151 строка
6.4 KiB
PowerShell
151 строка
6.4 KiB
PowerShell
$startTime=Get-Date
|
|
Import-Module Azure -ErrorAction SilentlyContinue
|
|
|
|
#DEPLOYMENT OPTIONS
|
|
#optional, defines uniqueness for deployments
|
|
$TestNo = "4"
|
|
#region to deploy into - see https://azure.microsoft.com/en-us/regions/
|
|
$DeployRegion = "West US 2"
|
|
#Name of your company - will be displayed through your site
|
|
$CompanyName = "Contoso"
|
|
|
|
#The name of the Azure AD tenant that will host your two auth apps
|
|
$TenantName = "contoso.com"
|
|
#The GUID of that tenant
|
|
$AADTenantId = "[AAD TenantID for auth app hosting]"
|
|
#The name of your Azure subscription associated with your Azure AD auth tenant
|
|
$AADSubName = "ADTestTenant"
|
|
|
|
#The GUID of your Azure AD tenant that's associated with your Azure subscription (where the site will be deployed)
|
|
$AzureTenantId = "[AAD TenantID for web app hosting]"
|
|
#The name of that subscription
|
|
$AzureSubName = "MyAzureSubscription"
|
|
|
|
#The name of the Resource Group where all of these resources will be deployed
|
|
$RGName = "B2BTest$TestNo"
|
|
#The "name" of your web application
|
|
$SiteName = "B2BDeployTest$TestNo"
|
|
|
|
#The display name of your Azure AD administrative auth app. This name is displayed when a user logs in to your app from Azure AD
|
|
$AdminAppName = "B2B Self-Serve Administration$TestNo"
|
|
#A unique URI that defines your application
|
|
$AdminAppUri = "https://$($SiteName)admin.$TenantName"
|
|
|
|
#The display name of your Azure AD "pre-auth" auth app. This is the app prospective guests will optionally use to prove their
|
|
#identity via their home account
|
|
$PreauthAppName = "$CompanyName - B2B Pre-Authentication Sign-In$TestNo"
|
|
#A unique URI that defines your application. Unlike the admin URI, this one must be unique in the world, as it's a multi-tenant application
|
|
$PreAuthAppUri = "https://$($SiteName).$TenantName"
|
|
|
|
#generating a unique "secret" for your admin app to execute B2B operations on your behalf
|
|
$bytes = New-Object Byte[] 32
|
|
$rand = [System.Security.Cryptography.RandomNumberGenerator]::Create()
|
|
$rand.GetBytes($bytes)
|
|
$rand.Dispose()
|
|
$spAdminPassword = [System.Convert]::ToBase64String($bytes)
|
|
|
|
#END DEPLOYMENT OPTIONS
|
|
|
|
#Dot-sourced variable override (optional, comment out if not using)
|
|
. C:\dev\A_CustomDeploySettings\B2BPortal.ps1
|
|
|
|
#ensure we're logged in
|
|
try {
|
|
$ctx=Get-AzureRmContext -ErrorAction Stop
|
|
}
|
|
catch {
|
|
Login-AzureRmAccount -SubscriptionName $AADSubName -TenantId $AADTenantId -ErrorAction Stop
|
|
}
|
|
|
|
#this will only work if the same account can see the tenant and Azure sub at the same time
|
|
Set-AzureRmContext -TenantId $AADTenantId -SubscriptionName $AADSubName -ErrorAction Stop
|
|
|
|
$newApps = $false;
|
|
|
|
$adminApp = Get-AzureRmADApplication -DisplayNameStartWith $AdminAppName -ErrorAction Stop
|
|
if ($adminApp -eq $null) {
|
|
#generate required AzureAD applications
|
|
#note: setting loopback on apps for now - will update after the ARM deployment is complete (below)...
