cbrand/ps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
c34cead304
ps/Modules/Alkami.PowerShell.Configuration/Public/Get-AppServiceAccountName.ps1
jcolebrand c34cead304 First full commit
2023-05-30 22:51:22 -07:00

108 lines
4.3 KiB
PowerShell
Raw Blame History

function Get-AppServiceAccountName {
<#
.SYNOPSIS
This function gets the domain qualified gMSA name
.DESCRIPTION
This function gets the domain qualified gMSA service account name.
This function can throw an error if the service name doesn't match the predefined list.
This will return an empty string if the UserPrefix environment variable isn't set.
This will return an empty string if there is no domain on the current machine.
If an empty string is returned, the expectation is that this will be installed local-machine-style (a-la SDK environments).
.PARAMETER ServiceName
[string] A known service name, such as BankService
.INPUTS
Requires the ServiceName to be passed in
.OUTPUTS
Will return the domain-app-specific username, an empty string (if the domain/userprefix aren't set, such as an SDK install), or throws an error when mixed conditions are found.
.EXAMPLE
Get-AppServiceAccountName
This will throw an error for no account name passed in
.EXAMPLE
Get-AppServiceAccountName -ServiceName RandomNonsense
This will throw an error for a bad service name.
Get-AppServiceAccountName -ServiceName RandomNonsense
WARNING: Could not find a matching entry in the lookup matrix for [RandomNonsense]
Could not find a matching entry in the lookup matrix for [RandomNonsense]
At line:X char:13
+ throw $message
+ ~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (Could not find ...RandomNonsense]:String) [], RuntimeException
+ FullyQualifiedErrorId : Could not find a matching entry in the lookup matrix for [RandomNonsense]
.EXAMPLE
Get-AppServiceAccountName -ServiceName BankService
Get-AppServiceAccountName -ServiceName BankService
corp\dev.bank$
#>
[CmdletBinding()]
[OutputType([System.String])]
param(
[Parameter(Mandatory = $true)]
[string]$ServiceName
)
process {
$logLead = (Get-LogLeadName)
$domain = (((Get-CimInstance Win32_ComputerSystem).Domain) -split '\.')[0]
if ([string]::IsNullOrWhiteSpace($domain)) {
Write-Warning "$logLead : Could not find the local machine domain name. Are you joined to a domain?"
Write-Verbose "$logLead : Assuming the user is on an SDK machine (not connected to a domain, can't use gMSA. Returning empty-string."
return ""
}
$LookupMatrix = @{
'AuditService' = 'audit';
'BankService' = 'bank';
'ContentService' = 'content';
'CoreService' = 'core';
'ExceptionService' = 'exception';
'MessageCenterService' = 'msgctr';
'NagConfigurationService' = 'nag';
'NotificationService' = 'notify';
'RP-STS' = 'rpsts';
'SchedulerService' = 'schedule';
'SecurityManagementService' = 'secmgr';
'STSConfiguration' = 'stsconf';
'SymConnectMultiplexer' = 'multiplx';
'Alkami Radium Scheduler Service' = 'radium';
'Alkami Nag Service' = 'nag';
}
$matrixValue = $LookupMatrix[$ServiceName]
if ([string]::IsNullOrWhiteSpace($matrixValue)) {
$message = "$logLead : Could not find a matching entry in the lookup matrix for [$ServiceName]"
Write-Warning $message
}
$userPrefix = (Get-AppSetting -appSettingKey "Environment.UserPrefix")
## This is so we can use this as ($env:userdnsdomain)\(Get-AppSetting "Environment.UserPrefix").$MatrixLookup[appName]$
if ([string]::IsNullOrEmpty($userPrefix) -or [string]::IsNullOrEmpty($matrixValue)) {
if (Test-IsAppServer) {
## If we don't have a configured value then let's just run everything as the dbms user
## This is non-ideal of course, but we haven't got the infrastructure yet to fix it
## TODO: @dsage - Where do we get the user prefix for (ex: corp\dev.bank$ so we need dev) from?
return (Get-AppSetting -appSettingKey "DatabaseMicroServiceAccount")
}
Write-Verbose "$logLead : No user prefix (ex: dev, qa, prod) found on this machine. We can't build the user string from here. Defaulting to empty string so that we use local machine configuration. (see SDK users)"
return ""
}
return "$domain\$userPrefix.$matrixValue`$"
}
}
Reference in New Issue View Git Blame Copy Permalink