-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path1-connect-customer-deployment.sh
More file actions
executable file
·94 lines (72 loc) · 4.75 KB
/
1-connect-customer-deployment.sh
File metadata and controls
executable file
·94 lines (72 loc) · 4.75 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
#!/bin/bash
trap "exit 1" TERM
export TOP_PID=$$
source "$( dirname "$( readlink -f "$0" )" )/dependencies/state-handling.sh"
if [ $# -ne 2 ]; then
echo "Specify the customer's subscription id and the managed resource group's name, for example:
$0 724467b5-bee4-484b-bf13-d6a5505d2b51 mrg-chgpnexttry
"
exit 1
fi
export customer_subscription="$1"
export managed_resource_group_name="$2"
value="$( get-value ".customers[\"${customer_subscription}\"][\"${managed_resource_group_name}\"].uamiClientId" )"
if [[ -n "${value}" && "${value}" != "null" ]]; then
echo "The customer is already onboaded, exiting..." > /dev/tty ; kill -s TERM $TOP_PID;
fi
uami_name="metering-submission-uami"
idp_aud="api://AzureADTokenExchange"
idp_sub="metering-submission-via-uami from $( get-value-or-fail '.publisher.aadTenantId' )"
uamiDeploymentResult="$( az deployment group create \
--subscription "${customer_subscription}" \
--resource-group "${managed_resource_group_name}" \
--template-file "${basedir}/templates/1-connect-customer-deployment.bicep" \
--parameters \
identityName="${uami_name}" \
sub="${idp_sub}" \
aud="${idp_aud}" \
issuerUrl="$( get-value-or-fail '.publisher.idp.issuer' )" \
--output json 2>/dev/null )"
echo "${uamiDeploymentResult}" | jq > "${HOME}/uami-deploy.json"
uamiJson="$( echo "${uamiDeploymentResult}" | jq '.properties.outputs.uami.value' )"
put-value ".customers[\"${customer_subscription}\"][\"${managed_resource_group_name}\"].uamiClientId" "$( echo "${uamiJson}" | jq -r '.client_id' )"
put-value ".customers[\"${customer_subscription}\"][\"${managed_resource_group_name}\"].tenantId" "$( echo "${uamiJson}" | jq -r '.tenant_id' )"
put-value ".customers[\"${customer_subscription}\"][\"${managed_resource_group_name}\"].subject" "${idp_sub}"
put-value ".customers[\"${customer_subscription}\"][\"${managed_resource_group_name}\"].audience" "${idp_aud}"
put-value ".customers[\"${customer_subscription}\"][\"${managed_resource_group_name}\"].uamiName" "${uami_name}"
# queryByManagedResourceGroup="$( echo 'resources
# | where type =~ "microsoft.solutions/applications"
# | where properties.managedResourceGroupId =~ "/subscriptions/$customer_subscription/resourceGroups/$managed_resource_group_name"
# | extend provisioningState = properties.provisioningState
# | extend managedResourceGroupId = properties.managedResourceGroupId
# // extend billing = dynamic({ "resourceUri": id, "resourceId": properties.billingDetails.resourceUsageId }) // does not work
# | extend billing = parse_json(strcat("{\"resourceUri\": \"", id, "\", \"resourceId\": \"", properties.billingDetails.resourceUsageId, "\"}"))
# | project managedResourceGroupId, kind, location, provisioningState, plan, billing
# ' | envsubst '$customer_subscription,$managed_resource_group_name' )"
queryByManagedResourceGroup="$( echo 'resources
| where type =~ "microsoft.solutions/applications"
| where properties.managedResourceGroupId =~ "/subscriptions/XXXcustomer_subscription/resourceGroups/XXXmanaged_resource_group_name"
| extend provisioningState = properties.provisioningState
| extend managedResourceGroupId = properties.managedResourceGroupId
// extend billing = dynamic({ "resourceUri": id, "resourceId": properties.billingDetails.resourceUsageId }) // does not work
| extend billing = parse_json(strcat("{\"resourceUri\": \"", id, "\", \"resourceId\": \"", properties.billingDetails.resourceUsageId, "\"}"))
| project managedResourceGroupId, kind, location, provisioningState, plan, billing
' | sed "s/XXXcustomer_subscription/${customer_subscription}/g" \
| sed "s/XXXmanaged_resource_group_name/${managed_resource_group_name}/g" \
)"
# List all managed apps of my customers
# az graph query -q "${queryByManagedResourceGroup}" | jq -r '["resourceId","resourceUri"], (.data[].billing | [.resourceId, .resourceUri]) | @tsv'
managedAppDetails="$( az graph query -q "${queryByManagedResourceGroup}" | jq .data[0] )"
put-value \
".customers[\"${customer_subscription}\"][\"${managed_resource_group_name}\"].billing.resourceId" \
"$( echo "${managedAppDetails}" | jq -r '.billing.resourceId' )"
put-value \
".customers[\"${customer_subscription}\"][\"${managed_resource_group_name}\"].billing.resourceUri" \
"$( echo "${managedAppDetails}" | jq -r '.billing.resourceUri' )"
put-value \
".customers[\"${customer_subscription}\"][\"${managed_resource_group_name}\"].billing.resourceUri" \
"$( echo "${managedAppDetails}" | jq -r '.billing.resourceUri' )"
put-value \
".customers[\"${customer_subscription}\"][\"${managed_resource_group_name}\"].planName" \
"$( echo "${managedAppDetails}" | jq -r '.plan.name' )"
# https://docs.microsoft.com/en-us/azure/active-directory/develop/workload-identity-federation-create-trust