Tag-SAPSystemASCSInstanceWindows.ps1

<#PSScriptInfo

.DESCRIPTION Azure Automation runbook script to tag an standalone SAP ASCS Instance Windows VM.

.VERSION 0.0.3

.GUID 76dea460-0e86-4a91-b2d0-9aa3a5092c00

.AUTHOR Goran Condric

.COMPANYNAME Microsoft

.COPYRIGHT (c) 2020 Microsoft . All rights reserved.

.TAGS Azure Automation SAP ASCS Windows Instance Tag Standalone Runbook

.LICENSEURI

.PROJECTURI

.ICONURI

.EXTERNALMODULEDEPENDENCIES SAPAzurePowerShellModules

.REQUIREDSCRIPTS

.EXTERNALSCRIPTDEPENDENCIES

.RELEASENOTES
0.0.1: - Add initial version
0.0.2: - Add dedpendencies to SAPAzurePowerShellModules module
0.0.3: - Support for using a system-assigned managed identity for an Azure Automation account, and multiple Azure subscriptions

#>


#Requires -Module SAPAzurePowerShellModules

Param(
    
[Parameter(Mandatory=$True)]
[ValidateNotNullOrEmpty()] 
[string] $ResourceGroupName,

[Parameter(Mandatory=$True)]
[ValidateNotNullOrEmpty()] 
[string] $VMName,

[Parameter(Mandatory=$True, HelpMessage="SAP System <SID>. 3 characters , starts with letter.")] 
[ValidateLength(3,3)]
[string] $SAPSID,

[Parameter(Mandatory=$True, HelpMessage="SAP ASCS Instance Number")]
[ValidateLength(1, 2)]
[string] $SAPASCSInstanceNumber,

[Parameter(Mandatory=$True)]
[ValidateNotNullOrEmpty()] 
[string] $PathToSAPControl,

[Parameter(Mandatory=$True)]
[ValidateNotNullOrEmpty()] 
[string] $SAPsidadmUserPassword,

[Parameter(Mandatory=$True)]
[ValidateNotNullOrEmpty()] 
[string] $AutomationAccountResourceGroupName,

[Parameter(Mandatory=$True)]
[ValidateNotNullOrEmpty()] 
[string] $AutomationAccountName,

[Parameter(Mandatory=$false, HelpMessage="Subscription ID. If null, the current subscription of automation account is used instead.")] 
[ValidateLength(36,36)]
[string] $SubscriptionId

)

Write-WithTime "Make sure to enable appropriate RBAC permissions to the system identity of this automation account. Otherwise, the runbook may fail."

Write-Output ""
Write-Output "You can enable system identity on the Azure automation account:"
Write-Output "1. Go to: Azure automation acccount -> Identity -> System asigned -> Status -> <On>"
Write-Output "2. Go to: Azure automation acccount -> Identity -> System asigned -> Permissions -> Azure role assignments -> Add role assignment ->"
Write-Output "Scope: 'Subscription'"
Write-Output "Subscription: <Chose your Subscription>"
Write-Output "Role: 'Owner'"
Write-Output ""
Write-Output "More info on: https://docs.microsoft.com/en-us/azure/automation/enable-managed-identity-for-automation#assign-role-to-a-system-assigned-managed-identity "
Write-Output ""

# Connect to Azure with Automation Account system-assigned managed identity
Write-WithTime " Connecting to Azure with Automation Account system-assigned managed identity ...."
Write-Output ""

# Ensures you do not inherit an AzContext in your runbook
Disable-AzContextAutosave -Scope Process | out-null

try {
    # Connect to Azure with system-assigned managed identity
    $AzureContext = (Connect-AzAccount -Identity).context
}
catch{
    Write-Error "There is no system-assigned user identity. Aborting."; 
    Write-Error  $_.Exception.Message
    exit
}

if ($SubscriptionId){
    Write-Output "Using specified Subscription ID '$SubscriptionId'."
    $SubscriptionId = $SubscriptionId.trim()
    Select-AzSubscription -SubscriptionId $SubscriptionId -ErrorVariable -notPresent  -ErrorAction SilentlyContinue -Tenant $AzureContext.Tenant
}

# set and store context
$AzureContext = Set-AzContext -SubscriptionName $AzureContext.Subscription -DefaultProfile $AzureContext


$ResourceGroupName                  = $ResourceGroupName.Trim()
$VMName                             = $VMName.Trim()
$SAPSID                             = $SAPSID.Trim()
$SAPASCSInstanceNumber              = $SAPASCSInstanceNumber.Trim()
$PathToSAPControl                   = $PathToSAPControl.Trim()
$SAPsidadmUserPassword              = $SAPsidadmUserPassword.Trim()
$AutomationAccountResourceGroupName = $AutomationAccountResourceGroupName.Trim()
$AutomationAccountName              = $AutomationAccountName.Trim()

# Check if resource group exists. If $False exit
Confirm-AzResoureceGroupExist -ResourceGroupName $ResourceGroupName 

# Check if VM. If $False exit
Confirm-AzVMExist -ResourceGroupName $ResourceGroupName -VMName $VMName

# Check if resource group exists. If $False exit
Confirm-AzResoureceGroupExist -ResourceGroupName $AutomationAccountResourceGroupName 

# Tag Windows DVEBMGS VM
New-AzSAPSystemASCSWindowsTags -ResourceGroupName $ResourceGroupName -VMName $VMName -SAPSID $SAPSID -SAPApplicationInstanceNumber $SAPASCSInstanceNumber -SAPsidadmUserPassword $SAPsidadmUserPassword -PathToSAPControl  $PathToSAPControl -AutomationAccountResourceGroupName $AutomationAccountResourceGroupName -AutomationAccountName $AutomationAccountName

Write-WithTime "Tagging of VM '$VMName' in resource group '$ResourceGroupName' with tags: SAPSID='$SAPSID' ; SAPApplicationInstanceNumber='$SAPDialogInstanceNumber' ; SAPApplicationInstanceType='SAP_ASCS' ; PathToSAPControl=$PathToSAPControl done."