예제 #1
0
        public override void ExecuteCmdlet()
        {
            if (!string.IsNullOrWhiteSpace(ResourceGroupName) && !string.IsNullOrWhiteSpace(WebAppName))
            {
                string kvId = string.Empty, kvRgName = string.Empty, kvSubscriptionId = string.Empty;
                var    webApp            = new PSSite(WebsitesClient.GetWebApp(ResourceGroupName, WebAppName, Slot));
                var    location          = webApp.Location;
                var    serverFarmId      = webApp.ServerFarmId;
                var    keyvaultResources = this.ResourcesClient.ResourceManagementClient.FilterResources(new FilterResourcesOptions
                {
                    ResourceType = "Microsoft.KeyVault/Vaults"
                }).ToArray();

                foreach (var kv in keyvaultResources)
                {
                    if (kv.Name == KeyVaultName)
                    {
                        kvId     = kv.Id;
                        kvRgName = kv.ResourceGroupName;
                        break;
                    }
                }
                if (string.IsNullOrEmpty(kvId))
                {
                    kvId = KeyVaultName;
                    if (CmdletHelpers.IsValidAKVResourceId(kvId))
                    {
                        var details = CmdletHelpers.GetResourceDetailsFromResourceId(kvId);
                        kvRgName         = details.ResourceGroupName;
                        KeyVaultName     = details.ResourceName;
                        kvSubscriptionId = details.Subscription;
                    }
                    else //default to AppService RG
                    {
                        kvRgName = ResourceGroupName;
                    }
                }
                var kvpermission = CmdletHelpers.CheckServicePrincipalPermissions(this.ResourcesClient, this.KeyvaultClient, kvRgName, KeyVaultName, kvSubscriptionId);
                var lnk          = "https://azure.github.io/AppService/2016/05/24/Deploying-Azure-Web-App-Certificate-through-Key-Vault.html";
                if (kvpermission.ToLower() != "get")
                {
                    WriteWarning("Unable to verify Key Vault permissions.");
                    WriteWarning("You may need to grant Microsoft.Azure.WebSites service principal the Secret:Get permission");
                    WriteWarning(string.Format("Find more details here: '{0}'", lnk));
                }

                Certificate kvc         = null;
                var         certificate = new Certificate(
                    location: location,
                    keyVaultId: kvId,
                    password: "",
                    keyVaultSecretName: CertName,
                    serverFarmId: serverFarmId
                    );

                if (this.ShouldProcess(this.WebAppName, string.Format($"Importing keyvault certificate for Web App '{WebAppName}'")))
                {
                    try
                    {
                        kvc = WebsitesClient.CreateCertificate(ResourceGroupName, CertName, certificate);
                    }
                    catch (DefaultErrorResponseException e)
                    {
                        if (e.Response.StatusCode != HttpStatusCode.Conflict)
                        {
                            throw e;
                        }
                    }
                }
                WriteObject(kvc);
            }
        }