-
Notifications
You must be signed in to change notification settings - Fork 1
/
tools_parse_s360sp.py
42 lines (33 loc) · 1.13 KB
/
tools_parse_s360sp.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
"""
Get the S360 report on overpriviledge SP's from Lens, save the file
locally to CSV format then use this script to generate PS1 content
to delete the role assignments.
"""
import json
import os
from microsoft.submaintenance.utils.csvloader import S360Reader
from microsoft.submaintenance.utils import PathUtils
OUTPUT_DIR = "./logs/360spParsed"
INPUT_FILE = "./your_s360_csv_file"
AAD_REMOV_COMMAND = "az role assignment delete --assignee {} --scope {} --role {} --subscription {}"
# Parse it by sub
s360Entities = S360Reader.read_file(INPUT_FILE)
subs = {}
for entity in s360Entities:
if entity.subscriptionName not in subs:
subs[entity.subscriptionName] = []
rm_command = AAD_REMOV_COMMAND.format(
entity.principalId,
entity.roleScope,
entity.roleId,
entity.subscription
)
subs[entity.subscriptionName].append(rm_command)
# Write it out
output = PathUtils.ensure_path(OUTPUT_DIR)
for sub in subs:
log = os.path.join(output, "{}.txt".format(sub))
with open(log, "w") as output_log:
for rm in subs[sub]:
output_log.write("{}\n".format(rm))
print("Done", output)