-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathazure.sh
More file actions
executable file
·178 lines (142 loc) · 6.94 KB
/
azure.sh
File metadata and controls
executable file
·178 lines (142 loc) · 6.94 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
#!/bin/bash
export AZURE_HTTP_USER_AGENT='pid-5d52b2b7-4e3e-5534-8a7a-53fab37a29fb'
function quit_on_err { echo $1; exit; }
function ver { printf "%03d%03d%03d%03d" $(echo "$1" | tr '.' ' '); }
function run_and_capture {
typeset -n var_out=$1
typeset -n var_err=$2
typeset -n var_code=$3
seperator=$(dbus-uuidgen)
std=$(
{ stdout=$($4) ; } 2>&1
echo -e "$seperator$stdout$seperator$?"
)
var_err="${std%%$seperator*}"; std="${std#*$seperator}"
var_out="${std%%$seperator*}"; std="${std#*$seperator}"
var_code="${std%%$seperator*}"; std="${std#*$seperator}"
}
function retry(){
max_retries=$1
command="$2"
retries=0
while [ $retries \< $max_retries ]; do
run_and_capture stdout stderr exit_code "$command"
echo "$stderr" >&2
if [ $exit_code == "0" ]; then
break
elif [[ "$stderr" == *"too many 500 error responses"* ]]; then
sleep 1
else
break
fi
retries=$((retries+1))
done
echo "$stdout"
return $exit_code
}
RED='\033[0;31m'
GREEN='\033[0;32m'
NC='\033[0m' # No Color
REGION="westeurope"
if [ ! -z "$1" ]
then
REGION=$1
fi
echo -e "\n\n ___ _ ___ _ _ ___ ___ _ _ ___ _ _ ___ ___ _ ___ _ ___ __"
echo -e " / __| | / _ \| | | | \/ __| || | __| | | | ___ / __/ _ \| | / _ \| \| \ \ / /"
echo -e " | (__| |_| (_) | |_| | |) \__ \ __ | _|| |__| |_|___| (_| (_) | |_| (_) | . \ V / "
echo -e " \___|____\___/ \___/|___/|___/_||_|___|____|____| \___\___/|____\___/|_|\_| |_| \n\n\n"
echo -e "$GREEN Please wait while we setup the integration with your Azure account. $NC \n\n"
echo -e "This script grants Cloud Shell Colony permissions to your account and\ncreates a small management layer that will keep your data safe."
echo -e "For more information visit: https://colonysupport.quali.com/hc/en-us/articles/360008858093-Granting-access-to-your-Azure-account\n\n"
#========================================================================================
AZ_VERSION=$(az --version | grep -Po 'azure\-cli.*\K(\d+\.\d+\.\d+)')
if [ $(ver $AZ_VERSION) -lt $(ver 2.0.69) ]; then
echo -e "${RED}Unsupported azure-cli version of $AZ_VERSION. Please update to version 2.0.68 or above.${NC}"
exit 1
fi
x=$(az account list)
accountname=$(az account show |jq -r .user.name)
length=$(jq -n "$x" | jq '. | length')
END=$length-1
i=0
declare -i subscription_number=0
if [ "$length" -eq 0 ]
then
echo -e "${RED}Error no subscription found${NC}"
exit 1
fi
if [ "$length" -eq 1 ]
then
subscription_number=1
else
echo "Please type subscription number:#"
while [[ $i -le $END ]]
do
# prints subscription name and id
echo "$((i+1))" $(jq -n "$x" | jq .["$i"].name ) $(jq -n "$x" | jq .["$i"].id )
((i++))
done
read -p "Please enter number between 1 to $length: " subscription_number
while [ $subscription_number -lt 1 -o $subscription_number -gt $length ]
do
read -p "Please enter number between 1 to $length: " subscription_number
done
fi
SubscriptionId=$(jq -n "$x" | jq .["$((subscription_number-1))"].id -r)
az account set --subscription $SubscriptionId
echo -e "Running with settings:"
echo -e "Subscription:" $GREEN$(jq -n "$x" | jq .["$((subscription_number-1))"].name ) $SubscriptionId$NC
echo -e "Region $GREEN$REGION$NC"
#========================================================================================
COLONY_RANDOM=$(date +%s | sha256sum | base64 | head -c 12;echo)$(echo $RANDOM)
COLONY_RANDOM="$(echo $COLONY_RANDOM | tr '[A-Z]' '[a-z]')"
AppName=$(echo "COLONY-"$COLONY_RANDOM)
ColonyMgmtRG=$(echo "colony-"$COLONY_RANDOM)
StorageName=$(echo "colony"$COLONY_RANDOM)
TenantId=$(az account show --query tenantId -o tsv)
SidecarIdentityName=$(echo $ColonyMgmtRG"-sidecar-identity")
echo -e "Creating AD application for CloudShell Colony"
AppKey=$(az ad sp create-for-rbac -n $AppName | jq -r '.password') || quit_on_err "The user that runs the script should be an Owner."
