1

Automating Azure Setup for Aviatrix

This video is for anyone interested in automating Azure using the Azure CLI to simplify onboarding.

Script:

#!/bin/sh
#############################################################################################################################
# Author - Travis Mitchell Dec 13th 2019
#
# Aviatrix Azure ARM Onboarding Automation with Azure CLI
#
# This script was designed for mac
#
#############################################################################################################################
export DATE=`date '+%Y%m%d'`
export LOG_DIR=$HOME/avx-azure-arm
mkdir -p ${LOG_DIR}
# Generally Known Azure GUIDS (App IDs) for future enhancements
# AZ_SVC_MGMT_GUID=797f4846-ba00-4fd7-ba43-dac1f8f63013
# AZ_AD_GRAPH_GUID=00000002-0000-0000-c000-000000000000
# AZ_USER_IMPRSN=a42657d6-7f20-40e3-b6f0-cee03008a62a
##################################
# Set up logfile
##################################
LOG_FILE=${LOG_DIR}/${DATE}_avx_az_arm.log
echo "###################################################################################"
echo "Aviatrix Azure ARM (azure cli) Onboarding started at `date`"
echo "###################################################################################"
echo "Please Wait ..."
if ! [ -x "$(command -v az)" ]; then
echo 'Error: Azure CLI is not installed.. Try brew install azure-cli' >&2 >> $LOG_FILE
exit 1
fi
if ! [ -x "$(command -v jq)" ]; then
echo 'Error: jq is not installed.. Try brew install jq' > $LOG_FILE >&2
exit 1
fi
echo "Azure CLI and jq installed"
echo "###################################################################################"
echo "Setting up Azure"
echo "###################################################################################"
read -p "Enter Aviatrix App Registration Name (This is a user friendly name for you): " appname
echo "Aviatrix App registration is $appname"
echo "This can be found in Azure Portal - Home > Default Directory - App registrations"
## Subscription id
SUB_ID=`az account show | jq -r '.id'`
echo "Subscription ID: $SUB_ID"
## App Registration
APP_ID=`az ad app create --display-name $appname | jq -r '.appId'`
echo "Application (client id): $APP_ID"
### Get Object-Id of signed in az user
OWNER_OBJECT_ID=`az ad signed-in-user show | jq -r '.objectId'`
### Assign app ownership
echo "Assigning ownership of $appname"
az ad app owner add --id $APP_ID --owner-object-id $OWNER_OBJECT_ID
## Service Principal
echo "Setting up $appname as role contributor"
az ad sp create-for-rbac -n $appname --role contributor
# App credential (create client secret)
echo "Obtaining Aviatrix Application Key"
APP_KEY=`az ad app credential reset --id $APP_ID --credential-description 'Aviatrix' --end-date '2299-12-31T11:59:59+00:00' --append | jq -r '.password'`
echo "Application Key: $APP_KEY"
# Adding API Permissions (user_impersonation)
echo "Adding and Graph API User.Read Permission"
echo $APP_ID
AZ_TENANT_ID=`az account show | jq -r '.tenantId'`
az ad app permission add --id $APP_ID --api 00000002-0000-0000-c000-000000000000 --api-permissions 311a71cc-e848-46a1-bdf8-97ff7156d8e6=Scope
#curl --request POST "https://login.windows.net/$AZ_TENANT_ID/oauth2/token" --data-urlencode "resource=https://management.core.windows.net" # --data-urlencode "client_id=$APP_ID" --data-urlencode "grant_type=client_credentials" --data-urlencode "client_secret=$APP_KEY"

echo "\033[1;31m IMPORTANT!: Copy/Paste the following url click on the Azure Service Management tile and Add user_impersonation. \033[0m"
echo ""
echo "\033[1;31m https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/CallAnAPI/appId/$APP_ID/isMSAApp/ \033[0m"
# echo "https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/CallAnAPI/appId/$APP_ID/isMSAApp/"
echo ""
echo "Azure is now configured and ready for Aviatrix onboarding."
echo ""
echo "Use the following values to add Access Account in Aviatrix Controller:"
echo ""
echo "###################################################################################"
echo ""
echo "Subscription ID: $SUB_ID"
echo "Directory ID: $AZ_TENANT_ID"
echo "Application ID: $APP_ID"
echo "Application Key: $APP_KEY"
echo ""
echo "###################################################################################"


# bash
appObjectId=$(az ad app show --id $APP_ID --query objectId -o tsv)
echo $appObjectId
# Get the object Id for the current user
#ownerObjectId=$(az ad signed-in-user show --query objectId -o tsv)
# This applies to both user and service principal
#az rest -m POST -u https://graph.microsoft.com/beta/applications/$appObjectId/owners/\$ref --headers Content-Type=application/json -b "{\"@odata.id\": \"https://graph.microsoft.com/beta/directoryObjects/$ownerObjectId\"}"
# For user principal
#az rest -m POST -u https://graph.microsoft.com/beta/applications/$appObjectId/owners/\$ref --headers Content-Type=application/json -b "{\"@odata.id\": \"https://graph.microsoft.com/beta/users/$ownerObjectId\"}"
# For service principal
#az rest -m POST -u https://graph.microsoft.com/beta/applications/$appObjectId/owners/\$ref --headers Content-Type=application/json -b "{\"@odata.id\": \"https://graph.microsoft.com/beta/servicePrincipals/$ownerObjectId\"}"

Github Issue:

https://github.com/Azure/azure-cli/issues/9250

Reply Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
Like1 Follow
  • 1 Likes
  • 9 mths agoLast active
  • 35Views
  • 1 Following