|
|
$adminApp = New-AzureRmADApplication -DisplayName $AdminAppName -HomePage "https://loopback" -IdentifierUris $AdminAppUri
|
|
New-AzureRmADServicePrincipal -ApplicationId $adminApp.ApplicationId
|
|
$newApps = $true
|
|
}
|
|
|
|
$preauthApp = Get-AzureRmADApplication -DisplayNameStartWith $PreAuthAppName
|
|
if ($preauthApp -eq $null) {
|
|
$preauthApp = New-AzureRmADApplication -DisplayName $PreauthAppName -HomePage "https://$($SiteName).azurewebsites.net" -IdentifierUris $PreauthAppUri -AvailableToOtherTenants $true
|
|
New-AzureRmADServicePrincipal -ApplicationId $preauthApp.ApplicationId
|
|
$newApps = $true
|
|
}
|
|
|
|
if ($newApps) {
|
|
Start-Sleep 15
|
|
}
|
|
|
|
$adminAppCred = Get-AzureRmADAppCredential -ApplicationId $adminApp.ApplicationId
|
|
if ($adminAppCred -eq $null) {
|
|
New-AzureRmADAppCredential -ApplicationId $adminApp.ApplicationId -Password $spAdminPassword
|
|
}
|
|
|
|
#New-AzureRmRoleAssignment -RoleDefinitionName Reader -ServicePrincipalName $adminApp.ApplicationId
|
|
#New-AzureRmRoleAssignment -RoleDefinitionName Reader -ServicePrincipalName $preauthApp.ApplicationId
|
|
|
|
|
|
#deploy
|
|
Set-AzureRmContext -SubscriptionName $AzureSubName -TenantId $AzureTenantId -ErrorAction Stop
|
|
|
|
$parms=@{
|
|
"hostingPlanName" = $SiteName;
|
|
"skuName" = "F1";
|
|
"skuCapacity" = 1;
|
|
"tenantName" = $TenantName;
|
|
"tenantId" = $AADTenantId;
|
|
"clientId_admin" = $adminApp.ApplicationId;
|
|
"clientSecret_admin" = $spAdminPassword;
|
|
"clientId_preAuth" = $preauthApp.ApplicationId;
|
|
"mailServerFqdn" = "";
|
|
"smtpLogin" = "";
|
|
"smptPassword" = "";
|
|
}
|
|
|
|
#$TemplateFile = "https://raw.githubusercontent.com/Azure/active-directory-dotnet-graphapi-b2bportal-web/master/azuredeploy.json"
|
|
$TemplateFile = "C:\Dev\active-directory-dotnet-graphapi-b2bportal-web\azuredeploy.json"
|
|
|
|
try {
|
|
Get-AzureRmResourceGroup -Name $RGName -ErrorAction Stop
|
|
Write-Host "Resource group $RGName exists, updating deployment"
|
|
}
|
|
catch {
|
|
$RG = New-AzureRmResourceGroup -Name $RGName -Location $DeployRegion
|
|
Write-Host "Created new resource group $RGName."
|
|
}
|
|
$version ++
|
|
$deployment = New-AzureRmResourceGroupDeployment -ResourceGroupName $RGName -TemplateParameterObject $parms -TemplateFile $TemplateFile -Name "B2BDeploy$version" -Force -Verbose
|
|
|
|
if ($deployment) {
|
|
#to-do: update URIs and reply URLs for apps, based on output parms from $deployment
|
|
#also to-do: update application permissions and APIs - may need to be done in the portal
|
|
$hostName = $Deployment.Outputs.webSiteObject.Value.enabledHostNames.Item(0).ToString()
|
|
$url = "https://$hostname/"
|
|
$adminApp.ReplyUrls.Add($url)
|
|
$preauthApp.ReplyUrls.Add($url)
|
|
#todo: update app reply urls
|
|
|
|
$ProjectFolder = "$env:USERPROFILE\desktop\$RGName\"
|
|
if (!(Test-Path -Path $ProjectFolder)) {
|
|
md $ProjectFolder
|
|
}
|
|
$WshShell = New-Object -comObject WScript.Shell
|
|
$Shortcut = $WshShell.CreateShortcut("$($ProjectFolder)B2B Self-Service Site.lnk")
|
|
$Shortcut.TargetPath =
|
|
$Shortcut.IconLocation = "%ProgramFiles%\Internet Explorer\iexplore.exe, 0"
|
|
$Shortcut.Save()
|
|
start $ProjectFolder
|
|
}
|
|
|
|
$endTime=Get-Date
|
|
|
|
Write-Host ""
|
|
Write-Host "Total Deployment time:"
|
|
New-TimeSpan -Start $startTime -End $endTime | Select Hours, Minutes, Seconds
|