Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
azure cli sample
KEYVAULT_NAME=donovankv
RESOURCEGROUP=donovan
MY_SECRET_VALUE=donovan
FUNCTIONAPP_STORAGEACCOUNT_NAME=donovanstore
LOCATION=westeurope
FUNCTIONAPP_NAME=donovanfa
. ./resources.sh
set -x -e
az group create -n $RESOURCEGROUP -l $LOCATION
az keyvault create --name $KEYVAULT_NAME --resource-group $RESOURCEGROUP --enabled-for-template-deployment --enabled-for-deployment
az keyvault secret set --vault-name $KEYVAULT_NAME --name my-secret --value $MY_SECRET_VALUE
az storage account create -n $FUNCTIONAPP_STORAGEACCOUNT_NAME -g $RESOURCEGROUP --sku Standard_LRS
FUNCTIONAPP_STORAGEACCOUNT_RESOURCEID=$(az storage account show -n $FUNCTIONAPP_STORAGEACCOUNT_NAME -g $RESOURCEGROUP --query id --output tsv)
az functionapp create -g $RESOURCEGROUP -n $FUNCTIONAPP_NAME -s $FUNCTIONAPP_STORAGEACCOUNT_RESOURCEID --consumption-plan-location $LOCATION
az functionapp identity assign -g $RESOURCEGROUP -n $FUNCTIONAPP_NAME
IDENTITY_ID=$(az functionapp identity show -n $FUNCTIONAPP_NAME -g $RESOURCEGROUP --query principalId -o tsv)
az keyvault set-policy --secret-permissions get -n $KEYVAULT_NAME -g $RESOURCEGROUP --object-id $IDENTITY_ID
@pascalnaber

This comment has been minimized.

Copy link
Owner Author

@pascalnaber pascalnaber commented Jan 9, 2019

Idempotent way of creating a resourcegroup with key vault, stored a secret, created a function App, enable managed ID on it and granted it permissions to the key vault with a single file.

@DarqueWarrior

This comment has been minimized.

Copy link

@DarqueWarrior DarqueWarrior commented Jan 9, 2019

Well done. This is a lot less code to manage and could be checked in to source control and run during a release. I will play with it some more. Thanks for cranking this out.

@GFoley83

This comment has been minimized.

Copy link

@GFoley83 GFoley83 commented Mar 30, 2020

Hi @pascalnaber, can you recommend any repos that offer solutions like yours above whereby I could use pre-defined samples for composing the provisioning/updating of multiple pieces of infrastructure using Azure CLI (not ARM) ?
There's:
https://github.com/Azure-Samples/azure-cli-samples
but this only has a subset of Azure services (e.g. no Front Door, ACI, Logic Apps etc.).

@pascalnaber

This comment has been minimized.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment