ESUScripts/Demo-ESULicense.ps1 at main · EverAzureRest/ESUScripts · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
[CmdletBinding()]
<#
.SYNOPSIS
    This script will create, activate, deactivate, link, unlink, or delete an ESU license for a Windows 2012 machine.

.DESCRIPTION
    This script will create, activate, deactivate, link, unlink, or delete an ESU license for a Windows 2012 machine.

.PARAMETER licenseOperation
    The operation to perform on the ESU license. Valid values are Create, Activate, Deactivate, Link, Unlink, and Delete.

.PARAMETER TenantId
    The tenant ID of the Azure subscription.

.PARAMETER ApplicationId
    The application ID of the service principal. Do not specify if using your own login. The script will prompt for password if using ApplicationId.

.PARAMETER region
    The Azure region to create licenses in. The Azure region of the VM in all other operations.

.PARAMETER subscriptionId
    The subscription ID of the Azure subscription.

.PARAMETER resourceGroup
    The Resource Group of License files when performing License Operations.  The Resource Group of the Machine(s) when performing Machine Operations.

.PARAMETER machineName
    The name of the machine to perform the operation on.

.PARAMETER machines
    A Comma-separated array of machine names to perform the operation on.

.PARAMETER machineCSVfile
    A CSV file containing a column named MachineName with the names of the machines to perform the operation on.

.PARAMETER AllMachinesInRG
    Perform the operation on all machines in the resource group. The script will automatically exclude non-Windows 2012 machines.

.PARAMETER licenseResourceId
    The resource ID of the ESU license when performing Link, Unlink, Activate, Deactivate, or Delete operations.

.PARAMETER licenseName
    An optional name parameter for the license when performing Create operations. If not specified, the license will be named Datacenter-pCore or Standard-vCore, etc. depending on the license type.

.EXAMPLE
    .\Demo-ESULicense.ps1 -licenseOperation Create -TenantId "00000000-0000-0000-0000-000000000000" -ApplicationId "00000000-0000-0000-0000-000000000000" `
    -SecurePassword "00000000-0000-0000-0000-000000000000" -region "eastus" -subscriptionId "00000000-0000-0000-0000-000000000000" `
    -resourceGroup "ESU-Licenses"

    This example will create a new ESU license in the East US region with a Service Principal login and will prompt you for license details.

.EXAMPLE
    .\Demo-ESULicense.ps1 -licenseOperation Link -TenantId "00000000-0000-0000-0000-000000000000" -region "eastus" `
    -subscriptionId "00000000-0000-0000-0000-000000000000" -resourceGroup "ESU-Licenses" -machineName "machine1" `
    -licenseResourceId "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/ESU-Licenses/providers/Microsoft.HybridCompute/licenses/Datacenter-vCore"

    This example will link the license to the machine named machine1 using the current logged in user's credentials.

.EXAMPLE
    .\Demo-ESULicense.ps1 -licenseOperation Unlink -TenantId "00000000-0000-0000-0000-000000000000" -region "eastus" `
    -subscriptionId "00000000-0000-0000-0000-000000000000" -resourceGroup "ESU-Licenses" -allMachinesInRG `
    -licenseResourceId "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/ESU-Licenses/providers/Microsoft.HybridCompute/licenses/Datacenter-vCore"

    This example will unlink the license from all machines in the resource group using the current logged in user's credentials.

.OUTPUTS
    The REST API response for the operation or in the case of the Create operation, the resource ID of the created license.
#>

param(
    [parameter(Mandatory=$true)]
    [ValidateSet("Create","Deactivate","Activate","Link","Unlink","Delete")]
    $licenseOperation,

    [parameter(Mandatory=$true)]
    $TenantId,

    $ApplicationId,

    [parameter(Mandatory=$true)]
    $region,

    [parameter(Mandatory=$true)]
    $subscriptionId,

    [parameter(Mandatory=$true)]
    $resourceGroup,

    $machineName,

    [array]$machines,

    $machineCSVfile,

    [switch]$AllMachinesInRG,

    $licenseResourceId,

    $licenseName
)


#If ServicePrincipal is used, connect to Azure with Service Principal and retrieve bearer token
if ($ApplicationId) {
    [securestring]$SecurePassword = $(Read-Host -Prompt "Enter password" -AsSecureString)
    #$SecurePassword = ConvertTo-SecureString -String $SecurePassword -AsPlainText -Force
    $Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $ApplicationId, $SecurePassword
    try {
        Connect-AzAccount -ServicePrincipal -TenantId $TenantId -Credential $Credential
        $token = (Get-AzAccessToken -ResourceUrl 'https://management.azure.com').Token
    }
    catch {
        Write-Output "Failed to connect to Azure with Service Principal - Check your credentials or try as the current user"
        exit
    }
}
else {
    try {
       $context = Get-AzContext -ea 0
       if ($context.Subscription -ne $subscriptionId) {
        Set-AzContext -Subscription $subscriptionId
        $token = (Get-AzAccessToken -ResourceUrl 'https://management.azure.com').Token
       }
    }
    catch{
        Write-Output "No context found, logging in and setting context"
        try{
            Connect-AzAccount -Tenant $TenantId
            Set-AzContext -Subscription $subscriptionId
            $token = (Get-AzAccessToken -ResourceUrl 'https://management.azure.com').Token
        }
        catch{
            Write-Output "Failed to connect to Azure - Check your credentials"
            exit
        }
    }
}


#Function to create an ESU license
Function CreateLicense {
    param(
        [parameter(Mandatory=$true)]
        $token,

        [parameter(Mandatory=$true)]
        $licenseTarget,

        [parameter(Mandatory=$true)]
        $licenseEdition,

        [parameter(Mandatory=$true)]
        $licenseType,

        [parameter(Mandatory=$true)]
        $licenseState,

        [parameter(Mandatory=$true)]
        $processors,

        [parameter(Mandatory=$true)]
        $region,

        [parameter(Mandatory=$true)]
        $subscriptionId,

        [parameter(Mandatory=$true)]
        $resourceGroup,

        $licenseName
    )

   $licenseResourceId = "/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.HybridCompute/licenses/{2}" -f $subscriptionId, $resourceGroup, $($licenseName+$licenseEdition+"-"+$licenseType)

    $createLicenseUrl =  "https://management.azure.com{0}?api-version=2023-06-20-preview" -f $licenseResourceId
    $createBody = @{
        'location' = $region
        'properties' = @{
            'licenseDetails' = @{
                'state' = $licenseState
                'target' = $licenseTarget
                "Edition" = $licenseEdition
                "Type" = $licenseType
                "Processors" = $processors
                }
            }
    }

    $bodyJson = $createBody | ConvertTo-Json -Depth 3

    $headers = @{
        Authorization = "Bearer $token"
    }

    Invoke-WebRequest -Uri $createLicenseUrl -Method Put -Body $bodyJson -Headers $headers -ContentType "application/json"

    Write-Output $licenseResourceId
}

Function UpdateLicense {
    param(
        [parameter(Mandatory=$true)]
        $licenseResourceId,

        [parameter(Mandatory=$true)]
        $token,

        [parameter(Mandatory=$true)]
        $licenseAction
    )
    $updateLicenseUrl =  "https://management.azure.com{0}?api-version=2023-06-20-preview" -f $licenseResourceId

    if($licenseAction -eq "Activate") {
        $licenseState = 'Activated'
    } elseif ($licenseAction -eq "Deactivate") {
        $licenseState = 'Deactivated'
    }

    $updateBody = @{
        'properties' = @{
            'licenseDetails' = @{
                'state' = $licenseState
            }
        }
    }
    $bodyJson = $updateBody | ConvertTo-Json -Depth 3

    $headers = @{
        Authorization = "Bearer $token"
    }
    Invoke-WebRequest -Uri $updateLicenseUrl -Method Patch -Body $bodyJson -Headers $headers -ContentType "application/json"
}

Function LinkLicense {
    param(
        [parameter(Mandatory=$true)]
        $token,

