Simon Waight sjwaight

## sample-runbook-service-principal-credentials.ps1
param (
    [Parameter(Mandatory=$false)]
    [String]$AzureCredentialAssetName = "VMPowerServicePrincipal",

    [Parameter(Mandatory=$false)]
    [String]$AzureSubscriptionIDAssetName = "VMShutdownTargetSubscription",

    [Parameter(Mandatory=$false)]
    [String]$AzureTenantIDAssetName = "VMShutdownTargetTenant"
)

## what-exo-server.ps1
$myEmailOrUpn = 'some.user@some.doman'

# can use your mailbox login
$cred = Get-Credential

$exoSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://outlook.office365.com/powershell-liveid/" -Credential $cred -Authentication "Basic" -AllowRedirection

# Loads session and EXO Cmdlets
Import-PSSession $exoSession

## Deploy-WindowsService.ps1
Configuration Main
 {
   Import-DscResource –ModuleName 'PSDesiredStateConfiguration'

   Node ('localhost')
   {
     Script DeployWindowsService
     {
       GetScript = {
         @{

## Create-SelfSignedCert.ps1
# Requires PowerShell to be run as Admin-level user.

New-SelfSignedCertificate -CertStoreLocation cert:\localmachine\my -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" `
                          -Subject "cn=mydemokvcert" -KeyDescription "Used to access Key Vault" `
                          -NotBefore (Get-Date).AddDays(-1) -NotAfter (Get-Date).AddYears(2)

#   PSParentPath: Microsoft.PowerShell.Security\Certificate::LocalMachine\my
#
#Thumbprint                                Subject
#----------                                -------

## Create-CertSP.ps1
##
# Create new Service Principal with Cert configured
##

Login-AzureRmAccount -SubscriptionId XXXXXXXX-XXXX-XXXX-XXXX-86b9ebca2d13

# $credValue comes from the previous script and contains the X509 cert we wish to use.
# $validFrom comes from the previous script and is the validity start date for the cert.
# $validTo comes from the previous script and is the validity end data for the cert.

## project.json
{
  "frameworks": {
    "net46": {
      "dependencies": {
        "Microsoft.IdentityModel.Clients.ActiveDirectory": "3.13.1",
        "Microsoft.IdentityModel.Logging": "1.0.0",
        "Microsoft.Azure.Common": "2.1.0",
        "Microsoft.Azure.KeyVault": "1.0.0",
      }
    }

## keyvaultclient.csx
#r "System.Runtime"
#r "System.Threading.Tasks"

using System;
using System.Threading.Tasks;
using System.Web.Configuration;
using Microsoft.IdentityModel.Clients.ActiveDirectory;
using Microsoft.Azure.KeyVault;
using System.Security.Cryptography.X509Certificates;

## run.csx
#load "keyvaultclient.csx"

public static void Run(TraceWriter log)
{
    var secretStringClearText = GetKeyVaultSecret("remotepassword");
    log.Info(secretStringClearText);
}

## project.json
{
  "frameworks": {
    "net46": {
      "dependencies": {
          "Sendgrid": "8.0.5"
      }
    }
  }
}

## function.json
{
  "bindings": [
    {
      "type": "sendGrid",
      "name": "message",
      "direction": "out",
      "from": "your.sender@your.domain",
      "subject": "Functions r0ck5!"
    }
  ],
	param (
	[Parameter(Mandatory=$false)]
	[String]$AzureCredentialAssetName = "VMPowerServicePrincipal",

	[Parameter(Mandatory=$false)]
	[String]$AzureSubscriptionIDAssetName = "VMShutdownTargetSubscription",

	[Parameter(Mandatory=$false)]
	[String]$AzureTenantIDAssetName = "VMShutdownTargetTenant"
	)
	$myEmailOrUpn = 'some.user@some.doman'

	# can use your mailbox login
	$cred = Get-Credential

	$exoSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://outlook.office365.com/powershell-liveid/" -Credential $cred -Authentication "Basic" -AllowRedirection

	# Loads session and EXO Cmdlets
	Import-PSSession $exoSession
	Configuration Main
	{
	Import-DscResource –ModuleName 'PSDesiredStateConfiguration'

	Node ('localhost')
	{
	Script DeployWindowsService
	{
	GetScript = {
	@{
	# Requires PowerShell to be run as Admin-level user.

	New-SelfSignedCertificate -CertStoreLocation cert:\localmachine\my -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" `
	-Subject "cn=mydemokvcert" -KeyDescription "Used to access Key Vault" `
	-NotBefore (Get-Date).AddDays(-1) -NotAfter (Get-Date).AddYears(2)

	# PSParentPath: Microsoft.PowerShell.Security\Certificate::LocalMachine\my
	#
	#Thumbprint Subject
	#---------- -------
	##
	# Create new Service Principal with Cert configured
	##

	Login-AzureRmAccount -SubscriptionId XXXXXXXX-XXXX-XXXX-XXXX-86b9ebca2d13

	# $credValue comes from the previous script and contains the X509 cert we wish to use.
	# $validFrom comes from the previous script and is the validity start date for the cert.
	# $validTo comes from the previous script and is the validity end data for the cert.
	{
	"frameworks": {
	"net46": {
	"dependencies": {
	"Microsoft.IdentityModel.Clients.ActiveDirectory": "3.13.1",
	"Microsoft.IdentityModel.Logging": "1.0.0",
	"Microsoft.Azure.Common": "2.1.0",
	"Microsoft.Azure.KeyVault": "1.0.0",
	}
	}
	#r "System.Runtime"
	#r "System.Threading.Tasks"

	using System;
	using System.Threading.Tasks;
	using System.Web.Configuration;
	using Microsoft.IdentityModel.Clients.ActiveDirectory;
	using Microsoft.Azure.KeyVault;
	using System.Security.Cryptography.X509Certificates;
	#load "keyvaultclient.csx"

	public static void Run(TraceWriter log)
	{
	var secretStringClearText = GetKeyVaultSecret("remotepassword");
	log.Info(secretStringClearText);
	}
	{
	"bindings": [
	{
	"type": "sendGrid",
	"name": "message",
	"direction": "out",
	"from": "your.sender@your.domain",
	"subject": "Functions r0ck5!"
	}
	],