Azure IaC: combining data and logic in Powershell programs

I often face situation where i need to put some data/ make some changes to different resources located in different subscriptions in Azure. This usually imply what some actions (logic) need to be performed on some resources (data).

There are several ways to achieve this:

MethodCan be treated as IaC (Infrastructure as Code)Separation
of Data and Logic
1. Manually using a portal (kitty dies when you do this 🙂nono
2. Create list of Az Cli or Powershell Az cmdlets with values filledyesno
3. Create Powershell script with all data in special datastructure and programm logic to put this data to cloudyesno
4. Create Powershell script which read data from data file (usually CSV or JSON format)yesyes
5. Use some template solution (Azure Arm templates, Bicep, Terraform etc)yesyes (in cases you don’t hardcode paramaters in template)
Azure IaC methods

In this article i would like to describe approach nr 3 – how to combine data and logic in Powershell. Usually, it competes with method nr 4 (have data in separate CSV file). Having data and logic separated usually is a most desired method. But it has some disadvantages – as it is a little bit difficult to program, a little bit difficult to debug, a little bit difficult to create data files…

So i found method of combining data and logic in Powershell optimal if i need to make several changes (up to 10..20).
As am example i presenting here a PoC script which put secret values to different Key Vaults in different subscriptions.

Data is held in Array of PSCustomObject objects with named properties. Logic is implemented with running Set-AzKeyVaultSecret in foreach loop. For maintaining archival of data you need to take template file with empty values, fill in the data and rename it to something like 2021.01.01_0100_AV_API_values2KeyVault.ps1. Run it and archieve it. Good practice would be to delete file with values after archieval 🙂

N.B. This script is supplied as PoC (Prove Of Concept) without any additional support or warranty. Use it on your own risk. I am not responsible for any possible problems or losses in case of using this information for any purpose.

This script use elements of reusable authentication described in one of the previous post

Leave a Reply

Your email address will not be published.