forked from azure-ad-b2c/deploy-trustframework-policy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
action.yaml
110 lines (86 loc) · 4.3 KB
/
action.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
name: Deploy B2C Custom Policy
description: A PowerShell-based GitHub Action for deploying Azure AD B2C policies using the Microsoft Graph API
author: Azure AD B2C GitHub Community
branding:
icon: code
color: blue
inputs:
folder:
description: "The folder where the custom policies files are stored"
required: true
files:
description: "Comma delimiter list of policy files"
required: true
tenantDomain:
description: "The full Azure AD B2C tenant name (for example, contoso.onmicrosoft.com) or GUID"
required: true
tenantId:
description: "The full GUID of the Azure AD B2C tenant ID"
required: true
clientId:
description: "The application Client ID for a service principal which will be used to authenticate to the Microsoft Graph"
required: true
clientSecret:
description: "The application Secret for a service principal which will be used to authenticate to the Microsoft Graph"
required: true
runs:
using: "composite"
steps:
# Adapted from the PowerShell script in Microsoft's Docs: https://learn.microsoft.com/en-us/azure/active-directory-b2c/deploy-custom-policies-devops
- name: Run Deploy Policy Script
uses: azure/powershell@v1
with:
inlineScript: |
$Folder = "${{ inputs.folder }}"
$Files = "${{ inputs.files }}"
$TenantDomain = "${{ inputs.tenantDomain }}"
$TenantId = "${{ inputs.tenantId }}"
$ClientID = "${{ inputs.clientId }}"
$ClientSecret = "${{ inputs.clientSecret }}"
try {
$body = @{grant_type = "client_credentials"; scope = "https://graph.microsoft.com/.default"; client_id = $ClientID; client_secret = $ClientSecret }
$response = Invoke-RestMethod -Uri https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token -Method Post -Body $body
$token = $response.access_token
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Content-Type", 'application/xml')
$headers.Add("Authorization", 'Bearer ' + $token)
# Get the list of files to upload
$filesArray = $Files.Split(",")
Foreach ($file in $filesArray) {
$filePath = $Folder + $file.Trim()
# Check if file exists
$FileExists = Test-Path -Path $filePath -PathType Leaf
if ($FileExists) {
$policycontent = Get-Content $filePath -Encoding UTF8
# Optional: Change the content of the policy. For example, replace the tenant-name with your tenant name.
$policycontent = $policycontent.Replace("your-tenant.onmicrosoft.com", "$TenantDomain")
# Get the policy name from the XML document
$match = Select-String -InputObject $policycontent -Pattern '(?<=\bPolicyId=")[^"]*'
If ($match.matches.groups.count -ge 1) {
$PolicyId = $match.matches.groups[0].value
Write-Output "Uploading the $PolicyId policy..."
$graphuri = 'https://graph.microsoft.com/beta/trustframework/policies/' + $PolicyId + '/$value'
$content = [System.Text.Encoding]::UTF8.GetBytes($policycontent)
$response = Invoke-RestMethod -Uri $graphuri -Method Put -Body $content -Headers $headers -ContentType "application/xml; charset=utf-8"
Write-Output "Policy $PolicyId uploaded successfully."
}
}
else {
$warning = "File " + $filePath + " couldn't be not found."
Write-Warning -Message $warning
}
}
}
catch {
Write-Output "StatusCode:" $_.Exception.Response.StatusCode.value__
$_
$streamReader = [System.IO.StreamReader]::new($_.Exception.Response.GetResponseStream())
$streamReader.BaseStream.Position = 0
$streamReader.DiscardBufferedData()
$errResp = $streamReader.ReadToEnd()
$streamReader.Close()
$ErrResp
exit 1
}
exit 0
azPSVersion: "latest"