Creating An Azure Cred the Easy Way In Linux Using azure-cli and get_azure_cred.sh Script

Creating An Azure Cred the Easy Way In Linux Using azure-cli and get_azure_cred.sh Script

We have created some helpful scripts in our public Github repository.  One of those is a script called get_azure_cred.sh, which runs in Ubuntu Linux and will:
  • Install nodejs, npm and azure-cli (if they are not already installed)
  • Log you into your Azure account
  • Create an application for you in your Active Directory
  • Create an associated service principal for you in your Active Directory (which can be used to login on your behalf)
  • Create a limited permission role
  • Map the service principal to the limited permission role
  • Output the parameters you will need to enter into ParkMyCloud.

NOTE: You will need to have sufficient privileges within Azure to accomplish the above tasks.

This script has been tested in Ubuntu 14.04.5 LTS and Ubuntu 16.04 LTS.

Steps:
  • Create a directory to pull this repository to your Linux system (e.g., /home/ubuntu/git).
  • Change to that directory:  cd ~/git
  • Clone the repository: git clone https://github.com/parkmycloud/useful_tools.git
  • Change to the appropriate directory: cd ~/git/useful_tools/azure-cli
  • Execute the script shown:  ./get_azure_cred.sh
  • Follow the directions.
Example session shown below:

cd ~/git/useful_tools/azure-cli 


./get_azure_cred.sh


Enter your Azure username : joe.user@somecompany.com


info:    Executing command login

Password: *************

\info:    Added subscription Sub-1-As-U-Go                                    

info:    Added subscription Sub-2-As-U-Go

+

info:    login command OK


Here are the subscriptions associated with your account:


My-Subscription-1

My-Subscription-2


Enter the subscription name you want to use: My-Subscription-1


Need to create a ParkMyCloud application in your subscription.

Here's the catch: It must be unique.


What do you want to call it? (e.g., ParkMyCloud Azure Dev): PMC Azure Dev

Enter password for your application: ************

Re-enter your password: ************


Created service principal for application.


Created limited access role for app.


Waiting on Service Principal to show up in AD

Role has been mapped to service principal for application.


Subscription ID: 00aaa000-00aa-0a00-0000-0a0000a0aa00

      Tenant ID: 0b00b0b0-0000-0000-00b0-bbb0b0b000bb

         App ID: 000kkk0-00kk-0000-k00k-00kk0000000k

 API Access Key: parkmycloud!


Enter these on the Azure credential page in ParkMyCloud.


If you want to login interactively with this service principal, enter the following from the CLI:

azure login -u cc00c00c-cc00-0c00-cc0c-000cc00c0000c --service-principal --tenant 0b00b0b0-0000-0000-00b0-bbb0b0b000bb


There is a hidden directory created called ~/.PMCAzure which will store information about each step of the process:

 

 

cd ~/.PMCAzure

ls -al


total 32

drwxrwxr-x 2 ubuntu ubuntu 4096 Dec 27 08:08 ./

drwxr-xr-x 8 ubuntu ubuntu 4096 Dec 28 21:50 ../

-rw-rw-r-- 1 ubuntu ubuntu  615 Dec 27 08:07 PMCAzureAccountLog

-rw-rw-r-- 1 ubuntu ubuntu  553 Dec 27 08:07 PMCAzureAppLog

-rw-rw-r-- 1 ubuntu ubuntu 1188 Dec 27 08:07 PMCAzureRoleLog

-rw-rw-r-- 1 ubuntu ubuntu  792 Dec 27 08:08 PMCAzureRoleMapLog

-rw-rw-r-- 1 ubuntu ubuntu  488 Dec 27 08:07 PMCAzureServicePrincipalLog

-rw-rw-r-- 1 ubuntu ubuntu  887 Dec 27 08:07 PMCExampleAzureRole.json


Updates

These scripts are maintained only a best effort basis. If you wish to make changes or fix bugs, please fork the repository, make changes there and, once you have completed your testing, open up a pull request within Github.