mirror of
https://github.com/actions/runner-images.git
synced 2025-12-12 03:57:32 +00:00
Update the script to support MSGraph (#4701)
This commit is contained in:
Aleksandr Chebotov
committed by
GitHub
GitHub
parent
5e4f5b8898
commit
54bf98dc42
@@ -127,8 +127,8 @@ Function GenerateResourcesAndImage {
|
|||||||
)
|
)
|
||||||
|
|
||||||
$builderScriptPath = Get-PackerTemplatePath -RepositoryRoot $ImageGenerationRepositoryRoot -ImageType $ImageType
|
$builderScriptPath = Get-PackerTemplatePath -RepositoryRoot $ImageGenerationRepositoryRoot -ImageType $ImageType
|
||||||
$ServicePrincipalClientSecret = $env:UserName + [System.GUID]::NewGuid().ToString().ToUpper();
|
$ServicePrincipalClientSecret = $env:UserName + [System.GUID]::NewGuid().ToString().ToUpper()
|
||||||
$InstallPassword = $env:UserName + [System.GUID]::NewGuid().ToString().ToUpper();
|
$InstallPassword = $env:UserName + [System.GUID]::NewGuid().ToString().ToUpper()
|
||||||
|
|
||||||
if ([string]::IsNullOrEmpty($AzureClientId))
|
if ([string]::IsNullOrEmpty($AzureClientId))
|
||||||
{
|
{
|
||||||
@@ -196,15 +196,40 @@ Function GenerateResourcesAndImage {
|
|||||||
if ([string]::IsNullOrEmpty($AzureClientId)) {
|
if ([string]::IsNullOrEmpty($AzureClientId)) {
|
||||||
# Interactive authentication: A service principal is created during runtime.
|
# Interactive authentication: A service principal is created during runtime.
|
||||||
$spDisplayName = [System.GUID]::NewGuid().ToString().ToUpper()
|
$spDisplayName = [System.GUID]::NewGuid().ToString().ToUpper()
|
||||||
$credentialProperties = @{ StartDate=Get-Date; EndDate=Get-Date -Year 2024; Password=$ServicePrincipalClientSecret }
|
$startDate = Get-Date
|
||||||
$credentials = New-Object -TypeName Microsoft.Azure.Commands.ActiveDirectory.PSADPasswordCredential -Property $credentialProperties
|
$endDate = $startDate.AddYears(1)
|
||||||
$sp = New-AzADServicePrincipal -DisplayName $spDisplayName -PasswordCredential $credentials
|
|
||||||
|
if ('Microsoft.Azure.Commands.ActiveDirectory.PSADPasswordCredential' -as [type]) {
|
||||||
|
$credentials = [Microsoft.Azure.Commands.ActiveDirectory.PSADPasswordCredential]@{
|
||||||
|
StartDate = $startDate
|
||||||
|
EndDate = $endDate
|
||||||
|
Password = $ServicePrincipalClientSecret
|
||||||
|
}
|
||||||
|
$sp = New-AzADServicePrincipal -DisplayName $spDisplayName -PasswordCredential $credentials
|
||||||
|
$spClientId = $sp.ApplicationId
|
||||||
|
$azRoleParam = @{
|
||||||
|
RoleDefinitionName = "Contributor"
|
||||||
|
ServicePrincipalName = $spClientId
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if ('Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.MicrosoftGraphPasswordCredential' -as [type]) {
|
||||||
|
$credentials = [Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.MicrosoftGraphPasswordCredential]@{
|
||||||
|
StartDateTime = $startDate
|
||||||
|
EndDateTime = $endDate
|
||||||
|
}
|
||||||
|
$sp = New-AzADServicePrincipal -DisplayName $spDisplayName
|
||||||
|
$appCred = New-AzADAppCredential -ApplicationId $sp.AppId -PasswordCredentials $credentials
|
||||||
|
$spClientId = $sp.AppId
|
||||||
|
$azRoleParam = @{
|
||||||
|
RoleDefinitionName = "Contributor"
|
||||||
|
PrincipalId = $sp.Id
|
||||||
|
}
|
||||||
|
$ServicePrincipalClientSecret = $appCred.SecretText
|
||||||
|
}
|
||||||
|
|
||||||
$spAppId = $sp.ApplicationId
|
|
||||||
$spClientId = $sp.ApplicationId
|
|
||||||
Start-Sleep -Seconds $SecondsToWaitForServicePrincipalSetup
|
Start-Sleep -Seconds $SecondsToWaitForServicePrincipalSetup
|
||||||
|
New-AzRoleAssignment @azRoleParam
|
||||||
New-AzRoleAssignment -RoleDefinitionName Contributor -ServicePrincipalName $spAppId
|
|
||||||
Start-Sleep -Seconds $SecondsToWaitForServicePrincipalSetup
|
Start-Sleep -Seconds $SecondsToWaitForServicePrincipalSetup
|
||||||
$sub = Get-AzSubscription -SubscriptionId $SubscriptionId
|
$sub = Get-AzSubscription -SubscriptionId $SubscriptionId
|
||||||
$tenantId = $sub.TenantId
|
$tenantId = $sub.TenantId
|
||||||
@@ -212,7 +237,6 @@ Function GenerateResourcesAndImage {
|
|||||||
} else {
|
} else {
|
||||||
# Parametrized Authentication via given service principal: The service principal with the data provided via the command line
|
# Parametrized Authentication via given service principal: The service principal with the data provided via the command line
|
||||||
# is used for all authentication purposes.
|
# is used for all authentication purposes.
|
||||||
$spAppId = $AzureClientId
|
|
||||||
$spClientId = $AzureClientId
|
$spClientId = $AzureClientId
|
||||||
$credentials = $AzureAppCred
|
$credentials = $AzureAppCred
|
||||||
$ServicePrincipalClientSecret = $AzureClientSecret
|
$ServicePrincipalClientSecret = $AzureClientSecret
|
||||||
@@ -228,7 +252,7 @@ Function GenerateResourcesAndImage {
|
|||||||
|
|
||||||
if($RestrictToAgentIpAddress -eq $true) {
|
if($RestrictToAgentIpAddress -eq $true) {
|
||||||
$AgentIp = (Invoke-RestMethod http://ipinfo.io/json).ip
|
$AgentIp = (Invoke-RestMethod http://ipinfo.io/json).ip
|
||||||
echo "Restricting access to packer generated VM to agent IP Address: $AgentIp"
|
Write-Host "Restricting access to packer generated VM to agent IP Address: $AgentIp"
|
||||||
}
|
}
|
||||||
|
|
||||||
& $packerBinary build -on-error=ask `
|
& $packerBinary build -on-error=ask `
|
||||||
|
|||||||
Reference in New Issue
Block a user