<#
.SYNOPSIS
This script can be called from a runbook and uses Azure REST
methods.
Unlike user identity, applications and service principals
cannot connect to Az account.
This module shows how to get a token so that resources can
be created, updated and deleted using REST methods.
#https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow
#similar to Connect-AzAccount -identity
#>
function Get-Payload() {
param (
[Parameter(Mandatory=$true)][string]$ClientId,
[Parameter(Mandatory=$true)][string]$ClientSecret,
[string]$Resource
= "https://management.core.windows.net/"
)
$encoded=[System.Web.HttpUtility]::UrlEncode($ClientSecret)
$payload =
"grant_type=client_credentials&client_id=$ClientId&client_secret=$encoded&resource=$Resource"
return $payload
}
function Get-Token(){
param (
[Parameter(Mandatory=$true)][string]$TenantId,
[Parameter(Mandatory=$true)][string]$ClientId,
[Parameter(Mandatory=$true)][string]$ClientSecret,
[string]$Resource
= "https://management.core.windows.net/",
[string]$RequestAccessTokenUri =
"https://login.microsoftonline.com/$TenantId/oauth2/token"
)
$payload = Get-Payload $ClientId $ClientSecret
$Token = Invoke-RestMethod -Method Post -Uri $RequestAccessTokenUri
-body $payload -ContentType 'application/x-www-form-urlencoded'
return $Token
}
function Get-ResourceGroups(){
param (
[Parameter(Mandatory=$true)][string]$TenantId,
[Parameter(Mandatory=$true)][string]$SubscriptionId,
[Parameter(Mandatory=$true)][string]$ClientId,
[Parameter(Mandatory=$true)][string]$ClientSecret,
[Parameter(Mandatory=$true)][string]$ResourceGroupName,
[string]$Resource
= "https://management.core.windows.net/",
[string]$environment = "AzureCloud",
[string]$RequestAccessTokenUri
= "https://login.microsoftonline.com/$TenantId/oauth2/token"
)
$Token = Get-Token $TenantId ClientId $ClientSecret
$Resource $RequestAccessTokenUri
$ApiUri =
"https://management.azure.com/subscriptions/$($SubscriptionId)/resourcegroups?api-version=2017-05-10"
$Headers = @{}
$Headers.Add("Authorization","$($Token.token_type)
"+ " " + "$($Token.access_token)")
$ResourceGroups = Invoke-RestMethod -Method Get -Uri $ApiUri
-Headers $Headers
return $ResourceGroups
}
function Get-Cache() {
param (
[Parameter(Mandatory=$true)][string]$TenantId,
[Parameter(Mandatory=$true)][string]$SubscriptionId,
[Parameter(Mandatory=$true)][string]$ClientId,
[Parameter(Mandatory=$true)][string]$ClientSecret,
[Parameter(Mandatory=$true)][string]$ResourceGroupName,
[Parameter(Mandatory=$true)][string]$CacheName,
[string]$Resource
= "https://management.core.windows.net/",
[string]$environment = "AzureCloud",
[string]$RequestAccessTokenUri = "https://login.microsoftonline.com/$TenantId/oauth2/token"
)
$Token = Get-Token $TenantId $ClientId $ClientSecret
$Resource $RequestAccessTokenUri
$ApiUri="https://management.azure.com/subscriptions/$SubscriptionId/resourceGroups/$ResourceGroupName/providers/Microsoft.Cache/redis/$($CacheName)?api-version=2020-06-01"
$Headers = @{}
$Headers.Add("Authorization","$($Token.token_type)
"+ " " + "$($Token.access_token)")
$Cache = Invoke-RestMethod -Method Get -Uri $ApiUri -Headers
$Headers
return $Cache
}
function New-Cache() {
param (
[Parameter(Mandatory=$true)][string]$TenantId,
[Parameter(Mandatory=$true)][string]$SubscriptionId,
[Parameter(Mandatory=$true)][string]$ClientId,
[Parameter(Mandatory=$true)][string]$ClientSecret,
[Parameter(Mandatory=$true)][string]$ResourceGroupName,
[Parameter(Mandatory=$true)][string]$CacheName,
[string]$Resource
= "https://management.core.windows.net/",
[string]$environment = "AzureCloud",
[string]$RequestAccessTokenUri =
"https://login.microsoftonline.com/$TenantId/oauth2/token"
)
$CacheName = "AGS-redis-"
$guid = New-Guid
$CacheName = $CacheName + $guid.Guid
$Token = Get-Token $TenantId $ClientId $ClientSecret
$Resource $RequestAccessTokenUri
$ApiUri =
"https://management.azure.com/subscriptions/$SubscriptionId/resourceGroups/$ResourceGroupName/providers/Microsoft.Cache/redis/$($CacheName)?api-version=2020-06-01"
$payload = @"
{
"location": "West US 2",
"properties": {
"sku": {
"name":"Premium",
"family":"P",
"capacity":1
},
"size":
"P1"
}
}
"@
$Headers = @{}
$Headers.Add("Authorization","$($Token.token_type)
"+ " " + "$($Token.access_token)")
$Cache = Invoke-RestMethod -contentType "application/json"
-Method Put -Uri $ApiUri -Headers $Headers -Body $payload
return $Cache
}
function Remove-Cache() {
param (
[Parameter(Mandatory=$true)][string]$TenantId,
[Parameter(Mandatory=$true)][string]$SubscriptionId,
[Parameter(Mandatory=$true)][string]$ClientId,
[Parameter(Mandatory=$true)][string]$ClientSecret,
[Parameter(Mandatory=$true)][string]$ResourceGroupName,
[Parameter(Mandatory=$true)][string]$CacheName,
[string]$Resource
= "https://management.core.windows.net/",
[string]$environment = "AzureCloud",
[string]$RequestAccessTokenUri = "https://login.microsoftonline.com/$TenantId/oauth2/token"
)
$Token = Get-Token $TenantId $ClientId $ClientSecret
$Resource $RequestAccessTokenUri
$ApiUri="https://management.azure.com/subscriptions/$SubscriptionId/resourceGroups/$ResourceGroupName/providers/Microsoft.Cache/redis/$($CacheName)?api-version=2020-06-01"
$Headers = @{}
$Headers.Add("Authorization","$($Token.token_type)
"+ " " + "$($Token.access_token)")
$Cache = Invoke-RestMethod -Method Delete -Uri $ApiUri
-Headers $Headers
return $Cache
}
Export-ModuleMember -Function Get-Token
Export-ModuleMember -Function Get-ResourceGroups
Export-ModuleMember -Function New-Cache
Export-ModuleMember -Function Get-Cache
Export-ModuleMember -Function Remove-Cache
No comments:
Post a Comment