Az login

For run scripts in Azure CLI you have to login to you az, you have a lot of domestics:

https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli

https://docs.azure.cn/zh-cn/cli/reference-index?view=azure-cli-latest#az-login

1. service-principal
2. User / password login of subscriction
3. managed identity
4. tenant

    In my scripts and CI/CD pipelines I use az login with  service-principal in AD (tenant)

• SP_name='ksi-rbac-service-principal'
  SP_ID='318b91dc-11fc-44fe-af0d-7cecb2fxxxx'    #for get it >>#SP_ID=$(az ad sp list --display-name $SP_name  --query "[].appId"  -o tsv)
  SP_SECRET='v.q6IxzMENjWjnk-UKFrTWyMb4fkKxxxx'
  az account tenant list
  TenantID=$(az account tenant list --query "[].tenantId" -o tsv)
  az login --service-principal -u $SP_ID -p $(SP_SECRET) --tenant $TenantID
  I use it for stop/start cluster:
  
  az aks get-credentials --resource-group $(AKSRG) --name $(AKSclusterName)
  az account set --subscription $(AKSsubscription)
  az aks start --name $(AKSclusterName) --resource-group $(AKSRG)
  
  

• servicePrincipalName="sp-xxxxxxx"
  subscriptionID="xxxxxxxxxxxxxxxxxxxx"
  resourceGroup="xxxxxxxxxxxxxxxxxx"
  roleName="owner"
  #https://learn.microsoft.com/en-us/cli/azure/ad/sp?view=azure-cli-latest#az-ad-sp-create-for-rbac
  SP_SECRET=$(az ad sp create-for-rbac --name $servicePrincipalName \
                           --role $roleName \
                           --scopes /subscriptions/$subscriptionID/resourceGroups/$resourceGroup \
                           --years 20 \
                           --query password -o tsv)     
  echo $SP_SECRET
  SP_ID=$(az ad sp list --display-name $servicePrincipalName --query "[].appId"  -o tsv)
  echo $SP_ID
  SP_TENANT_ID=$(az ad sp list --display-name $servicePrincipalName --query "[].tenant"  -o tsv)
  echo $SP_TENANT_ID
  #https://learn.microsoft.com/en-us/cli/azure/authenticate-azure-cli-service-principal
  SP_ID=""
  SP_SECRET=""
  SP_TENANT_ID=""
  az login --service-principal -u $SP_ID -p $SP_SECRET --tenant $SP_TENANT_ID
•  

• for change role assine

  list present assigned user

  az role assignment list --resource-group $CheckRG --query "[].{principalId:principalId}" --output tsv

  az role assignment create --assignee $principalId \
  --role "owner" \
  --scope "/subscriptions/$SubscriptionID/resourceGroups/$WebAppRG"