Stu Mace kewalaka
kewalaka
/ New-FederatedCredentials.ps1
Created
April 21, 2025 02:11
Create federated credentials for GH or ADO
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function New-FederatedCredentials { | |
| [CmdletBinding(DefaultParameterSetName='GitHub')] | |
| param( | |
| [Parameter(Mandatory)] | |
| [string]$managedIdentityName, | |
| [Parameter(Mandatory, ParameterSetName='GitHub', Position=0)] | |
| [string]$githubOrg, | |
| [Parameter(Mandatory, ParameterSetName='GitHub', Position=1)] | |
| [string]$githubRepo, |
kewalaka
/ destructivechanges.yml
Created
April 19, 2025 01:13
GitHub Action that can be used to check for breaking changes in Terraform module deployments.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: test-non-destructive | |
| on: | |
| workflow_dispatch: | |
| jobs: | |
| test-non-destructive: | |
| uses: kewalaka/terraform-azurerm-avm-template/.github/workflows/test-non-destructive-template.yml@feat/test-non-destructive | |
| name: test changes are non-destructive | |
| secrets: inherit |
kewalaka
/ Get-GraphPermissionsToUMI.ps1
Last active
April 10, 2025 07:38
This script grants specified Microsoft Graph API application permissions to a given user-assigned managed identity (UMI) by creating app role assignments. It is a shorter form of https://gist.github.com/kewalaka/68f8181846b8d8110ad380b0344c8785
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $umiSP = Get-MgServicePrincipal -Filter "DisplayName eq '$ManagedIdentityName'" | |
| $listPermissionAssignments = Get-MgServicePrincipalAppRoleAssignment -ServicePrincipalId $umiSP.Id | |
| Write-Output "Searching for roles for Managed Identity: '$($umiSP.DisplayName)'" | |
| foreach ($assignment in $listPermissionAssignments) { | |
| $resourceSP = Get-MgServicePrincipal -ServicePrincipalId $assignment.ResourceId | |
| # Find the app role definition that matches the AppRoleId from the assignment | |
| $appRole = $resourceSP.AppRoles | Where-Object { $_.Id -eq $assignment.AppRoleId } |
kewalaka
/ Grant-GraphPermissionsToUMI.ps1
Last active
April 10, 2025 02:05
This script grants specified Microsoft Graph API application permissions to a given user-assigned managed identity (UMI) by creating app role assignments.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| Assign Microsoft Graph API permissions to a user-assigned managed identity (UMI). | |
| .DESCRIPTION | |
| This script grants specified Microsoft Graph API application permissions to a given | |
| user-assigned managed identity (UMI) by creating app role assignments. | |
| .PARAMETER TenantId | |
| The Entra (Azure AD) tenant ID where the managed identity resides. |
kewalaka
/ Dockerfile
Created
March 18, 2025 06:11
A two stage Dockerfile for building Cocoon 2.1 from source & hosting on Tomcat 7.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # === STAGE 1: Build Cocoon === | |
| FROM openjdk:8 as builder | |
| # Set environment variables | |
| ENV JAVA_HOME=/usr/local/openjdk-8 | |
| ENV PATH="$JAVA_HOME/bin:$PATH" | |
| # Set working directory | |
| WORKDIR /usr/src/cocoon |
kewalaka
/ New-TerraformEnvironment.ps1
Created
January 13, 2025 19:32
A sample to illustrate creating a RG and SA for Terraform - used as a demo to seed projects
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| 1) Under the root folder, create a file called **secrets.ps1**. | |
| This file exists in gitignore, please check it is greyed out and is not included with git changes. | |
| 2) Populate that file with the following obtained from Azure. | |
| $env:ARM_TENANT_ID ='<tenantid>' | |
| $env:ARM_SUBSCRIPTION_ID = '<subscriptionId>' |
kewalaka
/ create-resources.ps1
Last active
January 1, 2025 02:49
A test case to explore access keys with Terraform
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This will help you create the necessary resources - you need permission to create a resource group & service principal. | |
| # We log in as the service principal to test the minimum amount of privileges. | |
| # In a production environment, OIDC or managed identities are preferred. | |
| # make sure you can log in. | |
| az login --tenant $env:ARM_TENANT_ID | |
| az account set --subscription $env:ARM_SUBSCRIPTION_ID | |
| # make a resource group, storage account, and service principal for Terraform state | |
| $random_suffix = -join ((97..122) | Get-Random -Count 12 | ForEach {[char]$_}) |
kewalaka
/ RoleDefinitionByName.tf
Last active
January 2, 2025 02:01
This terraform illustrates how to fetch the role definition ID via its common name (e.g. "Reader"), when using AzAPI.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| terraform { | |
| required_providers { | |
| azapi = { | |
| source = "Azure/azapi" | |
| version = "2.1.0" | |
| } | |
| } | |
| } | |
| variable "subscription_id" { |
kewalaka
/ action.yml
Last active
June 8, 2024 00:37
using GitHub Cloud runners for E2E tests with Azure Verified Modules
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # from .github/actions/e2e-testexamples/ | |
| author: AVM | |
| name: e2e - testexamples | |
| description: Tests the example supplied in the input. Needs checkout and Azure login prior. | |
| inputs: | |
| example: | |
| description: The example directory to test | |
| required: true | |
| runs: |
kewalaka
/ devdrive.ps1
Created
January 26, 2024 20:49
Move packages for various languages to a Dev Drive & configure environment vars
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Define the Dev Drive path | |
| $DevDrive = "D:\packages" | |
| # Function to display progress message | |
| function Show-Progress($message, $color) { | |
| Write-Host -ForegroundColor $color "Progress: $message" | |
| } | |
| # Create npm cache directory and set environment variable | |
| $npmCacheDir = Join-Path $DevDrive "npm" |
NewerOlder