-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathrename_service_connection_applications.ps1
124 lines (107 loc) · 6.53 KB
/
rename_service_connection_applications.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
#!/usr/bin/env pwsh
<#
.SYNOPSIS
Rename appliuations used by Azure DevOps service connections
.DESCRIPTION
Rename appliuations used by Azure DevOps service connections to include the organization, project and service connection name
#>
#Requires -Version 7
param (
[parameter(Mandatory=$false,HelpMessage="Name of the Azure DevOps Organization")]
[ValidateNotNullOrEmpty()]
[string]
$OrganizationUrl=($env:AZDO_ORG_SERVICE_URL ?? $env:SYSTEM_COLLECTIONURI),
[parameter(Mandatory=$false,HelpMessage="Name of the Azure DevOps Project")]
[ValidateNotNullOrEmpty()]
[string[]]
$Project=@($env:SYSTEM_TEAMPROJECT),
[parameter(Mandatory=$false)]
[switch]
$WhatIf=$false,
[parameter(Mandatory=$false,HelpMessage="Reset application name to default")]
[switch]
$Reset=$false,
[parameter(Mandatory=$false,HelpMessage="Azure Active Directory tenant id")]
[guid]
$TenantId=($env:ARM_TENANT_ID ?? $env:AZURE_TENANT_ID ?? [guid]::Empty)
)
Write-Debug $MyInvocation.line
. (Join-Path $PSScriptRoot .. functions.ps1)
# Login to Azure CLI
Write-Verbose "Logging into Azure..."
Login-Az -Tenant ([ref]$TenantId)
# Get org & user information
$organizationName=($OrganizationUrl -split '/' | Select-Object -Index 3)
$OrganizationUrl -replace "/*$", "" | Set-Variable -Name OrganizationUrl
$userName=(az account show --query user.name -o tsv)
foreach ($azdoProject in $Project) {
# Get owned service connections using AAD tenant
az devops service-endpoint list --project $azdoProject `
--organization $OrganizationUrl `
--query "[?(authorization.parameters.serviceprincipalid!=null || authorization.parameters.servicePrincipalId!=null) && (authorization.parameters.tenantid=='${TenantId}' || authorization.parameters.tenantId=='${TenantId}') && createdBy.uniqueName=='${userName}']" `
-o json `
| ConvertFrom-Json `
| Set-Variable -Name serviceConnections
$serviceConnections | Format-Table -AutoSize -Property Name | Out-String | Write-Debug
# Iterate through service connections
"Processing service connections referencing an AAD application in {0}/{1}/_settings/adminservices created by {2}..." -f $OrganizationUrl, [uri]::EscapeDataString($azdoProject), $userName | Write-Host
foreach ($serviceConnection in $serviceConnections) {
# Do not rename service connections shared from another project
"{0}/{1}/_settings/adminservices?resourceId={2}" -f $OrganizationUrl, $serviceConnection.serviceEndpointProjectReferences[0].projectReference.name, $serviceConnection.id | Set-Variable originalServiceEndpointUrl
if ($serviceConnection.isShared) {
if ($serviceConnection.name.EndsWith("-${azdoProject}")) {
Write-Host "Skipping service connection '$($PSStyle.Bold)$($serviceConnection.name)$($PSStyle.BoldOff)' because it is shared from project $($PSStyle.Bold)$($serviceConnection.serviceEndpointProjectReferences[0].projectReference.name)$($PSStyle.BoldOff) : ${originalServiceEndpointUrl}"
continue
}
Write-Host "Service connection '$($serviceConnection.name)' is shared with the following projects:"
$serviceConnection.serviceEndpointProjectReferences | ForEach-Object {
"Service connection $($PSStyle.Bold){2}$($PSStyle.BoldOff) in project $($PSStyle.Bold){1}$($PSStyle.BoldOff) ({0}/{1}/_settings/adminservices?resourceId={3})" -f $OrganizationUrl, $_.projectReference.name, $_.name, $serviceConnection.id | Write-Host
}
}
# Get application
Write-Verbose "Getting application '$($serviceConnection.authorization.parameters.serviceprincipalid)' for service connection '$($serviceConnection.name)'..."
$application = $null
az ad app list --app-id $serviceConnection.authorization.parameters.serviceprincipalid `
--query "[0]" `
-o json `
| ConvertFrom-Json `
| Set-Variable -Name application
if (!$application) {
Write-Host "Application for service connection '$($PSStyle.Bold)$($serviceConnection.name)$($PSStyle.BoldOff)' not found, the service connection is using a Managed Identity or may be orphaned"
continue
}
$application | Format-List | Out-String | Write-Debug
Write-Verbose "Application displayName: $($application.displayName)"
$serviceConnection | Add-Member "oldApplicationName" $application.displayName
# Determine default and new application names
"{0}-{1}-{2}" -f $organizationName, $azdoProject, $serviceConnection.data.subscriptionId `
| Set-Variable -Name defaultApplicationName
Write-Verbose "Default application name: ${defaultApplicationName}"
if ($Reset) {
$newApplicationName = $defaultApplicationName
} else {
"{0}-{1}-{2}" -f $organizationName, $azdoProject, $serviceConnection.name `
| Set-Variable -Name newApplicationName
}
Write-Verbose "New application name: ${newApplicationName}"
$serviceConnection | Add-Member "newApplicationName" $newApplicationName
# Determine whether app has been renamed
if ($application.displayName -eq $newApplicationName) {
Write-Host "Application for service connection '$($PSStyle.Bold)$($serviceConnection.name)$($PSStyle.BoldOff)' has already been renamed to '$($PSStyle.Bold)${newApplicationName}$($PSStyle.BoldOff)'"
continue
}
# Rename app
Write-Host "Renaming application $($PSStyle.Bold)$($application.displayName)$($PSStyle.BoldOff) to '$($PSStyle.Bold)${newApplicationName}$($PSStyle.BoldOff)'..." -Nonewline
if ($WhatIf) {
Write-Host " skipped (WhatIf specified)"
continue
} else {
Write-Host ""
}
az ad app update --id $application.appId `
--display-name $newApplicationName
}
# List processed service connection identities
"`nService connections processed referencing an AAD application in {0}/{1}/_settings/adminservices created by {2}:" -f $OrganizationUrl, [uri]::EscapeDataString($azdoProject), $userName | Write-Host
$serviceConnections | Format-Table -AutoSize -Property Name, @{Name="clientId";Expression={$_.authorization.parameters.serviceprincipalid}}, oldApplicationName, newApplicationName, type
}