Created
April 10, 2019 15:48
-
-
Save gambtho/ad631f7b26e958d717dc65f711593db0 to your computer and use it in GitHub Desktop.
Create Azure Service Principal for RBAC and Save data to KeyVault
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
if [ $(az ad sp list --display-name "${CLIENT_APP_NAME}-rbac" | jq '. | length') -gt 0 ] | |
then | |
echo "RBAC client app ${CLIENT_APP_NAME}-rbac already exists" | |
else | |
TENANT_ID=$(az account show --query tenantId --out tsv) | |
SUBSCRIPTION_ID=$(az account show --query id --out tsv) | |
sp_vars=$(az ad sp create-for-rbac -n "${CLIENT_APP_NAME}-rbac" --role contributor --scopes="/subscriptions/${SUBSCRIPTION_ID}" | jq '[.appId, .password]') | |
CLIENT_ID=$(echo $sp_vars | jq -r '.[0]') | |
CLIENT_SECRET=$(echo $sp_vars | jq -r '.[1]') | |
cat > ./temp.tfvars << EOF | |
client_id="${CLIENT_ID}" | |
client_secret="${CLIENT_SECRET}" | |
tenant_id="${TENANT_ID}" | |
EOF | |
set +e | |
az keyvault secret show -n ${TFVARS_SECRET} --vault-name ${KEYVAULT_NAME} | |
if [ $? -ne 0 ] | |
then | |
az keyvault create --name ${KEYVAULT_NAME} --resource-group ${RESOURCE_GROUP_NAME} --location eastus2 | |
fi | |
az keyvault secret set --vault-name ${KEYVAULT_NAME} --name ${TFVARS_SECRET} -f ./temp.tfvars | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment