ParkMyCloud, Inc

            Creating an Azure Credential Manually Using Azure CLI

            1. Install azure CLI (linux shown below) using NodeJS install:
            • if nodejs, npm and/or azure-cli are not installed:
            curl -sL https://deb.nodesource.com/setup_7.x | sudo -E bash -  
            sudo apt-get install -y nodejs  
            sudo npm install -g azure-cli

            2. Login with azure cli:

            azure login -u some_user@youraccount.com  
            Output

            info:    Executing command login

            Password: *************

            -info:    Added subscription <Subscription Name>                                 

            info:    Setting subscription "<Subscription Name>" as default

            +

            info:    login command OK

            NOTE: You can also do this without the "-u" to pop-up web browser for login, if available.
            3. Get the Subscription ID and Tenant ID:

            azure account show
            Output
            azure account show
            info: Executing command account show
            data: Name : <Subscription Name>
            data: ID : 00aaa000-00aa-0a00-0000-0a0000a0aa00
            data: State : Enabled
            data: Tenant ID : 0b00b0b0-0000-0000-00b0-bbb0b0b000bb
            data: Is Default : true
            data: Environment : AzureCloud
            data: Has Certificate : No
            data: Has Access Token : Yes
            data: User name : some_user@youraccount.com
            data:
            info: account show command OK
            Here you have the first two pieces of information:
            • Subscription ID (in this case, 00aaa000-00aa-0a00-0000-0a0000a0aa00)
            • Tenant ID (in this case, 0b00b0b0-0000-0000-00b0-bbb0b0b000bb)

            Note:
            If you wish to use a subscription other than the default then use the following command:

            azure account show -s <Other Subscription Name>

            And use the ID and Tenant ID number from that output.


            4. Get Client ID/Application ID and the Key:
            For this step you will need to create an application within your subscription. From the command line this can be done by typing:

            azure ad app create -n "<Application Name>" -m "<Application Home Page URL>" -i "<Application Identifier URL>" -p "<Password>"

            In this example, I used the following values:
            • Application Name: "PMC Azure Dev"
            • Application Home Page URL: "https://console.parkmycloud.com"
            • Application Identifier URL: "https://PMC-Azure-Dev-not-used"
            • Password: "parkmycloud!"
            Output

            info:   Executing command ad app create

            info:   Creating application PMC Azure Dev

            data:   AppId:                  000kkk0-00kk-0000-k00k-00kk0000000k

            data:   ObjectId:               00mm00m0-0000-0m00-mmm0-m000mm000mmm

            data:   DisplayName:            PMC Azure Dev

            data:   IdentifierUris:         0=https://PMC-Azure-Dev-not-used

            data:   ReplyUrls:              

            data:   AvailableToOtherTenants: False

            data:   HomePage:                https://console.parkmycloud.com

            info:   ad app create command OK

            Here you will need to copy the AppId (in this case, 000kkk0-00kk-0000-k00k-00kk0000000k).

            Your App Access Key is simply the password you just entered (in this case, parkmycloud!).

            At this point you have everything you need for ParkMyCloud. However, there are a few more steps you need to complete the configuration on the Azure side.
            5. Create a Service Principal for the Application:
            • You will need to create a Service Principal for the application by passing the Application ID from above:
            azure ad sp create -a <Enter the App ID from above here>
            Output
            info: Executing command ad sp create
            + Creating service principal for application 00ppp000-00pp-0p00-0000-0p0000p0pp00
            data: Object Id: cc00c00c-cc00-0c00-cc0c-000cc00c0000c
            data: Display Name: PMC Azure Dev
            data: Service Principal Names:
            data: e0e00e00-0000-0ee0-0e0e-0eeee00e0000
            data: https://PMC-Azure-Dev-not-used
              info: ad sp create command OK
            • Copy the Service Principal Object ID from the response for the next step.
            6. Create a Custom Role with Limited Permissions:
            • Get the example role from the ParkMyCloud console Add Credential page, and paste it into a file (we called it PMCAzureExampleRole.json). It may look a little different from what's below, but you get the idea. (The latest permissions example will always be found in the ParkMyCloud console).
            • Suggest you give it the same name as the application
            • Perhaps referencing the application name in the description would also be helpful
            • Enter the subscription ID from step 3 as well:

