diff --git a/Samples/Connect.AzureAutomation/Deploy-AzureAppOnly.ps1 b/Samples/Connect.AzureAutomation/Deploy-AzureAppOnly.ps1 new file mode 100644 index 000000000..ef82ee69a --- /dev/null +++ b/Samples/Connect.AzureAutomation/Deploy-AzureAppOnly.ps1 @@ -0,0 +1,96 @@ +<# +---------------------------------------------------------------------------- + +Deploys resources to Azure Automation, Installs PnP PowerShell, Creates an Azure AD App + +Created: Paul Bullock +Date: 10/08/2020 +Disclaimer: + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +.Synopsis + +.Example + +.Notes + + Default App Scopes: Sites.FullControl.All, Group.ReadWrite.All, User.Read.All + + References: + https://docs.microsoft.com/en-us/powershell/module/sharepoint-pnp/initialize-pnppowershellauthentication?view=sharepoint-ps + https://docs.microsoft.com/en-us/powershell/module/az.automation/New-AzAutomationCredential?view=azps-4.4.0 + + ---------------------------------------------------------------------------- +#> + +[CmdletBinding()] +param ( + [Parameter(Mandatory = $true)] + [string] $Tenant, #yourtenant.onmicrosoft.com + + [Parameter(Mandatory = $true)] + [string] $SPTenant, # https://[thispart].sharepoint.com + + [Parameter(Mandatory = $false)] + [string] $AppName = "PnP-PowerShell Automation", + + [Parameter(Mandatory = $true)] + [string] $CertificatePassword, # <-- Use a nice a super complex password + + [Parameter(Mandatory = $false)] + [int] $ValidForYears = 2, + + [Parameter(Mandatory = $false)] + [string] $CertCommonName = "PnP-PowerShell Automation" +) +begin{ + + + Write-Host "Let's get started..." + + # Get the location of the script to copy the script locally + $location = Get-Location + + if(!$CertificatePassword){ + Write-Host " - Password generated for you..." + $CertificatePassword = [System.Guid]::NewGuid() + } + + if(!$CertCommonName){ + $CertCommonName = "pnp.$($Tenant)" + } + + # This cna be a one-time setup - no one needs to know the password, it can be easily replaced + # in the App and Automation Service if required + $securePassword = (ConvertTo-SecureString -String $CertificatePassword -AsPlainText -Force) + +} +process { + + # ---------------------------------------------------------------------------------- + # Azure - Create Azure App and Certificate + # ---------------------------------------------------------------------------------- + Write-Host " - Registering AD app and creating certificate..." -ForegroundColor Cyan + + Initialize-PnPPowerShellAuthentication -ApplicationName $AppName -Tenant $Tenant -OutPath $location ` + -CertificatePassword $securePassword -ValidYears $ValidForYears ` + -CommonName $CertCommonName + + # Example Output: + # Pfx file : C:\Git\tfs\Script-Library\Azure\Automation\Deploy\PnP-PowerShell Automation.pfx + # Cer file : C:\Git\tfs\Script-Library\Azure\Automation\Deploy\PnP-PowerShell Automation.cer + # AzureAppId : c5beca65-0000-1111-2222-8a02cbbf4c4d + # Certificate Thumbprint : 78D0F76D900000C8B9F77E64903B6D7AEF55D233 + +} +end{ + + Write-Host "Script all done, enjoy! :)" -ForegroundColor Green +} \ No newline at end of file diff --git a/Samples/Connect.AzureAutomation/Deploy-AzureAutomation.ps1 b/Samples/Connect.AzureAutomation/Deploy-AzureAutomation.ps1 new file mode 100644 index 000000000..0cb3c2f9d --- /dev/null +++ b/Samples/Connect.AzureAutomation/Deploy-AzureAutomation.ps1 @@ -0,0 +1,191 @@ +<# +---------------------------------------------------------------------------- + +Deploys resources to Azure Automation, Installs PnP PowerShell, Creates an Azure AD App + +Created: Paul Bullock +Date: 10/08/2020 +Disclaimer: + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +.Notes + + Default App Scopes: Sites.FullControl.All, Group.ReadWrite.All, User.Read.All + + References: + https://docs.microsoft.com/en-us/powershell/module/sharepoint-pnp/initialize-pnppowershellauthentication?view=sharepoint-ps + https://docs.microsoft.com/en-us/powershell/module/az.automation/New-AzAutomationCredential?view=azps-4.4.0 + + Due credit to sources, some