az_ad_sp_create_for_rbac: Create a service principal (sp) and configure its access to...
In subugoe/AzureAppService: Deploy applications to Azure App Service
Description
Usage
Arguments
Details
Functions
Warning
Description
Prints a secret to the console as a JSON object.
Copy and set as a secret on your GitHub repository for use with the Azure Login Action.
Usage
1
2
3
4
5
6
7
8
9
10
11
12
13
az_ad_sp_create_for_rbac(
name = get_ghactions_url(),
role = "Contributor",
scopes = scope_down(),
years = 1,
...
)
scope_down(
subscription = az_account_show()$id,
resource_group = az_configure_list()$resource_group,
provider = paste("Microsoft.Web", "sites", az_configure_list()$name, sep = "/")
)
Arguments
name
A URI to use as the logic name.
It doesn't need to exist.
If not present (NULL), CLI will generate one (not recommended).
This is not the app name to which you're giving access, but the "app" which will be doing the accessing (say, a CI service).
The purpose of this name is to document the purpose of the sp.
Default uses the GitHub Actions URL for the repo to indicate that the sp is used inside GitHub Actions.
role
Role of the service principal.
Default value (or if NULL): Contributor.
scopes
Space-separated list of scopes the service principal's role assignment applies to.
If NULL (not recommended) sets the root of the current subscription.
Should be as minimal as possible.
Defaults to scope_down().
years
Number of years for which the credentials will be valid.
Default: 1 year.
Secrets should be rotated more often for extra security.
...
Arguments passed on to az_cli_run
cmdCommand, required, optional, additional, extra parameters, as for processx::run()
add parameters are reserved for the user to pass down additional arguments to the Azure CLI.
extra parameters are reserved for internal use.
reqCommand, required, optional, additional, extra parameters, as for processx::run()
add parameters are reserved for the user to pass down additional arguments to the Azure CLI.
extra parameters are reserved for internal use.
optCommand, required, optional, additional, extra parameters, as for processx::run()
add parameters are reserved for the user to pass down additional arguments to the Azure CLI.
extra parameters are reserved for internal use.
addCommand, required, optional, additional, extra parameters, as for processx::run()
add parameters are reserved for the user to pass down additional arguments to the Azure CLI.
extra parameters are reserved for internal use.
echo_cmdWhether to print the command to run to the screen.
echoWhether to print the standard output and error
to the screen. Note that the order of the standard output and error
lines are not necessarily correct, as standard output is typically
buffered.
subscription
Name or ID of the Azure subscription to which costs are billed.
According to an upvoted answer on Stack Overflow, Azure subscription IDs need not be considered a secret or personal identifiable information (PII).
However, depending your applicable context and policies, you may want to provide this argument as a secret.
To find out which subscriptions you are currently authorised to use, run print(az_account_list()).
resource_group
The Azure resource group to which the app service should belong.
provider
Specific Azure resource and its name to scope down to (such as a webapp).
Defaults to a web app named via az_configure().
Set to NULL to skip (not recommended).
Details
This is only necessary if you want an sp to programmatically access Azure resources on your behalf, as for example in a CI context.
If you only want interactive access to Azure resources, use az_login() instead.
You can manage existing sps on portal.azure.com.
Functions
-
scope_down: Minimal scopes for a webapp, as recommended by Azure Login GitHub Action, as of commit 7e173d1.
Check back with the source for current security recommendations.
subscription requires an ID, does not work with a name.
Use az_account_show() to substitute an ID for a name as in the default.
Warning
The printed secret allows programmatic access to an Azure resource and can be used for malicious purposes.
Ensure that the printed secret is never disclosed.
For example, make sure that your console logs aren't disclosed.
For security reasons, this function will only run in an interactive session.
subugoe/AzureAppService documentation built on Nov. 24, 2020, 5:39 a.m.
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
Description Usage Arguments Details Functions Warning
Description
Prints a secret to the console as a JSON object. Copy and set as a secret on your GitHub repository for use with the Azure Login Action.
Usage
1 2 3 4 5 6 7 8 9 10 11 12 13 | az_ad_sp_create_for_rbac(
name = get_ghactions_url(),
role = "Contributor",
scopes = scope_down(),
years = 1,
...
)
scope_down(
subscription = az_account_show()$id,
resource_group = az_configure_list()$resource_group,
provider = paste("Microsoft.Web", "sites", az_configure_list()$name, sep = "/")
)
|
Arguments
name |
A URI to use as the logic name.
It doesn't need to exist.
If not present ( This is not the app name to which you're giving access, but the "app" which will be doing the accessing (say, a CI service). The purpose of this name is to document the purpose of the sp. Default uses the GitHub Actions URL for the repo to indicate that the sp is used inside GitHub Actions. |
role |
Role of the service principal.
Default value (or if |
scopes |
Space-separated list of scopes the service principal's role assignment applies to.
If |
years |
Number of years for which the credentials will be valid. Default: 1 year. Secrets should be rotated more often for extra security. |
... |
Arguments passed on to
|
subscription |
Name or ID of the Azure subscription to which costs are billed. According to an upvoted answer on Stack Overflow, Azure subscription IDs need not be considered a secret or personal identifiable information (PII). However, depending your applicable context and policies, you may want to provide this argument as a secret. To find out which subscriptions you are currently authorised to use, run |
resource_group |
The Azure resource group to which the app service should belong. |
provider |
Specific Azure resource and its name to scope down to (such as a webapp).
Defaults to a web app named via |
Details
This is only necessary if you want an sp to programmatically access Azure resources on your behalf, as for example in a CI context.
If you only want interactive access to Azure resources, use az_login() instead.
You can manage existing sps on portal.azure.com.
Functions
-
scope_down: Minimal scopes for a webapp, as recommended by Azure Login GitHub Action, as of commit7e173d1. Check back with the source for current security recommendations.subscriptionrequires an ID, does not work with a name. Useaz_account_show()to substitute an ID for a name as in the default.
Warning
The printed secret allows programmatic access to an Azure resource and can be used for malicious purposes. Ensure that the printed secret is never disclosed. For example, make sure that your console logs aren't disclosed. For security reasons, this function will only run in an interactive session.
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
Embedding an R snippet on your website
Add the following code to your website.
For more information on customizing the embed code, read Embedding Snippets.