forked from brent-robinson/posh-acme-azure-example
-
Notifications
You must be signed in to change notification settings - Fork 0
/
New-AcmeCertificate.ps1
56 lines (46 loc) · 2.03 KB
/
New-AcmeCertificate.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
param (
[string] $AcmeDirectory,
[string] $AcmeContact,
[string] $CertificateNames,
[string] $StorageContainerSASToken
)
# Supress progress messages. Azure DevOps doesn't format them correctly (used by New-PACertificate)
$global:ProgressPreference = 'SilentlyContinue'
# Split certificate names by comma or semi-colin
$CertificateNamesArr = $CertificateNames.Replace(',',';') -split ';' | ForEach-Object -Process { $_.Trim() }
# Create working directory
$workingDirectory = Join-Path -Path "." -ChildPath "pa"
if (Test-Path $workingDirectory) {
Remove-Item $workingDirectory -Recurse
}
New-Item -Path $workingDirectory -ItemType Directory | Out-Null
# Sync contents of storage container to working directory
./azcopy sync "$StorageContainerSASToken" "$workingDirectory"
# Set Posh-ACME working directory
$env:POSHACME_HOME = $workingDirectory
Import-Module Posh-ACME -Force
# Configure Posh-ACME server
Set-PAServer -DirectoryUrl $AcmeDirectory
# Configure Posh-ACME account
$account = Get-PAAccount
if (-not $account) {
# New account
$account = New-PAAccount -Contact $AcmeContact -AcceptTOS
}
elseif ($account.contact -ne "mailto:$AcmeContact") {
# Update account contact
Set-PAAccount -ID $account.id -Contact $AcmeContact
}
# Acquire access token for Azure (as we want to leverage the existing connection)
$azureContext = Get-AzContext
$currentAzureProfile = [Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureRmProfileProvider]::Instance.Profile;
$currentAzureProfileClient = New-Object Microsoft.Azure.Commands.ResourceManager.Common.RMProfileClient($currentAzureProfile);
$azureAccessToken = $currentAzureProfileClient.AcquireAccessToken($azureContext.Tenant.Id).AccessToken;
# Request certificate
$paPluginArgs = @{
AZSubscriptionId = $azureContext.Subscription.Id
AZAccessToken = $azureAccessToken;
}
New-PACertificate -Domain $CertificateNamesArr -DnsPlugin Azure -PluginArgs $paPluginArgs
# Sync working directory back to storage container
./azcopy sync "$workingDirectory" "$StorageContainerSASToken"