actions/runner-images
1
0
Fork 0
mirror of https://github.com/actions/runner-images.git synced 2025-12-11 11:37:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update the script to support MSGraph (#4701)

Browse Source
This commit is contained in:
Aleksandr Chebotov
2021-12-10 09:56:11 +03:00
committed by GitHub
parent 5e4f5b8898
commit 54bf98dc42
1 changed files with 35 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
helpers/GenerateResourcesAndImage.ps1
View File

@@ -127,8 +127,8 @@ Function GenerateResourcesAndImage {
)
$builderScriptPath = Get-PackerTemplatePath -RepositoryRoot $ImageGenerationRepositoryRoot -ImageType $ImageType
$ServicePrincipalClientSecret = $env:UserName + [System.GUID]::NewGuid().ToString().ToUpper();
$InstallPassword = $env:UserName + [System.GUID]::NewGuid().ToString().ToUpper();
$ServicePrincipalClientSecret = $env:UserName + [System.GUID]::NewGuid().ToString().ToUpper()
$InstallPassword = $env:UserName + [System.GUID]::NewGuid().ToString().ToUpper()
if ([string]::IsNullOrEmpty($AzureClientId))
{
@@ -196,15 +196,40 @@ Function GenerateResourcesAndImage {
if ([string]::IsNullOrEmpty($AzureClientId)) {
# Interactive authentication: A service principal is created during runtime.
$spDisplayName = [System.GUID]::NewGuid().ToString().ToUpper()
$credentialProperties = @{ StartDate=Get-Date; EndDate=Get-Date -Year 2024; Password=$ServicePrincipalClientSecret }
$credentials = New-Object -TypeName Microsoft.Azure.Commands.ActiveDirectory.PSADPasswordCredential -Property $credentialProperties
$sp = New-AzADServicePrincipal -DisplayName $spDisplayName -PasswordCredential $credentials
$startDate = Get-Date
$endDate = $startDate.AddYears(1)
if ('Microsoft.Azure.Commands.ActiveDirectory.PSADPasswordCredential' -as [type]) {
$credentials = [Microsoft.Azure.Commands.ActiveDirectory.PSADPasswordCredential]@{
StartDate = $startDate
EndDate = $endDate
Password = $ServicePrincipalClientSecret
}
$sp = New-AzADServicePrincipal -DisplayName $spDisplayName -PasswordCredential $credentials
$spClientId = $sp.ApplicationId
$azRoleParam = @{
RoleDefinitionName = "Contributor"
ServicePrincipalName = $spClientId
}
}
if ('Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.MicrosoftGraphPasswordCredential' -as [type]) {
$credentials = [Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.MicrosoftGraphPasswordCredential]@{
StartDateTime = $startDate
EndDateTime = $endDate
}
$sp = New-AzADServicePrincipal -DisplayName $spDisplayName
$appCred = New-AzADAppCredential -ApplicationId $sp.AppId -PasswordCredentials $credentials
$spClientId = $sp.AppId
$azRoleParam = @{
RoleDefinitionName = "Contributor"
PrincipalId = $sp.Id
}
$ServicePrincipalClientSecret = $appCred.SecretText
}
$spAppId = $sp.ApplicationId
$spClientId = $sp.ApplicationId
Start-Sleep -Seconds $SecondsToWaitForServicePrincipalSetup
New-AzRoleAssignment -RoleDefinitionName Contributor -ServicePrincipalName $spAppId
New-AzRoleAssignment @azRoleParam
Start-Sleep -Seconds $SecondsToWaitForServicePrincipalSetup
$sub = Get-AzSubscription -SubscriptionId $SubscriptionId
$tenantId = $sub.TenantId
@@ -212,7 +237,6 @@ Function GenerateResourcesAndImage {
} else {
# Parametrized Authentication via given service principal: The service principal with the data provided via the command line
# is used for all authentication purposes.
$spAppId = $AzureClientId
$spClientId = $AzureClientId
$credentials = $AzureAppCred
$ServicePrincipalClientSecret = $AzureClientSecret
@@ -228,7 +252,7 @@ Function GenerateResourcesAndImage {
if($RestrictToAgentIpAddress -eq $true) {
$AgentIp = (Invoke-RestMethod http://ipinfo.io/json).ip
echo "Restricting access to packer generated VM to agent IP Address: $AgentIp"
Write-Host "Restricting access to packer generated VM to agent IP Address: $AgentIp"
}
& $packerBinary build -on-error=ask `