AppId=$(az ad app list --display-name $AppName | jq '.[0].appId' | tr -d \")
az ad sp credential reset -n $AppName --password $AppKey --end-date '2299-12-31'
echo -e "Configuring access to Azure API"
bash -c "cat >> role.json" <<EOL
[{"resourceAppId": "797f4846-ba00-4fd7-ba43-dac1f8f63013","resourceAccess":[{"id": "41094075-9dad-400e-a0bd-54e686782033", "type":"Scope"}]}]
EOL
az ad app update --id $AppId --required-resource-accesses role.json
rm role.json
echo -e "\n\nApplication Name : $AppName \nApplication ID : $AppId \nApplication Key : $AppKey \nTenant ID : $TenantId \nSubscription ID : $SubscriptionId"
#========================================================================================
#1.create resource group:
echo -e "$GREEN---Creating resource group (1/3) "$ColonyMgmtRG$NC
az group create -l $REGION -n $ColonyMgmtRG --tags colony-mgmt-group='' owner=$accountname
echo "---Verifing Resource group exists "$ColonyMgmtRG
if [ ! "$(az group exists -n $ColonyMgmtRG)" = "true" ]; then
echo "Error resource group does not exists"
exit 1
fi
#2.Create the storage account:
echo -e "$GREEN---Creating storage account (2/3) "$StorageName$NC
az storage account create -n $StorageName -g $ColonyMgmtRG -l $REGION --sku Standard_LRS --kind StorageV2 --tags colony-mgmt-storage=''
echo "---Verifing storage account exists "$StorageName
#if storage account name is available it means that it was not created
if [ "$(az storage account check-name -n $StorageName -o json | jq -r .nameAvailable)" = "true" ]; then
echo "Error storage account does not exists"
exit 1
fi
echo -e "$GREEN---Creating table in storage account"$NC
az storage table create -n colonySandboxes --account-name $StorageName
#3. create sidecar identity
echo -e "$GREEN---Creating managed identity (3/3) "$SidecarIdentityName$NC
SidecarIdentityPrincipalId=$(retry 5 "az identity create -n $SidecarIdentityName -g $ColonyMgmtRG -l $REGION --query principalId --out tsv") \
|| quit_on_err "Error creating managed identity"
# assigning the identity with Contributor role in the subscription
echo -e "$GREEN---Assigning role to the managed identity"$NC
az role assignment create --assignee-object-id $SidecarIdentityPrincipalId --assignee-principal-type "ServicePrincipal" --role "Contributor" --scope "/subscriptions/"$SubscriptionId \
|| quit_on_err "Error assigning role to managed identity"
echo -e "\n\n\n-------------------------------------------------------------------------"
echo "Copy the text below and paste it into Colony's Azure authentication page"
echo -e "${GREEN}appId:$AppId,appKey:$AppKey,tenantId:$TenantId,subscriptionId:$SubscriptionId,colonyResourceGroup:$ColonyMgmtRG${NC}"
echo -e "-------------------------------------------------------------------------\n\n"
echo "Done"