Azure

The Azure CLI is a set of commands used to create and manage Azure resources. With this component of the Cloud CLI Extension, you can interact with Azure directly from LimaCharlie.

This extension makes use of the Azure CLI, which can be found here.

Configuration

Creating the App Registration

1. Sign in to the Entra Admin Center at https://entra.microsoft.com/

2. Copy the Tenant ID to a text editor to use later

3. Go to Entra ID → App Registrations and select New Registration

4. Give the app a name

5. Under Supported account types, select Accounts in this organizational directory only

6. Click Register to create the app registration

7. Copy the Application (client) ID to a text editor to use later

Creating the Client Secret

1. In the left sidebar menu of the Azure Portal, click Certificates & secrets

2. Click Client secrets, and then select New client secret

3. Enter a description of the secret and set an expiration date

   It is recommended to set this value to as long as your policy allows. When the secret expires, LimaCharlie will no longer be able to interact with your cloud environment.

4. Click Add to add the new client secret

5. Copy the secret located in the Value column to a text editor to use later

   The client secret can only be viewed once. When you navigate away from the page, the secret will no longer be available and will need to be recreated if not saved.

Assigning Roles to the App

1. In the Azure search bar located at the top of the screen, search for Subscriptions and click on Subscriptions from the search results

2. In the left menu, click Access control (IAM)

3. Click Add and then select Add Role Assignment

4. In the Role tab, select the roles to apply to the application and then click Next

   This will control the actions available to LimaCharlie, so ensure any actions you wish to perform with LimaCharlie are included in the roles assigned.

5. On the Members tab, under the Assign access to section, select User, group, or service principal.

6. Click Select Members and then search for the app you created in step #3

   By default, Microsoft Entra applications aren't displayed in the available options. To find your application, search for it by name.

7. Click the Select button and then click Review + Assign to assign the roles and subscription to your app

Adding the Secret to LimaCharlie

1. Log in to LimaCharlie at https://app.limacharlie.io

2. Open your organization

3. On the left menu, click on Organization Settings and click Secrets Manager

4. Give the secret a name

5. Enter the secret in the following format:

   Application ID/Client Secret/Tenant ID

   Note that each ID is separated by a / character.

   Example:  c0ff33ab-1337-b33f-2bad-f1234f1234ab/2nH9Q~l2TobhppdHbdoyClq6jjS9wWz~9.__Jb12/l0l4b33f-1234-4321-abcd-d34db33faf4b

Testing the Cloud CLI

1. From the left menu in LimaCharlie, click Extensions

2. Click on Cloud CLI

3. Click the Secrets Manager toggle and then select the secret you previously created from the dropdown

4. Under Tool, select az

5. In the Command Line box, enter the following command to verify authentication is working correctly: version

   You should get a response similar to the following:

   {
     "azure-cli": "2.75.0",
     "azure-cli-core": "2.75.0",
     "azure-cli-telemetry": "1.1.0",
     "extensions": {}
   }

6. If the version command succeeded, verify you are able to perform tasks within the environment by entering the following command to list all VMs: vm list —output json

   You should get a response similar to the following:

   [
     {
       "additionalCapabilities": {
         "hibernationEnabled": false
       },
       "billingProfile": {
         "maxPrice": -1
       },
       "diagnosticsProfile": {
         "bootDiagnostics": {
           "enabled": true
         }
       },
       "etag": "\"2\"",
       "evictionPolicy": "Deallocate",
       "hardwareProfile": {
         "vmSize": "Standard_DS1_v2"
       },
   ---SNIP---

Your configuration is now complete and Cloud CLI commands can be used in D&R rules.

Example

The following example returns a list of virtual machines and their respective details in Azure.

- action: extension request
  extension action: run
  extension name: ext-cloud-cli
  extension request:
    cloud: '{{ "az" }}' 
    command_line: '{{ "vm list" }}'
    credentials: '{{ "hive://secret/secret-name" }}'

Credentials

To utilize the Azure CLI, you will need:

• An application and a service principal with the appropriate permissions and a client secret

• Create a secret in the secrets manager in the following format:

appID/clientSecret/tenantID