Philipp Bauknecht GrillPhil

CEO @ medialesson. Microsoft Regional Director & MVP Windows Development. Father of identical twins. Passionate about great User Interfaces, NYC & Steaks

32 followers · 0 following

medialesson GmbH
Pforzheim, Germany
http://www.medialesson.de

View GitHub Profile

Recently created

Least recently created

Recently updated

Least recently updated

GrillPhil / azurecli.ps1

Created August 2, 2023 15:31

$customRoleDefinitionJson = $($customRoleDefinition | ConvertTo-Json -Depth 100 -Compress).Replace('"', '\"')

GrillPhil / azurecli.ps1

Created August 2, 2023 15:28

az role definition create --role-definition $customRoleDefinitionJson

GrillPhil / request-body.json

Last active August 2, 2023 15:33

	{
	"IsCustom": true,
	"Name": "test-dev-custom-role",
	"Actions": [
	"Microsoft.Resources/deployments/*",
	"Microsoft.Authorization/*/read"
	],
	"AssignableScopes": [
	"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-myapp-dev"
	]

GrillPhil / create-custom-role.ps1

Last active August 2, 2023 15:24

	$subscriptionId = "00000000-0000-0000-0000-000000000000"
	$resourceGroupName = "rg-myapp-dev"
	$project = "myapp"
	$env = "dev"
	$customRoleDefinitionName = "$($projectName)-$($env)-custom-role"
	$customRoleDefinition = @{
	Name = $customRoleDefinitionName
	IsCustom = $true
	AssignableScopes = @(
	"/subscriptions/$($subscriptionId)/resourceGroups/$($resourceGroupName)"

GrillPhil / azure-pipelines.yml

Created July 24, 2023 12:27

	name: secure-ng-demo

	trigger:
	branches:
	include:
	- main
	paths:
	exclude:
	- docs/*/
	- /**/readme.md

GrillPhil / staticwebapp.config.json

Created July 24, 2023 12:18

	{
	"routes": [
	{
	"route": "/*",
	"allowedRoles": [
	"authenticated"
	]
	}
	],
	"navigationFallback": {

GrillPhil / run-bicep.ps1

Last active July 24, 2023 12:24

	$deploymentResult = az deployment group create `
	--resource-group $($ENV:AZ_PLATFORM_RESOURCE_GROUP_NAME) `
	--name $($ENV:DEPLOYMENT_NAME) `
	--template-file "$($ENV:STAGE_BICEP_PATH)/main.bicep" `
	--parameters `
	productPrefix="$($ENV:AZ_DEPLOYMENT_NAME)" `
	envName="$($ENV:ENV_NAME)" `
	appClientId="$($ENV:APP_CLIENT_ID)" `
	appClientSecret="$($ENV:APP_CLIENT_SECRET)" `
	\| ConvertFrom-Json

GrillPhil / main.bicep

Created July 24, 2023 12:10

	param productPrefix string
	@allowed([
	'dev'
	'test'
	'prod'
	])
	param envName string
	param location string = resourceGroup().location
	param appClientId string
	@secure()

GrillPhil / rbac-keyvault.bicep

Created July 24, 2023 12:09

	param keyVaultName string
	param principalId string
	param roleId string = '4633458b-17de-408a-b874-0445c86b69e6' // Key Vault Secrets User

	resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
	name: keyVaultName
	}

	resource keyVaultAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
	name: guid(subscription().subscriptionId, keyVaultName, roleId, principalId)

GrillPhil / keyvault-secret.bicep

Created July 24, 2023 12:08

	param keyVaultName string
	param name string
	@secure()
	param value string

	resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
	name: keyVaultName
	resource storageSecret 'secrets' = {
	name: name
	properties: {

NewerOlder