AZ DEVOPS를 사용하여 AAD 그룹 만들기
이 세션에서는 Azure DevOps를 사용하여 AAD(Azure Active Directory) 그룹을 만드는 방법을 시연합니다.
중요 사항:-
이름이 같은 AAD 그룹을 하나 이상 만들 수 있습니다. AAD 그룹의 고유 식별자는 개체 ID입니다.
사용 사례:-
클라우드 엔지니어는 그룹을 만들기 위해 Azure Active Directory에 액세스할 수 없습니다.
클라우드 엔지니어는 AAD 그룹을 생성하기 위해 PIM(Privileged Identity Management)을 사용하여 권한을 상승시킬 수 없습니다.
자동화 목표:-
AAD 그룹이 있는지 확인합니다. 예인 경우 파이프라인이 실패합니다.
위의 유효성 검사가 성공적이면 파이프라인이 Azure Active Directory에 그룹을 만듭니다.
중요 사항:-
YAML 파이프라인은 WINDOWS BUILD AGENT에서만 테스트되었습니다!!!
요구 사항:-
코드 저장소:-
arindam0310018 / 2022년 8월 26일-DevOps__Create-AAD-그룹
2022년 8월 26일-DevOps__Create-AAD-그룹
View on GitHub
내 코드 자리 표시자는 어떻게 생겼습니까?
파이프라인 코드 스니펫:-
AZURE DEVOPS YAML 파이프라인(azure-pipelines-add-single-aad-group-v1.0.yml):-
trigger:
none
######################
#DECLARE PARAMETERS:-
######################
parameters:
- name: SubscriptionID
displayName: Subscription ID Details Follow Below:-
type: string
default: 210e66cb-55cf-424e-8daa-6cad804ab604
values:
- 210e66cb-55cf-424e-8daa-6cad804ab604
- name: AADGRPNAME
displayName: Please Provide the AAD Group Name:-
type: object
default:
######################
#DECLARE VARIABLES:-
######################
variables:
ServiceConnection: amcloud-cicd-service-connection
BuildAgent: windows-latest
#########################
# Declare Build Agents:-
#########################
pool:
vmImage: $(BuildAgent)
###################
# Declare Stages:-
###################
stages:
- stage: CREATE_SINGLE_AAD_GROUP
jobs:
- job: CREATE_SINGLE_AAD_GROUP
displayName: CREATE SINGLE AAD GROUP
steps:
- task: AzureCLI@2
displayName: VALIDATE AND CREATE AAD GROUP
inputs:
azureSubscription: $(ServiceConnection)
scriptType: ps
scriptLocation: inlineScript
inlineScript: |
az --version
az account set --subscription ${{ parameters.SubscriptionID }}
az account show
$name = az ad group show --group ${{ parameters.AADGRPNAME }} --query "displayName" -o tsv
if ($name -eq "${{ parameters.AADGRPNAME }}") {
echo "################################################################################################"
echo "Azure AD Group ${{ parameters.AADGRPNAME }} EXISTS and hence Cannot Proceed with Creation!!!"
echo "################################################################################################"
exit 1
}
else {
echo "############################################################################"
echo "THE ABOVE WARNING IS A STANDARD MESSAGE WHEN AAD GROUP DOES NOT EXISTS!!!"
echo "AAD GROUP BY THE NAME ${{ parameters.AADGRPNAME }} WILL BE CREATED"
echo "############################################################################"
az ad group create --display-name ${{ parameters.AADGRPNAME }} --mail-nickname ${{ parameters.AADGRPNAME }}
echo "##################################################################"
echo "Azure AD Group ${{ parameters.AADGRPNAME }} created successfully!!!"
echo "##################################################################"
}
이제 이해를 돕기 위해 YAML 파이프라인의 각 부분을 설명하겠습니다.
1 부:-
아래는 파이프라인 런타임 변수 코드 스니펫을 따릅니다.
######################
#DECLARE PARAMETERS:-
######################
parameters:
- name: SubscriptionID
displayName: Subscription ID Details Follow Below:-
type: string
default: 210e66cb-55cf-424e-8daa-6cad804ab604
values:
- 210e66cb-55cf-424e-8daa-6cad804ab604
- name: AADGRPNAME
displayName: Please Provide the AAD Group Name:-
type: object
default:
2 부:-
아래는 파이프라인 변수 코드 스니펫을 따릅니다.
######################
#DECLARE VARIABLES:-
######################
variables:
ServiceConnection: amcloud-cicd-service-connection
BuildAgent: windows-latest
노트:-
그에 따라 변수 값을 변경하십시오.
전체 YAML 파이프라인은 런타임 매개변수 및 변수를 사용하여 빌드됩니다. 어떤 값도 하드코딩되지 않습니다.
부품 #3:-
아래는 파이프라인에 정의된 조건 및 논리를 따릅니다(위의 "자동화 목표"에서 언급됨).
inlineScript: |
az --version
az account set --subscription ${{ parameters.SubscriptionID }}
az account show
$name = az ad group show --group ${{ parameters.AADGRPNAME }} --query "displayName" -o tsv
if ($name -eq "${{ parameters.AADGRPNAME }}") {
echo "################################################################################################"
echo "Azure AD Group ${{ parameters.AADGRPNAME }} EXISTS and hence Cannot Proceed with Creation!!!"
echo "################################################################################################"
exit 1
}
else {
echo "############################################################################"
echo "THE ABOVE WARNING IS A STANDARD MESSAGE WHEN AAD GROUP DOES NOT EXISTS!!!"
echo "AAD GROUP BY THE NAME ${{ parameters.AADGRPNAME }} WILL BE CREATED"
echo "############################################################################"
az ad group create --display-name ${{ parameters.AADGRPNAME }} --mail-nickname ${{ parameters.AADGRPNAME }}
echo "##################################################################"
echo "Azure AD Group ${{ parameters.AADGRPNAME }} created successfully!!!"
echo "##################################################################"
}
이제 테스트할 시간입니다!!!...
