D365BCOnAzureHelper

0.0.0.81

Export/Private/Get-ServiceUserCredentialsObject.ps1

                                function Global:Get-ServiceUserCredentialsObject {

    [CmdletBinding()]

    <#

    .SYNOPSIS

        Used to retrieve Service Account credentials from KeyVault

    .DESCRIPTION

        $KVIdentifier comes from the "Environments"-storage table (column: KVCredentialIdentifier)

        If specified the CmdLet will try to read the values from the KeyVault

        Example: 

            Storage Table

                KVCredentialIdentifier = "BC-App-Svc-TST"

            Key Vault:

                BC-App-Svc-TSTUsername = "<ServiceUserName>"

                BC-App-Svc-TSTPassword = "<ServiceUserPassword>"

    #>

    param(        

        [Parameter(Mandatory = $true)]

        [string]

        $KeyVaultName,

        [Parameter(Mandatory = $false)]

        [string]

        $KVIdentifier

    )

    process {        

        if ($KVIdentifier){

            Write-Verbose "Getting service-account credentials from KeyVault $KeyVaultName with Identifier $KVIdentifier..."

        } else {

            Write-Verbose "Getting service-account credentials from KeyVault $KeyVaultName..."

        }

        $domainName = (Get-AzKeyVaultSecret -VaultName $KeyVaultName -Name 'DomainName').SecretValueText

        if ($KVIdentifier) {

            $svcUserName = (Get-AzKeyVaultSecret -VaultName $KeyVaultName -Name "$($KVIdentifier)Username" -ErrorAction SilentlyContinue).SecretValueText

            $svcUserPass = (Get-AzKeyVaultSecret -VaultName $KeyVaultName -Name "$($KVIdentifier)Password" -ErrorAction SilentlyContinue).SecretValueText

            # Workaround for a project with existing Keyvault

            if (-not($svcUserName)){

                $svcUserName = (Get-AzKeyVaultSecret -VaultName $KeyVaultName -Name "$($KVIdentifier)-User" -ErrorAction SilentlyContinue).SecretValueText

            }

            if (-not($svcUserPass)){

                $svcUserPass = (Get-AzKeyVaultSecret -VaultName $KeyVaultName -Name "$($KVIdentifier)-Pass" -ErrorAction SilentlyContinue).SecretValueText

            }

        }

        if (($svcUserName) -and ($svcUserPass)){

            $svcUserName = "$domainName\$svcUserName"

        } else {

            $svcUserName = (Get-AzKeyVaultSecret -VaultName $KeyVaultName -Name 'DomainAdminUsername').SecretValueText

            $svcUserPass = (Get-AzKeyVaultSecret -VaultName $KeyVaultName -Name 'DomainAdminPassword').SecretValueText

            $svcUserName = "$domainName\$svcUserName"

        }        

        $credentialsObject = New-Object System.Management.Automation.PSCredential ($svcUserName, (ConvertTo-SecureString $svcUserPass -AsPlainText -Force))

        $credentialsObject

    }

}