Merge pull request #7674 from MGoedtel/task1687494

new templates for Automation
Azure · Jul 6, 2020 · 7d1bbd2 · 7d1bbd2
2 parents 89b99e6 + 4ce7036
commit 7d1bbd2
Show file tree

Hide file tree

Showing 8 changed files with 373 additions and 0 deletions.
diff --git a/101-automation/README.md b/101-automation/README.md
@@ -0,0 +1,32 @@
+# Azure Automation Create Account template
+
+![Azure Public Test Date](https://azurequickstartsservice.blob.core.windows.net/badges/101-automation/PublicLastTestDate.svg)
+![Azure Public Test Result](https://azurequickstartsservice.blob.core.windows.net/badges/101-automation/PublicDeployment.svg)
+
+![Azure US Gov Last Test Date](https://azurequickstartsservice.blob.core.windows.net/badges/101-automation/FairfaxLastTestDate.svg)
+![Azure US Gov Last Test Result](https://azurequickstartsservice.blob.core.windows.net/badges/101-automation/FairfaxDeployment.svg)
+
+![Best Practice Check](https://azurequickstartsservice.blob.core.windows.net/badges/101-automation/BestPracticeResult.svg)
+![Cred Scan Check](https://azurequickstartsservice.blob.core.windows.net/badges/101-automation/CredScanResult.svg)
+
+[![Deploy to Azure](https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/1-CONTRIBUTION-GUIDE/images/deploytoazure.svg?sanitize=true)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2F101-automation%2Fazuredeploy.json)
+[![Deploy to Azure US Gov](https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/1-CONTRIBUTION-GUIDE/images/deploytoazuregov.svg?sanitize=true)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2F101-automation%2Fazuredeploy.json)
+
+[![Visualize](https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/1-CONTRIBUTION-GUIDE/images/visualizebutton.svg?sanitize=true)](http://armviz.io/#/?load=https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2F101-automation%2Fazuredeploy.json)
+
+This template demonstrates the creation of an Azure Automation account and links it
+to a new or existing Azure Monitor Log Analytics workspace that you specify.
+
+## Is it acceptable to link directly to PowerShell Gallery in Azure-Quickstart-Templates?
+
+The expected workflow from any public gallery is to download/save an artifact,
+review the source code and test it to verify functionality,
+and then publish it to a private, trusted feed for usage.
+However, since module authors releasing to PowerShell Gallery increment the version number
+when changes are made,
+if template authors would like to validate and test *specific versions* of modules
+in the gallery and use *static links* to those artifacts,
+those artifacts can be expected to remain unchanged.
+**This does not change the operational best practice behavior of reviewing, validating, and testing
+all code artifacts including ARM templates, PowerShell scripts, and DSC resources,
+before production deployment.**
diff --git a/101-automation/azuredeploy.json b/101-automation/azuredeploy.json
@@ -0,0 +1,197 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "workspaceName": {
+            "type": "string",
+            "metadata": {
+                "description": "Workspace name"
+            }
+        },
+        "sku": {
+            "type": "string",
+            "allowedValues": [
+                "pergb2018",
+                "Free",
+                "Standalone",
+                "PerNode",
+                "Standard",
+                "Premium"
+            ],
+            "defaultValue": "pergb2018",
+            "metadata": {
+                "description": "Pricing tier: perGB2018 or legacy tiers (Free, Standalone, PerNode, Standard or Premium), which are not available to all customers."
+            }
+        },
+        "dataRetention": {
+            "type": "int",
+            "defaultValue": 30,
+            "minValue": 7,
+            "maxValue": 730,
+            "metadata": {
+                "description": "Number of days to retain data."
+            }
+        },
+        "location": {
+            "type": "string",
+            "defaultValue": "[resourceGroup().location]",
+            "metadata": {
+                "description": "Specifies the location in which to create the workspace."
