Skip to content

Commit 52e386a

Browse files
pim-simonspim-simons
authored
docs: publish v1.5.0 feature docs (#453)
1 parent 349d6aa commit 52e386a

23 files changed

Lines changed: 3322 additions & 0 deletions

docs/versioned_docs/version-v1.5.0/01-index.md

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
---
2+
title: "Arcus - Scripting"
3+
layout: default
4+
slug: /
5+
sidebar_label: Welcome
6+
---
7+
8+
# Introduction
9+
Arcus Scripting provides an answer to many frequently-used, repeated tasks in Azure. Categorized in separate PowerShell modules, these functions help with backing up your API Management service, removing resource locks, disabling Logic Apps, injecting content in ARM templates, and many more!
10+
11+
Take a quick look at the sidebar categories to find more information on the resource or topic you're working with.
12+
13+
![Arcus Azure diagram](/img/arcus-azure-diagram.png)
14+
15+
# License
16+
This is licensed under The MIT License (MIT). Which means that you can use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the web application. But you always need to state that Codit is the original author of this web application.
17+
18+
*[Full license here](https://github.com/arcus-azure/arcus.scripting/blob/master/LICENSE)*

docs/versioned_docs/version-v1.5.0/02-Guidelines/Installation.md

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
---
2+
title: "Installation"
3+
layout: default
4+
---
5+
6+
# Installation
7+
8+
To have access to the Arcus Scripting features, you have to import the modules.
9+
The best practice for usage in your build and release pipelines is to use the following commands:
10+
11+
``` powershell
12+
PS> Set-PSRepository -Name PSGallery -InstallationPolicy Trusted
13+
PS> Install-Module -Name Arcus.Scripting.{Module} -AllowClobber
14+
```
15+
16+
This drastically improves performance over using the `-Force` parameter and as such, usage of the `-Force` parameter is not recommended.

docs/versioned_docs/version-v1.5.0/03-Features/powershell/azure-active-directory.md

