microsoft · Ajay-MS · Mar 6, 2018 · Mar 6, 2018
diff --git a/Azure/SPNCreation.ps1 b/Azure/SPNCreation.ps1
@@ -8,11 +8,128 @@ param
 
     [Parameter(Mandatory=$false, HelpMessage="Provide a SPN role assignment")]
     [string] $spnRole = "owner",
-    
+
     [Parameter(Mandatory=$false, HelpMessage="Provide Azure environment name for your subscription")]
-    [string] $environmentName = "AzureCloud"
+    [string] $environmentName = "AzureCloud",
+
+    [Parameter(Mandatory=$false, HelpMessage="Provide AzureStackManagementURL to add AzureStack environment to AzureRmEnvironments.")]
+    [string] $azureStackManagementURL
 )
 
+$AZURESTACK_ENVIRONMENT = "AzureStack"
+
+function Get-ProxyUri
+{
+    param([String] [Parameter(Mandatory=$true)] $serverUrl)
+
+    $proxyUri = [Uri]$null
+    $proxy = [System.Net.WebRequest]::GetSystemWebProxy()
+    if ($proxy)
+    {
+        $proxy.Credentials = [System.Net.CredentialCache]::DefaultCredentials
+        $proxyUri = $proxy.GetProxy("$serverUrl")
+    }
+
+    return $proxyUri
+}
+
+function Add-AzureStackToAzureRmEnvironment {
+    param (
+        [Parameter(mandatory=$true, HelpMessage="The Admin ARM endpoint URI of the Azure Stack Environment")]
+        $EndpointURI,
+        [parameter(mandatory=$true, HelpMessage="Azure Stack environment name for use with AzureRM commandlets")]
+        [string] $Name
+    )
+
+    $EndpointURI = $EndpointURI.TrimEnd("/")
+
+    $Domain = ""
+    try {
+        $uriendpoint = [System.Uri] $EndpointURI
+        $i = $EndpointURI.IndexOf('.')
+        $Domain = ($EndpointURI.Remove(0,$i+1)).TrimEnd('/')
+    }
+    catch {
+        Write-Error (Get-VstsLocString -Key AZ_InvalidARMEndpoint)
+    }
+
+    $ResourceManagerEndpoint = $EndpointURI
+    $stackdomain = $Domain
+
+    $AzureKeyVaultDnsSuffix="vault.$($stackdomain)".ToLowerInvariant()
+    $AzureKeyVaultServiceEndpointResourceId= $("https://vault.$stackdomain".ToLowerInvariant())
+    $StorageEndpointSuffix = ($stackdomain).ToLowerInvariant()
+
+    $azureStackEndpointUri = $EndpointURI.ToString() + "/metadata/endpoints?api-version=2015-01-01"
+
+    Write-Verbose -Verbose "Retrieving endpoints from the $ResourceManagerEndpoint"
+
+    $proxyUri = Get-ProxyUri $azureStackEndpointUri
+
+    if ($proxyUri -eq $azureStackEndpointUri)
+    {
+        Write-Verbose -Verbose "No proxy settings"
+        $endpointData = Invoke-RestMethod -Uri $azureStackEndpointUri -Method Get -ErrorAction Stop
+    }
+    else
+    {
+        Write-Verbose -Verbose "Using Proxy settings"
+        $endpointData = Invoke-RestMethod -Uri $azureStackEndpointUri -Method Get -Proxy $proxyUri -ErrorAction Stop
+    }
+
+    if ($endpointData)
+    {
+        $authenticationData = $endpointData.authentication;
+        if ($authenticationData)
+        {
+            $loginEndpoint = $authenticationData.loginEndpoint
+            $aadAuthorityEndpoint = [string]::Empty
+
+            if($loginEndpoint)
+            {
+                $aadAuthorityEndpoint = $loginEndpoint
+                $activeDirectoryEndpoint = $loginEndpoint.TrimEnd('/') + "/"
+            }
+
+            $audiences = $authenticationData.audiences
+            if($audiences.Count -gt 0)
+            {
+                $activeDirectoryServiceEndpointResourceId = $audiences[0]
+            }
+        }
+
+        $graphEndpoint = $endpointData.graphEndpoint
+        $graphAudience = $endpointData.graphEndpoint
+        $galleryEndpoint = $endpointData.galleryEndpoint
+    }
+
+    $azureEnvironmentParams = @{
+        Name                                     = $Name
+        ActiveDirectoryEndpoint                  = $activeDirectoryEndpoint
+        ActiveDirectoryServiceEndpointResourceId = $activeDirectoryServiceEndpointResourceId
+        ResourceManagerEndpoint                  = $ResourceManagerEndpoint
+        GalleryEndpoint                          = $galleryEndpoint
+        GraphEndpoint                            = $graphEndpoint
+        GraphAudience                            = $graphAudience
+        StorageEndpointSuffix                    = $StorageEndpointSuffix
+        AzureKeyVaultDnsSuffix                   = $AzureKeyVaultDnsSuffix
+        AzureKeyVaultServiceEndpointResourceId   = $AzureKeyVaultServiceEndpointResourceId
+        EnableAdfsAuthentication                 = $aadAuthorityEndpoint.TrimEnd("/").EndsWith("/adfs", [System.StringComparison]::OrdinalIgnoreCase)
+    }
+
+    $armEnv = Get-AzureRmEnvironment -Name $name
+    if($armEnv -ne $null) {
+        Write-Verbose "Updating AzureRm environment $name" -Verbose
+        Remove-AzureRmEnvironment -Name $name | Out-Null
+    }
+    else {
+        Write-Verbose "Adding AzureRm environment $name" -Verbose
+    }
+
+    return Add-AzureRmEnvironment @azureEnvironmentParams
+}
+
+
 function Get-AzureCmdletsVersion
 {
     $module = Get-Module AzureRM -ListAvailable
@@ -36,6 +153,7 @@ function Get-Password
     {
         $basicPassword = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($password)
         $plainPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($basicPassword)
+        [System.Runtime.InteropServices.Marshal]::ZeroFreeBSTR($basicPassword)
 
