search

microsoft / PowerBI-Tools-For-Capacities

Repo for tools and utilities related to Power BI Capacities (Premium and Embedded)
MIT License
149 stars 100 forks source link

Using Service Principal to run this scripts #14

Open chewCheelimdb opened 4 years ago

chewCheelimdb commented 4 years ago

Good Morning Greg, Currently the load scripts is using AAD to authenticate, can we change the script to use ServicePrincipal ? Or the LoadScript will not work with ServicePrincipal, period, it's just the way that it's setup ?

Just want to do a sanity check with you. Thanks!

furmangg commented 4 years ago

The PowerShell script which generates the token could be changed to use a service principal (post back if you have trouble finding the cmdlet switches to make that work) and I believe everything else would work. There are some limitations in what a service principal can do... off the top of my head it may not work against an old group workspace, only against a new style workspace. Please do reply with your experience so the community can benefit.

chewCheelimdb commented 4 years ago

Thanks Greg, Finally I got it to work. With multiple helps from diff folks.

there are a few changes need to happen.

1) setup service Principal ID & Secret in Azure. This is the video that I followed: https://www.youtube.com/watch?v=qvG1cjFsaI0 2) Change RealisticLoadTest.html file to use embed token instead, like so:

              `  //tokenType: models.TokenType.Aad,
                tokenType: models.TokenType.Embed,`

3) Change Setup_Load_Test.ps1 file to use ServicePrincipal

` $DeploymentPrincipalAppId = "enter your app ID here " $DeploymentPrincipalAppSecret = "enter your app secret here" $TenantId = "enter your tenant id here " $credentials = New-Object System.Management.Automation.PSCredential ($DeploymentPrincipalAppId, (convertto-securestring $DeploymentPrincipalAppSecret -asplaintext -force)) Connect-PowerBIServiceAccount -ServicePrincipal -Credential $credentials -Tenant $TenantId

#$user = Login-PowerBI
#$user

` 3) Change Setup_Load_Test.ps1 file where it leverages "GenerateToken" REST API instead of -GetPowerBIAccessToken, like so;

` function UpdateTokenFile {

$accessToken = Get-PowerBIAccessToken -AsString | % {$_.replace("Bearer ","").Trim()}

$headers = Get-PowerBIAccessToken
$wsp = Get-PowerBIWorkspace -Name 'your workspace'
$url = "https://api.powerbi.com/v1.0/myorg/groups/$($wsp.Id)/reports/$($reportId)/GenerateToken"
$Body = '{
          "accessLevel": "View",
          "allowSaveAs": "false"
        }'
$RESTRes = Invoke-RestMethod -Uri $url -Method Post -Headers $headers -Body $body

$accessToken =  $RESTRes.token
$tokenJSONFile = Get-Content $(Join-Path $workingDir 'PBIToken.JSON') -raw;
$new_TokenJSONFile = ($tokenJSONFile -replace $token_regex,$accessToken)
$new_TokenJSONFile
$destinationDir
$accessToken
$new_TokenJSONFile | set-content $(Join-Path $destinationDir 'PBIToken.JSON')

} `

Rest API ref: [https://docs.microsoft.com/en-us/rest/api/power-bi/embedtoken/reports_generatetokeningroup]

Hope this is helpful.