SvenAelterman/Azure-RunbookCopyFileShareToBlob.ps1 Secret

## Azure-RunbookCopyFileShareToBlob.ps1
<#
.DESCRIPTION
A Runbook example which moves files in a specific Azure File Share to blob container by leveraging
the 'az storage copy' commmand running in an Azure Container Instance using Service Principal in Azure AD.

After an idea by Sergio Mion.

.NOTES
Filename : Azure-RunbookCopyFileShareToBlob.ps1
Author   : Charbel Nemnom, Sven Aelterman
Version  : 1.0
Date     : 2021-04-12

.LINK
To provide feedback or for further assistance please visit:
https://charbelnemnom.com
#>

Param (
    [Parameter(Mandatory = $true)][ValidateNotNullOrEmpty()]
    [string] $azureSubscriptionId,
    [Parameter(Mandatory = $true)][ValidateNotNullOrEmpty()]
    [string] $sourceStorageAccountRG,
    [Parameter(Mandatory = $true)][ValidateNotNullOrEmpty()]
    [string] $sourceStorageAccountName,
    [Parameter(Mandatory = $true)][ValidateNotNullOrEmpty()]
    [string] $destStorageAccountRG,
    [Parameter(Mandatory = $true)][ValidateNotNullOrEmpty()]
    [string] $destStorageAccountName,
    [Parameter(Mandatory = $true)][ValidateNotNullOrEmpty()]
    [string] $storageContainerName,
    [Parameter(Mandatory = $true)][ValidateNotNullOrEmpty()]
    [string] $storageFileShareName,
    [Parameter(Mandatory = $true)][ValidateNotNullOrEmpty()]
    [string] $containerRG
)

$connectionName = "AzureRunAsConnection"

Try {
    #! Get the connection "AzureRunAsConnection "
    $servicePrincipalConnection = Get-AutomationConnection -Name $connectionName
    Write-Output "Logging in to Azure..."

    Connect-AzAccount -ServicePrincipal `
        -TenantId $servicePrincipalConnection.TenantId `
        -ApplicationId $servicePrincipalConnection.ApplicationId `
        -CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint
}
Catch {
    If (!$servicePrincipalConnection) {
        $ErrorMessage = "Connection $connectionName not found..."
        throw $ErrorMessage
    }
    Else {
        Write-Error -Message $_.Exception
        throw $_.Exception
    }
}

Select-AzSubscription -SubscriptionId $azureSubscriptionId

# Get Storage Account Keys
$sourceStorageAccountKey = (Get-AzStorageAccountKey -ResourceGroupName $sourceStorageAccountRG -AccountName $sourceStorageAccountName).Value[0]
$destStorageAccountKey = (Get-AzStorageAccountKey -ResourceGroupName $destStorageAccountRG -AccountName $destStorageAccountName).Value[0]

# Set AzStorageContext
$sourceContext = New-AzStorageContext -StorageAccountName $sourceStorageAccountName -StorageAccountKey $sourceStorageAccountKey
$destinationContext = New-AzStorageContext -StorageAccountName $destStorageAccountName -StorageAccountKey $destStorageAccountKey

# Generate File Share SAS Token which is valid for 30 minutes ONLY with read and list permission
$fileShareSASURI = New-AzStorageShareSASToken -Context $sourceContext `
    -ExpiryTime(Get-Date).AddMinutes(30) -ShareName $storageFileShareName -Permission rl

# Generate Container SAS (full URI_ Token which is valid for 30 minutes ONLY with read and write permission
$blobContainerSASURI = New-AzStorageContainerSASToken -Context $destinationContext `
    -ExpiryTime(Get-Date).AddMinutes(30) -FullUri -Name $storageContainerName -Permission rw

# Create "az storage copy" syntax command
$ShareSASURI = "'https://$sourceStorageAccountName.file.core.windows.net/$storageFileShareName/*" + $fileShareSASURI + "'"
$ContainerSASURI = "'" + $blobContainerSASURI + "'"
$command = "az storage copy -s " + $ShareSASURI + " -d " + $ContainerSASURI

# Create Azure Container Instance and run the job
# The container image (microsoft/azure-cli) is publicly available on Docker Hub and has the latest az cli version installed
# You could also create your own container image and use it instead
# You may need to adjust the CPU and memory based on the size and churn of your file share

# TODO: Add tags for cost accounting

New-AzContainerGroup -ResourceGroupName $containerRG `
    -Name azcopyjob -image microsoft/azure-cli:latest -OsType Linux `
    -Cpu 1 -MemoryInGB 2 -Command $command `
    -RestartPolicy never

Write-Output ("")
	<#
	.DESCRIPTION
	A Runbook example which moves files in a specific Azure File Share to blob container by leveraging
	the 'az storage copy' commmand running in an Azure Container Instance using Service Principal in Azure AD.

