-
Notifications
You must be signed in to change notification settings - Fork 0
/
setup_azure.azcli
executable file
·47 lines (44 loc) · 2.55 KB
/
setup_azure.azcli
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# az login --use-device-code
# az login --tenant [your tenant] --use-device-code
# Initialize Variables
AZURE_PREFIX=qefle
AZURE_RESOURCE_GROUP_NAME=$AZURE_PREFIX-rg
AZURE_KEY_NAME=$AZURE_PREFIX-kv
AZURE_STORAGE_NAME=${AZURE_PREFIX}st
AZURE_FUNC_NAME=$AZURE_PREFIX-funcapp
AZURE_APP_SERVICE_PLAN_NAME=$AZURE_PREFIX-asp
AZURE_LOCATION=southeastasia
AZURE_APP_REG_NAME=$AZURE_PREFIX-app-reg
AZURE_KEY_VAULT_NAME=$AZURE_PREFIX-vault-key
# Get Tenant ID
AZURE_TENANT_ID=$(az account show --query tenantId --output tsv)
# register an application on Azure Active Directory,
AZURE_CLIENT_ID=$(az ad sp create-for-rbac --name $AZURE_APP_REG_NAME --query appId --output tsv)
AZURE_CLIENT_SECRET=$(az ad sp credential reset --id $AZURE_CLIENT_ID --append --display-name "MASTER_KEY" --years 99 --query password --output tsv)
# # Create Azure resource groups
az group create --name $AZURE_RESOURCE_GROUP_NAME --location $AZURE_LOCATION
# Create Azure Key vault
az keyvault create --name $AZURE_KEY_NAME --resource-group $AZURE_RESOURCE_GROUP_NAME --location $AZURE_LOCATION
az keyvault set-policy --name $AZURE_KEY_NAME --spn $AZURE_CLIENT_ID --key-permissions get list unwrapKey wrapKey --secret-permissions get list --resource-group $AZURE_RESOURCE_GROUP_NAME
az keyvault key create --vault-name "$AZURE_KEY_NAME" -n "$AZURE_KEY_VAULT_NAME" --protection software
AZURE_KEY_VAULT_ENDPOINT=$(az keyvault key show --name "$AZURE_KEY_VAULT_NAME" --vault-name "$AZURE_KEY_NAME" --query "key.kid" --output tsv)
AZURE_KEY_VAULT_VERSION=${AZURE_KEY_VAULT_ENDPOINT: -32}
az storage account create -n $AZURE_STORAGE_NAME -g $AZURE_RESOURCE_GROUP_NAME -l $AZURE_LOCATION --sku Standard_LRS --allow-blob-public-access false
# Azure Function Consumption Plan
az functionapp create --resource-group $AZURE_RESOURCE_GROUP_NAME --consumption-plan-location $AZURE_LOCATION --runtime python --runtime-version 3.10 --functions-version 4 --name $AZURE_FUNC_NAME --os-type linux --storage-account $AZURE_STORAGE_NAME
# Part 1
echo "AZURE_TENANT_ID=$AZURE_TENANT_ID"
echo "AZURE_CLIENT_ID=$AZURE_CLIENT_ID"
echo "AZURE_CLIENT_SECRET=$AZURE_CLIENT_SECRET"
# Part 2
echo "AZURE_KEY_NAME=$AZURE_KEY_NAME"
echo "AZURE_KEY_VAULT_ENDPOINT=$AZURE_KEY_VAULT_ENDPOINT"
echo "AZURE_KEY_VAULT_VERSION=$AZURE_KEY_VAULT_VERSION"
cat <<EOF >> ./pyqefle/.env
export AZURE_TENANT_ID="$AZURE_TENANT_ID"
export AZURE_CLIENT_ID="$AZURE_CLIENT_ID"
export AZURE_CLIENT_SECRET="$AZURE_CLIENT_SECRET"
export AZURE_KEY_NAME="$AZURE_KEY_NAME"
export AZURE_KEY_VAULT_VERSION="$AZURE_KEY_VAULT_VERSION"
export AZURE_KEY_VAULT_ENDPOINT="$AZURE_KEY_VAULT_ENDPOINT"
EOF