The Service Principal giving access to the Azure Secrets can expire, and there needs to be a method to allow the users to check this and action it before the system stops.
To check the Azure Active Directory entry the Github_Action needs the Service Principal to be granted Directory.Read.All at Application level in the API Permissions of the Service Principal. This will require a Service Now ticket for the CIP team.
Mandatory string containing the Azure Credentials of the user which will carry out the check.
Mandatory string representing Service Principal you want to check
Optional integer representing the time period in days you wish to check for keys that may expire. Defaults to 30.
Optional string containing the tenant name, defaults to ‘platform.education.gov.uk’
Result in JSON format
name: Check Service Principal
on:
workflow_dispatch:
schedule:
- cron: "35 6 * * *"
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: DFE-Digital/github-actions/CheckServicePrincipal@main
id: kv
with:
AzureCredentials: $
ServicePrincipal: s146d01-keyvault-readonlyaccess
- name: Display
run: echo $