Lines changed: 122 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,122 @@
1+
---
2+
title: "Azure Active Directory"
3+
layout: default
4+
---
5+
6+
# Azure Active Directory
7+
8+
## Installation
9+
10+
To have access to the following features, you have to import the module:
11+
12+
```powershell
13+
PS> Install-Module -Name Arcus.Scripting.ActiveDirectory
14+
```
15+
16+
## Access Rights to Azure Active Directory
17+
18+
To interact with Azure Active Directory these scripts use the [Microsoft.Graph.Applications](https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.applications/) module, import this module:
19+
20+
```powershell
21+
PS> Install-Module -Name Microsoft.Graph.Applications
22+
```
23+
24+
After importing this module, make sure you are connected to Microsoft Graph with the following scopes:
25+
26+
```powershell
27+
PS> Connect-MgGraph -Scopes "Application.ReadWrite.All,AppRoleAssignment.ReadWrite.All"
28+
```
29+
30+
## Listing the Roles and Role Assignments for an Azure Active Directory Application
31+
32+
Lists the roles and role assignments for an Azure Active Directory Application.
33+
34+
| Parameter | Mandatory | Description |
35+
| ------------------------- | --------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
36+
| `ClientId` | yes | The client ID of the Azure Active Directory Application Registration for which the roles and assignments are retrieved. |
37+
| `RolesAssignedToClientId` | no | The client ID of the Azure Active Directory Application Registration to which roles have been assigned, used when you only want to retrieve the assignments for this specific application. |
38+
39+
**Example**
40+
41+
Retrieving all information for a Client Id.
42+
43+
```powershell
44+
PS> List-AzADAppRoleAssignments `
45+
-ClientId "b885c208-6067-44bd-aba9-4010c62b7d85"
46+
#Found role 'FirstRole' on Active Directory Application 'main-application'
47+
#Role 'FirstRole' is assigned to the Active Directory Application 'client-application-one' with ID '6ea09bbd-c21c-460c-b58a-f4a720f51826'
48+
#Role 'FirstRole' is assigned to the Active Directory Application 'client-application-two' with ID 'ebafc99d-cbf4-4bd2-9295-f2b785cfc1a1'
49+
#Found role 'SecondRole' on Active Directory Application 'arcus-scripting-test-main'
50+
#Role 'SecondRole' is assigned to the Active Directory Application 'client-application-one' with ID '6ea09bbd-c21c-460c-b58a-f4a720f51826'
51+
```
52+
53+
Retrieving all information for a Client Id and a specific role.
54+
55+
```powershell
56+
PS> List-AzADAppRoleAssignments `
57+
-ClientId 'b885c208-6067-44bd-aba9-4010c62b7d85' `
58+
-RolesAssignedToClientId '6ea09bbd-c21c-460c-b58a-f4a720f51826'
59+
#Found role 'FirstRole' on Active Directory Application 'main-application'
60+
#Role 'FirstRole' is assigned to the Active Directory Application 'client-application-one' with id '6ea09bbd-c21c-460c-b58a-f4a720f51826'
61+
#Found role 'SecondRole' on Active Directory Application 'main-application'
62+
#Role 'SecondRole' is assigned to the Active Directory Application 'client-application-one' with id '6ea09bbd-c21c-460c-b58a-f4a720f51826'
63+
```
64+
65+
## Add a Role and Assignment for an Azure Active Directory Application
66+
67+
Adds a role assignment for an Azure Active Directory Application. The role will be added to the Azure Active Directory Application Registration defined by the `ClientId` parameter, and a role assignment for this role will be added to the Azure Active Directory Application Registration defined by the `AssignRoleToClientId` parameter.
68+
69+
| Parameter | Mandatory | Description |
70+
| ---------------------- | --------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
71+
| `ClientId` | yes | The client ID of the Azure Active Directory Application Registration to which the role will be added if not present. |
72+
| `Role` | yes | The name of the role. |
73+
| `AssignRoleToClientId` | yes | The client ID of the Azure Active Directory Application Registration for which the role assignment will be created. The role assignment will be created based on the role added to the Azure Active Directory Application Registration defined by the `ClientId`. |
74+
75+
**Example**
76+
77+
```powershell
78+
PS> Add-AzADAppRoleAssignment `
79+
-ClientId "b885c208-6067-44bd-aba9-4010c62b7d85" `
80+
-Role "DummyRole" `
81+
-AssignRoleToClientId "6ea09bbd-c21c-460c-b58a-f4a720f51826"
82+
#Active Directory Application 'main-application' does not contain the role 'DummyRole', adding the role
83+
#Added Role 'DummyRole' to Active Directory Application 'main-application'
84+
#Role Assignment for the role 'DummyRole' added to the Active Directory Application 'client-application-one'
85+
```
86+
87+
## Remove a Role and Assignment from an Azure Active Directory Application
88+
89+
Removes a role assignment for an Azure Active Directory Application.
90+
91+
| Parameter | Mandatory | Description |
92+
| ---------------------------------- | --------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
93+
| `ClientId` | yes | The client ID of the Azure Active Directory Application Registration containing the role for which the assignment must be removed. |
94+
| `Role` | yes | The name of the role. |
95+
| `RemoveRoleFromClientId` | yes | The client ID of the Azure Active Directory Application Registration for which the role assignment will be removed. |
96+
| `RemoveRoleIfNoAssignmentsAreLeft` | no | Indicate whether to remove the role from the Azure Active Directory Application Registration defined by the `ClientId` parameter when no more role assignments remain for the role. |
97+
98+
**Example**
99+
100+
Removes a role assignment.
101+
102+
```powershell
103+
PS> Remove-AzADAppRoleAssignment `
104+
-ClientId "b885c208-6067-44bd-aba9-4010c62b7d85" `
105+
-Role "DummyRole" `
106+
-RemoveRoleFromClientId "6ea09bbd-c21c-460c-b58a-f4a720f51826" `
107+
#Role assignment for 'DummyRole' has been removed from Active Directory Application 'client-application-one'
108+
```
109+
110+
Removes a role assignment and removes the fole if no assignments are left on the role.
111+
112+
```powershell
113+
PS> Remove-AzADAppRoleAssignment `
114+
-ClientId "b885c208-6067-44bd-aba9-4010c62b7d85" `
115+
-Role "DummyRole" `
116+
-RemoveRoleFromClientId "6ea09bbd-c21c-460c-b58a-f4a720f51826" `
117+
-RemoveRoleIfNoAssignmentsAreLeft
118+
#Role assignment for 'DummyRole' has been removed from Active Directory Application 'client-application-one'
119+
#Role 'DummyRole' on Active Directory Application 'main-application' has been disabled as no more role assignments were left and the option 'RemoveRoleIfNoAssignmentsAreLeft' is set
120+
#Role 'DummyRole' removed from Active Directory Application 'main-application' as no more role assignments were left and the option 'RemoveRoleIfNoAssignmentsAreLeft' is set
121+
```
122+

0 commit comments

Comments
 (0)