Luiz-Monad · February 14, 2024 23:01
diff --git a/rbac.ps1 b/rbac.ps1
 @description('Location of service resource')
 param location string

 @description('Name of the service resource')
 param name string

 @description('Current time set by system')
 param currentTime string = utcNow()

 resource script 'Microsoft.Resources/deploymentScripts@2019-10-01-preview' = {
  name: 'script-${name}'
  location: location
  kind: 'AzurePowerShell'
  identity: {
    type: 'UserAssigned'
    userAssignedIdentities: {
      '${resourceId('app-reg-automation', 'Microsoft.ManagedIdentity/userAssignedIdentities', 'AppRegCreator')}': {}
    }
  }
  properties: {
    azPowerShellVersion: '5.0'
    arguments: '-resourceName "${name}"'
    scriptContent: '''
      param([string] $resourceName)            
      $app = (az ad sp create-for-rbac --name $resourceName --output json | convertfrom-json)
      $sp = (az ad sp show --id $app.appId --output json | convertfrom-json).id       
      $DeploymentScriptOutputs = @{
        tenantId = $app.tenant
        clientId = $app.appId
        clientSecret = $app.password
        objectId = $sp.id
      }
    '''
    cleanupPreference: 'OnSuccess'
    retentionInterval: 'P1H'
    forceUpdateTag: currentTime // ensures script will run every time
  }
 }

 @description('Resource ID of the tenant')
 output tenantId string = script.properties.outputs.tenantId

 @description('Resource ID of the application')
 output clientId string = script.properties.outputs.clientId

 @description('Password of the application')
 output clientSecret string = script.properties.outputs.clientSecret

 @description('Resource ID of the service principal')
 output objectId string = script.properties.outputs.objectId
	@description('Location of service resource')
	param location string

	@description('Name of the service resource')
	param name string

	@description('Current time set by system')
	param currentTime string = utcNow()

	resource script 'Microsoft.Resources/deploymentScripts@2019-10-01-preview' = {
	name: 'script-${name}'
	location: location
	kind: 'AzurePowerShell'
	identity: {
	type: 'UserAssigned'
	userAssignedIdentities: {
	'${resourceId('app-reg-automation', 'Microsoft.ManagedIdentity/userAssignedIdentities', 'AppRegCreator')}': {}
	}
	}
	properties: {
	azPowerShellVersion: '5.0'
	arguments: '-resourceName "${name}"'
	scriptContent: '''
	param([string] $resourceName)
	$app = (az ad sp create-for-rbac --name $resourceName --output json \| convertfrom-json)
	$sp = (az ad sp show --id $app.appId --output json \| convertfrom-json).id
	$DeploymentScriptOutputs = @{
	tenantId = $app.tenant
	clientId = $app.appId
	clientSecret = $app.password
	objectId = $sp.id
	}
	'''
	cleanupPreference: 'OnSuccess'
	retentionInterval: 'P1H'
	forceUpdateTag: currentTime // ensures script will run every time
	}
	}

	@description('Resource ID of the tenant')
	output tenantId string = script.properties.outputs.tenantId

	@description('Resource ID of the application')
	output clientId string = script.properties.outputs.clientId

	@description('Password of the application')
	output clientSecret string = script.properties.outputs.clientSecret

	@description('Resource ID of the service principal')
	output objectId string = script.properties.outputs.objectId