].keyId)"
Expand All @@ -508,7 +508,7 @@ function refresh_ad_app_and_store_credentials_in_ad_and_keyvault() {

printf "Working on \"${name}\": Appending new credentials in Azure AD..."

id="$(az ad app list --display-name "${name}" --query '[].appId' --output tsv)"
id="$(az ad app list --filter "displayname eq '${name}'" --query '[].appId' --output tsv)"
password="$(az ad app credential reset --id "${id}" --display-name "rbac" --append --query password --output tsv)"
sleep 5
secret="$(az ad app credential list --id "${id}" --query "sort_by([?displayName=='rbac'], &endDateTime)[-1:].{endDateTime:endDateTime,keyId:keyId}")"
Expand All @@ -528,7 +528,7 @@ function delete_service_principal_and_stored_credentials() {
printf "Working on service principal \"${name}\": "

printf "deleting user in az ad..."
id="$(az ad sp list --display-name "${name}" --query [].appId --output tsv)"
id="$(az ad sp list --filter "displayname eq '${name}'" --query [].appId --output tsv)"
az ad sp delete --id "${id}" --output none

printf "deleting credentials in keyvault..."
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -118,7 +118,7 @@ fi
function resetAppRegistrationPassword() {
# Generate new secret for App Registration.
printf "Re-generate client secret for App Registration \"$APP_REGISTRATION_SERVICENOW_CLIENT\"...\n"
APP_REGISTRATION_CLIENT_ID=$(az ad app list --display-name "$APP_REGISTRATION_SERVICENOW_CLIENT" | jq -r '.[].appId')
APP_REGISTRATION_CLIENT_ID=$(az ad app list --filter "displayname eq '${APP_REGISTRATION_SERVICENOW_CLIENT}'" | jq -r '.[].appId')
if [ -z "$APP_REGISTRATION_CLIENT_ID" ]; then
echo -e "\nERROR: Could not find app registration \"$APP_REGISTRATION_SERVICENOW_CLIENT\"." >&2;
return 1;
Expand Down
2 changes: 1 addition & 1 deletion scripts/update_app_registration_permissions.sh
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ if [[ -z "$PERMISSIONS" ]]; then
fi

function update_app_registration_permissions() {
APP_REGISTRATION_ID="$(az ad sp list --display-name "${APP_REGISTRATION_WEB_CONSOLE}" --query [].appId --output tsv 2>/dev/null)"
APP_REGISTRATION_ID="$(az ad sp list --filter "displayname eq '${APP_REGISTRATION_WEB_CONSOLE}'" --query [].appId --output tsv 2>/dev/null)"
if [ -z "$APP_REGISTRATION_ID" ]; then
printf " Could not find app registration. Exiting...\n"
return
Expand Down
2 changes: 1 addition & 1 deletion scripts/velero/bootstrap.sh
Original file line number Diff line number Diff line change
Expand Up @@ -186,7 +186,7 @@ echo "Done."
printf "Working on \"${APP_REGISTRATION_VELERO}\": Creating service principal..."
AZ_VELERO_SERVICE_PRINCIPAL_SCOPE="$(az group show --name ${AZ_VELERO_RESOURCE_GROUP} | jq -r '.id')"
AZ_VELERO_SERVICE_PRINCIPAL_PASSWORD="$(az ad sp create-for-rbac --name "$APP_REGISTRATION_VELERO" --scope="${AZ_VELERO_SERVICE_PRINCIPAL_SCOPE}" --role "Contributor" --query 'password' -o tsv)"
AZ_VELERO_SERVICE_PRINCIPAL_ID="$(az ad sp list --display-name "$APP_REGISTRATION_VELERO" --query '[0].appId' -o tsv)"
AZ_VELERO_SERVICE_PRINCIPAL_ID="$(az ad sp list --filter "displayname eq '${APP_REGISTRATION_VELERO}'" --query '[0].appId' -o tsv)"
AZ_VELERO_SERVICE_PRINCIPAL_DESCRIPTION="Used by Velero to access Azure resources"

printf "Update credentials in keyvault..."
Expand Down

0 comments on commit de38a35

Please sign in to comment.