From 79d98039199c4b558ba0945f0c81506744057485 Mon Sep 17 00:00:00 2001 From: emilguden Date: Tue, 7 Sep 2021 11:00:19 +0200 Subject: [PATCH 1/2] minor grammer changes --- README.md | 4 ++-- script.ps1 | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 58 insertions(+), 2 deletions(-) create mode 100644 script.ps1 diff --git a/README.md b/README.md index 16068d4..f6eea93 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # AIPAS -AIPAS is IP Adddress Management Solution built in Azure to let (Network) Administrators keep up-to-date records of IP assignments and available addresses used to configure Azure Virtual Networks (VNets). +AIPAS is IP Address Management Solution built in Azure to let (Network) Administrators keep up-to-date records of IP assignments and available addresses used to configure Azure Virtual Networks (VNets). It was developed to be used to support the deployment of Enterprise Scale [Landing Zones](https://stefanstranger.github.io/2020/10/16/EnterpriseScaleSubscriptionDemocratization/#what-is-a-landing-zone) and their accompanied Virtual Networks. @@ -260,7 +260,7 @@ $RoleDefinitionName = "Storage Account Contributor" $ADApplicationName = "AIPAS" $PlainPassword = "[enter password for SPN]" $StorageAccountName = "[Configure here the name of the previously deployed Storage Account]" -$SubscriptionId = "[enter subscriptionid]"" #SubscriptionId where the Vnets will be deployed. E.g. the Landing Zone Subscription. If multiple Subscriptions are used rerun for each Subscription +$SubscriptionId = "[enter subscriptionid]" #SubscriptionId where the Vnets will be deployed. E.g. the Landing Zone Subscription. If multiple Subscriptions are used rerun for each Subscription #region Login to Azure Add-AzAccount diff --git a/script.ps1 b/script.ps1 new file mode 100644 index 0000000..f4ec5bb --- /dev/null +++ b/script.ps1 @@ -0,0 +1,56 @@ +<# + PowerShell script to create a Service Principal for the Poorman's IPAM Azure Function +#> + +#region variables +$ResourceGroupName = "AIPAS-rg" #used to scope the permissions for the SPN. This is where the Storage Account is being deployed. +$RoleDefinitionName = "Storage Account Contributor" +$ADApplicationName = "AIPAS" +$PlainPassword = "Bosse1234567890!" +$StorageAccountName = "csok5jwr5norcstorage" +$SubscriptionId = "[enter subscriptionid]" #SubscriptionId where the Vnets will be deployed. E.g. the Landing Zone Subscription. If multiple Subscriptions are used rerun for each Subscription + +#region Login to Azure +Add-AzAccount +#endregion + +#region Select Azure Subscription +$subscription = +(Get-AzSubscription | + Out-GridView ` + -Title 'Select an Azure Subscription ...' ` + -PassThru) + +Set-AzContext -SubscriptionId $subscription.subscriptionId -TenantId $subscription.TenantID +#endregion + +#region create SPN with Password +$Password = ConvertTo-SecureString $PlainPassword -AsPlainText -Force +New-AzADApplication -DisplayName $ADApplicationName -HomePage "https://www.testAIPAS.test" -IdentifierUris "https://www.testAIPAS.test" -Password $Password -OutVariable app +$Scope = Get-AzResourceGroup -Name $ResourceGroupName +New-AzADServicePrincipal -ApplicationId $($app.ApplicationId) -Role $RoleDefinitionName -Scope $($Scope.ResourceId) +# Add read permissions on all Subscriptions!!! For retrieving VNet information using the Resource Graph... +New-AzRoleAssignment -RoleDefinitionName Reader -ServicePrincipalName $($app.ApplicationId.Guid) -Scope ('/subscriptions/{0}' -f $SubscriptionId) + +Get-AzADApplication -DisplayNameStartWith $ADApplicationName -OutVariable app +Get-AzADServicePrincipal -ServicePrincipalName $($app.ApplicationId.Guid) -OutVariable SPN +#endregion + +#region output info. Store below output in secret vault you might need them in the future. +[ordered]@{ + "clientId" = "$($app.ApplicationId)" + "clientSecret" = "$PlainPassword" + "subscriptionId" = "$($subscription.subscriptionId)" + "tenantId" = "$($subscription.TenantID)" +} | Convertto-json +#endregion + +#region create local environment