Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Modules] Updated & aligned role assignment implementation #1765

Merged
merged 6 commits into from
Aug 11, 2022

Conversation

AlexanderSehr
Copy link
Contributor

@AlexanderSehr AlexanderSehr commented Aug 8, 2022

Description

  • Update roleAssignments to API version '2022-04-01'
  • Added the parameters/properties available in that version
  • Small alignments

Pipeline references

For module/pipeline changes, please create and attach the status badge of your successful run.

Pipeline
Service Fabric: Clusters

Type of Change

Please delete options that are not relevant.

  • Bugfix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Update to documentation

@AlexanderSehr AlexanderSehr requested a review from a team as a code owner August 8, 2022 18:57
@AlexanderSehr AlexanderSehr self-assigned this Aug 8, 2022
@AlexanderSehr AlexanderSehr added enhancement New feature or request [cat] modules category: modules labels Aug 8, 2022
@github-actions
Copy link

github-actions bot commented Aug 8, 2022

Unit Test Results

  1 files  ±  0    1 suites  ±0   11s ⏱️ -46s
42 tests  - 41  41 ✔️  - 41  1 💤 ±0  0 ±0 
42 runs   - 46  41 ✔️  - 46  1 💤 ±0  0 ±0 

Results for commit b7507dd. ± Comparison against base commit 5042c3d.

