JyskIT.Automation

2.1.16

Private/Authentication/Microsoft/Get-PartnerCredentials.ps1

function Get-PartnerCredentials {
    [CmdletBinding()]
    param()
    
    # Start by connecting to Azure Key Vault
    $AzContext = Get-AzContext
    if (!$AzContext -or $AzContext.Tenant.Id -ne $script:Config.PartnerTenantId) {
        try {
            # Try certificate auth first
            $Certificate = Get-ChildItem -Path Cert:\LocalMachine\My | 
                Where-Object { $_.Thumbprint -eq $script:Config.CertificateThumbprint }

            if ($Certificate) {
                Write-Verbose "Using certificate authentication for Azure Key Vault access"
                Connect-AzAccount -ApplicationId $script:Config.ApplicationId `
                    -CertificateThumbprint $Certificate.Thumbprint `
                    -Tenant $script:Config.PartnerTenantId `
                    -SubscriptionName $script:Config.SubscriptionName | Out-Null
            }
            else {
                Write-Verbose "Using interactive authentication for Azure Key Vault access"
                Connect-AzAccount -Tenant $script:Config.PartnerTenantId `
                    -SubscriptionName $script:Config.SubscriptionName | Out-Null
            }
        }
        catch {
            Write-ModuleLog -Message "Failed to connect to Azure" -Level Error -Component 'AzureConnection' -ErrorRecord $_
        }
    }

    try {
        # Retrieve secrets from Key Vault
        $ApplicationId = Get-AzKeyVaultSecret -VaultName $script:Config.CIPPKeyVaultName -Name "applicationid" -AsPlainText
        $ApplicationSecret = Get-AzKeyVaultSecret -VaultName $script:Config.CIPPKeyVaultName -Name "applicationsecret" -AsPlainText
        $RefreshToken = Get-AzKeyVaultSecret -VaultName $script:Config.CIPPKeyVaultName -Name "refreshtoken" -AsPlainText
        if(!$RefreshToken) {
            $RefreshToken = Get-AzKeyVaultSecret -VaultName $script:Config.CIPPKeyVaultName -Name "b6a41db1-6b1a-4833-9b69-f8e363090e45" -AsPlainText
        }
        
        return [PSCustomObject]@{
            ApplicationId = $ApplicationId
            ApplicationSecret = $ApplicationSecret
            RefreshToken = $RefreshToken
        }
    }
    catch {
        Write-ModuleLog -Message "Failed to retrieve credentials from Key Vault" -Level Error -Component 'CredentialRetrieval' -ErrorRecord $_
    }
}