1fb7266469
- Introduced Aggregator.sol for Chainlink-compatible oracle functionality, including round-based updates and access control. - Added OracleWithCCIP.sol to extend Aggregator with CCIP cross-chain messaging capabilities. - Created .gitmodules to include OpenZeppelin contracts as a submodule. - Developed a comprehensive deployment guide in NEXT_STEPS_COMPLETE_GUIDE.md for Phase 2 and smart contract deployment. - Implemented Vite configuration for the orchestration portal, supporting both Vue and React frameworks. - Added server-side logic for the Multi-Cloud Orchestration Portal, including API endpoints for environment management and monitoring. - Created scripts for resource import and usage validation across non-US regions. - Added tests for CCIP error handling and integration to ensure robust functionality. - Included various new files and directories for the orchestration portal and deployment scripts.
110 lines
3.3 KiB
Bash
Executable File
110 lines
3.3 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
# Grant Key Vault permissions using the provided Azure CLI method
|
|
# Handles both access policies and RBAC-enabled vaults
|
|
|
|
set -e
|
|
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
source "$SCRIPT_DIR/../lib/init.sh"
|
|
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
|
|
|
|
# Your AAD object ID
|
|
OBJECT_ID="5c40d456-49d2-4f2a-b35c-66255ca33b04"
|
|
|
|
# Email for logging
|
|
USER_EMAIL="admin@absoluterealms.org"
|
|
|
|
# Subscription ID
|
|
SUBSCRIPTION_ID="fc08d829-4f14-413d-ab27-ce024425db0b"
|
|
|
|
echo "╔════════════════════════════════════════════════════════════════╗"
|
|
echo "║ GRANTING KEY VAULT PERMISSIONS ║"
|
|
echo "╚════════════════════════════════════════════════════════════════╝"
|
|
|
|
echo "User: $USER_EMAIL"
|
|
echo "Object ID: $OBJECT_ID"
|
|
echo "Subscription: $SUBSCRIPTION_ID"
|
|
|
|
# Set subscription
|
|
az account set --subscription "$SUBSCRIPTION_ID"
|
|
|
|
echo "Processing subscription: $SUBSCRIPTION_ID"
|
|
|
|
SUCCESS_COUNT=0
|
|
FAILED_COUNT=0
|
|
RBAC_COUNT=0
|
|
POLICY_COUNT=0
|
|
|
|
# Get all Key Vault names in this subscription
|
|
for KV in $(az keyvault list --query "[].name" -o tsv 2>/dev/null); do
|
|
echo " -> Updating Key Vault: $KV"
|
|
|
|
# Get resource group
|
|
KV_RG=$(az keyvault show --name "$KV" --query "resourceGroup" -o tsv 2>/dev/null)
|
|
|
|
if [ -z "$KV_RG" ]; then
|
|
echo " ❌ Could not get resource group"
|
|
((FAILED_COUNT++))
|
|
continue
|
|
fi
|
|
|
|
# Check if RBAC-enabled
|
|
IS_RBAC=$(az keyvault show --name "$KV" --query "properties.enableRbacAuthorization" -o tsv 2>/dev/null)
|
|
|
|
if [ "$IS_RBAC" = "true" ]; then
|
|
# Use RBAC role assignment
|
|
echo " Using RBAC (Key Vault Secrets Officer)"
|
|
az role assignment create \
|
|
--role "Key Vault Secrets Officer" \
|
|
--assignee "$OBJECT_ID" \
|
|
--scope "/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$KV_RG/providers/Microsoft.KeyVault/vaults/$KV" \
|
|
> /dev/null 2>&1
|
|
|
|
if [ $? -eq 0 ]; then
|
|
echo " ✅ RBAC role assigned"
|
|
((SUCCESS_COUNT++))
|
|
((RBAC_COUNT++))
|
|
else
|
|
echo " ❌ Failed to assign RBAC role"
|
|
((FAILED_COUNT++))
|
|
fi
|
|
else
|
|
# Use access policy
|
|
echo " Using Access Policy"
|
|
az keyvault set-policy \
|
|
--name "$KV" \
|
|
--object-id "$OBJECT_ID" \
|
|
--secret-permissions get list set delete backup restore recover purge \
|
|
> /dev/null 2>&1
|
|
|
|
if [ $? -eq 0 ]; then
|
|
echo " ✅ Access policy updated"
|
|
((SUCCESS_COUNT++))
|
|
((POLICY_COUNT++))
|
|
else
|
|
echo " ❌ Failed to update access policy"
|
|
((FAILED_COUNT++))
|
|
fi
|
|
fi
|
|
|
|
done
|
|
|
|
echo "======================================================================"
|
|
echo "📊 SUMMARY"
|
|
echo "======================================================================"
|
|
echo "Total Key Vaults processed: $((SUCCESS_COUNT + FAILED_COUNT))"
|
|
echo "✅ Success: $SUCCESS_COUNT"
|
|
echo " - Access Policy: $POLICY_COUNT"
|
|
echo " - RBAC: $RBAC_COUNT"
|
|
echo "❌ Failed: $FAILED_COUNT"
|
|
|
|
if [ $FAILED_COUNT -eq 0 ]; then
|
|
echo "✅ All permissions granted successfully"
|
|
exit 0
|
|
else
|
|
echo "⚠️ Some permissions failed - check errors above"
|
|
exit 1
|
|
fi
|
|
|