Introduction
In the realm of cloud computing, the management of users and subscriptions is a fundamental task that can quickly become a bottleneck in operational efficiency. Clicking through interfaces to create each user and subscription individually is not only tedious but also prone to errors.
Fortunately, there's a better way: automation. By harnessing the power of scripting, we can streamline this process, making it both clickless and error-free. In this brief guide, we'll explore how to achieve this using a combination of Bicep and PowerShell.
By creating a single Bicep file and accompanying PowerShell script, we can automate the creation of multiple users and subscriptions effortlessly.
Prerequisites
- An Azure account
- The latest Azure Powershell
- The Bicep extension
Scripts
main.bicep
The bicep file to create user and subscription.
@description('Name of Api Management')
param apimName string
@description('Name of the product')
param apimProductId string
@description('Array of users to create')
param users array
// Resource to add users to API Management
resource apimUser 'Microsoft.ApiManagement/service/users@2019-12-01' = [
for user in users: {
name: '${apimName}/${user}'
properties: {
firstName: '${user}'
lastName: '${user}'
email: '${user}@mail.be'
password: 'myUserPassword'
state: 'active'
}
}
]
// Resource to add subscriptions to API Management
resource apimSubscription 'Microsoft.ApiManagement/service/subscriptions@2019-12-01' = [
for user in users: {
name: '${apimName}/ProductAPIService'
properties: {
displayName: 'Product API Service'
state: 'active'
scope: '/products/${apimProductId}'
allowTracing: false
ownerId: '/users/${user}'
}
dependsOn: [
apimUser
]
}
]
// Output the name of the API Management instance
output addInApiName string = apimName
// Output the ID of the product in API Management
output addInProduct string = apimProductId
// Output the subscription keys for the created users
output souscriptionKey array = [for i in range(0, length(users)): {
user: last(split(apimSubscription[i].properties.ownerId, '/'))
key: apimSubscription[i].listSecrets().primaryKey
}]
main.dev.bicepparam
The bicepparam to configure the apimName
, apimProductId
and users
.
using 'main.bicep'
param apimName = 'myApimName'
param apimProductId = 'myProductID'
param users = [
'user1'
'user2'
]
createUsersAndSubscriptions.ps1
The powershell to launch the bicep file and returns the credential in text file.
param(
# Azure APIM Environment to deploy
[string]$env
)
$date = Get-Date -Format "dd/MM/yyyy"
$logFolderPath = Join-Path -Path $PSScriptRoot -ChildPath "$env\logs"
$credentialsFolderPath = Join-Path -Path $PSScriptRoot -ChildPath "$env\$date\credentials"
# Function to create a directory if it doesn't exist
function Ensure-DirectoryExists {
param (
[string]$path
)
if (!(Test-Path -Path $path)) {
New-Item -ItemType Directory -Path $path | Out-Null
Write-Host "New folder $path created successfully!" -ForegroundColor Green
} else {
Write-Host "Folder $path already exists!"
}
}
# Ensure necessary directories exist
Ensure-DirectoryExists -path $logFolderPath
Ensure-DirectoryExists -path $credentialsFolderPath
# Function to format validation output
function Format-ValidationOutput {
param (
$ValidationOutput,
[int]$Depth = 0
)
Set-StrictMode -Off
$ValidationOutput | Where-Object { $_ -ne $null } | ForEach-Object {
@(' ' * $Depth + ': ' + $_.Message) + @(Format-ValidationOutput -ValidationOutput $_.Details -Depth ($Depth + 1))
}
}
# Function to return full environment name
function Return-FullEnvironmentName {
param (
[string]$environment
)
switch ($environment) {
'dev' { 'Development' }
'acc' { 'Acceptance' }
'prd' { 'Production' }
default { 'Unknown' }
}
}
# Test Deployment
$ErrorMessages = Format-ValidationOutput (Test-AzResourceGroupDeployment -Verbose -ResourceGroupName "apim-$env-rg" -TemplateFile "main.bicep" -TemplateParameterFile "main.$env.bicepparam")
if ($ErrorMessages) {
$errorMessage = 'Validation returned the following errors:' + [System.Environment]::NewLine + ($ErrorMessages -join [System.Environment]::NewLine) + [System.Environment]::NewLine + 'Template is invalid.'
Write-Host $errorMessage
Write-Output $errorMessage >> "$logFolderPath/logs.txt"
} else {
Write-Host "Start users and subscriptions creation on $env environment"
$deploymentResult = New-AzResourceGroupDeployment `
-Name "apiUserAndSubscriptionDeployment" `
-Verbose `
-ResourceGroupName "apim-$env-rg" `
-TemplateFile "main.bicep" `
-TemplateParameterFile "main.$env.bicepparam"
$deploymentResult | Out-File -FilePath "$logFolderPath/logs.txt" -Append
$apimName = $deploymentResult.Outputs.addInApiName.Value
Add-Content -Path "$credentialsFolderPath/credentials.txt" -Value "Api Management : $apimName"
$environmentFullName = Return-FullEnvironmentName -environment $env
Add-Content -Path "$credentialsFolderPath/credentials.txt" -Value "Environment : $environmentFullName"
$productName = $deploymentResult.Outputs.addInProduct.Value
Add-Content -Path "$credentialsFolderPath/credentials.txt" -Value "Product : $productName"
$subscriptionKeys = $deploymentResult.Outputs.subscriptionKey[0].Value | Select-Object
Add-Content -Path "$credentialsFolderPath/credentials.txt" -Value "Subscriptions : $subscriptionKeys"
}
After creating those files, you can launch this command :
createUsersAndSubscriptions.ps1 -env dev
Clean up the resources
You can clean up your resource using this command :
Remove-AzResourceGroup -Name "apiUserAndSubscriptionDeploypment"
Go further
If you want to automate the creation you can add it to a pipeline following this link :
https://learn.microsoft.com/en-us/training/modules/build-first-bicep-deployment-pipeline-using-azure-pipelines/
Thank for reading
If you have any questions, feedback, or suggestions, please feel free to leave them in the comments below. I'm eager to hear from you and respond to your thoughts!
Top comments (0)