Changes include:
target all subscriptions in the tenant
onboard Cost Intelligence product
support for running az extension commands
error handling and logging for invalid spot token
error handling and logging for timeout to spot api
error handling and logging for general spot api errors
error handling and logging for azure propagation latency for credential assignment
added summary logging
Usage See https://spotinst.atlassian.net/wiki/spaces/FIN/pages/2978349091/Feature+Discovery+CI+-+Multi+Account+Onboarding+for+Azure#Proposed-Command-Line-Interface
example 1: backwards compatible, targets a single subscription.
python azure-automatic-role-assignment.py --token 2a7a... --customRoleName outatimeCustomRoleName1 --subscription xyz123
example 2: onboard the whole tenant
python azure-automatic-role-assignment.py --token 2a7a... --customRoleName outatimeCustomRoleName1 --products "core cost-intelligence"
example 3: onboard an existing account to cost intelligence
python azure-automatic-role-assignment.py --token 2a7a... --customRoleName outatimeCustomRoleName1 --subscription xyz123 --products cost-intelligence
Jira Ticket

https://spotinst.atlassian.net/browse/SF-8332 https://spotinst.atlassian.net/browse/SF-9925
Demo

sullivas [ ~/spotinst-examples/Utilities/AzureOnboardingCLI ]$ python azure-automatic-role-assignment.py --token XYZ --customRoleName outatime-test-role --products "core cost-intelligence" --appRegistrationId 91a7c83c-8173-4f9e-a5ee-9979245cbe5b
19:50:56.305 [INFO] Optional argument `--subscription` not specified, defaulting to tenant scope.
19:50:56.305 [INFO] Optional argument `--customRoleJsonPath` not specified, using recommended custom role definition.
19:51:02.600 [INFO] Running command: az config set

19:51:03.125 [INFO] Succeeded running command: az config set
19:51:03.125 [INFO] Running command: az account subscription list --query [].subscriptionId
[
  "4e025408-94ca-4aa3-8fba-ea33c3403c85"
]

19:51:04.255 [INFO] Succeeded running command: az account subscription list --query [].subscriptionId
19:51:04.255 [INFO] Found 1 subscriptions in tenant.
19:51:04.419 [INFO] Onboarding subscription 1 of 1 (Spot ECO Test 4 - 4e025408-94ca-4aa3-8fba-ea33c3403c85)
19:51:04.709 [INFO] Existing Spot Account found act-615027c1 for subscription 4e025408-94ca-4aa3-8fba-ea33c3403c85
19:51:04.710 [INFO] Running command: az account list --all
[
  {
    "cloudName": "AzureCloud",
    "homeTenantId": "6694c7fb-0cc5-408a-8b6c-4ce3ecaf88e2",
    "id": "4e025408-94ca-4aa3-8fba-ea33c3403c85",
    "isDefault": true,
    "managedByTenants": [],
    "name": "Spot ECO Test 4",
    "state": "Enabled",
    "tenantId": "6694c7fb-0cc5-408a-8b6c-4ce3ecaf88e2",
    "user": {
      "cloudShellID": true,
      "name": "sullivas@netapp.com",
      "type": "user"
    }
  }
]

