Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #7674 from MGoedtel/task1687494
new templates for Automation
- Loading branch information
Showing
8 changed files
with
373 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
# Azure Automation Create Account template | ||
|
||
![Azure Public Test Date](https://azurequickstartsservice.blob.core.windows.net/badges/101-automation/PublicLastTestDate.svg) | ||
![Azure Public Test Result](https://azurequickstartsservice.blob.core.windows.net/badges/101-automation/PublicDeployment.svg) | ||
|
||
![Azure US Gov Last Test Date](https://azurequickstartsservice.blob.core.windows.net/badges/101-automation/FairfaxLastTestDate.svg) | ||
![Azure US Gov Last Test Result](https://azurequickstartsservice.blob.core.windows.net/badges/101-automation/FairfaxDeployment.svg) | ||
|
||
![Best Practice Check](https://azurequickstartsservice.blob.core.windows.net/badges/101-automation/BestPracticeResult.svg) | ||
![Cred Scan Check](https://azurequickstartsservice.blob.core.windows.net/badges/101-automation/CredScanResult.svg) | ||
|
||
[![Deploy to Azure](https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/1-CONTRIBUTION-GUIDE/images/deploytoazure.svg?sanitize=true)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2F101-automation%2Fazuredeploy.json) | ||
[![Deploy to Azure US Gov](https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/1-CONTRIBUTION-GUIDE/images/deploytoazuregov.svg?sanitize=true)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2F101-automation%2Fazuredeploy.json) | ||
|
||
[![Visualize](https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/1-CONTRIBUTION-GUIDE/images/visualizebutton.svg?sanitize=true)](http://armviz.io/#/?load=https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2F101-automation%2Fazuredeploy.json) | ||
|
||
This template demonstrates the creation of an Azure Automation account and links it | ||
to a new or existing Azure Monitor Log Analytics workspace that you specify. | ||
|
||
## Is it acceptable to link directly to PowerShell Gallery in Azure-Quickstart-Templates? | ||
|
||
The expected workflow from any public gallery is to download/save an artifact, | ||
review the source code and test it to verify functionality, | ||
and then publish it to a private, trusted feed for usage. | ||
However, since module authors releasing to PowerShell Gallery increment the version number | ||
when changes are made, | ||
if template authors would like to validate and test *specific versions* of modules | ||
in the gallery and use *static links* to those artifacts, | ||
those artifacts can be expected to remain unchanged. | ||
**This does not change the operational best practice behavior of reviewing, validating, and testing | ||
all code artifacts including ARM templates, PowerShell scripts, and DSC resources, | ||
before production deployment.** |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,197 @@ | ||
{ | ||
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", | ||
"contentVersion": "1.0.0.0", | ||
"parameters": { | ||
"workspaceName": { | ||
"type": "string", | ||
"metadata": { | ||
"description": "Workspace name" | ||
} | ||
}, | ||
"sku": { | ||
"type": "string", | ||
"allowedValues": [ | ||
"pergb2018", | ||
"Free", | ||
"Standalone", | ||
"PerNode", | ||
"Standard", | ||
"Premium" | ||
], | ||
"defaultValue": "pergb2018", | ||
"metadata": { | ||
"description": "Pricing tier: perGB2018 or legacy tiers (Free, Standalone, PerNode, Standard or Premium), which are not available to all customers." | ||
} | ||
}, | ||
"dataRetention": { | ||
"type": "int", | ||
"defaultValue": 30, | ||
"minValue": 7, | ||
