-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathSTEP-01-CreateResourceGroupAndServicePrinciple.ps1
83 lines (61 loc) · 3.02 KB
/
STEP-01-CreateResourceGroupAndServicePrinciple.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
# Description: This will create a service principal that will be used for deploying and managing all resources
Set-Location C:\Azure-Big-Data-and-Machine-Learning-Architecture\
####################################################
# Manually connect (you need to be a admin of the subscription)
####################################################
Connect-AzAccount
####################################################
# Select Subscription
####################################################
$subscriptionId="REPLACE-ME"
$context = Get-AzSubscription -SubscriptionId $subscriptionId
Set-AzContext $context
####################################################
# Create resource group
####################################################
$resourceGroup="Azure-Big-Data-Machine-Learning"
$location="eastus"
New-AzResourceGroup -Name $resourceGroup -Location $location
####################################################
# Create service pricipal as owner of our resource group
####################################################
# Currently this needs to be an SP for
# Owner of CosmosDB to get the connection keys
# Be able query Azure AD to get the system MSI object ids for setting permissions
$servicePrincipal = New-AzADServicePrincipal -DisplayName "BigDataMachineLearningSP" `
-Role Owner -Scope /subscriptions/$subscriptionId/resourceGroups/$resourceGroup
# Decrypt the password
$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($servicePrincipal.Secret)
$password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
####################################################
# Write the variables to a file so you can run in other scripts
####################################################
Write-Output $password
Write-Output $servicePrincipal.ApplicationId
Write-Output $servicePrincipal.Id
# Place in Environment variables
$env:spPassword = $password
$env:spApplicationId = $servicePrincipal.ApplicationId
$env:spId = $servicePrincipal.Id
$env:subscriptionId = $subscriptionId
$env:tenantId = $context.TenantId
$env:resourceGroup = $resourceGroup
Get-ChildItem Env:spPassword
Get-ChildItem Env:spApplicationId
Get-ChildItem Env:spId
Get-ChildItem Env:subscriptionId
Get-ChildItem Env:tenantId
Get-ChildItem Env:resourceGroup
# Create the file to be called as the first step of the other scripts
$output='$env:spPassword = "' + $password + '"'
Write-Output $output > STEP-00-SetEnvironmentVariables.ps1
$output='$env:spApplicationId = "' + $servicePrincipal.ApplicationId + '"'
Write-Output $output >> STEP-00-SetEnvironmentVariables.ps1
$output='$env:spId = "' + $servicePrincipal.Id + '"'
Write-Output $output >> STEP-00-SetEnvironmentVariables.ps1
$output='$env:subscriptionId = "' + $subscriptionId + '"'
Write-Output $output >> STEP-00-SetEnvironmentVariables.ps1
$output='$env:tenantId = "' + $context.TenantId + '"'
Write-Output $output >> STEP-00-SetEnvironmentVariables.ps1
$output='$env:resourceGroup = "' + $resourceGroup + '"'
Write-Output $output >> STEP-00-SetEnvironmentVariables.ps1