learnings in the script came from: + https://github.com/OfficeDev/microsoft-teams-apps-requestateam + + ---------------------------------------------------------------------------- +#> + +[CmdletBinding()] +param ( + [Parameter(Mandatory = $true)] + [string] $Tenant, #yourtenant.onmicrosoft.com + + [Parameter(Mandatory = $true)] + [string] $SPTenant, # https://[thispart].sharepoint.com + + [Parameter(Mandatory = $true)] + [string] $CertificatePassword, # <-- Use a nice a super complex password + + [Parameter(Mandatory = $true)] + [string] $AzureAppId, + + [Parameter(Mandatory = $true)] + [string] $CertificatePath, # e.g. "C:\Git\tfs\Script-Library\Azure\Automation\Deploy\PnP-PowerShell Automation.pfx" + + [Parameter(Mandatory = $false)] + [string] $AzureResourceGroupName = "pnp-powershell-automation-rg", + + [Parameter(Mandatory = $false)] + [string] $AzureRegion = "northeurope", + + [Parameter(Mandatory = $false)] + [string] $AzureAutomationName = "pnp-powershell-auto", + + [Parameter(Mandatory = $false)] + [switch] $CreateResourceGroup +) +begin{ + + + Write-Host "Let's get started..." + + # This cna be a one-time setup - no one needs to know the password, it can be easily replaced + # in the App and Automation Service if required + $securePassword = (ConvertTo-SecureString -String $CertificatePassword -AsPlainText -Force) + +} +process { + + # ---------------------------------------------------------------------------------- + # Azure - Connect to Azure + # ---------------------------------------------------------------------------------- + Write-Host " - Connecting to Azure..." -ForegroundColor Cyan + Connect-AzAccount + + # ---------------------------------------------------------------------------------- + # Azure - Resource Group + # ---------------------------------------------------------------------------------- + + # Check if the Resource Group exists + if($CreateResourceGroup){ + Write-Host " - Creating Resource Group..." -ForegroundColor Cyan + New-AzResourceGroup -Name $AzureResourceGroupName -Location $AzureRegion + } + + + # ---------------------------------------------------------------------------------- + # Azure Automation - Creation + # ---------------------------------------------------------------------------------- + + # Validate this does not already exist + $existingAzAutomation = Get-AzAutomationAccount | Where-Object AutomationAccountName -eq $AzureAutomationName + if ($null -ne $existingAzAutomation) { + Write-Error " - Automation account already exists...aborting deployment script" # Stop the script, already exists + return #End the Script + } + + Write-Host " - Creating Azure Automation Account..." -ForegroundColor Cyan + + # Note: Not all regions support Azure Automation - check here for your region: + # https://azure.microsoft.com/en-us/global-infrastructure/services/?products=automation®ions=all + New-AzAutomationAccount ` + -Name $AzureAutomationName ` + -Location $AzureRegion ` + -ResourceGroupName $AzureResourceGroupName + + # ---------------------------------------------------------------------------------- + # Azure Automation - Add Modules + # ---------------------------------------------------------------------------------- + + # Add PnP Modules - July 2020 Onwards + New-AzAutomationModule ` + -AutomationAccountName $AzureAutomationName ` + -Name "SharePointPnPPowerShellOnline" ` + -ContentLink "https://devopsgallerystorage.blob.core.windows.net/packages/sharepointpnppowershellonline.3.23.2007.1.nupkg" ` + -ResourceGroupName $AzureResourceGroupName + + + # ---------------------------------------------------------------------------------- + # Azure Automation - Create variables + # ---------------------------------------------------------------------------------- + New-AzAutomationVariable ` + -AutomationAccountName $AzureAutomationName ` + -Name "AppClientId" ` + -Encrypted $False ` + -Value $AzureAppId ` + -ResourceGroupName $AzureResourceGroupName + + New-AzAutomationVariable ` + -AutomationAccountName $AzureAutomationName ` + -Name "AppAdTenant" ` + -Encrypted $true ` + -Value $Tenant ` + -ResourceGroupName $AzureResourceGroupName + + New-AzAutomationVariable ` + -AutomationAccountName $AzureAutomationName ` + -Name "App365Tenant" ` + -Encrypted $true ` + -Value $SPTenant ` + -ResourceGroupName $AzureResourceGroupName + + New-AzAutomationCertificate ` + -Name "AzureAppCertificate" ` + -Description "Certificate for PnP PowerShell automation" ` + -Password $securePassword ` + -Path $CertificatePath ` + -Exportable ` + -ResourceGroupName $AzureResourceGroupName ` + -AutomationAccountName $AzureAutomationName + + # In this example, we do not use the UserName part + $User = "IAamNotUsed" + $Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, $securePassword + New-AzAutomationCredential ` + -Name "AzureAppCertPassword" ` + -Description "Contains the password for the certificate" ` + -Value $Credential ` + -ResourceGroupName $AzureResourceGroupName ` + -AutomationAccountName $AzureAutomationName ` + + # Add Azure Runbook + Write-Host " - Importing and publishing example runbook..." -ForegroundColor Cyan + + # Import automation runbooks + $exampleRunbookName = "test-connection-runbook" + + # Add the example runbook into Azure Automation + Import-AzAutomationRunbook ` + -Name $exampleRunbookName ` + -Path "./$($exampleRunbookName).ps1" ` + -ResourceGroupName $AzureResourceGroupName ` + -AutomationAccountName $AzureAutomationName ` + -Type PowerShell + + # Publish runbooks + Publish-AzAutomationRunbook ` + -Name $exampleRunbookName ` + -ResourceGroupName $AzureResourceGroupName ` + -AutomationAccountName $AzureAutomationName + + Write-Host "Finished adding example runbook" -ForegroundColor Green + +} +end{ + + Write-Host "Script all done, enjoy! :)" -ForegroundColor Green +} \ No newline at end of file diff --git a/Samples/Connect.AzureAutomation/Deploy-FullAutomation.ps1 b/Samples/Connect.AzureAutomation/Deploy-FullAutomation.ps1 new file mode 100644 index 000000000..87149fb9c --- /dev/null +++ b/Samples/Connect.AzureAutomation/Deploy-FullAutomation.ps1 @@ -0,0 +1,225 @@ +<# +---------------------------------------------------------------------------- + +Deploys resources to Azure Automation, Installs PnP PowerShell, Creates an Azure AD App + +Created: Paul Bullock +Date: 10/08/2020 +Disclaimer: + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +.Notes + + Default App Scopes: Sites.FullControl.All, Group.ReadWrite.All, User.Read.All + + References: + https://docs.microsoft.com/en-us/powershell/module/sharepoint-pnp/initialize-pnppowershellauthentication?view=sharepoint-ps + https://docs.microsoft.com/en-us/powershell/module/az.automation/New-AzAutomationCredential?view=azps-4.4.0 + + Due credit to sources, some learnings in the script came from: + https://github.com/OfficeDev/microsoft-teams-apps-requestateam + + ---------------------------------------------------------------------------- +#> + + + +[CmdletBinding()] +param ( + [Parameter(Mandatory = $true)] + [string] $Tenant, #yourtenant.onmicrosoft.com + + [Parameter(Mandatory = $true)] + [string] $SPTenant, # https://[thispart].sharepoint.com + + [Parameter(Mandatory = $false)] + [string] $AppName = "PnP-PowerShell Automation", + + [Parameter(Mandatory = $true)] + [string] $CertificatePassword, # <-- Use a nice a super complex password + + [Parameter(Mandatory = $false)] + [int] $ValidForYears = 2, + + [Parameter(Mandatory = $false)] + [string] $CertCommonName = "PnP-PowerShell Automation", + + [Parameter(Mandatory = $false)] + [string] $AzureResourceGroupName = "pnp-powershell-automation-rg", + + [Parameter(Mandatory = $false)] + [string] $AzureRegion = "northeurope", + + [Parameter(Mandatory = $false)] + [string] $AzureAutomationName = "pnp-powershell-auto", + + [Parameter(Mandatory = $false)] + [switch] $CreateResourceGroup +) +begin{ + + + Write-Host "Let's get started..." + + # Get the location of the script to copy the script locally + $location = Get-Location + + if(!$CertificatePassword){ + Write-Host " - Password generated for you..." + $CertificatePassword = [System.Guid]::NewGuid() + } + + if(!