-
-
Save pascalnaber/75412a97a0d0b059314d193c3ab37c4c to your computer and use it in GitHub Desktop.
| KEYVAULT_NAME=donovankv | |
| RESOURCEGROUP=donovan | |
| MY_SECRET_VALUE=donovan | |
| FUNCTIONAPP_STORAGEACCOUNT_NAME=donovanstore | |
| LOCATION=westeurope | |
| FUNCTIONAPP_NAME=donovanfa | |
| . ./resources.sh |
| set -x -e | |
| az group create -n $RESOURCEGROUP -l $LOCATION | |
| az keyvault create --name $KEYVAULT_NAME --resource-group $RESOURCEGROUP --enabled-for-template-deployment --enabled-for-deployment | |
| az keyvault secret set --vault-name $KEYVAULT_NAME --name my-secret --value $MY_SECRET_VALUE | |
| az storage account create -n $FUNCTIONAPP_STORAGEACCOUNT_NAME -g $RESOURCEGROUP --sku Standard_LRS | |
| FUNCTIONAPP_STORAGEACCOUNT_RESOURCEID=$(az storage account show -n $FUNCTIONAPP_STORAGEACCOUNT_NAME -g $RESOURCEGROUP --query id --output tsv) | |
| az functionapp create -g $RESOURCEGROUP -n $FUNCTIONAPP_NAME -s $FUNCTIONAPP_STORAGEACCOUNT_RESOURCEID --consumption-plan-location $LOCATION | |
| az functionapp identity assign -g $RESOURCEGROUP -n $FUNCTIONAPP_NAME | |
| IDENTITY_ID=$(az functionapp identity show -n $FUNCTIONAPP_NAME -g $RESOURCEGROUP --query principalId -o tsv) | |
| az keyvault set-policy --secret-permissions get -n $KEYVAULT_NAME -g $RESOURCEGROUP --object-id $IDENTITY_ID |
Well done. This is a lot less code to manage and could be checked in to source control and run during a release. I will play with it some more. Thanks for cranking this out.
Hi @pascalnaber, can you recommend any repos that offer solutions like yours above whereby I could use pre-defined samples for composing the provisioning/updating of multiple pieces of infrastructure using Azure CLI (not ARM) ?
There's:
https://github.com/Azure-Samples/azure-cli-samples
but this only has a subset of Azure services (e.g. no Front Door, ACI, Logic Apps etc.).
I've got a sample here using multiple resources: https://github.com/pascalnaber/espc2019/tree/master/src/4-aks/provisioning/scripts
https://github.com/pascalnaber/espc2019/tree/master/src/4-aks/prerequisites
https://github.com/pascalnaber/espc2019/tree/master/src/2-aci/cli
Logic Apps are not supported as far as I know.
Idempotent way of creating a resourcegroup with key vault, stored a secret, created a function App, enable managed ID on it and granted it permissions to the key vault with a single file.