+            }
+        },
+        "automationAccountName": {
+            "type": "string",
+            "metadata": {
+                "description": "Automation account name"
+            }
+		},
+		"automationAccountLocation": {
+		    "type": "string",
+            "metadata": {
+                "description": "Specifies the location in which to create the Automation account."
+            }
+        },
+        "sampleGraphicalRunbookName": {
+            "type": "String",
+            "defaultValue": "AzureAutomationTutorial"
+        },
+        "sampleGraphicalRunbookDescription": {
+            "type": "String",
+            "defaultValue": " An example runbook that gets all the Resource Manager resources by using the Run As account (service principal)."
+        },
+        "samplePowerShellRunbookName": {
+            "type": "String",
+            "defaultValue": "AzureAutomationTutorialScript"
+        },
+        "samplePowerShellRunbookDescription": {
+            "type": "String",
+            "defaultValue": " An example runbook that gets all the Resource Manager resources by using the Run As account (service principal)."
+        },
+        "samplePython2RunbookName": {
+            "type": "String",
+            "defaultValue": "AzureAutomationTutorialPython2"
+        },
+        "samplePython2RunbookDescription": {
+            "type": "String",
+            "defaultValue": " An example runbook that gets all the Resource Manager resources by using the Run As account (service principal)."
+        },
+        "_artifactsLocation": {
+            "type": "string",
+            "defaultValue": "https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/101-automation/",
+            "metadata": {
+                "description": "URI to artifacts location"
+            }
+        },
+        "_artifactsLocationSasToken": {
+            "type": "securestring",
+            "defaultValue": "",
+            "metadata": {
+                "description": "The sasToken required to access _artifactsLocation.  When the template is deployed using the accompanying scripts, a sasToken will be automatically generated"
+            }
+        }
+    },
+    "resources": [
+        {
+            "type": "Microsoft.OperationalInsights/workspaces",
+            "apiVersion": "2020-03-01-preview",
+            "name": "[parameters('workspaceName')]",
+            "location": "[parameters('location')]",
+            "properties": {
+                "sku": {
+                    "name": "[parameters('sku')]"
+                },
+                "retentionInDays": "[parameters('dataRetention')]",
+                "features": {
+                    "searchVersion": 1,
+                    "legacy": 0
+                }
+            }
+        },
+        {
+            "type": "Microsoft.Automation/automationAccounts",
+            "apiVersion": "2020-01-13-preview",
+            "name": "[parameters('automationAccountName')]",
+            "location": "[parameters('automationAccountLocation')]",
+            "dependsOn": [
+                "[parameters('workspaceName')]"
+            ],
+            "properties": {
+                "sku": {
+                    "name": "Basic"
+                }
+            },
+            "resources": [
+                {
+                    "type": "runbooks",
+                    "apiVersion": "2018-06-30",
+                    "name": "[parameters('sampleGraphicalRunbookName')]",
+                    "location": "[parameters('automationAccountLocation')]",
+                    "dependsOn": [
+                        "[parameters('automationAccountName')]"
+                    ],
+                    "properties": {
+                        "runbookType": "GraphPowerShell",
+                        "logProgress": "false",
+                        "logVerbose": "false",
+                        "description": "[parameters('sampleGraphicalRunbookDescription')]",
+                        "publishContentLink": {
+                            "uri": "[uri(parameters('_artifactsLocation'), concat('scripts/AzureAutomationTutorial.graphrunbook', parameters('_artifactsLocationSasToken')))]",
+                            "version": "1.0.0.0"
+                        }
+                    }
+                },
+                {
+                    "type": "runbooks",
+                    "apiVersion": "2018-06-30",
+                    "name": "[parameters('samplePowerShellRunbookName')]",
+                    "location": "[parameters('automationAccountLocation')]",
