dmc5179/azure_setup.sh

## azure_setup.sh
#!/bin/bash

az login
az account set --subscription "Azure subscription 1"
az account show
OCP_TENANT_ID=$(az account show --query tenantId -o tsv)
echo $OCP_TENANT_ID
OCP_SUBSCRIPTION_ID=$(az account show --query id -o tsv)
echo $OCP_SUBSCRIPTION_ID
PREFIX=$SUBSCRIPTION_CODE-ocp-dev
OCP_SP=$(az ad sp create-for-rbac -n "${PREFIX}-installer-sp" --skip-assignment)
echo $PREFIX
SUBSCRIPTION_CODE=mct
PREFIX=$SUBSCRIPTION_CODE-ocp-dev
OCP_SP=$(az ad sp create-for-rbac -n "${PREFIX}-installer-sp" --skip-assignment)
echo $OCP_SP
echo $OCP_SP | jq
OCP_SP_ID=$(echo $OCP_SP | jq -r .appId)
OCP_SP_PASSWORD=$(echo $OCP_SP | jq -r .password)
OCP_SP_TENANT=$(echo $OCP_SP | jq -r .tenant)
OCP_SP_SUBSCRIPTION_ID=$OCP_SUBSCRIPTION_ID
echo $OCP_SP_ID
echo $OCP_SP_PASSWORD
echo $OCP_SP_TENANT
echo $OCP_SP_SUBSCRIPTION_ID

# Assigning AAD ReadWrite.OwnedBy
az ad app permission add --id $OCP_SP_ID --api 00000002-0000-0000-c000-000000000000 --api-permissions 824c81eb-e3f8-4ee6-8f6d-de7f50d565b7=Role
# Requesting the (Admin Consent) for the permission.
az ad app permission grant --id $OCP_SP_ID --api 00000002-0000-0000-c000-000000000000
# Now by visiting the AAD in Azure portal, you can search for your service principal under "App Registrations" and make sure to grant the admin consent.

# Assigning "Contributor" (for Azure resources creation) and "User Access Administrator" (to grant access to OCP provisioned components)
az role assignment create --assignee $OCP_SP_ID --role "Contributor"
az role assignment create --assignee $OCP_SP_ID --role "User Access Administrator"

# Have a look at SP Azure assignments:
az role assignment list --assignee $OCP_SP_ID -o table

# Saving the SP credentials so the OCP installer will pick the new one without prompting
echo $OCP_SP | jq --arg sub_id $OCP_SUBSCRIPTION_ID '{subscriptionId:$sub_id,clientId:.appId, clientSecret:.password,tenantId:.tenant}' > ~/.azure/osServicePrincipal.json
	#!/bin/bash

	az login
	az account set --subscription "Azure subscription 1"
	az account show
	OCP_TENANT_ID=$(az account show --query tenantId -o tsv)
	echo $OCP_TENANT_ID
	OCP_SUBSCRIPTION_ID=$(az account show --query id -o tsv)
	echo $OCP_SUBSCRIPTION_ID
	PREFIX=$SUBSCRIPTION_CODE-ocp-dev
	OCP_SP=$(az ad sp create-for-rbac -n "${PREFIX}-installer-sp" --skip-assignment)
	echo $PREFIX
	SUBSCRIPTION_CODE=mct
	PREFIX=$SUBSCRIPTION_CODE-ocp-dev
	OCP_SP=$(az ad sp create-for-rbac -n "${PREFIX}-installer-sp" --skip-assignment)
	echo $OCP_SP
	echo $OCP_SP \| jq
	OCP_SP_ID=$(echo $OCP_SP \| jq -r .appId)
	OCP_SP_PASSWORD=$(echo $OCP_SP \| jq -r .password)
	OCP_SP_TENANT=$(echo $OCP_SP \| jq -r .tenant)
	OCP_SP_SUBSCRIPTION_ID=$OCP_SUBSCRIPTION_ID
	echo $OCP_SP_ID
	echo $OCP_SP_PASSWORD
	echo $OCP_SP_TENANT
	echo $OCP_SP_SUBSCRIPTION_ID

	# Assigning AAD ReadWrite.OwnedBy
	az ad app permission add --id $OCP_SP_ID --api 00000002-0000-0000-c000-000000000000 --api-permissions 824c81eb-e3f8-4ee6-8f6d-de7f50d565b7=Role
	# Requesting the (Admin Consent) for the permission.
	az ad app permission grant --id $OCP_SP_ID --api 00000002-0000-0000-c000-000000000000
	# Now by visiting the AAD in Azure portal, you can search for your service principal under "App Registrations" and make sure to grant the admin consent.

	# Assigning "Contributor" (for Azure resources creation) and "User Access Administrator" (to grant access to OCP provisioned components)
	az role assignment create --assignee $OCP_SP_ID --role "Contributor"
	az role assignment create --assignee $OCP_SP_ID --role "User Access Administrator"

	# Have a look at SP Azure assignments:
	az role assignment list --assignee $OCP_SP_ID -o table

	# Saving the SP credentials so the OCP installer will pick the new one without prompting
	echo $OCP_SP \| jq --arg sub_id $OCP_SUBSCRIPTION_ID '{subscriptionId:$sub_id,clientId:.appId, clientSecret:.password,tenantId:.tenant}' > ~/.azure/osServicePrincipal.json