Skip to content

Instantly share code, notes, and snippets.

View anishi1222's full-sized avatar

Akihiro Nishikawa anishi1222

12 followers · 6 following
View GitHub Profile
@anishi1222
anishi1222 / azuredeploy.parameters.json
Created March 15, 2022 13:24
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"sku": {
"value": "Consumption"
},
"publisherEmail": {
"value": "email@example.com"
},
@anishi1222
anishi1222 / FederatedIdentityCredential.json
Created March 13, 2022 12:55
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#applications('<ObjectId for the application created in #1>')/federatedIdentityCredentials/$entity",
"audiences": [
"api://AzureADTokenExchange"
],
"description": "<additional comments for federated identity credential>",
...,
"issuer": "https://token.actions.githubusercontent.com",
"name": "<name for federated identity credential>",
"subject": "<GitHub username>/<repository>:refs/heads/<branch>"
@anishi1222
anishi1222 / RoleAssignmentToSP.json
Created March 13, 2022 11:07
{
"canDelegate": null,
...,
"principalId": "<Service Principal's Object ID created in #2>",
"principalType": "ServicePrincipal",
...,
"type": "Microsoft.Authorization/roleAssignments"
}
@anishi1222
anishi1222 / ServicePrincipal4GitHub.json
Created March 13, 2022 11:02
{
"accountEnabled": "True",
"addIns": [],
"alternativeNames": [],
"appDisplayName": "<Application Name created in #1>",
"appId": "<appId for the Application created in #1>",
"appOwnerTenantId": "<Azure AD tenant ID>",
...,
"displayName": "<Application Name created in #1>",
...,
@anishi1222
anishi1222 / Application4GitHub-output.json
Created March 13, 2022 10:57
{
"acceptMappedClaims": null,
"addIns": [],
"allowGuestsSignIn": null,
"allowPassthroughUsers": null,
"appId": "<Application ID>",
...,
"displayName": "<Application Name specified via command>",
...,
"objectId": "<Application's Object ID>",
@anishi1222
anishi1222 / InitializeCosmosClient.java
Created December 21, 2021 03:54
CosmosClient client = new CosmosClientBuilder()
.endpoint(ACCOUNT_ENDPOINT)
.credential(tokenCredential)
.gatewayMode()
.buildClient();
@anishi1222
anishi1222 / RoleAssignment.bash
Created December 21, 2021 02:38
resourceGroupName='<myResourceGroup>'
accountName='<myCosmosAccount>'
readOnlyRoleDefinitionId = '<roleDefinitionId of MyReadOnlyRole>'
ROprincipalId = '<Managed Identity Object ID for Function App, the app will be assigned to MyReadOnlyRole.>'
az cosmosdb sql role assignment create -a $accountName -g $resourceGroupName -s "/" -p $ROprincipalId -d $readOnlyRoleDefinitionId
readWriteRoleDefinitionId = '<roleDefinitionId of MyReadWriteRole>'
RWprincipalId = '<Managed Identity Object ID for Function App, the app will be assigned to MyReadWriteRole.>'
az cosmosdb sql role assignment create -a $accountName -g $resourceGroupName -s "/" -p $RWprincipalId -d $readWriteRoleDefinitionId
@anishi1222
anishi1222 / RoleDefinitionList.json
Created December 21, 2021 02:27
[
{
"assignableScopes": [
"/subscriptions/{subscription id}/resourceGroups/{resource group}/providers/Microsoft.DocumentDB/databaseAccounts/{CosmosDB account}"
],
"id": "/subscriptions/{subscription id}/resourceGroups/{resource group}/providers/Microsoft.DocumentDB/databaseAccounts/{CosmosDB account}/sqlRoleDefinitions/{roleDefinitionId}",
"name": "{roleDefinitionId}",
"permissions": [
{
"dataActions": [
@anishi1222
anishi1222 / RoleDefinitionList.bash
Created December 21, 2021 02:25
az cosmosdb sql role definition list --account-name $accountName -g $resourceGroupName
@anishi1222
anishi1222 / CreateCustomRole.bash
Created December 21, 2021 02:20
resourceGroupName='<myResourceGroup>'
accountName='<myCosmosAccount>'
az cosmosdb sql role definition create -a $accountName -g $resourceGroupName -b @role-definition-ro.json
az cosmosdb sql role definition create -a $accountName -g $resourceGroupName -b @role-definition-rw.json