+                    "dependsOn": [
+                        "[parameters('automationAccountName')]"
+                    ],
+                    "properties": {
+                        "runbookType": "PowerShell",
+                        "logProgress": "false",
+                        "logVerbose": "false",
+                        "description": "[parameters('samplePowerShellRunbookDescription')]",
+                        "publishContentLink": {
+                            "uri": "[uri(parameters('_artifactsLocation'), concat('scripts/AzureAutomationTutorial.ps1', parameters('_artifactsLocationSasToken')))]",
+                            "version": "1.0.0.0"
+                        }
+                    }
+                },
+                {
+                    "type": "runbooks",
+                    "apiVersion": "2018-06-30",
+                    "name": "[parameters('samplePython2RunbookName')]",
+                    "location": "[parameters('automationAccountLocation')]",
+                    "dependsOn": [
+                        "[parameters('automationAccountName')]"
+                    ],
+                    "properties": {
+                        "runbookType": "Python2",
+                        "logProgress": "false",
+                        "logVerbose": "false",
+                        "description": "[parameters('samplePython2RunbookDescription')]",
+                        "publishContentLink": {
+                            "uri": "[uri(parameters('_artifactsLocation'), concat('scripts/AzureAutomationTutorialPython2.py', parameters('_artifactsLocationSasToken')))]",
+                            "version": "1.0.0.0"
+                        }
+                    }
+                }
+            ]
+        },
+        {
+            "type": "Microsoft.OperationalInsights/workspaces/linkedServices",
+            "apiVersion": "2020-03-01-preview",
+            "name": "[concat(parameters('workspaceName'), '/' , 'Automation')]",
+            "location": "[parameters('location')]",
+            "dependsOn": [
+                "[parameters('workspaceName')]",
+                "[parameters('automationAccountName')]"
+            ],
+            "properties": {
+                "resourceId": "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccountName'))]"
+            }
+        }
+    ]
+}
diff --git a/101-automation/azuredeploy.parameters.json b/101-automation/azuredeploy.parameters.json
@@ -0,0 +1,15 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "workspaceName": {
+            "value": "GEN-UNIQUE"
+        },
+        "automationAccountName": {
+            "value": "GEN-UNIQUE"
+        },
+        "automationAccountLocation": {
+            "value": "eastus2"
+        }
+    }
+}
diff --git a/101-automation/azuredeploy.parameters.us.json b/101-automation/azuredeploy.parameters.us.json
@@ -0,0 +1,15 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "workspaceName": {
+            "value": "GEN-UNIQUE"
+        },
+        "automationAccountName": {
+            "value": "GEN-UNIQUE"
+        },
+        "automationAccountLocation": {
+            "value": "usgovvirginia"
+        }
+    }
+}
diff --git a/101-automation/metadata.json b/101-automation/metadata.json
@@ -0,0 +1,10 @@
+{
+  "$schema": "https://aka.ms/azure-quickstart-templates-metadata-schema#",
+  "type": "QuickStart",
+    "itemDisplayName": "Create Azure Automation account",
+    "description": "This template provides an example of how create an Azure Automation account and links it to a new or existing Azure Monitor Log Analytics workspace.",
+    "summary": "Create an Azure Automation account and create a new Azure Monitor Log Analytics workspace if not exist, and then link them together.",
+    "githubUsername": "mgoedtel",
+    "dateUpdated": "2020-06-17"
+  }
+
diff --git a/101-automation/scripts/AzureAutomationTutorial.graphrunbook b/101-automation/scripts/AzureAutomationTutorial.graphrunbook
diff --git a/101-automation/scripts/AzureAutomationTutorial.ps1 b/101-automation/scripts/AzureAutomationTutorial.ps1
@@ -0,0 +1,46 @@
+<#
+    .DESCRIPTION
+        An example runbook which gets all the ARM resources using the Run As Account (Service Principal)
+
+    .NOTES
+        AUTHOR: Azure Automation Team
+        LASTEDIT: Mar 14, 2016
+#>
+
+$connectionName = "AzureRunAsConnection"
+try
+{
+    # Get the connection "AzureRunAsConnection "
+    $servicePrincipalConnection=Get-AutomationConnection -Name $connectionName         
+
+    "Logging in to Azure..."