$CertCommonName){ + $CertCommonName = "pnp.$($Tenant)" + } + + # This cna be a one-time setup - no one needs to know the password, it can be easily replaced + # in the App and Automation Service if required + $securePassword = (ConvertTo-SecureString -String $CertificatePassword -AsPlainText -Force) + +} +process { + + # ---------------------------------------------------------------------------------- + # Azure - Create Azure App and Certificate + # ---------------------------------------------------------------------------------- + Write-Host " - Registering AD app and creating certificate..." -ForegroundColor Cyan + + $result = Initialize-PnPPowerShellAuthentication -ApplicationName $AppName -Tenant $Tenant -OutPath $location ` + -CertificatePassword $securePassword -ValidYears $ValidForYears ` + -CommonName $CertCommonName + + + # Pfx file : C:\Git\tfs\Script-Library\Azure\Automation\Deploy\PnP-PowerShell Automation.pfx + # Cer file : C:\Git\tfs\Script-Library\Azure\Automation\Deploy\PnP-PowerShell Automation.cer + # AzureAppId : c5beca65-bb78-414b-bd95-8a02cbbf4c4d + # Certificate Thumbprint : 78D0F76D907FB9C8B9F77E64903B6D7AEF55D233 + + $generatedAppId = $result.AzureAppId + $generatedPfxCertPath = "$($location)\$($CertCommonName).pfx" + + # ---------------------------------------------------------------------------------- + # Azure - Connect to Azure + # ---------------------------------------------------------------------------------- + Write-Host " - Connecting to Azure..." -ForegroundColor Cyan + Connect-AzAccount + + # ---------------------------------------------------------------------------------- + # Azure - Resource Group + # ---------------------------------------------------------------------------------- + + # Check if the Resource Group exists + if($CreateResourceGroup){ + Write-Host " - Creating Resource Group..." -ForegroundColor Cyan + New-AzResourceGroup -Name $AzureResourceGroupName -Location $AzureRegion + } + + # ---------------------------------------------------------------------------------- + # Azure Automation - Creation + # ---------------------------------------------------------------------------------- + + # Validate this does not already exist + $existingAzAutomation = Get-AzAutomationAccount | Where-Object AutomationAccountName -eq $AppName + if ($null -ne $existingAzAutomation) { + Write-Error " - Automation account already exists...aborting deployment script" # Stop the script, already exists + return #End the Script + } + + Write-Host " - Creating Azure Automation Account..." -ForegroundColor Cyan + + # Note: Not all regions support Azure Automation - check here for your region: + # https://azure.microsoft.com/en-us/global-infrastructure/services/?products=automation®ions=all + New-AzAutomationAccount ` + -Name $AzureAutomationName ` + -Location $AzureRegion ` + -ResourceGroupName $AzureResourceGroupName + + # ---------------------------------------------------------------------------------- + # Azure Automation - Add Modules + # ---------------------------------------------------------------------------------- + + # Add PnP Modules - July 2020 Onwards + New-AzAutomationModule ` + -AutomationAccountName $AzureAutomationName ` + -Name "SharePointPnPPowerShellOnline" ` + -ContentLink "https://devopsgallerystorage.blob.core.windows.net/packages/sharepointpnppowershellonline.3.23.2007.1.nupkg" ` + -ResourceGroupName $AzureResourceGroupName + + + # ---------------------------------------------------------------------------------- + # Azure Automation - Create variables + # ---------------------------------------------------------------------------------- + New-AzAutomationVariable ` + -AutomationAccountName $AzureAutomationName ` + -Name "AppClientId" ` + -Encrypted $False ` + -Value $generatedAppId ` + -ResourceGroupName $AzureResourceGroupName + + New-AzAutomationVariable ` + -AutomationAccountName $AzureAutomationName ` + -Name "AppAdTenant" ` + -Encrypted $true ` + -Value $Tenant ` + -ResourceGroupName $AzureResourceGroupName + + New-AzAutomationVariable ` + -AutomationAccountName $AzureAutomationName ` + -Name "App365Tenant" ` + -Encrypted $true ` + -Value $SPTenant ` + -ResourceGroupName $AzureResourceGroupName + + New-AzAutomationCertificate ` + -Name "AzureAppCertificate" ` + -Description "Certificate for PnP PowerShell automation" ` + -Password $securePassword ` + -Path $generatedPfxCertPath ` + -Exportable ` + -ResourceGroupName $AzureResourceGroupName ` + -AutomationAccountName $AzureAutomationName + + # In this example, we do not use the UserName part + $User = "IAamNotUsed" + $Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, $securePassword + New-AzAutomationCredential ` + -Name "AzureAppCertPassword" ` + -Description "Contains the password for the certificate" ` + -Value $Credential ` + -ResourceGroupName $AzureResourceGroupName ` + -AutomationAccountName $AzureAutomationName ` + + # Add Azure Runbook + Write-Host " - Importing and publishing example runbook..." -ForegroundColor Cyan + + # Import automation runbooks + $exampleRunbookName = "test-connection-runbook" + + # Add the example runbook into Azure Automation + Import-AzAutomationRunbook ` + -Name $exampleRunbookName ` + -Path "./$($exampleRunbookName).ps1" ` + -ResourceGroupName $AzureResourceGroupName ` + -AutomationAccountName $AzureAutomationName ` + -Type PowerShell + + # Publish runbooks + Publish-AzAutomationRunbook ` + -Name $exampleRunbookName ` + -ResourceGroupName $AzureResourceGroupName ` + -AutomationAccountName $AzureAutomationName + + Write-Host "Finished adding example runbook" -ForegroundColor Green + +} +end{ + + Write-Host "Script all done, enjoy! :)" -ForegroundColor Green +} \ No newline at end of file diff --git a/Samples/Connect.AzureAutomation/Readme.md b/Samples/Connect.AzureAutomation/Readme.md new file mode 100644 index 000000000..34534d970 --- /dev/null +++ b/Samples/Connect.AzureAutomation/Readme.md @@ -0,0 +1,93 @@ +# Connect to the SharePoint Online using Application Permissions + +This PowerShell sample demonstrates how to deploy and use the PnP PowerShell to connect to SharePoint Online +using App-Only within Azure Automation. This is useful for demonstrating connecting to SharePoint Online with App-Only permissions +as well as provisioning Azure Automation with the required modules. + +Applies to + +- Office 365 Multi-Tenant (MT) + +## Prerequisites + +- PnP PowerShell Module (Minimum 3.23.2007.1) +- Azure AD - Global Admin (for app consent) +- Azure PowerShell Module [https://docs.microsoft.com/en-us/powershell/azure/install-az-ps?view=azps-4.4.0](https://docs.microsoft.com/en-us/powershell/azure/install-az-ps?view=azps-4.4.0) + +## Scripts + +The following script samples as part of the solution: + +- Deploy-AzureAppOnly.ps1 - this uses the new cmdlet "Initialize-PnPPowerShellAuthentication" to create the certificate and create Azure AD app +- Deploy-AzureAutomation.ps1 - this creates an Azure Automation account, configures the account for hosting credentials, registering the PnP module and publishing a runbook +- Deploy-FullAutomation.ps1 - this is a combination of both above scripts in one run +- test-connection-runbook.ps1 - sample runbook that connects to SharePoint Online with a certificate and example connections to tenant level and site level + +### Note + +Not all regions support Azure Automation - check here for your region: [https://azure.microsoft.com/en-us/global-infrastructure/services/?products=automation®ions=all](https://azure.microsoft.com/en-us/global-infrastructure/services/?products=automation®ions=all) + +## Getting Started + +### Example 1: Creation of an Azure AD App + +```powershell + +./Deploy-AzureAppOnly.ps1 ` + -Tenant "yourtenant.onmicrosoft.com" ` + -SPTenant "yourtenant" ` + -AppName "PnP-PowerShell Automation" ` + -CertificatePassword "" ` + -ValidForYears 2 ` + -CertCommonName "PnP-PowerShell Automation" + +Note: It is recommended to use a better Certificate Password than above, nice and super complex + +``` + +### Example 2: Provisioning Azure Automation with PnP Module, credentials and publishing runbook + +```powershell + +./Deploy-AzureAutomation.ps1 ` + -Tenant "yourtenant.onmicrosoft.com" ` + -SPTenant "yourtenant" ` + -CertificatePassword "" ` + -AzureAppId "b80b83e9-2d52-4aa4-910a-099c296b36d4" ` + -CertificatePath "C:\Git\tfs\Script-Library\Azure\Automation\Deploy\PnP-PowerShell Automation.pfx" ` + -AzureResourceGroupName "pnp-powershell-automation-rg" ` + -AzureRegion "northeurope" ` + -AzureAutomationName "pnp-powershell-auto" ` + -CreateResourceGroup + +``` + +Notes: +- Use a better Certificate Password than above but the same as the one in example 1, nice and super complex +- The CertificatePath is the location where the certificate was stored locally in example 1 + +### Example 3: Combination Script of both Example 1 and 2 + +```powershell + +./Deploy-FullAutomation.ps1 ` + -Tenant "yourtenant.onmicrosoft.com" ` + -SPTenant "yourtenant" ` + -AppName "PnP-PowerShell Automation" ` + -CertificatePassword "" ` + -ValidForYears 2 ` + -CertCommonName "PnP-PowerShell Automation" ` + -AzureResourceGroupName "pnp-powershell-automation-rg" ` + -AzureRegion "northeurope" ` + -AzureAutomationName "pnp-powershell-auto" ` + -CreateResourceGroup +``` + +## Version history ## +Version | Date | Author(s) | Comments +---------| ---- | --------- | ---------| +1.0 | August 10th 2020 | Paul Bullock (CaPa Creative Ltd) | Initial release + + +## **Disclaimer** +THIS CODE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR NON-INFRINGEMENT. \ No newline at end of file diff --git a/Samples/Connect.AzureAutomation/test-connection-runbook.ps1 b/Samples/Connect.AzureAutomation/test-connection-runbook.ps1 new file mode 100644 index 000000000..bab028b08 --- /dev/null +++ b/Samples/Connect.AzureAutomation/test-connection-runbook.ps1 @@ -0,0 +1,68 @@ +<# ---------------------------------------------------------------------------- + +Example script connecting to SharePoint Online with a + App Only Certificate in Azure Automation + +Created: Paul Bullock +Date: 10/08/2020 +Disclaimer: + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +---------------------------------------------------------------------------- #> + +[CmdletBinding()] +Param +() + +# Retrieves from the Azure Automation variables and certificate stores +# the details for connecting to SharePoint Online +$azureAutomateCreds = Get-AutomationPSCredential -Name 'AzureAppCertPassword' +$appId = Get-AutomationVariable -Name "AppClientId" +$appAdTenant = Get-AutomationVariable -Name "AppAdTenant" +$app365Tenant = Get-AutomationVariable -Name "App365Tenant" +$appCert = Get-AutomationCertificate -Name "AzureAppCertificate" + +# Addresses for the tenant +$adminUrl = "https://$app365Tenant-admin.sharepoint.com" +$baseSite = "https://$app365Tenant.sharepoint.com" + +# Site Template List + +try { + Write-Verbose "Running Script..." + + # Export the certificate and convert into base 64 string + $base64Cert = [System.Convert]::ToBase64String($appCert.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Pkcs12)) + + # Connect to the standard SharePoint Site + $siteConn = Connect-PnPOnline -ClientId $appId -CertificateBase64Encoded $base64Cert ` + -CertificatePassword $azureAutomateCreds.Password ` + -Url $baseSite -Tenant $appAdTenant -ReturnConnection + + # Connect to the SharePoint Online Admin Service + $adminSiteConn = Connect-PnPOnline -ClientId $appId -CertificateBase64Encoded $base64Cert ` + -CertificatePassword $azureAutomateCreds.Password ` + -Url $adminUrl -Tenant $appAdTenant -ReturnConnection + + # SharePointy Stuff here + Write-Verbose "Connected to SharePoint Online Site" + $web = Get-PnPWeb -Connection $siteConn + $web.Title + + # SharePointy Adminy Stuff here + Write-Verbose "Connected to SharePoint Online Admin Centre" + $tenantSite = Get-PnPTenantSite -Url $baseSite -Connection $adminSiteConn + $tenantSite.Title + +} +catch { + #Script error + Write-Error "An error occurred: $($PSItem.ToString())" +} \ No newline at end of file