forked from rashidqureshi/MSI-Samples
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCreate-ResoureGroup-using-MSI-identity.ps1
101 lines (87 loc) · 2.65 KB
/
Create-ResoureGroup-using-MSI-identity.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
#Requires -Version 5.0
[CmdletBinding()]
param(
# The subcription Id to log in to
[Parameter(Mandatory=$true)]
[string]
$SubscriptionId,
# The tenant Id to that contains the MSI
[Parameter(Mandatory=$true)]
[string]
$TenantId
)
if (!(Get-PackageProvider -Name NuGet -ErrorAction SilentlyContinue -ListAvailable))
{
Write-Verbose 'Installing nuget Package Provider'
Install-PackageProvider -Name nuget -Force
}
Install-Module AzureRM.Profile -Force
$retry=0
$success=$false
# Get a token for ARM
$resource="https://management.azure.com/"
$postBody=@{authority="https://login.microsoftonline.com/$TenantId"; resource="$resource"}
# Retry till we can get a token, this is only needed until we can sequence extensions in VMSS
do
{
try
{
Write-Verbose "Getting Token Retry $retry"
$reponse=Invoke-WebRequest -Uri http://localhost:50342/oauth2/token -Method POST -Body $postBody -UseBasicParsing
$result=ConvertFrom-Json -InputObject $reponse.Content
$success=$true
}
catch
{
Write-Verbose "Exception $_ trying to login"
$retry++
if ($retry -lt 5)
{
Write-Verbose 'Sleeeping for 60 seconds...'
Start-Sleep 60
Write-Verbose "Retrying attempt $retry"
}
else
{
throw $_
}
}
}
while(!$success)
$retry=0
$success=$false
# Retry till we can find the subcription id in context , this is needed as the permission is set after the VM is created because the identity is not known until the VM is created
do
{
try
{
Write-Verbose "Logging in Retry $retry"
# Subscription will be null until permission is granted
$loginResult=Login-AzureRmAccount -AccessToken $result.access_token -AccountId $SubscriptionId
if ($loginResult.Context.Subscription.Id -eq $SubscriptionId)
{
$success=$true
}
else
{
throw "Subscription Id $SubscriptionId not in context"
}
}
catch
{
Write-Verbose "Exception $_ trying to login"
$retry++
if ($retry -lt 5)
{
Write-Verbose 'Sleeeping for 60 seconds ...'
Start-Sleep 60
Write-Verbose "Retrying attempt $retry"
}
else
{
throw $_
}
}
}
while(!$success)
New-AzureRmResourceGroup -Name "ExampleResourceGroup" -Location "South Central US"