Tag-SAPSystemASCSInstanceWindows

0.0.3

Tag-SAPSystemASCSInstanceWindows.ps1

                                <#PSScriptInfo

.DESCRIPTION Azure Automation runbook script to tag an standalone SAP ASCS Instance Windows VM.

.VERSION 0.0.3

.GUID 76dea460-0e86-4a91-b2d0-9aa3a5092c00

.AUTHOR Goran Condric

.COMPANYNAME Microsoft

.COPYRIGHT (c) 2020 Microsoft . All rights reserved.

.TAGS Azure Automation SAP ASCS Windows Instance Tag Standalone Runbook

.LICENSEURI

.PROJECTURI

.ICONURI

.EXTERNALMODULEDEPENDENCIES SAPAzurePowerShellModules

.REQUIREDSCRIPTS

.EXTERNALSCRIPTDEPENDENCIES

.RELEASENOTES

0.0.1: - Add initial version

0.0.2: - Add dedpendencies to SAPAzurePowerShellModules module

0.0.3: - Support for using a system-assigned managed identity for an Azure Automation account, and multiple Azure subscriptions

#>

#Requires -Module SAPAzurePowerShellModules

Param(

[Parameter(Mandatory=$True)]

[ValidateNotNullOrEmpty()] 

[string] $ResourceGroupName,

[Parameter(Mandatory=$True)]

[ValidateNotNullOrEmpty()] 

[string] $VMName,

[Parameter(Mandatory=$True, HelpMessage="SAP System <SID>. 3 characters , starts with letter.")] 

[ValidateLength(3,3)]

[string] $SAPSID,

[Parameter(Mandatory=$True, HelpMessage="SAP ASCS Instance Number")]

[ValidateLength(1, 2)]

[string] $SAPASCSInstanceNumber,

[Parameter(Mandatory=$True)]

[ValidateNotNullOrEmpty()] 

[string] $PathToSAPControl,

[Parameter(Mandatory=$True)]

[ValidateNotNullOrEmpty()] 

[string] $SAPsidadmUserPassword,

[Parameter(Mandatory=$True)]

[ValidateNotNullOrEmpty()] 

[string] $AutomationAccountResourceGroupName,

[Parameter(Mandatory=$True)]

[ValidateNotNullOrEmpty()] 

[string] $AutomationAccountName,

[Parameter(Mandatory=$false, HelpMessage="Subscription ID. If null, the current subscription of automation account is used instead.")] 

[ValidateLength(36,36)]

[string] $SubscriptionId

)

Write-WithTime "Make sure to enable appropriate RBAC permissions to the system identity of this automation account. Otherwise, the runbook may fail."

Write-Output ""

Write-Output "You can enable system identity on the Azure automation account:"

Write-Output "1. Go to: Azure automation acccount -> Identity -> System asigned -> Status -> <On>"

Write-Output "2. Go to: Azure automation acccount -> Identity -> System asigned -> Permissions -> Azure role assignments -> Add role assignment ->"

Write-Output "Scope: 'Subscription'"

Write-Output "Subscription: <Chose your Subscription>"

Write-Output "Role: 'Owner'"

Write-Output ""

Write-Output "More info on: https://docs.microsoft.com/en-us/azure/automation/enable-managed-identity-for-automation#assign-role-to-a-system-assigned-managed-identity "

Write-Output ""

# Connect to Azure with Automation Account system-assigned managed identity

Write-WithTime " Connecting to Azure with Automation Account system-assigned managed identity ...."

Write-Output ""

# Ensures you do not inherit an AzContext in your runbook

Disable-AzContextAutosave -Scope Process | out-null

try {

    # Connect to Azure with system-assigned managed identity

    $AzureContext = (Connect-AzAccount -Identity).context

}

catch{

    Write-Error "There is no system-assigned user identity. Aborting."; 

    Write-Error  $_.Exception.Message

    exit

}

if ($SubscriptionId){

    Write-Output "Using specified Subscription ID '$SubscriptionId'."

    $SubscriptionId = $SubscriptionId.trim()

    Select-AzSubscription -SubscriptionId $SubscriptionId -ErrorVariable -notPresent  -ErrorAction SilentlyContinue -Tenant $AzureContext.Tenant

}

# set and store context

$AzureContext = Set-AzContext -SubscriptionName $AzureContext.Subscription -DefaultProfile $AzureContext

$ResourceGroupName                  = $ResourceGroupName.Trim()

$VMName                             = $VMName.Trim()

$SAPSID                             = $SAPSID.Trim()

$SAPASCSInstanceNumber              = $SAPASCSInstanceNumber.Trim()

$PathToSAPControl                   = $PathToSAPControl.Trim()

$SAPsidadmUserPassword              = $SAPsidadmUserPassword.Trim()

$AutomationAccountResourceGroupName = $AutomationAccountResourceGroupName.Trim()

$AutomationAccountName              = $AutomationAccountName.Trim()

# Check if resource group exists. If $False exit

Confirm-AzResoureceGroupExist -ResourceGroupName $ResourceGroupName 

# Check if VM. If $False exit

Confirm-AzVMExist -ResourceGroupName $ResourceGroupName -VMName $VMName

# Check if resource group exists. If $False exit

Confirm-AzResoureceGroupExist -ResourceGroupName $AutomationAccountResourceGroupName 

# Tag Windows DVEBMGS VM

New-AzSAPSystemASCSWindowsTags -ResourceGroupName $ResourceGroupName -VMName $VMName -SAPSID $SAPSID -SAPApplicationInstanceNumber $SAPASCSInstanceNumber -SAPsidadmUserPassword $SAPsidadmUserPassword -PathToSAPControl  $PathToSAPControl -AutomationAccountResourceGroupName $AutomationAccountResourceGroupName -AutomationAccountName $AutomationAccountName

Write-WithTime "Tagging of VM '$VMName' in resource group '$ResourceGroupName' with tags: SAPSID='$SAPSID' ; SAPApplicationInstanceNumber='$SAPDialogInstanceNumber' ; SAPApplicationInstanceType='SAP_ASCS' ; PathToSAPControl=$PathToSAPControl done."