public Task Create(String Name, String ResourceGroupName, string Location, String Sku)
{
var pwsh = shellRunner.CreateCommandBuilder();
pwsh.SetUnrestrictedExecution();
pwsh.AddCommand($"Import-Module Az.ContainerRegistry");
pwsh.AddResultCommand($"New-AzContainerRegistry -EnableAdminUser -Name {Name} -ResourceGroupName {ResourceGroupName} -Location {Location} -Sku {Sku} | ConvertTo-Json -Depth 10");
return(shellRunner.RunProcessVoidAsync(pwsh,
invalidExitCodeMessage: $"Error creating Azure Container Registry '{Name}' in Resource Group '{ResourceGroupName}' in '{Location}' with sku '{Sku}'."));
}
public async Task <bool> Exists(String DisplayName)
{
var pwsh = shellRunner.CreateCommandBuilder();
pwsh.SetUnrestrictedExecution();
pwsh.AddCommand($"Import-Module Az.Resources");
pwsh.AddResultCommand($"Get-AzADServicePrincipal -DisplayName {DisplayName} | ConvertTo-Json -Depth 10");
var result = await shellRunner.RunProcessAsync(pwsh,
invalidExitCodeMessage : $"Error getting service principal '{DisplayName}'.");
return(result.Type != Newtonsoft.Json.Linq.JTokenType.Null);
}
public async Task <String> GetPublicIp(String Name)
{
var pwsh = shellRunner.CreateCommandBuilder();
pwsh.SetUnrestrictedExecution();
pwsh.AddCommand($"Import-Module Az.Network");
pwsh.AddResultCommand($"Get-AzPublicIpAddress -Name {Name} | ConvertTo-Json -Depth 10");
dynamic result = await shellRunner.RunProcessAsync(pwsh,
invalidExitCodeMessage : $"Error getting Public Ip Address '{Name}'.");
return(result.IpAddress);
}
public Task Create(String name, String resourceGroupName, String location, String adminUser, String adminPass)
{
var pwsh = shellRunner.CreateCommandBuilder();
pwsh.SetUnrestrictedExecution();
pwsh.AddCommand($"Import-Module Az.Sql");
pwsh.AddCommand($"$secStringPassword = ConvertTo-SecureString {adminPass} -AsPlainText");
pwsh.AddCommand($"$credObject = New-Object System.Management.Automation.PSCredential ({adminUser}, $secStringPassword)");
pwsh.AddResultCommand($"New-AzSqlServer -ServerName {name} -SqlAdministratorCredentials $credObject -Location {location} -ResourceGroupName {resourceGroupName} | ConvertTo-Json -Depth 10");
return(shellRunner.RunProcessVoidAsync(pwsh,
invalidExitCodeMessage: $"Error creating Sql Server '{name}' in Resource Group '{resourceGroupName}' at '{location}'."));
}
public Task ResourceGroupDeployment(String resourceGroupName, String templateFile, String?templateParameterFile, Object args)
{
var pwsh = shellRunner.CreateCommandBuilder();
pwsh.SetUnrestrictedExecution();
pwsh.AddCommand($"Import-Module Az.Resources");
var commands = new FormattableString[] { $"New-AzResourceGroupDeployment -Name {Guid.NewGuid()} -ResourceGroupName {resourceGroupName}" }.Concat(SetupArgs(ref templateFile, ref templateParameterFile, args));
pwsh.AddResultCommand(commands);
return(shellRunner.RunProcessVoidAsync(pwsh,
invalidExitCodeMessage: $"Error creating Arm Template '{templateFile}' in Resource Group '{resourceGroupName}'."));
}
/// <summary>
/// Unlock get, list, set and delete for secrets and certificates.
/// </summary>
/// <param name="keyVaultName"></param>
/// <param name="userId"></param>
/// <returns></returns>
public Task UnlockSecrets(String keyVaultName, Guid userId)
{
var pwsh = shellRunner.CreateCommandBuilder();
pwsh.SetUnrestrictedExecution();
pwsh.AddCommand($"Import-Module Az.KeyVault");
pwsh.AddResultCommand($"Set-AzKeyVaultAccessPolicy -ObjectId {userId} -VaultName {keyVaultName} -PermissionsToSecrets set,delete,get,list -PermissionsToCertificates import,delete,get,list | ConvertTo-Json -Depth 10");
return(shellRunner.RunProcessVoidAsync(pwsh,
invalidExitCodeMessage: $"Error unlocking secrets in Key Vault '{keyVaultName}'."));
}
public Task SetContext(Guid subscriptionId)
{
var pwsh = shellRunner.CreateCommandBuilder();
pwsh.SetUnrestrictedExecution();
pwsh.AddCommand($"Import-Module Az.Accounts");
pwsh.AddResultCommand($"Set-AzContext -SubscriptionId {subscriptionId} | ConvertTo-Json -Depth 10");
return(shellRunner.RunProcessVoidAsync(pwsh,
invalidExitCodeMessage: $"Error setting context to '{subscriptionId}'."));
}
public async Task <String> GetAppInsightsInstrumentationKey(String Name, String ResourceGroupName)
{
var pwsh = shellRunner.CreateCommandBuilder();
pwsh.SetUnrestrictedExecution();
pwsh.AddCommand($"Import-Module Az.ApplicationInsights");
pwsh.AddResultCommand($"Get-AzApplicationInsights -Name {Name} -ResourceGroupName {ResourceGroupName} | ConvertTo-Json -Depth 10");
dynamic result = await shellRunner.RunProcessAsync(pwsh,
invalidExitCodeMessage : $"Error getting App Insights instrumentation key for '{Name}' in Resource Group '{ResourceGroupName}'.");
return(result.InstrumentationKey);
}
public async Task SaveSshKnownHostsSecret()
{
var sshHost = await sshHostLookup.Value;
var ip = await machineIpManager.GetExternalIp();
await vmManager.SetSecurityRuleAccess(config.NsgName, config.ResourceGroup, SshRuleName, "Allow", ip);
String key;
int retry = 0;
do
{
logger.LogInformation($"Trying key scan connection to '{sshHost}'. Retry '{retry}'.");
var builder = shellRunner.CreateCommandBuilder();
builder.AddCommand($"$key = ssh-keyscan -t rsa {sshHost}");
builder.AddResultCommand($"$key | ConvertTo-Json -Depth 10");
key = shellRunner.RunProcess <String>(builder);
if (++retry > 100)
{
throw new InvalidOperationException($"Retried ssh-keyscan '{retry}' times. Giving up.");
}
} while (String.IsNullOrEmpty(key));
var existing = await keyVaultManager.GetSecret(config.InfraKeyVaultName, config.SshKnownHostKey);
if (existing != null && existing != key)
{
logger.LogInformation($"Current saved server key (top) does not match current key on server (bottom). \n'{existing}'\n{key}");
logger.LogInformation("If this is because the vm was recreated please enter y below. Otherwise this will be considered an error and the provisioning will stop.");
if (!"y".Equals(Console.ReadLine(), StringComparison.InvariantCultureIgnoreCase))
{
throw new InvalidOperationException("The ssh keys did not match and were rejected by the user. Key vault not updated.");
}
}
await keyVaultManager.SetSecret(config.InfraKeyVaultName, config.SshKnownHostKey, key);
}