From d36f79ac445312b0a0829ff5596baa7b8b75d672 Mon Sep 17 00:00:00 2001 From: Rich Date: Thu, 18 Aug 2016 16:01:23 +0100 Subject: [PATCH] Changes How Azure AD Apps are Created - Adds the required fields to `azure ad sp create` command. - Also stores the object and client Ids. - Removes the createApplication method and call. - echos out the parameters in a JSON object style. --- contrib/azure-setup.sh | 25 ++++++++++--------------- 1 file changed, 10 insertions(+), 15 deletions(-) diff --git a/contrib/azure-setup.sh b/contrib/azure-setup.sh index ef8af3aa1..37c618e45 100755 --- a/contrib/azure-setup.sh +++ b/contrib/azure-setup.sh @@ -10,6 +10,7 @@ azure_storage_name= azure_subscription_id= # Derived from the account after login azure_tenant_id= # Derived from the account after login location= +azure_object_id= showhelp() { echo "azure-setup" @@ -89,7 +90,7 @@ askSubscription() { askName() { echo "" - echo "Choose a name for your resource group, storage account, and client" + echo "Choose a name for your resource group, storage account and client" echo "client. This is arbitrary, but it must not already be in use by" echo "any of those resources. ALPHANUMERIC ONLY. Ex: mypackerbuild" echo -n "> " @@ -144,18 +145,10 @@ createStorageAccount() { fi } -createApplication() { - echo "==> Creating application" - azure_client_id=$(azure ad app create -n $meta_name -i http://$meta_name --home-page http://$meta_name -p $azure_client_secret --json | jq -r .appId) - if [ $? -ne 0 ]; then - echo "Error creating application: $meta_name @ http://$meta_name" - exit 1 - fi -} - createServicePrinciple() { echo "==> Creating service principal" - azure ad sp create $azure_client_id + azure_object_id=$(azure ad sp create -n $meta_name --home-page http://$meta_name --identifier-uris http://$meta_name/example -p $azure_client_secret --json | jq -r .objectId) + azure_client_id=$(azure ad app show -c $meta_name --json | jq -r .[0].appId) if [ $? -ne 0 ]; then echo "Error creating service principal: $azure_client_id" exit 1 @@ -164,7 +157,7 @@ createServicePrinciple() { createPermissions() { echo "==> Creating permissions" - azure role assignment create -o "Owner" --spn http://$meta_name -c /subscriptions/$azure_subscription_id + azure role assignment create --objectId $azure_object_id -o "Owner" -c /subscriptions/$azure_subscription_id # We want to use this more conservative scope but it does not work with the # current implementation which uses temporary resource groups # azure role assignment create --spn http://$meta_name -g $azure_group_name -o "API Management Service Contributor" @@ -178,11 +171,15 @@ showConfigs() { echo "" echo "Use the following configuration for your packer template:" echo "" + echo "{" echo " \"client_id\": \"$azure_client_id\"," echo " \"client_secret\": \"$azure_client_secret\"," + echo " \"object_id\": \"$azure_object_id\"," + echo " \"subscription_id\": \"$azure_subscription_id\"," + echo " \"tenant_id\": \"$azure_tenant_id\"," echo " \"resource_group_name\": \"$azure_group_name\"," echo " \"storage_account\": \"$azure_storage_name\"," - echo " \"subscription_id\": \"$azure_subscription_id\"," + echo "}" echo "" } @@ -204,8 +201,6 @@ setup() { sleep 5 createStorageAccount sleep 5 - createApplication - sleep 5 createServicePrinciple sleep 5 createPermissions