Scripts/Set-AzIntegrationAccountCertificates.ps1
Param( [Parameter(Mandatory = $true)][string] $ResourceGroupName = $(throw "Resource group name is required"), [Parameter(Mandatory = $true)][string] $Name = $(throw "Name of the Integration Account is required"), [Parameter(Mandatory = $true)][string] $CertificateType = $(throw "Certificate type is required, this can be either 'Public' or 'Private'"), [parameter(Mandatory = $false)][string] $CertificateFilePath = $(if ($CertificatesFolder -eq '') { throw "Either the file path of a specific certificate or the file path of a folder containing multiple certificates is required, e.g.: -CertificateFilePath 'C:\Certificates\certificate.cer' or -CertificatesFolder 'C:\Certificates'" }), [parameter(Mandatory = $false)][string] $CertificatesFolder = $(if ($CertificateFilePath -eq '') { throw "Either the file path of a specific certificate or the file path of a folder containing multiple certificates is required, e.g.: -CertificateFilePath 'C:\Certificates\certificate.cer' or -CertificatesFolder 'C:\Certificates'" }), [Parameter(Mandatory = $false)][string] $KeyName = $(if ($CertificateType -eq 'Private') { throw "If the CertificateType is set to 'Private', the KeyName must be supplied" }), [Parameter(Mandatory = $false)][string] $KeyVersion = $(if ($CertificateType -eq 'Private') { throw "If the CertificateType is set to 'Private', the KeyVersion must be supplied" }), [Parameter(Mandatory = $false)][string] $KeyVaultId = $(if ($CertificateType -eq 'Private') { throw "If the CertificateType is set to 'Private', the KeyVaultId must be supplied" }), [Parameter(Mandatory = $false)][string] $ArtifactsPrefix = '' ) if ($CertificateFilePath -ne '' -and $CertificatesFolder -ne '') { throw "Either the file path of a specific certificate or the file path of a folder containing multiple certificates is required, e.g.: -CertificateFilePath 'C:\Certificates\certificate.cer' or -CertificatesFolder 'C:\Certificates'" } if ($CertificateType -ne 'Public' -and $CertificateType -ne 'Private') { throw "The CertificateType should be either 'Public' or 'Private'" } if ($CertificateType -eq 'Private' -and $CertificatesFolder -ne '' -and $CertificateFilePath -eq '') { throw "Using the CertificatesFolder parameter in combination with Private certificates is not possible, since this would upload multiple certificates using the same Key in Azure KeyVault" } function UploadCertificate { param ( [Parameter(Mandatory = $true)][System.IO.FileInfo] $Certificate ) $certificateName = $Certificate.BaseName if ($ArtifactsPrefix -ne '') { $certificateName = $ArtifactsPrefix + $certificateName } Write-Host "Uploading certificate '$certificateName' into the Azure Integration Account '$Name'..." $existingCertificate = $null try { Write-Verbose "Checking if the certificate '$certificateName' already exists in the Azure Integration Account '$Name'..." $existingCertificate = Get-AzIntegrationAccountCertificate -ResourceGroupName $ResourceGroupName -IntegrationAccount $Name -CertificateName $certificateName -ErrorAction Stop } catch { if ($_.Exception.Message.Contains('could not be found')) { Write-Warning "No certificate '$certificateName' could not be found in Azure Integration Account '$Name'" } else { throw $_.Exception } } try { if ($existingCertificate -eq $null) { Write-Verbose "Creating certificate '$certificateName' in Azure Integration Account '$Name'..." if ($CertificateType -eq 'Public') { $createdCertificate = New-AzIntegrationAccountCertificate -ResourceGroupName $ResourceGroupName -IntegrationAccount $Name -CertificateName $certificateName -PublicCertificateFilePath $Certificate.FullName -ErrorAction Stop } else { $createdCertificate = New-AzIntegrationAccountCertificate -ResourceGroupName $ResourceGroupName -IntegrationAccount $Name -CertificateName $certificateName -PublicCertificateFilePath $Certificate.FullName -KeyName $KeyName -KeyVersion $KeyVersion -KeyVaultId $KeyVaultId -ErrorAction Stop } Write-Debug ($createdCertificate | Format-List -Force | Out-String) } else { Write-Verbose "Updating certificate '$certificateName' in Azure Integration Account '$Name'..." if ($CertificateType -eq 'Public') { $updatedCertificate = Set-AzIntegrationAccountCertificate -ResourceGroupName $ResourceGroupName -IntegrationAccount $Name -CertificateName $certificateName -PublicCertificateFilePath $Certificate.FullName -Force -ErrorAction Stop } else { $updatedCertificate = Set-AzIntegrationAccountCertificate -ResourceGroupName $ResourceGroupName -IntegrationAccount $Name -CertificateName $certificateName -PublicCertificateFilePath $Certificate.FullName -KeyName $KeyName -KeyVersion $KeyVersion -KeyVaultId $KeyVaultId -Force -ErrorAction Stop } Write-Debug ($updatedCertificate | Format-List -Force | Out-String) } Write-Host "Certificate '$certificateName' has been uploaded into the Azure Integration Account '$Name'" -ForegroundColor Green } catch { Write-Error "Failed to upload certificate '$certificateName' in Azure Integration Account '$Name': '$($_.Exception.Message)'" } } $integrationAccount = Get-AzIntegrationAccount -ResourceGroupName $ResourceGroupName -Name $Name -ErrorAction SilentlyContinue if ($integrationAccount -eq $null) { Write-Error "Unable to find the Azure Integration Account with name '$Name' in resource group '$ResourceGroupName'" } else { if ($CertificatesFolder -ne '' -and $CertificateFilePath -eq '') { foreach ($certificate in Get-ChildItem($CertificatesFolder) -File) { UploadCertificate -Certificate $certificate } } elseif ($CertificatesFolder -eq '' -and $CertificateFilePath -ne '') { [System.IO.FileInfo]$certificate = New-Object System.IO.FileInfo($CertificateFilePath) UploadCertificate -Certificate $certificate } } |