{"id":24227749,"url":"https://github.com/git719/az","last_synced_at":"2025-03-04T06:15:00.520Z","repository":{"id":144688360,"uuid":"488571416","full_name":"git719/az","owner":"git719","description":"Python Azure utilities","archived":false,"fork":false,"pushed_at":"2023-05-30T00:31:33.000Z","size":236,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-14T10:29:38.515Z","etag":null,"topics":["azure","msal","msgraph","powershell","python","rbac"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/git719.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-05-04T12:02:22.000Z","updated_at":"2024-11-29T01:02:43.000Z","dependencies_parsed_at":null,"dependency_job_id":"7947b91d-b9de-4d5a-9b17-2efe0adcb4a7","html_url":"https://github.com/git719/az","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/git719%2Faz","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/git719%2Faz/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/git719%2Faz/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/git719%2Faz/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/git719","download_url":"https://codeload.github.com/git719/az/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241794137,"owners_count":20021193,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["azure","msal","msgraph","powershell","python","rbac"],"created_at":"2025-01-14T10:20:28.227Z","updated_at":"2025-03-04T06:15:00.515Z","avatar_url":"https://github.com/git719.png","language":"Python","readme":"# Azure\nUseful [Microsoft Azure Cloud](https://azure.microsoft.com/en-us/) code. \n\n## RBAC and MS Graph Management\nThese utilities can list RBAC and MS Graph object details, but are primarily examples of how to use the [Microsoft Authentication Library (MSAL) for Python](https://docs.microsoft.com/en-us/python/api/overview/azure/msal-python-overview?view=azure-python), especially the MSAL library Client Credential authentication flow. They are partly based on the following:\n\n- \u003chttps://github.com/AzureAD/microsoft-authentication-library-for-python/blob/dev/sample/confidential_client_secret_sample.py\u003e\n- \u003chttps://gist.github.com/darrenjrobinson/8fb22f39aa65e9481c3fd3604ea1aa37\u003e\n\nThe code can be used as basis for code that needs to: \n\n1. Use the Python MSAL library to acquire a token for a specific API, like MS Graph or Azure Resource Management\n\n2. Then use that token to access that API\n\n\n### Requirements\nYou must register a specific client app in your tenant and grant it the required permissions for the specific functions each utility requires. See \u003chttps://github.com/AzureAD/microsoft-authentication-library-for-python/wiki/Client-Credentials#registering-client-secrets-using-the-application-registration-portal\u003e for how to do an app registration.\n\nThe scripts use a configuration directory at `$HOME/.\u003cscript_name\u003e` to retrieve and store the required credentials, and also to store local cache files. The `credentials.yaml` file must be formated as follows: \n\n```\ntenant_id:     UUID\nclient_idi:    UUID\nclient_secret: SECRET\n```\n\nIf `credentials.yaml` file doesn't exist, an empty skeleton one will be created that you need to fill out accordingly.\n\n\n### azls\nThis is an Azure RBAC and MS Graph listing utility.\n\nThis is the Python version. The GoLang version is at https://github.com/git719/zls. This version is a little slower, but the code can be useful for those working with Python. **Note**, this version is also usually behind in updates and may be fully rescinded and archived in the future in favor of the better GoLang version.\n\n\n### aztag\nA Proof-of-Concept script to test listing and updating of a Service Principal object's `tags` attribute. You have to know the SP's UUID. Usage: \n\n```\naztag Azure SP tagging utility v1.0\n      UUID                        Display Service Principal (SP) tags attribute\n      UUID \"tag1,tag2\"            Set SP tags to quoted, comma-delimited list\n      [-i] UUID                   Use interactive Azure logon to display SP tags\n      [-i] UUID \"tag1,tag2\"       Use interactive Azure logon to update SP tags\n      -xt                         Delete cached accessTokens file\n      -v                          Print this usage page\n```\n\n\n### azup\nAn RBAC role definition and assignment creator or updater.\n\n```\nazup Azure RBAC role definition \u0026 assignment creator/updater v123\n     -d SPECFILE      Create or update role definition as per SPECFILE in JSON format\n     -a SPECFILE      Create or update role assignment as per SPECFILE in YAML format\n     -v               Display this usage\n```\n\n### azrm\nAn RBAC role definition and assignment remover.\n\n```\nazrm Azure RBAC role definition \u0026 assignment remover v121\n     -d UUID|SPECFILE|\"role name\"      Delete role definition from Azure (SPECFILE in JSON format)\n     -a UUID|SPECFILE                  Delete role assignment from Azure (SPECFILE in YAML format)\n     -v                                Display this usage\n```\n\n### createAppSpPair\nThis is the Python equivalent of `Create-AppSpPair.ps1`: \n\n```\nAzure App/SP combo creation utility v21\n  Usage: azappsp APP_SP_NAME\n```\nThis version is non-interactive and therefore requires the registered app with necessary privileges that is mentioned above.\n\n### manageSpAuth\nReads and updates a Service Principal's oAuth2PermissionGrants from the command line. Another example of how to use MSAL libraries with Python.\n\n```\nmanageSpAuth Azure SP API permissions utility v19\n    SP_OBJECT_UUID                        Display Service Principal API permissions\n    -a oAuth2PermissionGrant_object.json  Create oAuth2PermissionGrant based on file\n    -k                                    Create a skeleton oAuth2PermissionGrant_object.json file\n    ID                                    Display oAuth2PermissionGrants object\n    -d ID                                 Delete oAuth2PermissionGrants ID\n    ID \"space-separated claims list\"      Update oAuth2PermissionGrants ID with provided claims list\n\n    -z                                    Dump variables in running program\n    -cr                                   Dump values in credentials file\n    -cr  TENANT_ID CLIENT_ID SECRET       Set up MSAL automated client_id + secret login\n    -cri TENANT_ID USERNAME               Set up MSAL interactive browser popup login\n    -tx                                   Delete MSAL local cache file\n```\n\n### createAzGroup\nSample python code for creating Azure AD groups from the command line.\n\n### Managed-SpAuth.ps1\nThe `Manage-SpAuth.ps1` script is the PowerShell equivalent of `manageSpAuth`. It leverages the MSAL libraries, using the `MSAL.PS` module. It also use the `powershell-yaml` module to help locally store and managed the credential configuration settings.\n\n### Create-AppSpPair.ps1\nThe `Create-AppSpPair.ps1` script can be used to quickly create an ad hoc App registration + Service Principal combination, with a password for the app. This script leverages the same MSAL methodologies used by all the other PowerShell scripts here.\n\n### Create-AzGroup.ps1\nThe `Create-AzGroup.ps1` script can be used to quickly create an Azure AD group from the CLI. Same as the Python version above called `createAzGroup`.\n\n### Decode-MgToken.ps1\nDecodes a JWT token string.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgit719%2Faz","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgit719%2Faz","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgit719%2Faz/lists"}