public async Task CopyStringToSshFile(string input, string dest)
{
var path = Path.GetTempFileName();
try
{
var sshHost = await sshHostLookup.Value;
File.WriteAllText(path, input);
var sshState = await sshStateLoad.Value;
var finalDest = $"{sshState.vmUser}@{sshHost}:{dest}";
await shellRunner.RunProcessVoidAsync($"scp -i {sshState.privateKeyFile} {path} {finalDest}",
invalidExitCodeMessage : $"Error running command scp for '{path}' to '{dest}'.");
}
finally
{
try
{
File.Delete(path);
}
catch (Exception ex)
{
logger.LogError($"{ex.GetType().Name} deleting temp secret file '{path}'.");
}
}
}
/// <summary>
/// Unlock get, list, set and delete for secrets and certificates.
/// </summary>
/// <param name="keyVaultName"></param>
/// <param name="userId"></param>
/// <returns></returns>
public Task UnlockSecrets(String keyVaultName, Guid userId)
{
var pwsh = shellRunner.CreateCommandBuilder();
pwsh.SetUnrestrictedExecution();
pwsh.AddCommand($"Import-Module Az.KeyVault");
pwsh.AddResultCommand($"Set-AzKeyVaultAccessPolicy -ObjectId {userId} -VaultName {keyVaultName} -PermissionsToSecrets set,delete,get,list -PermissionsToCertificates import,delete,get,list | ConvertTo-Json -Depth 10");
return(shellRunner.RunProcessVoidAsync(pwsh,
invalidExitCodeMessage: $"Error unlocking secrets in Key Vault '{keyVaultName}'."));
}
public Task Create(String name, String resourceGroupName, String location, String adminUser, String adminPass)
{
var pwsh = shellRunner.CreateCommandBuilder();
pwsh.SetUnrestrictedExecution();
pwsh.AddCommand($"Import-Module Az.Sql");
pwsh.AddCommand($"$secStringPassword = ConvertTo-SecureString {adminPass} -AsPlainText");
pwsh.AddCommand($"$credObject = New-Object System.Management.Automation.PSCredential ({adminUser}, $secStringPassword)");
pwsh.AddResultCommand($"New-AzSqlServer -ServerName {name} -SqlAdministratorCredentials $credObject -Location {location} -ResourceGroupName {resourceGroupName} | ConvertTo-Json -Depth 10");
return(shellRunner.RunProcessVoidAsync(pwsh,
invalidExitCodeMessage: $"Error creating Sql Server '{name}' in Resource Group '{resourceGroupName}' at '{location}'."));
}
public Task ResourceGroupDeployment(String resourceGroupName, String templateFile, String?templateParameterFile, Object args)
{
var pwsh = shellRunner.CreateCommandBuilder();
pwsh.SetUnrestrictedExecution();
pwsh.AddCommand($"Import-Module Az.Resources");
var commands = new FormattableString[] { $"New-AzResourceGroupDeployment -Name {Guid.NewGuid()} -ResourceGroupName {resourceGroupName}" }.Concat(SetupArgs(ref templateFile, ref templateParameterFile, args));
pwsh.AddResultCommand(commands);
return(shellRunner.RunProcessVoidAsync(pwsh,
invalidExitCodeMessage: $"Error creating Arm Template '{templateFile}' in Resource Group '{resourceGroupName}'."));
}
public Task SetContext(Guid subscriptionId)
{
var pwsh = shellRunner.CreateCommandBuilder();
pwsh.SetUnrestrictedExecution();
pwsh.AddCommand($"Import-Module Az.Accounts");
pwsh.AddResultCommand($"Set-AzContext -SubscriptionId {subscriptionId} | ConvertTo-Json -Depth 10");
return(shellRunner.RunProcessVoidAsync(pwsh,
invalidExitCodeMessage: $"Error setting context to '{subscriptionId}'."));
}
public Task Create(String Name, String ResourceGroupName, string Location, String Sku)
{
var pwsh = shellRunner.CreateCommandBuilder();
pwsh.SetUnrestrictedExecution();
pwsh.AddCommand($"Import-Module Az.ContainerRegistry");
pwsh.AddResultCommand($"New-AzContainerRegistry -EnableAdminUser -Name {Name} -ResourceGroupName {ResourceGroupName} -Location {Location} -Sku {Sku} | ConvertTo-Json -Depth 10");
return(shellRunner.RunProcessVoidAsync(pwsh,
invalidExitCodeMessage: $"Error creating Azure Container Registry '{Name}' in Resource Group '{ResourceGroupName}' in '{Location}' with sku '{Sku}'."));
}
public Task Remove(String DisplayName)
{
var pwsh = shellRunner.CreateCommandBuilder();
pwsh.SetUnrestrictedExecution();
pwsh.AddCommand($"Import-Module Az.Resources");
pwsh.AddCommand($"Remove-AzADServicePrincipal -Force -DisplayName {DisplayName}");
pwsh.AddResultCommand($"Remove-AzADApplication -Force -DisplayName {DisplayName} | ConvertTo-Json -Depth 10");
return(shellRunner.RunProcessVoidAsync(pwsh,
invalidExitCodeMessage: $"Error getting service principal '{DisplayName}'."));
}
public Task SetSecurityRuleAccess(String NetworkSecurityGroup, String ResourceGroup, String Name, String Access, String SourceAddressPrefix)
{
{
var pwsh = shellRunner.CreateCommandBuilder();
//Workaround from spaelling https://github.com/Azure/azure-powershell/issues/8371#issuecomment-512549409
pwsh.SetUnrestrictedExecution();
pwsh.AddCommand($"Import-Module Az.Network");
pwsh.AddCommand($"$sourceAddrs = New-Object System.Collections.Generic.List[string]");
pwsh.AddCommand($"$sourceAddrs.Add({SourceAddressPrefix})");
pwsh.AddCommand($"$nsg = Get-AzNetworkSecurityGroup -Name {NetworkSecurityGroup} -ResourceGroup {ResourceGroup}");
pwsh.AddCommand($"($nsg.SecurityRules | Where-Object {{$_.Name -eq {Name}}}).Access = {Access}");
pwsh.AddCommand($"($nsg.SecurityRules | Where-Object {{$_.Name -eq {Name}}}).SourceAddressPrefix = $sourceAddrs");
pwsh.AddResultCommand($"$nsg | Set-AzNetworkSecurityGroup | ConvertTo-Json -Depth 10");
return(shellRunner.RunProcessVoidAsync(pwsh,
invalidExitCodeMessage: $"Error modifying NSG '{NetworkSecurityGroup}' from '{ResourceGroup}'."));
}
}
