This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", | |
"contentVersion": "1.0.0.0", | |
"parameters": { | |
"sku": { | |
"value": "Consumption" | |
}, | |
"publisherEmail": { | |
"value": "email@example.com" | |
}, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"@odata.context": "https://graph.microsoft.com/beta/$metadata#applications('<ObjectId for the application created in #1>')/federatedIdentityCredentials/$entity", | |
"audiences": [ | |
"api://AzureADTokenExchange" | |
], | |
"description": "<additional comments for federated identity credential>", | |
..., | |
"issuer": "https://token.actions.githubusercontent.com", | |
"name": "<name for federated identity credential>", | |
"subject": "<GitHub username>/<repository>:refs/heads/<branch>" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"canDelegate": null, | |
..., | |
"principalId": "<Service Principal's Object ID created in #2>", | |
"principalType": "ServicePrincipal", | |
..., | |
"type": "Microsoft.Authorization/roleAssignments" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"accountEnabled": "True", | |
"addIns": [], | |
"alternativeNames": [], | |
"appDisplayName": "<Application Name created in #1>", | |
"appId": "<appId for the Application created in #1>", | |
"appOwnerTenantId": "<Azure AD tenant ID>", | |
..., | |
"displayName": "<Application Name created in #1>", | |
..., |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"acceptMappedClaims": null, | |
"addIns": [], | |
"allowGuestsSignIn": null, | |
"allowPassthroughUsers": null, | |
"appId": "<Application ID>", | |
..., | |
"displayName": "<Application Name specified via command>", | |
..., | |
"objectId": "<Application's Object ID>", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CosmosClient client = new CosmosClientBuilder() | |
.endpoint(ACCOUNT_ENDPOINT) | |
.credential(tokenCredential) | |
.gatewayMode() | |
.buildClient(); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
resourceGroupName='<myResourceGroup>' | |
accountName='<myCosmosAccount>' | |
readOnlyRoleDefinitionId = '<roleDefinitionId of MyReadOnlyRole>' | |
ROprincipalId = '<Managed Identity Object ID for Function App, the app will be assigned to MyReadOnlyRole.>' | |
az cosmosdb sql role assignment create -a $accountName -g $resourceGroupName -s "/" -p $ROprincipalId -d $readOnlyRoleDefinitionId | |
readWriteRoleDefinitionId = '<roleDefinitionId of MyReadWriteRole>' | |
RWprincipalId = '<Managed Identity Object ID for Function App, the app will be assigned to MyReadWriteRole.>' | |
az cosmosdb sql role assignment create -a $accountName -g $resourceGroupName -s "/" -p $RWprincipalId -d $readWriteRoleDefinitionId |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ | |
{ | |
"assignableScopes": [ | |
"/subscriptions/{subscription id}/resourceGroups/{resource group}/providers/Microsoft.DocumentDB/databaseAccounts/{CosmosDB account}" | |
], | |
"id": "/subscriptions/{subscription id}/resourceGroups/{resource group}/providers/Microsoft.DocumentDB/databaseAccounts/{CosmosDB account}/sqlRoleDefinitions/{roleDefinitionId}", | |
"name": "{roleDefinitionId}", | |
"permissions": [ | |
{ | |
"dataActions": [ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
az cosmosdb sql role definition list --account-name $accountName -g $resourceGroupName |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
resourceGroupName='<myResourceGroup>' | |
accountName='<myCosmosAccount>' | |
az cosmosdb sql role definition create -a $accountName -g $resourceGroupName -b @role-definition-ro.json | |
az cosmosdb sql role definition create -a $accountName -g $resourceGroupName -b @role-definition-rw.json |
NewerOlder