/
Set-AzureCredential.ps1
105 lines (94 loc) · 3.76 KB
/
Set-AzureCredential.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
function Set-AzureCredential
{
<#
.Synopsis
Add a credential set to Azure Vault
.DESCRIPTION
Add a credential set to Azure Vault. Run Connect-AzureCredentialVault prior to running this command.
.EXAMPLE
Set-AzureCredential -UserName Admin
cmdlet Set-AzureCredential at command pipeline position 1
Supply values for the following parameters:
(Type !? for Help.)
Password:**************
.EXAMPLE
$Password = Read-Host -AsSecureString
Set-AzureCredential -UserName Admin -Password $Password
.EXAMPLE
Set-AzureCredential -UserName AdminTest -Verbose
cmdlet Set-AzureCredential at command pipeline position 1
Supply values for the following parameters:
(Type !? for Help.)
Password: ****
VERBOSE: Setting userentry for AdminTest
VERBOSE: Setting Key Vault Secret for AdminTest
.EXAMPLE
Set-AzureCredential AdminTest
cmdlet Set-AzureCredential at command pipeline position 1
Supply values for the following parameters:
(Type !? for Help.)
Password: ********
WARNING: Credentials for AdminTest exists. Please use -Force switch to update
.EXAMPLE
$Password = Read-Host -AsSecureString
**********
Set-AzureCredential -UserName AdminTest -Password $Password -Force
#>
[CmdletBinding()]
[Alias()]
Param
(
# Username string
[Parameter(Mandatory=$true, Position=0)]
$UserName,
# Password needs to be a secure string
[Parameter(Mandatory=$true, Position=1,HelpMessage="Supply the password as a System.Security.SecureString")]
[alias("SecurePassword")]
[Security.SecureString]$Password,
[Parameter(Mandatory=$true, Position=2,HelpMessage="Supply the resource group name to use")]
$ResourceGroupName,
[Parameter(Mandatory=$true, Position=3,HelpMessage="Supply the storage account name to use")]
$StorageAccountName,
[Parameter(Mandatory=$true, Position=4,HelpMessage="Supply the vault name")]
$VaultName,
$TableName,
$PartitionKey,
[Switch]$Force
)
Begin
{
if (!$Global:VaultSA)
{
Connect-AzureCredentialVault -ResourceGroupName $ResourceGroupName -StorageAccountName $StorageAccountName -VaultName $VaultName
}
$CurrentSubscriptionUser = Get-AzureRmContext | Select-Object -ExpandProperty Account | Select-Object -ExpandProperty Id
$Table = Get-AzureStorageTable -Name $TableName -Context $Global:VaultSA.Context
}
Process
{
# Part 0: Check table for existing password
$UserEntry = Get-AzureStorageTableRowByColumnName -table $table -columnName UserName -value $UserName -operator equal
if ($UserEntry -and !$Force)
{
Write-warning "Credentials for $UserName exists. Please use -Force switch to update"
continue
}
# Part 1: Set table entry
if (!$UserEntry)
{
Write-Verbose "Setting userentry for $UserName"
$Guid = [guid]::NewGuid().tostring()
Add-StorageTableRow -table $Table -partitionKey $PartitionKey -rowKey $Guid -property @{UserName=$UserName;DateCreated=$(Get-date).tostring();Creator=$CurrentSubscriptionUser} | Out-Null
$UserEntry = Get-AzureStorageTableRowByColumnName -table $Table -columnName UserName -value $UserName -operator equal
$Force = $True
}
if ($Force)
{
Write-Verbose "Setting Key Vault Secret for $UserName"
Set-AzureKeyVaultSecret -VaultName $VaultName -Name $UserEntry.RowKey -SecretValue $Password | Out-Null
}
}
End
{
}
}