Set-CafServicePrincipal

Creates or updates a service principal matching the conventions for one of the given purposes.

Syntax

Set-CafServicePrincipal
    -ScopeName <string>
    -ScopeType <string>
    [-Role <string>]
    [-ScopeId <string>]
    [-SubscriptionId <string>]
    [-Suffix <string>]
    [-WhatIf]

Description

Creates a service principal using a random generated password or updates an existing one. Assigns the required roles and stores the credentials in the Azure Key Vault resolved. If it already exists, only roles and credentials are checked and updated if necessary.

Important

You need to execute this command with elevated permissions.

Example

Set-CafServicePrincipal
    -ScopeType "subscription"
    -ScopeName "connectivity"
    -ScopeId "/subscriptions/00000000-0000-0000-0000-000000000000"
    -Role "Contributor"
    -suffix "deploy"

Parameter

-ScopeName
The name of the scope to create the service principal for. Also known as the project name. It is used to deduce naming conventions.

Property	Value
Type:	string
Default value:	None
Required:	True

-ScopeType
The permission scope of the service principal.

Property	Value
Type:	string
Allowed values:	["Subscription", "ManagementGroup"]
Default value:	None
Required:	True

-Role
The role to assign to the service principal.

Property	Value
Type:	string
Default value:	None
Required:	False

-ScopeId
The id of the scope to use for the role assignment.

Property	Value
Type:	string
Default value:	None
Required:	False

-SubscriptionId
The id of the subscription the service principal is created on.

Property	Value
Type:	string
Default value:	None
Required:	False

-Suffix
An optional Suffix to append to the service principal name.

Property	Value
Type:	string
Allowed values:	["deploy", "ops"]
Default value:	None
Required:	False

-WhatIf
Determines if the actions should be not executed but only reported.