+    Add-AzureRmAccount `
+        -ServicePrincipal `
+        -TenantId $servicePrincipalConnection.TenantId `
+        -ApplicationId $servicePrincipalConnection.ApplicationId `
+        -CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint 
+}
+catch {
+    if (!$servicePrincipalConnection)
+    {
+        $ErrorMessage = "Connection $connectionName not found."
+        throw $ErrorMessage
+    } else{
+        Write-Error -Message $_.Exception
+        throw $_.Exception
+    }
+}
+
+#Get all ARM resources from all resource groups
+$ResourceGroups = Get-AzureRmResourceGroup 
+
+foreach ($ResourceGroup in $ResourceGroups)
+{    
+    Write-Output ("Showing resources in resource group " + $ResourceGroup.ResourceGroupName)
+    $Resources = Find-AzureRmResource -ResourceGroupNameContains $ResourceGroup.ResourceGroupName | Select ResourceName, ResourceType
+    ForEach ($Resource in $Resources)
+    {
+        Write-Output ($Resource.ResourceName + " of type " +  $Resource.ResourceType)
+    }
+    Write-Output ("")
+} 
diff --git a/101-automation/scripts/AzureAutomationTutorialPython2.py b/101-automation/scripts/AzureAutomationTutorialPython2.py
@@ -0,0 +1,57 @@
+"""
+Python support for Azure automation is now public preview!
+
+Azure Automation documentation : https://aka.ms/azure-automation-python-documentation
+Azure Python SDK documentation : https://aka.ms/azure-python-sdk
+
+This tutorial runbook demonstrate how to authenticate against Azure using the Azure automation service principal and then lists the resource groups present in the specified subscription.
+"""
+import azure.mgmt.resource
+import automationassets
+from msrestazure.azure_cloud import AZURE_PUBLIC_CLOUD
+
+def get_automation_runas_credential(runas_connection, resource_url, authority_url ):
+    """ Returns credentials to authenticate against Azure resoruce manager """
+    from OpenSSL import crypto
+    from msrestazure import azure_active_directory
+    import adal
+
+    # Get the Azure Automation RunAs service principal certificate
+    cert = automationassets.get_automation_certificate("AzureRunAsCertificate")
+    pks12_cert = crypto.load_pkcs12(cert)
+    pem_pkey = crypto.dump_privatekey(crypto.FILETYPE_PEM, pks12_cert.get_privatekey())
+
+    # Get run as connection information for the Azure Automation service principal
+    application_id = runas_connection["ApplicationId"]
+    thumbprint = runas_connection["CertificateThumbprint"]
+    tenant_id = runas_connection["TenantId"]
+
+    # Authenticate with service principal certificate
+    authority_full_url = (authority_url + '/' + tenant_id)
+    context = adal.AuthenticationContext(authority_full_url)
+    return azure_active_directory.AdalAuthentication(
+        lambda: context.acquire_token_with_client_certificate(
+            resource_url,
+            application_id,
+            pem_pkey,
+            thumbprint)
+    )
+
+
+# Authenticate to Azure using the Azure Automation RunAs service principal
+runas_connection = automationassets.get_automation_connection("AzureRunAsConnection")
+resource_url = AZURE_PUBLIC_CLOUD.endpoints.active_directory_resource_id
+authority_url = AZURE_PUBLIC_CLOUD.endpoints.active_directory
+resourceManager_url = AZURE_PUBLIC_CLOUD.endpoints.resource_manager
+azure_credential = get_automation_runas_credential(runas_connection, resource_url, authority_url)
+
+# Intialize the resource management client with the RunAs credential and subscription
+resource_client = azure.mgmt.resource.ResourceManagementClient(
+    azure_credential,
+    str(runas_connection["SubscriptionId"]),
+    base_url=resourceManager_url)
+
+# Get list of resource groups and print them out
+groups = resource_client.resource_groups.list()
+for group in groups:
+    print group.name.encode('utf-8')