	After an idea by Sergio Mion.

	.NOTES
	Filename : Azure-RunbookCopyFileShareToBlob.ps1
	Author : Charbel Nemnom, Sven Aelterman
	Version : 1.0
	Date : 2021-04-12

	.LINK
	To provide feedback or for further assistance please visit:
	https://charbelnemnom.com
	#>

	Param (
	[Parameter(Mandatory = $true)][ValidateNotNullOrEmpty()]
	[string] $azureSubscriptionId,
	[Parameter(Mandatory = $true)][ValidateNotNullOrEmpty()]
	[string] $sourceStorageAccountRG,
	[Parameter(Mandatory = $true)][ValidateNotNullOrEmpty()]
	[string] $sourceStorageAccountName,
	[Parameter(Mandatory = $true)][ValidateNotNullOrEmpty()]
	[string] $destStorageAccountRG,
	[Parameter(Mandatory = $true)][ValidateNotNullOrEmpty()]
	[string] $destStorageAccountName,
	[Parameter(Mandatory = $true)][ValidateNotNullOrEmpty()]
	[string] $storageContainerName,
	[Parameter(Mandatory = $true)][ValidateNotNullOrEmpty()]
	[string] $storageFileShareName,
	[Parameter(Mandatory = $true)][ValidateNotNullOrEmpty()]
	[string] $containerRG
	)

	$connectionName = "AzureRunAsConnection"

	Try {
	#! Get the connection "AzureRunAsConnection "
	$servicePrincipalConnection = Get-AutomationConnection -Name $connectionName
	Write-Output "Logging in to Azure..."

	Connect-AzAccount -ServicePrincipal `
	-TenantId $servicePrincipalConnection.TenantId `
	-ApplicationId $servicePrincipalConnection.ApplicationId `
	-CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint
	}
	Catch {
	If (!$servicePrincipalConnection) {
	$ErrorMessage = "Connection $connectionName not found..."
	throw $ErrorMessage
	}
	Else {
	Write-Error -Message $_.Exception
	throw $_.Exception
	}
	}

	Select-AzSubscription -SubscriptionId $azureSubscriptionId

	# Get Storage Account Keys
	$sourceStorageAccountKey = (Get-AzStorageAccountKey -ResourceGroupName $sourceStorageAccountRG -AccountName $sourceStorageAccountName).Value[0]
	$destStorageAccountKey = (Get-AzStorageAccountKey -ResourceGroupName $destStorageAccountRG -AccountName $destStorageAccountName).Value[0]

	# Set AzStorageContext
	$sourceContext = New-AzStorageContext -StorageAccountName $sourceStorageAccountName -StorageAccountKey $sourceStorageAccountKey
	$destinationContext = New-AzStorageContext -StorageAccountName $destStorageAccountName -StorageAccountKey $destStorageAccountKey

	# Generate File Share SAS Token which is valid for 30 minutes ONLY with read and list permission
	$fileShareSASURI = New-AzStorageShareSASToken -Context $sourceContext `
	-ExpiryTime(Get-Date).AddMinutes(30) -ShareName $storageFileShareName -Permission rl

	# Generate Container SAS (full URI_ Token which is valid for 30 minutes ONLY with read and write permission
	$blobContainerSASURI = New-AzStorageContainerSASToken -Context $destinationContext `
	-ExpiryTime(Get-Date).AddMinutes(30) -FullUri -Name $storageContainerName -Permission rw

	# Create "az storage copy" syntax command
	$ShareSASURI = "'https://$sourceStorageAccountName.file.core.windows.net/$storageFileShareName/*" + $fileShareSASURI + "'"
	$ContainerSASURI = "'" + $blobContainerSASURI + "'"
	$command = "az storage copy -s " + $ShareSASURI + " -d " + $ContainerSASURI

	# Create Azure Container Instance and run the job
	# The container image (microsoft/azure-cli) is publicly available on Docker Hub and has the latest az cli version installed
	# You could also create your own container image and use it instead
	# You may need to adjust the CPU and memory based on the size and churn of your file share

	# TODO: Add tags for cost accounting

	New-AzContainerGroup -ResourceGroupName $containerRG `
	-Name azcopyjob -image microsoft/azure-cli:latest -OsType Linux `
	-Cpu 1 -MemoryInGB 2 -Command $command `
	-RestartPolicy never

	Write-Output ("")