"maxValue": 730, | ||
"metadata": { | ||
"description": "Number of days to retain data." | ||
} | ||
}, | ||
"location": { | ||
"type": "string", | ||
"defaultValue": "[resourceGroup().location]", | ||
"metadata": { | ||
"description": "Specifies the location in which to create the workspace." | ||
} | ||
}, | ||
"automationAccountName": { | ||
"type": "string", | ||
"metadata": { | ||
"description": "Automation account name" | ||
} | ||
}, | ||
"automationAccountLocation": { | ||
"type": "string", | ||
"metadata": { | ||
"description": "Specifies the location in which to create the Automation account." | ||
} | ||
}, | ||
"sampleGraphicalRunbookName": { | ||
"type": "String", | ||
"defaultValue": "AzureAutomationTutorial" | ||
}, | ||
"sampleGraphicalRunbookDescription": { | ||
"type": "String", | ||
"defaultValue": " An example runbook that gets all the Resource Manager resources by using the Run As account (service principal)." | ||
}, | ||
"samplePowerShellRunbookName": { | ||
"type": "String", | ||
"defaultValue": "AzureAutomationTutorialScript" | ||
}, | ||
"samplePowerShellRunbookDescription": { | ||
"type": "String", | ||
"defaultValue": " An example runbook that gets all the Resource Manager resources by using the Run As account (service principal)." | ||
}, | ||
"samplePython2RunbookName": { | ||
"type": "String", | ||
"defaultValue": "AzureAutomationTutorialPython2" | ||
}, | ||
"samplePython2RunbookDescription": { | ||
"type": "String", | ||
"defaultValue": " An example runbook that gets all the Resource Manager resources by using the Run As account (service principal)." | ||
}, | ||
"_artifactsLocation": { | ||
"type": "string", | ||
"defaultValue": "https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/101-automation/", | ||
"metadata": { | ||
"description": "URI to artifacts location" | ||
} | ||
}, | ||
"_artifactsLocationSasToken": { | ||
"type": "securestring", | ||
"defaultValue": "", | ||
"metadata": { | ||
"description": "The sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated" | ||
} | ||
} | ||
}, | ||
"resources": [ | ||
{ | ||
"type": "Microsoft.OperationalInsights/workspaces", | ||
"apiVersion": "2020-03-01-preview", | ||
"name": "[parameters('workspaceName')]", | ||
"location": "[parameters('location')]", | ||
"properties": { | ||
"sku": { | ||
"name": "[parameters('sku')]" | ||
}, | ||
"retentionInDays": "[parameters('dataRetention')]", | ||
"features": { | ||
"searchVersion": 1, | ||
"legacy": 0 | ||
} | ||
} | ||
}, | ||
{ | ||
"type": "Microsoft.Automation/automationAccounts", | ||
"apiVersion": "2020-01-13-preview", | ||
"name": "[parameters('automationAccountName')]", | ||
"location": "[parameters('automationAccountLocation')]", | ||
"dependsOn": [ | ||
"[parameters('workspaceName')]" | ||
], | ||
"properties": { | ||
"sku": { | ||
"name": "Basic" | ||
} | ||
}, | ||
"resources": [ | ||
{ | ||
"type": "runbooks", | ||
"apiVersion": "2018-06-30", | ||
"name": "[parameters('sampleGraphicalRunbookName')]", | ||
"location": "[parameters('automationAccountLocation')]", | ||
"dependsOn": [ | ||
"[parameters('automationAccountName')]" | ||
], | ||
"properties": { | ||
"runbookType": "GraphPowerShell", | ||
"logProgress": "false", | ||
"logVerbose": "false", | ||
"description": "[parameters('sampleGraphicalRunbookDescription')]", | ||
"publishContentLink": { | ||
"uri": "[uri(parameters('_artifactsLocation'), concat('scripts/AzureAutomationTutorial.graphrunbook', parameters('_artifactsLocationSasToken')))]", | ||
"version": "1.0.0.0" | ||
} | ||
} | ||
}, | ||
{ | ||
"type": "runbooks", | ||
"apiVersion": "2018-06-30", | ||