19:51:05.387 [INFO] Succeeded running command: az account list --all
19:51:05.387 [INFO] Found the subscription: 4e025408-94ca-4aa3-8fba-ea33c3403c85 for account: {'cloudName': 'AzureCloud', 'homeTenantId': '6694c7fb-0cc5-408a-8b6c-4ce3ecaf88e2', 'id': '4e025408-94ca-4aa3-8fba-ea33c3403c85', 'isDefault': True, 'managedByTenants': [], 'name': 'Spot ECO Test 4', 'state': 'Enabled', 'tenantId': '6694c7fb-0cc5-408a-8b6c-4ce3ecaf88e2', 'user': {'cloudShellID': True, 'name': 'sullivas@netapp.com', 'type': 'user'}}
19:51:05.387 [INFO] Running command: az role definition list --custom-role-only true
[
  {
    "assignableScopes": [
      "/subscriptions/4e025408-94ca-4aa3-8fba-ea33c3403c85"
    ],
    "createdBy": "c93ccc96-f8d8-4bf6-9ac6-7d8913e9e617",
    "createdOn": "2024-03-19T17:54:12.923999+00:00",
    "description": "Custom Role for Spot Account.",
    "id": "/subscriptions/4e025408-94ca-4aa3-8fba-ea33c3403c85/providers/Microsoft.Authorization/roleDefinitions/539d79ef-02f4-427d-849f-f7ccff419733",
    "name": "539d79ef-02f4-427d-849f-f7ccff419733",
    "permissions": [
      {
        "actions": [
          "Microsoft.Resources/subscriptions/resourceGroups/read",
          "Microsoft.Compute/disks/read",
          "Microsoft.Compute/disks/write",
          "Microsoft.Compute/disks/delete",
          "Microsoft.Compute/images/read",
          "Microsoft.Compute/virtualMachines/read",
          "Microsoft.Compute/virtualMachines/write",
          "Microsoft.Compute/virtualMachines/delete",
          "Microsoft.Compute/virtualMachines/runCommand/action",
          "Microsoft.Compute/virtualMachines/instanceView/read",
          "Microsoft.Compute/virtualMachines/extensions/write",
          "Microsoft.Compute/virtualMachines/extensions/read",
          "Microsoft.Network/applicationGateways/read",
          "Microsoft.Network/applicationGateways/backendhealth/action",
          "Microsoft.Network/applicationGateways/backendAddressPools/join/action",
          "Microsoft.Network/loadBalancers/read",
          "Microsoft.Network/loadBalancers/backendAddressPools/read",
          "Microsoft.Network/loadBalancers/backendAddressPools/write",
          "Microsoft.Network/loadBalancers/backendAddressPools/join/action",
          "Microsoft.Network/virtualNetworks/read",
          "Microsoft.Network/virtualNetworks/subnets/join/action",
          "Microsoft.Network/networkInterfaces/read",
          "Microsoft.Network/networkInterfaces/write",
          "Microsoft.Network/networkInterfaces/delete",
          "Microsoft.Network/networkInterfaces/join/action",
          "Microsoft.Network/networkInterfaces/ipconfigurations/read",
          "Microsoft.Network/networkSecurityGroups/read",
          "Microsoft.Network/networkSecurityGroups/join/action",
          "Microsoft.Network/publicIPAddresses/read",
          "Microsoft.Network/publicIPAddresses/write",
          "Microsoft.Network/publicIPAddresses/delete",
          "Microsoft.Network/publicIPAddresses/join/action",
          "Microsoft.Network/virtualNetworks/subnets/read",
          "Microsoft.Network/virtualNetworks/virtualMachines/read",
          "Microsoft.Resources/tags/write",
          "Microsoft.ManagedIdentity/userAssignedIdentities/assign/action",
          "Microsoft.ManagedIdentity/identities/read",
          "Microsoft.Insights/MetricDefinitions/Read",
          "Microsoft.Insights/Metrics/Read",
          "Microsoft.Compute/virtualMachineScaleSets/read",
          "Microsoft.Compute/virtualMachineScaleSets/instanceView/read",
          "Microsoft.Compute/virtualMachineScaleSets/networkInterfaces/read",
          "Microsoft.Compute/virtualMachineScaleSets/publicIPAddresses/read",
          "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/extensions/read",
          "Microsoft.Insights/AutoscaleSettings/Read",
          "Microsoft.Insights/AutoscaleSettings/providers/Microsoft.Insights/MetricDefinitions/Read"
        ],
        "condition": null,
        "conditionVersion": null,
        "dataActions": [],
        "notActions": [],
        "notDataActions": []
      }
    ],
    "roleName": "outatime-test-role_act-615027c1",
    "roleType": "CustomRole",
    "type": "Microsoft.Authorization/roleDefinitions",
    "updatedBy": "c93ccc96-f8d8-4bf6-9ac6-7d8913e9e617",
    "updatedOn": "2024-03-19T17:54:12.923999+00:00"
  }
]

