Merge pull request #3812 from ritasker/azure-setup-script

Changes How Azure AD Apps are Created
This commit is contained in:
Christopher Boumenot 2016-08-24 10:06:50 -07:00 committed by GitHub
commit b7da7768df
1 changed files with 10 additions and 15 deletions

View File

@ -10,6 +10,7 @@ azure_storage_name=
azure_subscription_id= # Derived from the account after login
azure_tenant_id= # Derived from the account after login
location=
azure_object_id=
showhelp() {
echo "azure-setup"
@ -89,7 +90,7 @@ askSubscription() {
askName() {
echo ""
echo "Choose a name for your resource group, storage account, and client"
echo "Choose a name for your resource group, storage account and client"
echo "client. This is arbitrary, but it must not already be in use by"
echo "any of those resources. ALPHANUMERIC ONLY. Ex: mypackerbuild"
echo -n "> "
@ -144,18 +145,10 @@ createStorageAccount() {
fi
}
createApplication() {
echo "==> Creating application"
azure_client_id=$(azure ad app create -n $meta_name -i http://$meta_name --home-page http://$meta_name -p $azure_client_secret --json | jq -r .appId)
if [ $? -ne 0 ]; then
echo "Error creating application: $meta_name @ http://$meta_name"
exit 1
fi
}
createServicePrinciple() {
echo "==> Creating service principal"
azure ad sp create $azure_client_id
azure_object_id=$(azure ad sp create -n $meta_name --home-page http://$meta_name --identifier-uris http://$meta_name/example -p $azure_client_secret --json | jq -r .objectId)
azure_client_id=$(azure ad app show -c $meta_name --json | jq -r .[0].appId)
if [ $? -ne 0 ]; then
echo "Error creating service principal: $azure_client_id"
exit 1
@ -164,7 +157,7 @@ createServicePrinciple() {
createPermissions() {
echo "==> Creating permissions"
azure role assignment create -o "Owner" --spn http://$meta_name -c /subscriptions/$azure_subscription_id
azure role assignment create --objectId $azure_object_id -o "Owner" -c /subscriptions/$azure_subscription_id
# We want to use this more conservative scope but it does not work with the
# current implementation which uses temporary resource groups
# azure role assignment create --spn http://$meta_name -g $azure_group_name -o "API Management Service Contributor"
@ -178,11 +171,15 @@ showConfigs() {
echo ""
echo "Use the following configuration for your packer template:"
echo ""
echo "{"
echo " \"client_id\": \"$azure_client_id\","
echo " \"client_secret\": \"$azure_client_secret\","
echo " \"object_id\": \"$azure_object_id\","
echo " \"subscription_id\": \"$azure_subscription_id\","
echo " \"tenant_id\": \"$azure_tenant_id\","
echo " \"resource_group_name\": \"$azure_group_name\","
echo " \"storage_account\": \"$azure_storage_name\","
echo " \"subscription_id\": \"$azure_subscription_id\","
echo "}"
echo ""
}
@ -204,8 +201,6 @@ setup() {
sleep 5
createStorageAccount
sleep 5
createApplication
sleep 5
createServicePrinciple
sleep 5
createPermissions