add_azure_account_and_set_role_assignment_3.py 1.0 KB

1234567891011121314151617181920
  1. def get_azure_cloudcheckr_service_principal_id(AzureGraphApiBearerToken, AzureCloudCheckrApplicationName):
  2. """
  3. Gets the service principal id Azure Application that was specifically created for CloudCheckr.
  4. Note: This is not the application id. The service principal id is required for the role assignment.
  5. This uses the microsoft Graph API.
  6. https://docs.microsoft.com/en-us/graph/api/serviceprincipal-list?view=graph-rest-1.0&tabs=http
  7. """
  8. api_url = "https://graph.microsoft.com/v1.0/servicePrincipals?$filter=displayName eq '" + AzureCloudCheckrApplicationName + "'"
  9. authorization_value = "Bearer " + AzureGraphApiBearerToken
  10. response = requests.get(api_url, headers={"Authorization": authorization_value})
  11. if "value" in response.json():
  12. value = (response.json()["value"])[0]
  13. if ("id" in value) and ("appId" in value):
  14. return value["id"], value["appId"]
  15. print("Failed to get the Azure CloudCheckr Application Service principal Id")
  16. return None