테스트 케이스:-
테스트 사례 #1: AAD 그룹 존재:-
원하는 출력: 언급된 AAD 그룹이 존재한다고 알리는 파이프라인이 실패합니다.
제자리에 있는 AAD 그룹:-
파이프라인 런타임 변수 값:-
파이프라인 실패:-
테스트 사례 #2: AAD 그룹이 존재하지 않음:-
원하는 출력: AAD 그룹을 생성하는 파이프라인이 성공적으로 실행되었습니다.
파이프라인이 성공적으로 실행됨:-
세션을 즐기셨기를 바랍니다!!!
안전 유지 | 계속 학습 | 지식 전파
Reference
이 문제에 관하여(AZ DEVOPS를 사용하여 AAD 그룹 만들기), 우리는 이곳에서 더 많은 자료를 발견하고 링크를 클릭하여 보았다
https://dev.to/arindam0310018/create-aad-group-using-az-devops-2peb
텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
우수한 개발자 콘텐츠 발견에 전념
(Collection and Share based on the CC Protocol.)
trigger:
none
######################
#DECLARE PARAMETERS:-
######################
parameters:
- name: SubscriptionID
displayName: Subscription ID Details Follow Below:-
type: string
default: 210e66cb-55cf-424e-8daa-6cad804ab604
values:
- 210e66cb-55cf-424e-8daa-6cad804ab604
- name: AADGRPNAME
displayName: Please Provide the AAD Group Name:-
type: object
default:
######################
#DECLARE VARIABLES:-
######################
variables:
ServiceConnection: amcloud-cicd-service-connection
BuildAgent: windows-latest
#########################
# Declare Build Agents:-
#########################
pool:
vmImage: $(BuildAgent)
###################
# Declare Stages:-
###################
stages:
- stage: CREATE_SINGLE_AAD_GROUP
jobs:
- job: CREATE_SINGLE_AAD_GROUP
displayName: CREATE SINGLE AAD GROUP
steps:
- task: AzureCLI@2
displayName: VALIDATE AND CREATE AAD GROUP
inputs:
azureSubscription: $(ServiceConnection)
scriptType: ps
scriptLocation: inlineScript
inlineScript: |
az --version
az account set --subscription ${{ parameters.SubscriptionID }}
az account show
$name = az ad group show --group ${{ parameters.AADGRPNAME }} --query "displayName" -o tsv
if ($name -eq "${{ parameters.AADGRPNAME }}") {
echo "################################################################################################"
echo "Azure AD Group ${{ parameters.AADGRPNAME }} EXISTS and hence Cannot Proceed with Creation!!!"
echo "################################################################################################"
exit 1
}
else {
echo "############################################################################"
echo "THE ABOVE WARNING IS A STANDARD MESSAGE WHEN AAD GROUP DOES NOT EXISTS!!!"
echo "AAD GROUP BY THE NAME ${{ parameters.AADGRPNAME }} WILL BE CREATED"
echo "############################################################################"
az ad group create --display-name ${{ parameters.AADGRPNAME }} --mail-nickname ${{ parameters.AADGRPNAME }}
echo "##################################################################"
echo "Azure AD Group ${{ parameters.AADGRPNAME }} created successfully!!!"
echo "##################################################################"
}
######################
#DECLARE PARAMETERS:-
######################
parameters:
- name: SubscriptionID
displayName: Subscription ID Details Follow Below:-
type: string
default: 210e66cb-55cf-424e-8daa-6cad804ab604
values:
- 210e66cb-55cf-424e-8daa-6cad804ab604
- name: AADGRPNAME
displayName: Please Provide the AAD Group Name:-
type: object
default:
######################
#DECLARE VARIABLES:-
######################
variables:
ServiceConnection: amcloud-cicd-service-connection
BuildAgent: windows-latest
inlineScript: |
az --version
az account set --subscription ${{ parameters.SubscriptionID }}
az account show
$name = az ad group show --group ${{ parameters.AADGRPNAME }} --query "displayName" -o tsv
if ($name -eq "${{ parameters.AADGRPNAME }}") {
echo "################################################################################################"
echo "Azure AD Group ${{ parameters.AADGRPNAME }} EXISTS and hence Cannot Proceed with Creation!!!"
echo "################################################################################################"
exit 1
}
else {
echo "############################################################################"
echo "THE ABOVE WARNING IS A STANDARD MESSAGE WHEN AAD GROUP DOES NOT EXISTS!!!"
echo "AAD GROUP BY THE NAME ${{ parameters.AADGRPNAME }} WILL BE CREATED"
echo "############################################################################"
az ad group create --display-name ${{ parameters.AADGRPNAME }} --mail-nickname ${{ parameters.AADGRPNAME }}
echo "##################################################################"
echo "Azure AD Group ${{ parameters.AADGRPNAME }} created successfully!!!"
echo "##################################################################"
}
Reference
이 문제에 관하여(AZ DEVOPS를 사용하여 AAD 그룹 만들기), 우리는 이곳에서 더 많은 자료를 발견하고 링크를 클릭하여 보았다 https://dev.to/arindam0310018/create-aad-group-using-az-devops-2peb텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
우수한 개발자 콘텐츠 발견에 전념
(Collection and Share based on the CC Protocol.)
좋은 웹페이지 즐겨찾기
