functions/Connect-DataverseEnvironment.ps1
|
# <copyright file="Connect-Dataverse" company="Endjin Limited"> # Copyright (c) Endjin Limited. All rights reserved. # </copyright> <# .SYNOPSIS Obtains an access token for the Dataverse environment. .DESCRIPTION Obtains an access token for the Dataverse environment that is used for other operations. .PARAMETER TenantId The Power Apps Tenant ID. .PARAMETER EnvironmentUrl The Power Apps environment URL. .PARAMETER SolutionName The Power Apps solution name. .PARAMETER SchemaPrefix The schema prefix to be used when deploying Dataverse table definitions. .PARAMETER Scope The authentication scope. .PARAMETER ApiVersion The Dataverse REST API version. .PARAMETER ClientId The Azure AD application client ID used to authenticate. #> function Connect-DataverseEnvironment { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string] $TenantId, [Parameter(Mandatory = $true)] [string] $EnvironmentUrl, [Parameter(Mandatory = $true)] [AllowEmptyString()] [string] $SolutionName, [Parameter()] [ValidateNotNullOrEmpty()] [string] $SchemaPrefix, [Parameter()] [ValidateNotNullOrEmpty()] [string] $Scope = "user_impersonation", [Parameter()] [ValidateNotNullOrEmpty()] [string] $ApiVersion = "v9.2", [Parameter()] [ValidateNotNullOrEmpty()] [string] $ClientId = "51f81489-12ee-4a9e-aaae-a2591f45987d" ) if ($script:dataverseAccessToken -ne $null) { Write-Host "Using existing Dataverse connection" -f Green return } # A reasonably convenient way to get access to the Azure.Identity libaries # so we can handle the Entra ID authentication Import-Module MSAL.PS $safeEnvironmentUrl = $EnvironmentUrl.TrimEnd('/') # Acquire the token for CI/CD scenarios if ($env:AZURE_CLIENT_ID -and $env:AZURE_CLIENT_SECRET -and $env:AZURE_TENANT_ID) { Write-Host "Attemping authentication via environment variables [ClientId=$env:AZURE_CLIENT_ID]" $authResult = Get-MsalToken -ClientId $env:AZURE_CLIENT_ID ` -Scopes $authScope ` -TenantId $env:AZURE_TENANT_ID ` -ClientSecret ($env:AZURE_CLIENT_SECRET | ConvertTo-SecureString -AsPlainText) } else { # Acquire the token via Azure CLI authentication $azCliAvailable = Get-Command az -ErrorAction Ignore if ($azCliAvailable) { $azCliTokenExpiry = & az account get-access-token --query expiresOn -o tsv if ($azCliTokenExpiry -and [DateTime]::Parse($azCliTokenExpiry) -gt [DateTime]::UtcNow) { Write-Host "Attemping authentication via Azure CLI" $authResult = & az account get-access-token ` --resource $safeEnvironmentUrl | ConvertFrom-Json } } if (!$authResult) { # Acquire token interactively Write-Host "Triggering interactive authentication" $authResult = Get-MsalToken -ClientId $ClientId ` -TenantId $TenantId ` -Interactive ` -Scopes $authScope | Select-Object -ExpandProperty AccessToken } } $script:dataverseEnvironmentUrl = "$safeEnvironmentUrl/api/data/$ApiVersion" $script:dataverseAccessToken = $authResult.AccessToken | ConvertTo-SecureString -AsPlainText Set-DataverseSchemaPrefix -Prefix $SchemaPrefix } |