19:51:06.856 [INFO] Succeeded running command: az role definition list --custom-role-only true
19:51:06.856 [INFO] Found already existing custom role: outatime-test-role_act-615027c1
19:51:06.857 [INFO] Running command: az ad sp show --id 91a7c83c-8173-4f9e-a5ee-9979245cbe5b
{
  "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#servicePrincipals/$entity",
  "accountEnabled": true,
  "addIns": [],
  "alternativeNames": [],
  "appDescription": null,
  "appDisplayName": "Spot-SpotECOTest4-act-e984b63c",
  "appId": "91a7c83c-8173-4f9e-a5ee-9979245cbe5b",
  "appOwnerOrganizationId": "6694c7fb-0cc5-408a-8b6c-4ce3ecaf88e2",
  "appRoleAssignmentRequired": false,
  "appRoles": [],
  "applicationTemplateId": null,
  "createdDateTime": "2024-03-19T15:03:01Z",
  "deletedDateTime": null,
  "description": null,
  "disabledByMicrosoftStatus": null,
  "displayName": "Spot-SpotECOTest4-act-e984b63c",
  "homepage": null,
  "id": "d0dd5be5-d705-434e-981d-c5d8c526188b",
  "info": {
    "logoUrl": null,
    "marketingUrl": null,
    "privacyStatementUrl": null,
    "supportUrl": null,
    "termsOfServiceUrl": null
  },
  "keyCredentials": [],
  "loginUrl": null,
  "logoutUrl": null,
  "notes": null,
  "notificationEmailAddresses": [],
  "oauth2PermissionScopes": [],
  "passwordCredentials": [],
  "preferredSingleSignOnMode": null,
  "preferredTokenSigningKeyThumbprint": null,
  "replyUrls": [],
  "resourceSpecificApplicationPermissions": [],
  "samlSingleSignOnSettings": null,
  "servicePrincipalNames": [
    "91a7c83c-8173-4f9e-a5ee-9979245cbe5b"
  ],
  "servicePrincipalType": "Application",
  "signInAudience": "AzureADMyOrg",
  "tags": [],
  "tokenEncryptionKeyId": null,
  "verifiedPublisher": {
    "addedDateTime": null,
    "displayName": null,
    "verifiedPublisherId": null
  }
}

19:51:08.251 [INFO] Succeeded running command: az ad sp show --id 91a7c83c-8173-4f9e-a5ee-9979245cbe5b
19:51:08.251 [INFO] Running command: az role assignment create --assignee 91a7c83c-8173-4f9e-a5ee-9979245cbe5b --role outatime-test-role_act-615027c1 --scope /subscriptions/4e025408-94ca-4aa3-8fba-ea33c3403c85
{
  "condition": null,
  "conditionVersion": null,
  "createdBy": "c93ccc96-f8d8-4bf6-9ac6-7d8913e9e617",
  "createdOn": "2024-03-19T17:54:19.442959+00:00",
  "delegatedManagedIdentityResourceId": null,
  "description": null,
  "id": "/subscriptions/4e025408-94ca-4aa3-8fba-ea33c3403c85/providers/Microsoft.Authorization/roleAssignments/9e82bf31-afb7-454c-9dc8-50a43457ffdd",
  "name": "9e82bf31-afb7-454c-9dc8-50a43457ffdd",
  "principalId": "d0dd5be5-d705-434e-981d-c5d8c526188b",
  "principalName": "91a7c83c-8173-4f9e-a5ee-9979245cbe5b",
  "principalType": "ServicePrincipal",
  "roleDefinitionId": "/subscriptions/4e025408-94ca-4aa3-8fba-ea33c3403c85/providers/Microsoft.Authorization/roleDefinitions/539d79ef-02f4-427d-849f-f7ccff419733",
  "roleDefinitionName": "outatime-test-role_act-615027c1",
  "scope": "/subscriptions/4e025408-94ca-4aa3-8fba-ea33c3403c85",
  "type": "Microsoft.Authorization/roleAssignments",
  "updatedBy": "c93ccc96-f8d8-4bf6-9ac6-7d8913e9e617",
  "updatedOn": "2024-03-19T17:54:19.442959+00:00"
}

