diff --git a/helpers/GenerateResourcesAndImage.ps1 b/helpers/GenerateResourcesAndImage.ps1 index 16d90e522..de68ddfe4 100644 --- a/helpers/GenerateResourcesAndImage.ps1 +++ b/helpers/GenerateResourcesAndImage.ps1 @@ -127,8 +127,8 @@ Function GenerateResourcesAndImage { ) $builderScriptPath = Get-PackerTemplatePath -RepositoryRoot $ImageGenerationRepositoryRoot -ImageType $ImageType - $ServicePrincipalClientSecret = $env:UserName + [System.GUID]::NewGuid().ToString().ToUpper(); - $InstallPassword = $env:UserName + [System.GUID]::NewGuid().ToString().ToUpper(); + $ServicePrincipalClientSecret = $env:UserName + [System.GUID]::NewGuid().ToString().ToUpper() + $InstallPassword = $env:UserName + [System.GUID]::NewGuid().ToString().ToUpper() if ([string]::IsNullOrEmpty($AzureClientId)) { @@ -196,15 +196,40 @@ Function GenerateResourcesAndImage { if ([string]::IsNullOrEmpty($AzureClientId)) { # Interactive authentication: A service principal is created during runtime. $spDisplayName = [System.GUID]::NewGuid().ToString().ToUpper() - $credentialProperties = @{ StartDate=Get-Date; EndDate=Get-Date -Year 2024; Password=$ServicePrincipalClientSecret } - $credentials = New-Object -TypeName Microsoft.Azure.Commands.ActiveDirectory.PSADPasswordCredential -Property $credentialProperties - $sp = New-AzADServicePrincipal -DisplayName $spDisplayName -PasswordCredential $credentials + $startDate = Get-Date + $endDate = $startDate.AddYears(1) + + if ('Microsoft.Azure.Commands.ActiveDirectory.PSADPasswordCredential' -as [type]) { + $credentials = [Microsoft.Azure.Commands.ActiveDirectory.PSADPasswordCredential]@{ + StartDate = $startDate + EndDate = $endDate + Password = $ServicePrincipalClientSecret + } + $sp = New-AzADServicePrincipal -DisplayName $spDisplayName -PasswordCredential $credentials + $spClientId = $sp.ApplicationId + $azRoleParam = @{ + RoleDefinitionName = "Contributor" + ServicePrincipalName = $spClientId + } + } + + if ('Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.MicrosoftGraphPasswordCredential' -as [type]) { + $credentials = [Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.MicrosoftGraphPasswordCredential]@{ + StartDateTime = $startDate + EndDateTime = $endDate + } + $sp = New-AzADServicePrincipal -DisplayName $spDisplayName + $appCred = New-AzADAppCredential -ApplicationId $sp.AppId -PasswordCredentials $credentials + $spClientId = $sp.AppId + $azRoleParam = @{ + RoleDefinitionName = "Contributor" + PrincipalId = $sp.Id + } + $ServicePrincipalClientSecret = $appCred.SecretText + } - $spAppId = $sp.ApplicationId - $spClientId = $sp.ApplicationId Start-Sleep -Seconds $SecondsToWaitForServicePrincipalSetup - - New-AzRoleAssignment -RoleDefinitionName Contributor -ServicePrincipalName $spAppId + New-AzRoleAssignment @azRoleParam Start-Sleep -Seconds $SecondsToWaitForServicePrincipalSetup $sub = Get-AzSubscription -SubscriptionId $SubscriptionId $tenantId = $sub.TenantId @@ -212,7 +237,6 @@ Function GenerateResourcesAndImage { } else { # Parametrized Authentication via given service principal: The service principal with the data provided via the command line # is used for all authentication purposes. - $spAppId = $AzureClientId $spClientId = $AzureClientId $credentials = $AzureAppCred $ServicePrincipalClientSecret = $AzureClientSecret @@ -228,7 +252,7 @@ Function GenerateResourcesAndImage { if($RestrictToAgentIpAddress -eq $true) { $AgentIp = (Invoke-RestMethod http://ipinfo.io/json).ip - echo "Restricting access to packer generated VM to agent IP Address: $AgentIp" + Write-Host "Restricting access to packer generated VM to agent IP Address: $AgentIp" } & $packerBinary build -on-error=ask `