        [parameter(Mandatory=$true)]
        $machineName,

        [parameter(Mandatory=$true)]
        $resourceGroup,

        [parameter(Mandatory=$true)]
        $licenseResourceId,

        [parameter(Mandatory=$true)]
        $region
    )
    $machineResourceId = (Get-AzConnectedMachine -Name $machineName -ResourceGroupName $resourceGroup).Id
    $linkLicenseUrl = "https://management.azure.com{0}/licenseProfiles/default?api-version=2023-06-20-preview " -f $machineResourceId
    $linkBody = @{
        location = $region
        properties = @{
            esuProfile = @{
                assignedLicense = $licenseResourceId
            }
        }
    }
    $bodyJson = $linkBody | ConvertTo-Json -Depth 3
    $headers = @{
        Authorization = "Bearer $token"
    }
    Invoke-WebRequest -Uri $linkLicenseUrl -Method PUT -Body $bodyJson -Headers $headers -ContentType "application/json"

}

Function DeleteLicenseLink {
    param(
        [parameter(Mandatory=$true)]
        $token,

        [parameter(Mandatory=$true)]
        $machineName,

        [parameter(Mandatory=$true)]
        $resourceGroup
    )
    $machineResourceId = (Get-AzConnectedMachine -Name $machineName -ResourceGroupName $resourceGroup).Id
    $linkLicenseUrl = "https://management.azure.com{0}/licenseProfiles/default?api-version=2023-06-20-preview " -f $machineResourceId
    $linkBody = @{
        location = $region
        properties = @{
            esuProfile = @{
                assignedLicense = $null
            }
        }
    }
    $bodyJson = $linkBody | ConvertTo-Json -Depth 3
    $headers = @{
        Authorization = "Bearer $token"
    }
    Invoke-WebRequest -Uri $linkLicenseUrl -Method PUT -Body $bodyJson -Headers $headers -ContentType "application/json"

}

Function DeleteLicense {
    param(
        [parameter(Mandatory=$true)]
        $token,

        [parameter(Mandatory=$true)]
        $licenseResourceId
    )
    $headers = @{
        Authorization = "Bearer $token"
    }
    $deleteLicenseUrl =  "https://management.azure.com{0}?api-version=2023-06-20-preview" -f $licenseResourceId
    Invoke-WebRequest -Uri $deleteLicenseUrl -Method DELETE -Headers $headers
}

if ($machineName) {
    $machines = @($machineName)
}
elseif ($machineCSVfile) {
    $machines = Import-Csv $machineCSVfile | Select-Object -ExpandProperty MachineName
}
elseif ($AllMachinesInRG) {
    $machines = Get-AzConnectedMachine -ResourceGroupName $resourceGroup | Where-Object {$_.OSSku -match "2012"} | Select-Object -ExpandProperty Name
}

if ($licenseOperation -eq "Create") {
    $prompt = Read-Host -Prompt "Is this a Windows 2012 License? (y/n)"
    if ($prompt -eq "y") {
        $licenseTarget = 'Windows Server 2012'
    }
    $licenseState = Read-Host -Prompt "What state should the license be created in? (Deactivated/Activated)"
    if ($licenseState -eq "Activated") {
        $licenseState = 'Activated'
    } else {
        $licenseState = 'Deactivated'
    }
    $licenseEdition = Read-Host -Prompt "What is the license edition? (Datacenter/Standard)"
    if ($licenseEdition -eq "Datacenter") {
        $licenseEdition = 'Datacenter'
    } else {
        $licenseEdition = 'Standard'
    }
    $licenseType = Read-Host -Prompt "What is the license type? (vCore/pCore)"
    if ($licenseType -eq "vCore") {
        $licenseType = 'vCore'
    } else {
        $licenseType = 'pCore'
    }
    $processors = Read-Host "Please enter the core count, vCore must be at least 8, pCore must be at least 16. (8/16)"

    CreateLicense $token $licenseTarget $licenseEdition $licenseType $licenseState $processors $region $subscriptionId $resourceGroup $licenseName
}
elseif ($licenseOperation -eq "Activate" -or $licenseOperation -eq "Deactivate") {
    UpdateLicense $licenseResourceId $token $licenseOperation
}
elseif ($licenseOperation -eq "Link") {
    foreach ($machineName in $machines) {
        LinkLicense $token $machineName $resourceGroup $licenseResourceId $region
    }
}
elseif ($licenseOperation -eq "Unlink") {
    foreach ($machineName in $machines) {
        DeleteLicenseLink $token $machineName $resourceGroup
    }
}
elseif ($licenseOperation -eq "Delete") {
    DeleteLicense $token $licenseResourceId
}