-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathConfigure-SampleApp.ps1
More file actions
36 lines (26 loc) · 1.21 KB
/
Copy pathConfigure-SampleApp.ps1
File metadata and controls
36 lines (26 loc) · 1.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# Environment Variables
$rgName = "trr-secretrotationdemo-rg"
$location = "eastus2"
# Application Variables
$aspName = "trr-sampleapp-asp"
$appName = "trr-sampleapp-web"
$storageName = "trrssampleappsa"
# Add Properties to App Service
$waSettings = @{}
foreach ( $setting in $wa.SiteConfig.AppSettings ) {
$waSettings.Add( $setting.Name, $setting.Value )
}
$waSettings.Add( "StorageAccountBlob", $storage.PrimaryEndpoints.Blob )
$waSettings.Add( "KeyVaultUri", $kv.VaultUri )
$waSettings.Add( "StorageServicePrincipalId", $spId )
Set-AzWebApp -Name $appName -ResourceGroupName $rgName -AppSettings $waSettings
$wa = Get-AzWebApp -Name $appName -ResourceGroupName $rgName
# Add Service Principal Access to Storage Account
$storageId = $storage.Id
$roleassignment = Get-AzRoleAssignment -ObjectId $spId -RoleDefinitionName "Storage Blob Data Contributor" -Scope $storageId
if ( $null -eq $roleassignment ) {
New-AzRoleAssignment -ObjectId $spId -RoleDefinitionName "Storage Blob Data Contributor" -Scope $storageId
}
# Add Key Vault Access Policy
$waId = ( $wa | Select-Object -ExpandProperty Identity ).PrincipalId
$kv | Set-AzKeyVaultAccessPolicy -ObjectId $waId -PermissionsToSecrets get