JyskIT.Automation

0.3.0

Private/PartnerActions/Get-SAMTokens.ps1

function Get-SAMTokens() {
    # Start by connecting to our Azure Key Vault.
    $AzContext = Get-AzContext
    if (!$AzContext -or $AzContext.Tenant.Id -ne $PartnerTenantId) {
        try {
            Write-Host "Please log in to Azure with your @jlhosting.dk account. A browser window has been opened." -ForegroundColor Yellow
            Connect-AzAccount -Tenant $PartnerTenantId -SubscriptionName $SubscriptionName -ErrorAction Stop | Out-Null
        }
        catch {
            throw "Failed to connect to Azure. Please make sure you have the Az module installed: $_"
        }
    }

    try {
        # Retreive all required values from Azure Key Vault
        $ApplicationId = Get-AzKeyVaultSecret -VaultName $KeyVaultName -Name "ApplicationId" -AsPlainText -ErrorAction Stop
        $ApplicationSecret = Get-AzKeyVaultSecret -VaultName $KeyVaultName -Name "ApplicationSecret" -AsPlainText -ErrorAction Stop
        $RefreshToken = Get-AzKeyVaultSecret -VaultName $KeyVaultName -Name "RefreshToken" -AsPlainText -ErrorAction Stop
        $ExchangeRefreshToken = Get-AzKeyVaultSecret -VaultName $KeyVaultName -Name "ExchangeRefreshToken" -AsPlainText -ErrorAction Stop
        $ApplicationCredential = (New-Object System.Management.Automation.PSCredential ($ApplicationId, (ConvertTo-SecureString $ApplicationSecret -AsPlainText -Force)))
        $ApplicationCertificate = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList ([Convert]::FromBase64String((Get-AzKeyVaultSecret -VaultName $KeyVaultName -Name "AppRegistration" -AsPlainText -ErrorAction Stop))), '', 'Exportable,MachineKeySet,PersistKeySet'
    }
    catch {
        throw "Failed to connect to Azure Key Vault and retreive secrets: $_"
    }

    return [PSCustomObject]@{
        ApplicationId         = $ApplicationId
        ApplicationSecret     = $ApplicationSecret
        RefreshToken          = $RefreshToken
        ExchangeRefreshToken  = $ExchangeRefreshToken
        ApplicationCredential = $ApplicationCredential
        ApplicationCertificate = $ApplicationCertificate  
    }
}