Add script to assign Managed Identity to Maestro app#5427
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR adds a new PowerShell script for assigning managed identities to the Maestro application with specific roles. The script automates the process of granting user or admin roles to Azure Managed Identities by creating app role assignments via the Microsoft Graph API.
- Adds a script to assign managed identities user or admin roles in the Maestro application
- Uses Azure CLI and PowerShell Az modules to interact with Azure and Microsoft Graph
- Supports both user and admin role assignments with hardcoded role IDs
| [string]$ManagedIdentityName, | ||
|
|
||
| [Parameter(Mandatory = $false)] | ||
| [string]$AppServicePrincipal = "caf36d9b-2940-4270-9a1d-c494eda6ea18", # Maestro application object ID |
There was a problem hiding this comment.
this is the prod one? Maybe we should say that in the comment and also provide the staging one, so we don't have to look for it
There was a problem hiding this comment.
I guess then we'd have a different user and admin role ID too tho
There was a problem hiding this comment.
We could probs just fetch role ID same way we fetch principal ID
There was a problem hiding this comment.
Not sure how often would assigning MI to staging app be used though
There was a problem hiding this comment.
I think we don't have the permissions for that - we need to do that manually from the manifest
There was a problem hiding this comment.
I removed the comments about INT because there the app role IDs would not work anyway
There was a problem hiding this comment.
People can adjust this when using the script, I think
Co-authored-by: Copilot <[email protected]>
No description provided.