Skip to main content

Posts

Showing posts from 2017

Notes on Azure + PowerShell + Account SAS

Well, below are my notes on using account Shared access signatures in Azure using Azure PowerShell modules. Theory Let's get the basics out of the way first. A shared access signature is a way to delegate access to resources in a storage account, without sharing the storage account keys. SAS gives us granular control over the delegated access by : Specifying the start and expiry time. Specifying the permissions granted e.g Read/Write/Delete Specifying the Source IP address where the requests will originate from. Specifying the protocol to be used e.g HTTP/HTTPS.

PowerShell + .psd1 files - decouple environment configuration data from code

What is environment configuration data? Well, you might have heard the term 'configuration data' in usage with PowerShell DSC. The case for using configuration data is wherein all the input arguments are abstracted from the code being written so that this configuration data can be generated on the fly and passed to the underlying scripts or framework like DSC. For some of our solutions being deployed at the customer site, we require a lot of input parameters e.g. different network subnets for management and storage networks, AD/DNS information etc. Adding all these parameters to our input argument collector script was an error prone and tedious task since there were far too many input arguments. So instead of having a file to specify all input arguments was the preferred method. This also helped us while troubleshooting the deployments since a local copy of the input arguments always persisted.

PowerShell + AzureRM : Using Certificate based automated login

This is a long overdue post (previous one here ) on how to use certificates to do an automated login to A zure R esource M anager. Not rocket science but easy to setup, so that you use a cert to authenticate to Azure RM automatically. It seems the Azure docs are already up to date on how to do few bits involved in this, please read the section ' Create service principal with a certificate ' in the docs. The process is almost the same as mentioned in the docs, except the fact that when we do the role assignment, we instead assign the contributor role definition to the service principal, since we want the ability to manage the resources in Azure RM. Also, we will author a function add it to our profile so that PowerShell authenticates automatically to Azure RM each time it opens.  So let's begin with it: Create the self-signed certificate. If you are running this on Windows 8.1, then you have to use the script by MVP Vadims Podans from the gallery.

PowerShell : Trust network share to load modules & ps1

Problem Do you have a central network share, where you store all the scripts or PowerShell modules ? What happens if you try to run the script from a network share ? or if you have scripts (local) which invoke scripts or import PowerShell modules stored on this network share ? Well you would see a security warning like below (Note - I have set execution policy as 'Unrestricted' not 'bypass' here): Run a .ps1 from the network share Well this is a similar warning, which you get when you download scripts from Internet. As the message says run Unblock-File cmdlet to unblock the script and then run it, let's try it.