              {

              "Name": "PMC Azure Dev",

              "Description": "PMC Azure Dev Role",

              "IsCustom": "true",

              "Actions": [

              "Microsoft.Compute/virtualMachines/read",

              "Microsoft.Compute/virtualMachines/*/read",

              "Microsoft.Compute/virtualMachines/start/action",

              "Microsoft.Compute/virtualMachines/deallocate/action",

              "Microsoft.Compute/virtualMachineScaleSets/read"

              "Microsoft.Compute/virtualMachineScaleSets/write"

              "Microsoft.Compute/virtualMachineScaleSets/start/action",

              "Microsoft.Compute/virtualMachineScaleSets/deallocate/action",

              "Microsoft.Compute/virtualMachineScaleSets/*/read",

              "Microsoft.Resources/subscriptions/resourceGroups/read"

              ],

              "NotActions": [],

              "AssignableScopes": [

              "/subscriptions/<Your_subscription_ID_here>"

              ]

              }

            • Then execute the following command:
            azure role create --inputfile PMCAzureExampleRole.json
            Output
            info: Executing command role create 
            info: Validating role definition 
            + Creating role definition "00hh0h00-00hh0-000h-h0h0-0h0h0h000hh" 
            info: Created role definition 00ff0f00-00ff0-000f-f0f0-0f0f0f000ff 
            data: Name             : PMC Azure Dev 
            data: Id               : 00gg0g00-00gg0-000g-g0g0-0g0g0g000gg 
            data: Description      : PMC Azure Dev Role 
            data: AssignableScopes : 0=/subscriptions/00aaa000-00aa-0a00-0000-0a0000a0aa00 
            data: Actions          : 0=Microsoft.Compute/virtualMachines/read, 1=Microsoft.Compute/virtualMachines/*/read, 2=Microsoft.Compute/virtualMachines/start/action, 3=Microsoft.Compute/virtualMachines/deallocate/action, 4=Microsoft.Compute/virtualMachineScaleSets/read, 5=Microsoft.Compute/virtualMachineScaleSets/write, 6=Microsoft.Compute/virtualMachineScaleSets/start/action, 7=Microsoft.Compute/virtualMachineScaleSets/deallocate/action, 8=Microsoft.Compute/virtualMachineScaleSets/*/read, 9=Microsoft.Resources/subscriptions/resourceGroups/read 
            data: NotActions : 
            data: IsCustom         : true 
            data: 
            info: role create command OK
            7. Assign the Custom Role to Service Principal:
            • The final step will be to map this custom role you have just created to the service principal:
            azure role assignment create --objectId <Service principal Object Id> --roleId "<RoleId >" --scope /subscriptions/<Subscription ID>
            Where:

            • Service Principal Object Id is from Step 5
            • Role Id is from Step 6 and
            • Subscription ID is from Step 3


            Output

            + Finding role with specified name |
            data: RoleAssignmentId : /subscriptions/00aaa000-00aa-0a00-0000-0a0000a0aa00/providers/Microsoft.Authorization/roleAssignments/4ad11596-5f3b-4373-9e4b-871500916e5a 
            data: RoleDefinitionName : PMC Azure Dev 
            data: RoleDefinitionId : 00gg0g00-00gg0-000g-g0g0-0g0g0g000gg 
            data: Scope            : /subscriptions/00aaa000-00aa-0a00-0000-0a0000a0aa00 
            data: Display Name     : PMC Azure Dev 
            data: SignInName       : undefined 
            data: ObjectId         : cc00c00c-cc00-0c00-cc0c-000cc00c0000c 
            data: ObjectType       : ServicePrincipal data: 
            + 
            info: role assignment create command OK
            That completes the application configuration within Azure. Now, you merely need to fill in the blanks on the credential page, give it a name and select a team to complete the configuration within ParkMyCloud




            Troubleshooting:

            * List custom roles:
            azure role list --custom

            * Show the current custom role:
            azure role show --name "PMC Azure Dev" --json

            * Modify the current custom role:
            azure role set --inputfile PmcAzureRoleExample.json


            * Remove a role assignment from a Service Principal:
            azure role assignment delete --objectId <Service Principal Object ID> --roleId <Role Id>

            Updated: 05 Jan 2017 08:30 AM
            Helpful?  
            Help us to make this article better
            0 0