variables +[Environment]::SetEnvironmentVariable("AIPASClientId", "$($app.ApplicationId)", "User") +[Environment]::SetEnvironmentVariable("AIPASClientSecret", "$PlainPassword", "User") +[Environment]::SetEnvironmentVariable("AIPASSubscriptionId", "$($subscription.subscriptionId)", "User") +[Environment]::SetEnvironmentVariable("AIPAStenantId", "$($subscription.TenantID)", "User") +[Environment]::SetEnvironmentVariable("AIPASResourceGroupName", $ResourceGroupName, "User") +[Environment]::SetEnvironmentVariable("AIPASStorageAccountName", $StorageAccountName, "User") +# Restart VSCode to have access to the environment variables +#endregion \ No newline at end of file From ef40dc107253d2a561e16c1bdfff6b823de1dfe7 Mon Sep 17 00:00:00 2001 From: Emil Gullbrandsson <55599263+emilguden@users.noreply.github.com> Date: Tue, 7 Sep 2021 11:03:57 +0200 Subject: [PATCH 2/2] Deleted file script.ps1 Shouldn't been in the commit. --- script.ps1 | 56 ------------------------------------------------------ 1 file changed, 56 deletions(-) delete mode 100644 script.ps1 diff --git a/script.ps1 b/script.ps1 deleted file mode 100644 index f4ec5bb..0000000 --- a/script.ps1 +++ /dev/null @@ -1,56 +0,0 @@ -<# - PowerShell script to create a Service Principal for the Poorman's IPAM Azure Function -#> - -#region variables -$ResourceGroupName = "AIPAS-rg" #used to scope the permissions for the SPN. This is where the Storage Account is being deployed. -$RoleDefinitionName = "Storage Account Contributor" -$ADApplicationName = "AIPAS" -$PlainPassword = "Bosse1234567890!" -$StorageAccountName = "csok5jwr5norcstorage" -$SubscriptionId = "[enter subscriptionid]" #SubscriptionId where the Vnets will be deployed. E.g. the Landing Zone Subscription. If multiple Subscriptions are used rerun for each Subscription - -#region Login to Azure -Add-AzAccount -#endregion - -#region Select Azure Subscription -$subscription = -(Get-AzSubscription | - Out-GridView ` - -Title 'Select an Azure Subscription ...' ` - -PassThru) - -Set-AzContext -SubscriptionId $subscription.subscriptionId -TenantId $subscription.TenantID -#endregion - -#region create SPN with Password -$Password = ConvertTo-SecureString $PlainPassword -AsPlainText -Force -New-AzADApplication -DisplayName $ADApplicationName -HomePage "https://www.testAIPAS.test" -IdentifierUris "https://www.testAIPAS.test" -Password $Password -OutVariable app -$Scope = Get-AzResourceGroup -Name $ResourceGroupName -New-AzADServicePrincipal -ApplicationId $($app.ApplicationId) -Role $RoleDefinitionName -Scope $($Scope.ResourceId) -# Add read permissions on all Subscriptions!!! For retrieving VNet information using the Resource Graph... -New-AzRoleAssignment -RoleDefinitionName Reader -ServicePrincipalName $($app.ApplicationId.Guid) -Scope ('/subscriptions/{0}' -f $SubscriptionId) - -Get-AzADApplication -DisplayNameStartWith $ADApplicationName -OutVariable app -Get-AzADServicePrincipal -ServicePrincipalName $($app.ApplicationId.Guid) -OutVariable SPN -#endregion - -#region output info. Store below output in secret vault you might need them in the future. -[ordered]@{ - "clientId" = "$($app.ApplicationId)" - "clientSecret" = "$PlainPassword" - "subscriptionId" = "$($subscription.subscriptionId)" - "tenantId" = "$($subscription.TenantID)" -} | Convertto-json -#endregion - -#region create local environment variables -[Environment]::SetEnvironmentVariable("AIPASClientId", "$($app.ApplicationId)", "User") -[Environment]::SetEnvironmentVariable("AIPASClientSecret", "$PlainPassword", "User") -[Environment]::SetEnvironmentVariable("AIPASSubscriptionId", "$($subscription.subscriptionId)", "User") -[Environment]::SetEnvironmentVariable("AIPAStenantId", "$($subscription.TenantID)", "User") -[Environment]::SetEnvironmentVariable("AIPASResourceGroupName", $ResourceGroupName, "User") -[Environment]::SetEnvironmentVariable("AIPASStorageAccountName", $StorageAccountName, "User") -# Restart VSCode to have access to the environment variables -#endregion \ No newline at end of file