         return $plainPassword
     }
@@ -60,6 +178,31 @@ if ([String]::IsNullOrEmpty($isAzureModulePresent) -eq $true)
 }
 
 Import-Module -Name AzureRM.Profile
+
+if ($environmentName -like $AZURESTACK_ENVIRONMENT)
+{
+    if(-not $azureStackManagementURL)
+    {
+        $azureStackEnvironment = Get-AzureRmEnvironment -Name $AZURESTACK_ENVIRONMENT
+        if(-not $azureStackEnvironment)
+        {
+            throw "AzureStack Enviornment is not present in AzureRmEnvironments in current PS Session. Please provide AzureStackManagementURL as argument or add AzureStack to AzureRmEnvironments manually."
+        }
+    }
+    else
+    {
+        try
+        {
+            Add-AzureStackToAzureRmEnvironment -EndpointURI $azureStackManagementURL -Name $AZURESTACK_ENVIRONMENT
+        }
+        catch
+        {
+            Write-Output "ERROR: Failed to add AzureStack environment to AzureRmEnvironments";
+            throw $_.Exception
+        }
+    }
+}
+
 Write-Output "Provide your credentials to access Azure subscription $subscriptionName" -Verbose
 Login-AzureRmAccount -SubscriptionName $subscriptionName -EnvironmentName $environmentName
 $azureSubscription = Get-AzureRmSubscription -SubscriptionName $subscriptionName
@@ -70,8 +213,8 @@ $id = $azureSubscription.SubscriptionId
 
 #Create a new AD Application
 Write-Output "Creating a new Application in AAD (App URI - $identifierUri)" -Verbose
-$password = Get-Password
-$azureAdApplication = New-AzureRmADApplication -DisplayName $displayName -HomePage $homePage -IdentifierUris $identifierUri -Password $password -Verbose
+$versionSpecificPassword = Get-Password
+$azureAdApplication = New-AzureRmADApplication -DisplayName $displayName -HomePage $homePage -IdentifierUris $identifierUri -Password $versionSpecificPassword -Verbose
 $appId = $azureAdApplication.ApplicationId
 Write-Output "Azure AAD Application creation completed successfully (Application Id: $appId)" -Verbose