Updated commands to properly remove Service Principal permissions and…

… remove the SPN
Azure · Aug 24, 2023 · f554626 · f554626
1 parent 1add0d3
commit f554626
Showing 1 changed file with 4 additions and 7 deletions.
diff --git a/.github/workflows/azure-ipam-testing.yml b/.github/workflows/azure-ipam-testing.yml
@@ -182,19 +182,16 @@ jobs:
         shell: pwsh
         run: |
           $tenantId = (Get-AzContext).Tenant.Id
-          $scope = "/providers/Microsoft.Management/managementGroups/$TenantId"
+          $scope = "/providers/Microsoft.Management/managementGroups/$tenantId"
 
           $uiApp = Get-AzADApplication -ApplicationId ${{ needs.deploy.outputs.ipamUIAppId }}
           $engineApp = Get-AzADApplication -ApplicationId ${{ needs.deploy.outputs.ipamEngineAppId }}
-
-          Write-Host "-------------------------------"
-          Write-Host "Scope: $scope"
-          $engineApp | ConvertTo-Json
-          Write-Host "-------------------------------"
+          $engineSpn = Get-AzADServicePrincipal -ApplicationId ${{ needs.deploy.outputs.ipamEngineAppId }}
 
           Remove-AzResourceGroup -Name ${{ needs.deploy.outputs.ipamResourceGroup }} -Force
-          Remove-AzRoleAssignment -ObjectId $engineApp.Id -Scope $scope -RoleDefinitionName Reader
+          Remove-AzRoleAssignment -ObjectId $engineSpn.Id -Scope $scope -RoleDefinitionName Reader
 
+          $engineSpn | Remove-AzADServicePrincipal
           $uiApp | Remove-AzADApplication
           $engineApp | Remove-AzADApplication