Update the script to support MSGraph (#4701)

actions · Dec 10, 2021 · 54bf98d · 54bf98d
1 parent 5e4f5b8
commit 54bf98d
Showing 1 changed file with 35 additions and 11 deletions.
diff --git a/helpers/GenerateResourcesAndImage.ps1 b/helpers/GenerateResourcesAndImage.ps1
@@ -127,8 +127,8 @@ Function GenerateResourcesAndImage {
     )
 
     $builderScriptPath = Get-PackerTemplatePath -RepositoryRoot $ImageGenerationRepositoryRoot -ImageType $ImageType
-    $ServicePrincipalClientSecret = $env:UserName + [System.GUID]::NewGuid().ToString().ToUpper();
-    $InstallPassword = $env:UserName + [System.GUID]::NewGuid().ToString().ToUpper();
+    $ServicePrincipalClientSecret = $env:UserName + [System.GUID]::NewGuid().ToString().ToUpper()
+    $InstallPassword = $env:UserName + [System.GUID]::NewGuid().ToString().ToUpper()
 
     if ([string]::IsNullOrEmpty($AzureClientId))
     {
@@ -196,23 +196,47 @@ Function GenerateResourcesAndImage {
     if ([string]::IsNullOrEmpty($AzureClientId)) {
         # Interactive authentication: A service principal is created during runtime.
         $spDisplayName = [System.GUID]::NewGuid().ToString().ToUpper()
-        $credentialProperties = @{ StartDate=Get-Date; EndDate=Get-Date -Year 2024; Password=$ServicePrincipalClientSecret }
-        $credentials = New-Object -TypeName Microsoft.Azure.Commands.ActiveDirectory.PSADPasswordCredential -Property $credentialProperties
-        $sp = New-AzADServicePrincipal -DisplayName $spDisplayName -PasswordCredential $credentials
+        $startDate = Get-Date
+        $endDate = $startDate.AddYears(1)
+
+        if ('Microsoft.Azure.Commands.ActiveDirectory.PSADPasswordCredential' -as [type]) {
+            $credentials = [Microsoft.Azure.Commands.ActiveDirectory.PSADPasswordCredential]@{
+                StartDate = $startDate
+                EndDate = $endDate
+                Password = $ServicePrincipalClientSecret
+            }
+            $sp = New-AzADServicePrincipal -DisplayName $spDisplayName -PasswordCredential $credentials
+            $spClientId = $sp.ApplicationId
+            $azRoleParam = @{
+                RoleDefinitionName = "Contributor"
+                ServicePrincipalName = $spClientId
+            }
+        }
 
-        $spAppId = $sp.ApplicationId
-        $spClientId = $sp.ApplicationId
-        Start-Sleep -Seconds $SecondsToWaitForServicePrincipalSetup
+        if ('Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.MicrosoftGraphPasswordCredential' -as [type]) {
+            $credentials = [Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.MicrosoftGraphPasswordCredential]@{
+                StartDateTime = $startDate
+                EndDateTime = $endDate
+            }
+            $sp = New-AzADServicePrincipal -DisplayName $spDisplayName
+            $appCred = New-AzADAppCredential -ApplicationId $sp.AppId -PasswordCredentials $credentials
+            $spClientId = $sp.AppId
+            $azRoleParam = @{
+                RoleDefinitionName = "Contributor"
+                PrincipalId = $sp.Id
+            }
+            $ServicePrincipalClientSecret = $appCred.SecretText
+        }
 
-        New-AzRoleAssignment -RoleDefinitionName Contributor -ServicePrincipalName $spAppId
+        Start-Sleep -Seconds $SecondsToWaitForServicePrincipalSetup
+        New-AzRoleAssignment @azRoleParam
         Start-Sleep -Seconds $SecondsToWaitForServicePrincipalSetup
         $sub = Get-AzSubscription -SubscriptionId $SubscriptionId
         $tenantId = $sub.TenantId
         # "", "Note this variable-setting script for running Packer with these Azure resources in the future:", "==============================================================================================", "`$spClientId = `"$spClientId`"", "`$ServicePrincipalClientSecret = `"$ServicePrincipalClientSecret`"", "`$SubscriptionId = `"$SubscriptionId`"", "`$tenantId = `"$tenantId`"", "`$spObjectId = `"$spObjectId`"", "`$AzureLocation = `"$AzureLocation`"", "`$ResourceGroupName = `"$ResourceGroupName`"", "`$storageAccountName = `"$storageAccountName`"", "`$install_password = `"$install_password`"", ""
     } else {
         # Parametrized Authentication via given service principal: The service principal with the data provided via the command line
         # is used for all authentication purposes.
-        $spAppId = $AzureClientId
         $spClientId = $AzureClientId
         $credentials = $AzureAppCred
         $ServicePrincipalClientSecret = $AzureClientSecret
@@ -228,7 +252,7 @@ Function GenerateResourcesAndImage {
 
     if($RestrictToAgentIpAddress -eq $true) {
         $AgentIp = (Invoke-RestMethod http://ipinfo.io/json).ip
-        echo "Restricting access to packer generated VM to agent IP Address: $AgentIp"
+        Write-Host "Restricting access to packer generated VM to agent IP Address: $AgentIp"
     }
 
     & $packerBinary build -on-error=ask `