RealmJoin.RunbookHelper

0.8.0-rc2

Connection.ps1

                                function getAutomationConnectionOrFromLocalCertificate([string] $AutomationConnectionName) {

    if ($RjRbRunningInAzure) {

        Write-RjRbLog "Getting automation connection '$AutomationConnectionName'"

        return Get-AutomationConnection -Name $AutomationConnectionName

    }

    else {

        return devGetAutomationConnectionFromLocalCertificate -Name $AutomationConnectionName

    }

}

function checkIfManagedIdentityShouldBeUsed([string] $serviceNameStub, [bool] $default) {

    $tryManagedIdentity = $default

    if ($RjRbRunningInAzure) {

        $enforceManagedIdentityValue = Get-AutomationVariable "RJRB_ENFORCE_MANAGED_IDENTITY" -EA 0

        $enforceManagedIdentityServiceValue = Get-AutomationVariable "RJRB_ENFORCE_MANAGED_IDENTITY_${serviceNameStub}" -EA 0

        $ignoreManagedIdentityValue = Get-AutomationVariable "RJRB_IGNORE_MANAGED_IDENTITY" -EA 0

        $ignoreManagedIdentityServiceValue = Get-AutomationVariable "RJRB_IGNORE_MANAGED_IDENTITY_${serviceNameStub}" -EA 0

        Write-RjRbDebug -Data @{ 

            enforceManagedIdentityValue        = $enforceManagedIdentityValue

            enforceManagedIdentityServiceValue = $enforceManagedIdentityServiceValue

            ignoreManagedIdentityValue         = $ignoreManagedIdentityValue

            ignoreManagedIdentityServiceValue  = $ignoreManagedIdentityServiceValue

        }

        if ([bool][int]$enforceManagedIdentityValue -or [bool][int]$enforceManagedIdentityServiceValue) {

            $tryManagedIdentity = $true

        }

        elseif ([bool][int]$ignoreManagedIdentityValue -or [bool][int]$ignoreManagedIdentityServiceValue) {

            $tryManagedIdentity = $false

        }

    }

    if (-not $tryManagedIdentity) {

        Write-RjRbLog "Not trying to use Azure managed identity (service ${serviceNameStub})"

        return $false

    }

    try {

        Invoke-RestMethod -Headers @{ 'X-IDENTITY-HEADER' = "$env:IDENTITY_HEADER"; 'Metadata' = 'True' } `

            -Uri "$($env:IDENTITY_ENDPOINT)?resource=https://graph.microsoft.com/" -UseBasicParsing | Out-Null

        $managedIdentityAvailable = $true

    }

    catch {

        $managedIdentityAvailable = $false

    }

    Write-RjRbDebug -Data @{ managedIdentityAvailable = $managedIdentityAvailable }

    if ($managedIdentityAvailable) {

        Write-RjRbLog "Found Azure managed identity and using it (service ${serviceNameStub})"

    }

    else {

        Write-RjRbLog "Did not find Azure managed identity (service ${serviceNameStub})"

    }

    return $managedIdentityAvailable

}