From 32e2f1c1297ab73cbf92e91bb577a3a575ecb528 Mon Sep 17 00:00:00 2001
From: Timothy Middelkoop <tmiddelkoop@internet2.edu>
Date: Thu, 2 Dec 2021 11:06:27 -0600
Subject: [PATCH] Grant az role to create resource groups

---
 scripts/azure-create.sh | 15 +++++++++++----
 scripts/azure-delete.sh |  7 +++++--
 2 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/scripts/azure-create.sh b/scripts/azure-create.sh
index 6c3693b..ecdf6c7 100755
--- a/scripts/azure-create.sh
+++ b/scripts/azure-create.sh
@@ -15,23 +15,29 @@ REPO="git@${GITHUB}:CLASS/${PROJECT}.git"
 
 echo "=== azure-create.sh $PROJECT $BRANCH"
 SUBSCRIPTION=$(az account show --query id -otsv)
-RESOURCE_GROUP=$VM
+RESOURCE_GROUP="rg-${VM}-dev"
 
 echo "+++ creating resource group $RESOURCE_GROUP $SUBSCRIPTION"
 az group create --resource-group $RESOURCE_GROUP --location $LOCATION
 
 echo "+++ creating VM $VM"
 # Ubuntu is "Canonical:0001-com-ubuntu-server-focal:20_04-lts:latest"
+# Debian is "Debian:debian-10:10:latest"
+# Resource Group scope "subscriptions/$SUBSCRIPTION/resourceGroups/$RESOURCE_GROUP"
 az vm create --resource-group $RESOURCE_GROUP --name $VM \
     --image Canonical:0001-com-ubuntu-server-focal:20_04-lts:latest \
-    --size Standard_D4_v4 \
+    --size Standard_D2_v4 \
     --storage-sku Standard_LRS \
     --public-ip-sku Standard \
     --assign-identity \
     --scope "subscriptions/$SUBSCRIPTION/resourceGroups/$RESOURCE_GROUP" \
     --admin-username $NAME
 
-IP=$(az vm show --name essentials --resource-group essentials -d --query publicIps -otsv)
+IP=$(az vm show --name $VM --resource-group $RESOURCE_GROUP -d --query publicIps -otsv)
+IDENTITY=$(az vm show --name $VM --resource-group $RESOURCE_GROUP --query identity.principalId -otsv)
+
+echo "+++ assign the VM the Contributor role to the subscription ($IDENTITY to $SUBSCRIPTION)"
+az role assignment create --assignee $IDENTITY  --scope /subscriptions/$SUBSCRIPTION --role Contributor
 
 echo "+++ wait for boot and cloud-init ${VM} ${IP}"
 ssh-keygen -R $IP
@@ -40,7 +46,8 @@ while ! ssh $NAME@$IP sudo cloud-init status --wait ; do
 done
 
 echo "+++ configuring VM"
-ssh -A $NAME@$VM <<EOF
+ssh -A $NAME@$IP <<EOF
+echo '--- connected to $NAME@IP'
 sudo apt-get update
 sudo apt-get install --yes azure-cli
 az login --identity
diff --git a/scripts/azure-delete.sh b/scripts/azure-delete.sh
index 2f2a0c5..a879f03 100755
--- a/scripts/azure-delete.sh
+++ b/scripts/azure-delete.sh
@@ -5,6 +5,9 @@
 # Static Config - update *.sh files
 VM=essentials
 
-RESOURCE_GROUP=$VM
+echo "=== azure-delete.sh $PROJECT $BRANCH"
+SUBSCRIPTION=$(az account show --query id -otsv)
+RESOURCE_GROUP="rg-${VM}-dev"
+
 az vm delete --resource-group $RESOURCE_GROUP --name $VM --yes
-#az group delete --resource-group $RESOURCE_GROUP --yes
+az group delete --resource-group $RESOURCE_GROUP --yes