-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathazure-pipelines.yml
79 lines (78 loc) · 3.2 KB
/
azure-pipelines.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
trigger:
- master
variables:
- group: AzureAppRegistration
pool:
vmImage: ubuntu-latest
steps:
- checkout: self
persistCredentials: true
- task: PowerShell@2
inputs:
targetType: 'inline'
script: |
<#
Version: 1.0
#>
Function Get-AuthHeader {
param (
[parameter(Mandatory = $true)]$tenantId,
[parameter(Mandatory = $true)]$clientId,
[parameter(Mandatory = $true)]$clientSecret
)
$authBody = @{
client_id = $clientId
client_secret = $clientSecret
scope = "https://graph.microsoft.com/.default"
grant_type = "client_credentials"
}
$uri = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token"
$accessToken = Invoke-WebRequest -Uri $uri -ContentType "application/x-www-form-urlencoded" -Body $authBody -Method Post -ErrorAction Stop -UseBasicParsing
$accessToken = $accessToken.content | ConvertFrom-Json
$authHeader = @{
'Content-Type' = 'application/json'
'Authorization' = "Bearer " + $accessToken.access_token
'ExpiresOn' = $accessToken.expires_in
}
return $authHeader
}
#################################################################################################
########################################### Start ###############################################
#################################################################################################
# Variables
$tenantId = "$(tenantId)"
$clientId = "$(clientId)"
$clientSecret = "$(AppSecret)"
# Authentication
$global:authToken = Get-AuthHeader -tenantId $tenantId -clientId $clientId -clientSecret $clientSecret
#Define permission subjects
$PermissionSubjects = "directory", "deviceManagement", "cloudPC"
ForEach ($Subject in $PermissionSubjects) {
#Query graph
Write-Host Subject is $Subject
$GraphURL = "https://graph.microsoft.com/beta/roleManagement/$Subject/roleDefinitions"
Write-Host GraphURL is $GraphURL
$GraphRequest = Invoke-RestMethod -Uri $GraphURL -ContentType 'application/json' -Headers $authToken -Method GET
$GraphRequest = $GraphRequest.Value | Where-Object { $_.isBuiltIn -eq $true } | Select-Object description, displayName, RolePermissions
#Detect directory
If ($Subject -eq "directory") {
$Directory = "Entra Azure AD roles"
} elseif ($Subject -eq "deviceManagement" -or "cloudPC") {
$Directory = "Intune roles"
}
#Save files
$GraphRequest | ForEach-Object {
$FileName = "./$Directory/" + ($_.displayName).replace(" ", "") + ".json"
$_ | ConvertTo-Json -Depth 5 | Out-File -FilePath $FileName
}
}
dir
- script: |
git config --global user.email "[email protected]"
git config --global user.name "thenikk"
git checkout -b main
git add -A
git commit -m "deployment $(Build.BuildNumber)"
git push --set-upstream origin main
displayName: Git
workingDirectory: $(System.DefaultWorkingDirectory)