"name": "[parameters('samplePowerShellRunbookName')]", | ||
"location": "[parameters('automationAccountLocation')]", | ||
"dependsOn": [ | ||
"[parameters('automationAccountName')]" | ||
], | ||
"properties": { | ||
"runbookType": "PowerShell", | ||
"logProgress": "false", | ||
"logVerbose": "false", | ||
"description": "[parameters('samplePowerShellRunbookDescription')]", | ||
"publishContentLink": { | ||
"uri": "[uri(parameters('_artifactsLocation'), concat('scripts/AzureAutomationTutorial.ps1', parameters('_artifactsLocationSasToken')))]", | ||
"version": "1.0.0.0" | ||
} | ||
} | ||
}, | ||
{ | ||
"type": "runbooks", | ||
"apiVersion": "2018-06-30", | ||
"name": "[parameters('samplePython2RunbookName')]", | ||
"location": "[parameters('automationAccountLocation')]", | ||
"dependsOn": [ | ||
"[parameters('automationAccountName')]" | ||
], | ||
"properties": { | ||
"runbookType": "Python2", | ||
"logProgress": "false", | ||
"logVerbose": "false", | ||
"description": "[parameters('samplePython2RunbookDescription')]", | ||
"publishContentLink": { | ||
"uri": "[uri(parameters('_artifactsLocation'), concat('scripts/AzureAutomationTutorialPython2.py', parameters('_artifactsLocationSasToken')))]", | ||
"version": "1.0.0.0" | ||
} | ||
} | ||
} | ||
] | ||
}, | ||
{ | ||
"type": "Microsoft.OperationalInsights/workspaces/linkedServices", | ||
"apiVersion": "2020-03-01-preview", | ||
"name": "[concat(parameters('workspaceName'), '/' , 'Automation')]", | ||
"location": "[parameters('location')]", | ||
"dependsOn": [ | ||
"[parameters('workspaceName')]", | ||
"[parameters('automationAccountName')]" | ||
], | ||
"properties": { | ||
"resourceId": "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccountName'))]" | ||
} | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
{ | ||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", | ||
"contentVersion": "1.0.0.0", | ||
"parameters": { | ||
"workspaceName": { | ||
"value": "GEN-UNIQUE" | ||
}, | ||
"automationAccountName": { | ||
"value": "GEN-UNIQUE" | ||
}, | ||
"automationAccountLocation": { | ||
"value": "eastus2" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
{ | ||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", | ||
"contentVersion": "1.0.0.0", | ||
"parameters": { | ||
"workspaceName": { | ||
"value": "GEN-UNIQUE" | ||
}, | ||
"automationAccountName": { | ||
"value": "GEN-UNIQUE" | ||
}, | ||
"automationAccountLocation": { | ||
"value": "usgovvirginia" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
{ | ||
"$schema": "https://aka.ms/azure-quickstart-templates-metadata-schema#", | ||
"type": "QuickStart", | ||
"itemDisplayName": "Create Azure Automation account", | ||
"description": "This template provides an example of how create an Azure Automation account and links it to a new or existing Azure Monitor Log Analytics workspace.", | ||
"summary": "Create an Azure Automation account and create a new Azure Monitor Log Analytics workspace if not exist, and then link them together.", | ||
"githubUsername": "mgoedtel", | ||
"dateUpdated": "2020-06-17" | ||
} | ||
|
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
<# | ||
.DESCRIPTION | ||
An example runbook which gets all the ARM resources using the Run As Account (Service Principal) | ||
.NOTES | ||
AUTHOR: Azure Automation Team | ||
LASTEDIT: Mar 14, 2016 | ||
#> | ||
|
||
$connectionName = "AzureRunAsConnection" | ||
try | ||
{ | ||
# Get the connection "AzureRunAsConnection " | ||
$servicePrincipalConnection=Get-AutomationConnection -Name $connectionName | ||
|
||
"Logging in to Azure..." | ||
Add-AzureRmAccount ` | ||
-ServicePrincipal ` | ||
-TenantId $servicePrincipalConnection.TenantId ` | ||