19:51:11.207 [INFO] Succeeded running command: az role assignment create --assignee 91a7c83c-8173-4f9e-a5ee-9979245cbe5b --role outatime-test-role_act-615027c1 --scope /subscriptions/4e025408-94ca-4aa3-8fba-ea33c3403c85
19:51:11.207 [INFO] Running command: az role assignment create --assignee 91a7c83c-8173-4f9e-a5ee-9979245cbe5b --role READER --scope /subscriptions/4e025408-94ca-4aa3-8fba-ea33c3403c85
{
  "condition": null,
  "conditionVersion": null,
  "createdBy": "c93ccc96-f8d8-4bf6-9ac6-7d8913e9e617",
  "createdOn": "2024-03-19T17:54:22.812811+00:00",
  "delegatedManagedIdentityResourceId": null,
  "description": null,
  "id": "/subscriptions/4e025408-94ca-4aa3-8fba-ea33c3403c85/providers/Microsoft.Authorization/roleAssignments/6a9507d7-f392-4de2-b0a4-a5f863847c6a",
  "name": "6a9507d7-f392-4de2-b0a4-a5f863847c6a",
  "principalId": "d0dd5be5-d705-434e-981d-c5d8c526188b",
  "principalName": "91a7c83c-8173-4f9e-a5ee-9979245cbe5b",
  "principalType": "ServicePrincipal",
  "roleDefinitionId": "/subscriptions/4e025408-94ca-4aa3-8fba-ea33c3403c85/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7",
  "roleDefinitionName": "Reader",
  "scope": "/subscriptions/4e025408-94ca-4aa3-8fba-ea33c3403c85",
  "type": "Microsoft.Authorization/roleAssignments",
  "updatedBy": "c93ccc96-f8d8-4bf6-9ac6-7d8913e9e617",
  "updatedOn": "2024-03-19T17:54:22.812811+00:00"
}

19:51:14.222 [INFO] Succeeded running command: az role assignment create --assignee 91a7c83c-8173-4f9e-a5ee-9979245cbe5b --role READER --scope /subscriptions/4e025408-94ca-4aa3-8fba-ea33c3403c85
19:51:14.222 [INFO] Running command: az ad app credential reset --id 91a7c83c-8173-4f9e-a5ee-9979245cbe5b --append --display-name Spot-SpotECOTest4-act-615027c1
{
  "appId": "91a7c83c-8173-4f9e-a5ee-9979245cbe5b",
  "password": "XYZ",
  "tenant": "6694c7fb-0cc5-408a-8b6c-4ce3ecaf88e2"
}

19:51:15.944 [INFO] Succeeded running command: az ad app credential reset --id 91a7c83c-8173-4f9e-a5ee-9979245cbe5b --append --display-name Spot-SpotECOTest4-act-615027c1
19:51:15.945 [INFO] Updating linked credentials for Spot account act-615027c1
19:51:18.935 [INFO] Successfully updated linked credentials.
19:51:18.936 [INFO] Enrolling Spot Account act-615027c1 in Cost Intelligence.
19:51:19.535 [INFO] Your credentials details:
19:51:19.536 [INFO] Application (client) ID: 91a7c83c-8173-4f9e-a5ee-9979245cbe5b
19:51:19.536 [INFO] Client Secret: XYZ
19:51:19.536 [INFO] Tenant ID: 6694c7fb-0cc5-408a-8b6c-4ce3ecaf88e2
19:51:19.536 [INFO] Subscription ID: 4e025408-94ca-4aa3-8fba-ea33c3403c85
19:51:19.536 [INFO] Completed onboarding subscription 1 of 1 (Spot ECO Test 4 - 4e025408-94ca-4aa3-8fba-ea33c3403c85)

19:51:19.536 [INFO] Operation completed.  Summary:
19:51:19.536 [INFO]     Number of subscriptions attempted:                1
19:51:19.536 [INFO]     Number of subscriptions onboarded successfully:   1
19:51:19.536 [INFO]     Number of subscriptions onboard was unsuccessful: 0
spotinst / spotinst-examples

SF-8332 - Add support for onboarding all subscriptions in a tenant #98

Jira Ticket

Demo