This pull request removes 83 and adds 42 tests. Note that renamed tests count towards both.
/home/runner/work/ResourceModules/ResourceModules/utilities/pipelines/staticValidation/module.tests.ps1 ‑ API version tests [All apiVersions in the template should be 'recent'].In [Microsoft.Compute/virtualMachines/extensions] used resource type [virtualMachines/extensions] should use one of the recent API version(s). Currently using [2021-07-01]
/home/runner/work/ResourceModules/ResourceModules/utilities/pipelines/staticValidation/module.tests.ps1 ‑ API version tests [All apiVersions in the template should be 'recent'].In [Microsoft.Compute/virtualMachines] used resource type [configurationProfileAssignments] should use one of the recent API version(s). Currently using [2021-04-30-preview]
/home/runner/work/ResourceModules/ResourceModules/utilities/pipelines/staticValidation/module.tests.ps1 ‑ API version tests [All apiVersions in the template should be 'recent'].In [Microsoft.Compute/virtualMachines] used resource type [diagnosticsettings] should use one of the recent API version(s). Currently using [2021-05-01-preview]
/home/runner/work/ResourceModules/ResourceModules/utilities/pipelines/staticValidation/module.tests.ps1 ‑ API version tests [All apiVersions in the template should be 'recent'].In [Microsoft.Compute/virtualMachines] used resource type [locks] should use one of the recent API version(s). Currently using [2017-04-01]
/home/runner/work/ResourceModules/ResourceModules/utilities/pipelines/staticValidation/module.tests.ps1 ‑ API version tests [All apiVersions in the template should be 'recent'].In [Microsoft.Compute/virtualMachines] used resource type [networkInterfaces] should use one of the recent API version(s). Currently using [2021-08-01]
/home/runner/work/ResourceModules/ResourceModules/utilities/pipelines/staticValidation/module.tests.ps1 ‑ API version tests [All apiVersions in the template should be 'recent'].In [Microsoft.Compute/virtualMachines] used resource type [publicIPAddresses] should use one of the recent API version(s). Currently using [2021-08-01]
/home/runner/work/ResourceModules/ResourceModules/utilities/pipelines/staticValidation/module.tests.ps1 ‑ API version tests [All apiVersions in the template should be 'recent'].In [Microsoft.Compute/virtualMachines] used resource type [roleassignments] should use one of the recent API version(s). Currently using [2020-10-01-preview]
/home/runner/work/ResourceModules/ResourceModules/utilities/pipelines/staticValidation/module.tests.ps1 ‑ API version tests [All apiVersions in the template should be 'recent'].In [Microsoft.Compute/virtualMachines] used resource type [vaults/backupFabrics/protectionContainers/protectedItems] should use one of the recent API version(s). Currently using [2022-02-01]
/home/runner/work/ResourceModules/ResourceModules/utilities/pipelines/staticValidation/module.tests.ps1 ‑ API version tests [All apiVersions in the template should be 'recent'].In [Microsoft.Compute/virtualMachines] used resource type [virtualMachines/extensions] should use one of the recent API version(s). Currently using [2021-07-01]
/home/runner/work/ResourceModules/ResourceModules/utilities/pipelines/staticValidation/module.tests.ps1 ‑ API version tests [All apiVersions in the template should be 'recent'].In [Microsoft.Compute/virtualMachines] used resource type [virtualMachines] should use one of the recent API version(s). Currently using [2021-07-01]
…
/home/runner/work/ResourceModules/ResourceModules/utilities/pipelines/staticValidation/module.tests.ps1 ‑ API version tests [All apiVersions in the template should be 'recent'].In [Microsoft.Network/applicationSecurityGroups] used resource type [applicationSecurityGroups] should use one of the recent API version(s). Currently using [2021-08-01]
/home/runner/work/ResourceModules/ResourceModules/utilities/pipelines/staticValidation/module.tests.ps1 ‑ API version tests [All apiVersions in the template should be 'recent'].In [Microsoft.Network/applicationSecurityGroups] used resource type [locks] should use one of the recent API version(s). Currently using [2017-04-01]
/home/runner/work/ResourceModules/ResourceModules/utilities/pipelines/staticValidation/module.tests.ps1 ‑ API version tests [All apiVersions in the template should be 'recent'].In [Microsoft.Network/applicationSecurityGroups] used resource type [roleassignments] should use one of the recent API version(s). Currently using [2022-04-01]
/home/runner/work/ResourceModules/ResourceModules/utilities/pipelines/staticValidation/module.tests.ps1 ‑ Deployment template tests.Deployment template tests.[Microsoft.Network/applicationSecurityGroups] All apiVersion properties should be set to a static, hard-coded value
/home/runner/work/ResourceModules/ResourceModules/utilities/pipelines/staticValidation/module.tests.ps1 ‑ Deployment template tests.Deployment template tests.[Microsoft.Network/applicationSecurityGroups] All non-required parameters in template file should not have description that start with "Required."
/home/runner/work/ResourceModules/ResourceModules/utilities/pipelines/staticValidation/module.tests.ps1 ‑ Deployment template tests.Deployment template tests.[Microsoft.Network/applicationSecurityGroups] All parameters in parameters files exist in template file (deploy.json)
/home/runner/work/ResourceModules/ResourceModules/utilities/pipelines/staticValidation/module.tests.ps1 ‑ Deployment template tests.Deployment template tests.[Microsoft.Network/applicationSecurityGroups] All required parameters in template file (deploy.json) should exist in parameters files
/home/runner/work/ResourceModules/ResourceModules/utilities/pipelines/staticValidation/module.tests.ps1 ‑ Deployment template tests.Deployment template tests.[Microsoft.Network/applicationSecurityGroups] CUA ID deployment should be present in the template
/home/runner/work/ResourceModules/ResourceModules/utilities/pipelines/staticValidation/module.tests.ps1 ‑ Deployment template tests.Deployment template tests.[Microsoft.Network/applicationSecurityGroups] Conditional parameters' description should contain 'Required if' followed by the condition making the parameter required.
/home/runner/work/ResourceModules/ResourceModules/utilities/pipelines/staticValidation/module.tests.ps1 ‑ Deployment template tests.Deployment template tests.[Microsoft.Network/applicationSecurityGroups] If delete lock is implemented, the template should have a lock parameter with the default value of ['']
…
This pull request removes 1 skipped test and adds 1 skipped test. Note that renamed tests count towards both.
/home/runner/work/ResourceModules/ResourceModules/utilities/pipelines/staticValidation/module.tests.ps1 ‑ Deployment template tests.Deployment template tests.[Microsoft.Compute/virtualMachines/extensions] Variable names should be camel-cased (no dashes or underscores and must start with lower-case letter)
/home/runner/work/ResourceModules/ResourceModules/utilities/pipelines/staticValidation/module.tests.ps1 ‑ Deployment template tests.Deployment template tests.[Microsoft.Network/applicationSecurityGroups] Variable names should be camel-cased (no dashes or underscores and must start with lower-case letter)

♻️ This comment has been updated with latest results.

