Azure CLI - Self-Activate PIM Role Assignments

pim.sh

ROLE="User Access Administrator"

SUBSCRIPTION=$(az account show --query id -otsv)

if [ ! -z "$RESOURCE_GROUP" ]; then
  SCOPE="/providers/Microsoft.Subscription/subscriptions/$SUBSCRIPTION/resourceGroups/$RESOURCE_GROUP" # Group-scoped
  echo "Scope (Group): $SCOPE"
else
  SCOPE="/providers/Microsoft.Subscription/subscriptions/$SUBSCRIPTION" # Subscription-scoped
  echo "Scope (Subscription): $SCOPE"
fi

echo

URI="$SCOPE/providers/Microsoft.Authorization/roleAssignmentScheduleRequests/$(uuidgen)?api-version=2020-10-01"

read -r -d '' BODY <<EOF
{
  "properties": {
    "principalId": "$(az ad signed-in-user show --query id --output tsv)",
    "roleDefinitionId": "$(az role definition list --query "[?roleName=='$ROLE'].id | [0]" --output tsv)",
    "scheduleInfo": {
      "startDateTime": null,
      "expiration": {
        "duration": "PT8H",
        "type": "AfterDuration"
      }
    },
    "justification": "Deployment",
    "requestType": "SelfActivate"
  }
}
EOF

echo "$BODY" | az rest --method PUT --body "@-" --output yaml --uri "$URI"