bert.hausmans/cmdb-insight
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
71480cedd632c7eeef18db56a9dd91c12b81d6aa
cmdb-insight/scripts/grant-keyvault-access-admin.sh
Bert Hausmans b8d7e7a229 Fix logger for Azure App Service and update deployment docs 
- Fix logger to handle Azure App Service write restrictions
- Skip file logging in Azure App Service (console logs captured automatically)
- Add deployment scripts for App Service setup
- Update documentation with correct resource names
- Add Key Vault access request documentation
- Add alternative authentication methods for ACR and Key Vault
2026-01-22 00:51:53 +01:00

90 lines
2.5 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Grant Key Vault Access - For Admin to Run
# This script grants Key Vault access to App Service Managed Identities
# Run this script as a user with "User Access Administrator" or "Owner" role
set -e
# Configuration
KEY_VAULT_NAME="zdl-cmdb-insight-prd-kv"
RESOURCE_GROUP="zdl-cmdb-insight-prd-euwe-rg"
BACKEND_APP_NAME="zdl-cmdb-insight-prd-backend-webapp"
FRONTEND_APP_NAME="zdl-cmdb-insight-prd-frontend-webapp"
echo "🔐 Granting Key Vault Access to App Services..."
echo ""
# Get Key Vault Resource ID
echo "📋 Getting Key Vault Resource ID..."
KV_ID=$(az keyvault show --name $KEY_VAULT_NAME --query id -o tsv)
echo " Key Vault ID: $KV_ID"
echo ""
# Get Backend Principal ID
echo "🔑 Getting Backend Principal ID..."
BACKEND_PRINCIPAL_ID=$(az webapp identity show \
--name $BACKEND_APP_NAME \
--resource-group $RESOURCE_GROUP \
--query principalId -o tsv)
if [ -z "$BACKEND_PRINCIPAL_ID" ]; then
echo "❌ Failed to get Backend Principal ID. Is Managed Identity enabled?"
exit 1
fi
echo " Backend Principal ID: $BACKEND_PRINCIPAL_ID"
echo ""
# Get Frontend Principal ID
echo "🔑 Getting Frontend Principal ID..."
FRONTEND_PRINCIPAL_ID=$(az webapp identity show \
--name $FRONTEND_APP_NAME \
--resource-group $RESOURCE_GROUP \
--query principalId -o tsv)
if [ -z "$FRONTEND_PRINCIPAL_ID" ]; then
echo "⚠️ Warning: Could not get Frontend Principal ID. Skipping frontend."
FRONTEND_PRINCIPAL_ID=""
fi
if [ -n "$FRONTEND_PRINCIPAL_ID" ]; then
echo " Frontend Principal ID: $FRONTEND_PRINCIPAL_ID"
echo ""
fi
# Grant Key Vault Secrets User role to Backend
echo "🔓 Granting 'Key Vault Secrets User' role to Backend..."
az role assignment create \
--assignee $BACKEND_PRINCIPAL_ID \
--role "Key Vault Secrets User" \
--scope $KV_ID \
--output none
echo "✅ Backend access granted"
echo ""
# Grant Key Vault Secrets User role to Frontend (if available)
if [ -n "$FRONTEND_PRINCIPAL_ID" ]; then
echo "🔓 Granting 'Key Vault Secrets User' role to Frontend..."
az role assignment create \
--assignee $FRONTEND_PRINCIPAL_ID \
--role "Key Vault Secrets User" \
--scope $KV_ID \
--output none
echo "✅ Frontend access granted"
echo ""
fi
echo "✅ Key Vault access configured successfully!"
echo ""
echo "📋 Summary:"
echo " Key Vault: $KEY_VAULT_NAME"
echo " Backend App: $BACKEND_APP_NAME"
echo " Backend Principal ID: $BACKEND_PRINCIPAL_ID"
if [ -n "$FRONTEND_PRINCIPAL_ID" ]; then
echo " Frontend App: $FRONTEND_APP_NAME"
echo " Frontend Principal ID: $FRONTEND_PRINCIPAL_ID"
fi
echo ""
Reference in New Issue View Git Blame Copy Permalink