@AlexanderSehr AlexanderSehr enabled auto-merge (squash) August 8, 2022 19:05
rahalan
rahalan previously approved these changes Aug 10, 2022
@ahmadabdalla
Copy link
Contributor

ahmadabdalla commented Aug 11, 2022

Hey @MrMCake . I ran the dep. pipeline against the branch, and I got an error related to role assignments:

  VERBOSE: 00:19:25 - Checking deployment status in 5 seconds
  VERBOSE: 00:19:41 - Checking deployment status in 5 seconds
  VERBOSE: 00:19:57 - Checking deployment status in 5 seconds
  VERBOSE: Deployment output: {}
  Exception: /home/runner/work/_temp/ab8a18ad-ec9c-4967-ba4a-57a0aa022e6c.ps1:55
  Line |
    55 |    throw $res.exception
       |    ~~~~~~~~~~~~~~~~~~~~
       | 00:20:11 - The deployment
       | 'StoreVhdToStorage-20220810T2308074108Z' failed with error(s).
       | Showing 2 out of 2 error(s). Status Message: The template
       | output 'resourceId' is not valid: Unable to evaluate template
       | language function 'subscriptionResourceId': function requires
       | exactly one multi-segmented argument which must be resource
       | type including resource provider namespace. Current function
       | arguments
       | '/subscriptions/***,Microsoft.Authorization/roleAssignments,07cbc5be-c3b1-521c-8663-404ee6c60de7'. Please see https://aka.ms/arm-template-expressions/#subscriptionresourceid for usage details.. (Code:DeploymentOutputEvaluationFailed)  Status Message: Unable to evaluate template outputs: 'resourceId'. Please see error details and deployment operations. Please see https://aka.ms/arm-debug for usage details. (Code: DeploymentOutputEvaluationFailed)  - The template output 'resourceId' is not valid: Unable to evaluate template language function 'subscriptionResourceId': function requires exactly one multi-segmented argument which must be resource type including resource provider namespace. Current function arguments '/subscriptions/***,Microsoft.Authorization/roleAssignments,07cbc5be-c3b1-521c-8663-404ee6c60de7'. Please see https://aka.ms/arm-template-expressions/#subscriptionresourceid for usage details.. (Code:DeploymentOutputEvaluationFailed)   CorrelationId: c1b62108-fba7-4dbc-ad2f-75a5b97c2fa7

Not sure if it is related to this change, but wanted to call this out. Can we look into it

EDIT: So I looked at the 'dependencies' pipeline history, and seems to be some work @eriqua which can be related to the error above. As I also see this problem happening when I am testing for the PR i need to merge. Do you think its best we wait for that to be resolved before we merge this change?

EDIT2: Upon investigation: The issue happens here in the 'constructs\StoreVhdToStorage\deploy.bicep'.. We are passing the subscriptionId to the role assignments subscriptionId parameter incorrectly.

module roleAssignment '../../../../../modules/Microsoft.Authorization/roleAssignments/subscription/deploy.bicep' = {
  name: '${uniqueString(deployment().name)}-roleAssignment'
  params: {
    roleDefinitionIdOrName: 'Contributor'
    principalId: 'userMsi.outputs.principalId'
    subscriptionId: subscription().id
  }
}

We should be passing in subscription().subscriptionId instead, or simply don't pass it as it is already a default parameter for that value.

@AlexanderSehr AlexanderSehr merged commit a4b07fe into main Aug 11, 2022
@AlexanderSehr AlexanderSehr deleted the users/alsehr/1744_sf branch August 11, 2022 11:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
[cat] modules category: modules enhancement New feature or request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[Bug Report]: Microsoft.ServiceFabric clusters pipeline failing due to outdated API version
3 participants