Add authentication and application management scripts for Azure AD
This commit is contained in:
28
bin/auth-test.js
Normal file
28
bin/auth-test.js
Normal file
@@ -0,0 +1,28 @@
|
||||
import { ClientSecretCredential } from "@azure/identity";
|
||||
import { config } from "../config.js";
|
||||
|
||||
// We need to wrap the async code in an IIFE
|
||||
// Check, authentication using @azure/identity requires a client secret.
|
||||
if (config.clientSecret) {
|
||||
console.log("Client secret is set.");
|
||||
// Create the client
|
||||
const credential = new ClientSecretCredential(
|
||||
config.tenantId,
|
||||
config.appId,
|
||||
config.clientSecret,
|
||||
);
|
||||
|
||||
const token = await credential.getToken(
|
||||
"https://management.azure.com/.default",
|
||||
);
|
||||
if (token) {
|
||||
console.log("Authentication with client secret successful.");
|
||||
} else {
|
||||
console.error("Authentication with client secret failed.");
|
||||
process.exit(1);
|
||||
}
|
||||
} else {
|
||||
console.warn(
|
||||
"Warning: No client secret generated. Authentication may fail if the application requires a client secret.",
|
||||
);
|
||||
}
|
||||
@@ -1,7 +1,7 @@
|
||||
#!/usr/bin/env node
|
||||
|
||||
const execSync = require('child_process').execSync;
|
||||
const { config } = require('../config.js');
|
||||
import { execSync } from 'child_process';
|
||||
import { config } from '../config.js';
|
||||
|
||||
// Get the Azure AD application ID by name
|
||||
const appId = execSync(`az ad app list --query "[?displayName=='${config.appName}'].appId" -o tsv`).toString().trim();
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
#!/usr/bin/env node
|
||||
|
||||
const execSync = require('child_process').execSync;
|
||||
const { config } = require('../config.js');
|
||||
const { parseArgs } = require('node:util');
|
||||
import { execSync } from 'child_process';
|
||||
import { config } from '../config.js';
|
||||
import { parseArgs } from 'node:util';
|
||||
|
||||
// Let's parse command line arguments:
|
||||
// --app-name <name> to override the default app name from config.js
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
#!/usr/bin/env node
|
||||
|
||||
const execSync = require("child_process").execSync;
|
||||
const { execSync, spawnSync } = require("child_process");
|
||||
const { writeFileSync } = require("fs");
|
||||
const { write } = require("node:fs");
|
||||
const { parseArgs } = require("node:util");
|
||||
const { parseArgs } = require("util");
|
||||
|
||||
const args = parseArgs({
|
||||
options: {
|
||||
"app-name": { type: "string", short: "a" },
|
||||
help: { type: "boolean", short: "h" },
|
||||
"generate-client-secret": { type: "boolean", short: "s" },
|
||||
},
|
||||
});
|
||||
|
||||
@@ -81,7 +81,7 @@ try {
|
||||
.trim(),
|
||||
);
|
||||
if (spIdList.length === 1) {
|
||||
spObjId = spIdList[0].objectId;
|
||||
spObjId = spIdList[0].id;
|
||||
} else {
|
||||
spObjId = null;
|
||||
}
|
||||
@@ -95,21 +95,52 @@ if (spObjId) {
|
||||
} else {
|
||||
// Now create the service principal for the app
|
||||
try {
|
||||
spObjId = execSync(`az ad sp create --id ${config.appId}`);
|
||||
spObjId = execSync(
|
||||
`az ad sp create --id ${config.appId} --query "id" -o tsv`,
|
||||
);
|
||||
console.log("Service principal created.");
|
||||
} catch (error) {
|
||||
console.log("Failed to create service principal.");
|
||||
}
|
||||
}
|
||||
|
||||
if (args.values["generate-client-secret"]) {
|
||||
// Generate a new client secret for the application
|
||||
try {
|
||||
result = spawnSync(
|
||||
"az",
|
||||
[
|
||||
"ad",
|
||||
"app",
|
||||
"credential",
|
||||
"reset",
|
||||
"--id",
|
||||
config.appId,
|
||||
"--query",
|
||||
"password",
|
||||
"-o",
|
||||
"tsv",
|
||||
],
|
||||
{ encoding: "utf-8" },
|
||||
);
|
||||
config.clientSecret = result.stdout.toString().trim();
|
||||
console.log("Client secret generated.");
|
||||
} catch (error) {
|
||||
console.error("Failed to generate client secret.");
|
||||
console.error(error);
|
||||
process.exit(1);
|
||||
}
|
||||
}
|
||||
|
||||
// Write the APP_ID to the .env file
|
||||
const envContent = `AZ_APP_NAME="${config.appName}"
|
||||
ARM_CLIENT_ID=${config.appId}
|
||||
ARM_TENANT_ID=${config.tenantId}
|
||||
ARM_CLIENT_ID=${config.appId}
|
||||
ARM_CLIENT_SECRET=${config.clientSecret || ""}
|
||||
`;
|
||||
|
||||
writeFileSync(".env", envContent);
|
||||
console.log(".env file created with AZ_APP_NAME, ARM_CLIENT_ID, and ARM_TENANT_ID.");
|
||||
console.log(".env file created with application configuration.");
|
||||
|
||||
// Save the config to the 'config.js' file.
|
||||
writeFileSync(
|
||||
@@ -118,4 +149,15 @@ writeFileSync(
|
||||
);
|
||||
console.log("config.js file created.");
|
||||
|
||||
// Check if we can change file mode permissions (Unix-like systems)
|
||||
// for sensitive files like .env and config.js.
|
||||
try {
|
||||
execSync("chmod 600 .env config.js");
|
||||
console.log("File permissions for .env and config.js set to 600.");
|
||||
} catch (error) {
|
||||
console.warn(
|
||||
"Could not set file permissions. Please ensure .env and config.js are secured appropriately.",
|
||||
);
|
||||
}
|
||||
|
||||
console.log("Setup complete.");
|
||||
Reference in New Issue
Block a user