# Variablen
$spName         = "sp-koogle-prod"
$subscriptionId = "f1332eb1-392f-4b16-9ede-7905848ef248"
$tenantId       = "94cf90d7-e9ff-49a1-bc3b-a5b94d3cc8ca"  # Optional; kann auch aus Ausgabe ermittelt werden


# Service Principal erstellen (Single-Tenant, Passwort/Secret)
$sp = az ad sp create-for-rbac `
        --name $spName `
        --role Contributor `
        --scopes /subscriptions/$subscriptionId `
        --years 1 `
        --query "{appId:appId, tenant:tenant, password:password}" -o json | ConvertFrom-Json

Write-Host "SP erstellt:"
Write-Host "  appId:     $($sp.appId)"
Write-Host "  tenant:    $($sp.tenant)"
Write-Host "  secret:    $($sp.password)"  # Speichere sicher (z. B. 1Password/Key Vault)