-ApplicationId $servicePrincipalConnection.ApplicationId ` | ||
-CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint | ||
} | ||
catch { | ||
if (!$servicePrincipalConnection) | ||
{ | ||
$ErrorMessage = "Connection $connectionName not found." | ||
throw $ErrorMessage | ||
} else{ | ||
Write-Error -Message $_.Exception | ||
throw $_.Exception | ||
} | ||
} | ||
|
||
#Get all ARM resources from all resource groups | ||
$ResourceGroups = Get-AzureRmResourceGroup | ||
|
||
foreach ($ResourceGroup in $ResourceGroups) | ||
{ | ||
Write-Output ("Showing resources in resource group " + $ResourceGroup.ResourceGroupName) | ||
$Resources = Find-AzureRmResource -ResourceGroupNameContains $ResourceGroup.ResourceGroupName | Select ResourceName, ResourceType | ||
ForEach ($Resource in $Resources) | ||
{ | ||
Write-Output ($Resource.ResourceName + " of type " + $Resource.ResourceType) | ||
} | ||
Write-Output ("") | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
""" | ||
Python support for Azure automation is now public preview! | ||
Azure Automation documentation : https://aka.ms/azure-automation-python-documentation | ||
Azure Python SDK documentation : https://aka.ms/azure-python-sdk | ||
This tutorial runbook demonstrate how to authenticate against Azure using the Azure automation service principal and then lists the resource groups present in the specified subscription. | ||
""" | ||
import azure.mgmt.resource | ||
import automationassets | ||
from msrestazure.azure_cloud import AZURE_PUBLIC_CLOUD | ||
|
||
def get_automation_runas_credential(runas_connection, resource_url, authority_url ): | ||
""" Returns credentials to authenticate against Azure resoruce manager """ | ||
from OpenSSL import crypto | ||
from msrestazure import azure_active_directory | ||
import adal | ||
|
||
# Get the Azure Automation RunAs service principal certificate | ||
cert = automationassets.get_automation_certificate("AzureRunAsCertificate") | ||
pks12_cert = crypto.load_pkcs12(cert) | ||
pem_pkey = crypto.dump_privatekey(crypto.FILETYPE_PEM, pks12_cert.get_privatekey()) | ||
|
||
# Get run as connection information for the Azure Automation service principal | ||
application_id = runas_connection["ApplicationId"] | ||
thumbprint = runas_connection["CertificateThumbprint"] | ||
tenant_id = runas_connection["TenantId"] | ||
|
||
# Authenticate with service principal certificate | ||
authority_full_url = (authority_url + '/' + tenant_id) | ||
context = adal.AuthenticationContext(authority_full_url) | ||
return azure_active_directory.AdalAuthentication( | ||
lambda: context.acquire_token_with_client_certificate( | ||
resource_url, | ||
application_id, | ||
pem_pkey, | ||
thumbprint) | ||
) | ||
|
||
|
||
# Authenticate to Azure using the Azure Automation RunAs service principal | ||
runas_connection = automationassets.get_automation_connection("AzureRunAsConnection") | ||
resource_url = AZURE_PUBLIC_CLOUD.endpoints.active_directory_resource_id | ||
authority_url = AZURE_PUBLIC_CLOUD.endpoints.active_directory | ||
resourceManager_url = AZURE_PUBLIC_CLOUD.endpoints.resource_manager | ||
azure_credential = get_automation_runas_credential(runas_connection, resource_url, authority_url) | ||
|
||
# Intialize the resource management client with the RunAs credential and subscription | ||
resource_client = azure.mgmt.resource.ResourceManagementClient( | ||
azure_credential, | ||
str(runas_connection["SubscriptionId"]), | ||
base_url=resourceManager_url) | ||
|
||
# Get list of resource groups and print them out | ||
groups = resource_client.resource_groups.list() | ||
for group in groups: | ||
print group.name.encode('utf-8') |