From 2a3e29972fc5f284278ad84ee8dbd06aff46cf33 Mon Sep 17 00:00:00 2001 From: Tamarael <109213207+Tamarael@users.noreply.github.com> Date: Thu, 9 Mar 2023 16:14:23 +0000 Subject: [PATCH 1/2] CreateDatasource Script to create data sources based off the "EncryptGatewayCredentials" PowerShell script --- PowerShell Scripts/CreateDatasource.ps1 | 70 +++++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 PowerShell Scripts/CreateDatasource.ps1 diff --git a/PowerShell Scripts/CreateDatasource.ps1 b/PowerShell Scripts/CreateDatasource.ps1 new file mode 100644 index 00000000..21ca239c --- /dev/null +++ b/PowerShell Scripts/CreateDatasource.ps1 @@ -0,0 +1,70 @@ +######################################################################## +# Script created by Sabre Ammar, Cesar Almeida and Arjun Mohan +# 09/03/2023 +# +# **Notes** +# Script created based on the idea and basis here: +# https://endjin.com/blog/2020/12/how-to-update-credentials-for-an-on-prem-power-bi-data-source-using-powershell +######################################################################## + +#region Initialize +# EncryptGatewayCredentials script path +$EncryptCredentialsScriptPath = "" + +# Update datasource API details +$datasourceName = "" +$datasourceType = "" +$GatewayId = "" +$CreateDatasourceUrl = "https://api.powerbi.com/v1.0/myorg/gateways/$GatewayId/datasources" + +# Service Principal credentials +$Secret = "" +$AppID = "" +$AppPassword = ConvertTo-SecureString $Secret -AsPlainText -Force +$Credential = New-Object PSCredential $AppID, $AppPassword +$TenantID = "" + +# Sign in with Service Principal credentials +Connect-PowerBIServiceAccount -Tenant $TenantID -ServicePrincipal -Credential $Credential + +# username = SQL user in case of basic credentials, or windows user in case of windows credentials +# for SQL datasources, please be mindfull you will need to add the domain as in DOMAIN\user +$username = "" +# password = SQL user password in case of basic credentials, or windows user password in case of windows credentials +$password = '' +# Get the Gateway data for the encryption process +$gw = Invoke-PowerBIRestMethod ` + -Url "https://api.powerbi.com/v1.0/myorg/gateways/$GatewayId" ` + -Method GET ` | ConvertFrom-Json +# On-Prem Gateway exponent which you can get using https://learn.microsoft.com/en-us/rest/api/power-bi/gateways/get-gateway API +$gatewayExponent = $gw.publicKey.exponent + +# On-Prem Gateway modulus which you can get using https://learn.microsoft.com/en-us/rest/api/power-bi/gateways/get-gateway API +$gatewayModulus = $gw.publicKey.modulus + +#endregion + +# Encrypt credentials using EncryptGatewayCredentials script and create request body +Import-Module $EncryptCredentialsScriptPath + +# On the line below, change the "EncryptWindowsCredentials" according to the credentials you are using +# Please check the "EncryptGatewayCredentials" script for the supported credentials +$encryptedCredentials = EncryptWindowsCredentials -Username $username -PasswordAsString $password -GatewayExponent $gatewayExponent -GatewayModulus $gatewayModulus +$credentialsObject = $encryptedCredentials | ConvertFrom-Json +$credentialDetails = $credentialsObject.credentialDetails + +$Body = @{ + "datasourceType"=$datasourceType + "connectionDetails"='{"server":"","database":""}' + "datasourceName"=$datasourceName + "credentialDetails" = @{ + "credentialType" = $credentialDetails.credentialType + "credentials" = $credentialDetails.credentials + "encryptedConnection" = $credentialDetails.encryptedConnection + "encryptionAlgorithm" = $credentialDetails.encryptionAlgorithm + "privacyLevel" = $credentialDetails.privacyLevel + } +} +$bodyJson = $body | ConvertTo-Json + +Invoke-PowerBIRestMethod -Url $CreateDatasourceUrl -Method Post -Body $bodyJson From 962766d8a244b82dc26bf8171655bb958ca141bd Mon Sep 17 00:00:00 2001 From: Tamarael <109213207+Tamarael@users.noreply.github.com> Date: Mon, 3 Apr 2023 18:12:49 +0100 Subject: [PATCH 2/2] Commiting --- PowerShell Scripts/CreateDatasource.ps1 | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/PowerShell Scripts/CreateDatasource.ps1 b/PowerShell Scripts/CreateDatasource.ps1 index 21ca239c..ecd4c80e 100644 --- a/PowerShell Scripts/CreateDatasource.ps1 +++ b/PowerShell Scripts/CreateDatasource.ps1 @@ -24,11 +24,13 @@ $AppPassword = ConvertTo-SecureString $Secret -AsPlainText -Force $Credential = New-Object PSCredential $AppID, $AppPassword $TenantID = "" -# Sign in with Service Principal credentials +# Acquire token for Service Principal Connect-PowerBIServiceAccount -Tenant $TenantID -ServicePrincipal -Credential $Credential -# username = SQL user in case of basic credentials, or windows user in case of windows credentials -# for SQL datasources, please be mindfull you will need to add the domain as in DOMAIN\user +# In this case we are using an example to create a datasource for an On-Prem SQL database using "Windows credentials" +# The username here is the windows username, so this is why it needs to contain the domain. +# Be mindful of the permission levels the user has on the database +# The password is written here in plain text for convenience, in production, we recommend that you use KeyVault and store the password securely there. $username = "" # password = SQL user password in case of basic credentials, or windows user password in case of windows credentials $password = '' @@ -36,7 +38,8 @@ $password = '' $gw = Invoke-PowerBIRestMethod ` -Url "https://api.powerbi.com/v1.0/myorg/gateways/$GatewayId" ` -Method GET ` | ConvertFrom-Json -# On-Prem Gateway exponent which you can get using https://learn.microsoft.com/en-us/rest/api/power-bi/gateways/get-gateway API + +# On-Prem Gateway exponent $gatewayExponent = $gw.publicKey.exponent # On-Prem Gateway modulus which you can get using https://learn.microsoft.com/en-us/rest/api/power-bi/gateways/get-gateway API