From bd0ae7b60bda9171c800ebc7ca92742cb6785cae Mon Sep 17 00:00:00 2001 From: jolov Date: Wed, 24 Jan 2024 08:59:57 -0800 Subject: [PATCH 1/6] Support creating resources with user auth --- .../TestResources/New-TestResources.ps1 | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/eng/common/TestResources/New-TestResources.ps1 b/eng/common/TestResources/New-TestResources.ps1 index 0c63c29d7..0db2dfee7 100644 --- a/eng/common/TestResources/New-TestResources.ps1 +++ b/eng/common/TestResources/New-TestResources.ps1 @@ -92,6 +92,9 @@ param ( [Parameter()] [switch] $SuppressVsoCommands = ($null -eq $env:SYSTEM_TEAMPROJECTID), + [Parameter()] + [switch] $UseUserCredentials, + # Captures any arguments not declared here (no parameter errors) # This enables backwards compatibility with old script versions in # hotfix branches if and when the dynamic subscription configuration @@ -611,8 +614,14 @@ try { } } + + if ($UseUserCredentials) { + $TestApplicationOid = (Get-AzADUser -UserPrincipalName (Get-AzContext).Account).Id + $TestApplicationId = $testApplicationOid + Log "User-based app id '$TestApplicationId' will be used." + } # If no test application ID was specified during an interactive session, create a new service principal. - if (!$CI -and !$TestApplicationId) { + elseif (!$CI -and !$TestApplicationId) { # Cache the created service principal in this session for frequent reuse. $servicePrincipal = if ($AzureTestPrincipal -and (Get-AzADServicePrincipal -ApplicationId $AzureTestPrincipal.AppId) -and $AzureTestSubscription -eq $SubscriptionId) { Log "TestApplicationId was not specified; loading cached service principal '$($AzureTestPrincipal.AppId)'" @@ -1001,6 +1010,14 @@ The environment file will be named for the test resources template that it was generated for. For ARM templates, it will be test-resources.json.env. For Bicep templates, test-resources.bicep.env. +.PARAMETER UseUserCredentials +Create the resource group and deploy the template using the signed in user's credentials. +No service principal will be created or used. + +The environment file will be named for the test resources template that it was +generated for. For ARM templates, it will be test-resources.json.env. For +Bicep templates, test-resources.bicep.env. + .PARAMETER SuppressVsoCommands By default, the -CI parameter will print out secrets to logs with Azure Pipelines log commands that cause them to be redacted. For CI environments that don't support this (like From 880267b0e7aa04a1e978bb2c9e4e7007d44a541e Mon Sep 17 00:00:00 2001 From: jolov Date: Wed, 24 Jan 2024 09:27:01 -0800 Subject: [PATCH 2/6] Log warning if TestApplicationId is set --- eng/common/TestResources/New-TestResources.ps1 | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/eng/common/TestResources/New-TestResources.ps1 b/eng/common/TestResources/New-TestResources.ps1 index 0db2dfee7..caa4c8fb9 100644 --- a/eng/common/TestResources/New-TestResources.ps1 +++ b/eng/common/TestResources/New-TestResources.ps1 @@ -614,8 +614,11 @@ try { } } - if ($UseUserCredentials) { + if ($TestApplicationId){ + Write-Warning "The specified TestApplicationId '$TestApplicationId' will be ignored when UseUserCredentials is set." + } + $TestApplicationOid = (Get-AzADUser -UserPrincipalName (Get-AzContext).Account).Id $TestApplicationId = $testApplicationOid Log "User-based app id '$TestApplicationId' will be used." From 12383f44504366fedbe6dcdad3087cc71534842e Mon Sep 17 00:00:00 2001 From: jolov Date: Wed, 24 Jan 2024 09:30:27 -0800 Subject: [PATCH 3/6] missing space --- eng/common/TestResources/New-TestResources.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eng/common/TestResources/New-TestResources.ps1 b/eng/common/TestResources/New-TestResources.ps1 index caa4c8fb9..bf822e8b8 100644 --- a/eng/common/TestResources/New-TestResources.ps1 +++ b/eng/common/TestResources/New-TestResources.ps1 @@ -615,7 +615,7 @@ try { } if ($UseUserCredentials) { - if ($TestApplicationId){ + if ($TestApplicationId) { Write-Warning "The specified TestApplicationId '$TestApplicationId' will be ignored when UseUserCredentials is set." } From 36549a7af8ab80a0a70ff0e1656f189b9270a721 Mon Sep 17 00:00:00 2001 From: jolov Date: Wed, 24 Jan 2024 10:38:06 -0800 Subject: [PATCH 4/6] regenerate md file --- .../TestResources/New-TestResources.ps1.md | 133 ++++++++++++++++-- 1 file changed, 121 insertions(+), 12 deletions(-) diff --git a/eng/common/TestResources/New-TestResources.ps1.md b/eng/common/TestResources/New-TestResources.ps1.md index a18e2e5b8..cb1f7c1ac 100644 --- a/eng/common/TestResources/New-TestResources.ps1.md +++ b/eng/common/TestResources/New-TestResources.ps1.md @@ -15,21 +15,25 @@ Deploys live test resources defined for a service directory to Azure. ### Default (Default) ``` New-TestResources.ps1 [-BaseName ] [-ResourceGroupName ] [-ServiceDirectory] - [-TestApplicationId ] [-TestApplicationSecret ] [-TestApplicationOid ] - [-SubscriptionId ] [-DeleteAfterHours ] [-Location ] [-Environment ] - [-ArmTemplateParameters ] [-AdditionalParameters ] [-EnvironmentVariables ] - [-CI] [-Force] [-OutFile] [-SuppressVsoCommands] [-WhatIf] [-Confirm] [] + [-TestResourcesDirectory ] [-TestApplicationId ] [-TestApplicationSecret ] + [-TestApplicationOid ] [-SubscriptionId ] [-DeleteAfterHours ] [-Location ] + [-Environment ] [-ResourceType ] [-ArmTemplateParameters ] + [-AdditionalParameters ] [-EnvironmentVariables ] [-CI] [-Force] [-OutFile] + [-SuppressVsoCommands] [-UseUserCredentials] [-NewTestResourcesRemainingArguments ] + [-ProgressAction ] [-WhatIf] [-Confirm] [] ``` ### Provisioner ``` New-TestResources.ps1 [-BaseName ] [-ResourceGroupName ] [-ServiceDirectory] - [-TestApplicationId ] [-TestApplicationSecret ] [-TestApplicationOid ] - -TenantId [-SubscriptionId ] -ProvisionerApplicationId + [-TestResourcesDirectory ] [-TestApplicationId ] [-TestApplicationSecret ] + [-TestApplicationOid ] -TenantId [-SubscriptionId ] + -ProvisionerApplicationId [-ProvisionerApplicationOid ] -ProvisionerApplicationSecret [-DeleteAfterHours ] [-Location ] - [-Environment ] [-ArmTemplateParameters ] [-AdditionalParameters ] - [-EnvironmentVariables ] [-CI] [-Force] [-OutFile] [-SuppressVsoCommands] [-WhatIf] [-Confirm] - [] + [-Environment ] [-ResourceType ] [-ArmTemplateParameters ] + [-AdditionalParameters ] [-EnvironmentVariables ] [-CI] [-Force] [-OutFile] + [-SuppressVsoCommands] [-UseUserCredentials] [-NewTestResourcesRemainingArguments ] + [-ProgressAction ] [-WhatIf] [-Confirm] [] ``` ## DESCRIPTION @@ -206,8 +210,10 @@ Accept wildcard characters: False A directory under 'sdk' in the repository root - optionally with subdirectories specified - in which to discover ARM templates named 'test-resources.json' and Bicep templates named 'test-resources.bicep'. -This can also be an absolute path +This can be an absolute path or specify parent directories. +ServiceDirectory is also used for resource and +environment variable naming. ```yaml Type: String @@ -221,6 +227,24 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -TestResourcesDirectory +An override directory in which to discover ARM templates named 'test-resources.json' and +Bicep templates named 'test-resources.bicep'. +This can be an absolute path +or specify parent directories. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -TestApplicationId Optional Azure Active Directory Application ID to authenticate the test runner against deployed resources. @@ -376,6 +400,21 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -ProvisionerApplicationOid +{{ Fill ProvisionerApplicationOid Description }} + +```yaml +Type: String +Parameter Sets: Provisioner +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -ProvisionerApplicationSecret A service principal secret (password) used to provision test resources when a provisioner is specified. @@ -456,6 +495,21 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -ResourceType +{{ Fill ResourceType Description }} + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: Test +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -ArmTemplateParameters Optional key-value pairs of parameters to pass to the ARM template(s). @@ -560,7 +614,7 @@ Accept wildcard characters: False ### -SuppressVsoCommands By default, the -CI parameter will print out secrets to logs with Azure Pipelines log commands that cause them to be redacted. -For CI environments that don't support this (like +For CI environments that don't support this (like stress test clusters), this flag can be set to $false to avoid printing out these secrets to the logs. ```yaml @@ -575,6 +629,46 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -UseUserCredentials +Create the resource group and deploy the template using the signed in user's credentials. +No service principal will be created or used. + +The environment file will be named for the test resources template that it was +generated for. +For ARM templates, it will be test-resources.json.env. +For +Bicep templates, test-resources.bicep.env. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NewTestResourcesRemainingArguments +Captures any arguments not declared here (no parameter errors) +This enables backwards compatibility with old script versions in +hotfix branches if and when the dynamic subscription configuration +secrets get updated to add new parameters. + +```yaml +Type: Object +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -WhatIf Shows what would happen if the cmdlet runs. The cmdlet is not run. @@ -606,8 +700,23 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -ProgressAction +{{ Fill ProgressAction Description }} + +```yaml +Type: ActionPreference +Parameter Sets: (All) +Aliases: proga + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS From ddfebb2e75685471defa9687daa67554915ba7da Mon Sep 17 00:00:00 2001 From: jolov Date: Wed, 24 Jan 2024 14:07:17 -0800 Subject: [PATCH 5/6] Rename --- eng/common/TestResources/New-TestResources.ps1 | 8 ++++---- eng/common/TestResources/New-TestResources.ps1.md | 6 +++--- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/eng/common/TestResources/New-TestResources.ps1 b/eng/common/TestResources/New-TestResources.ps1 index bf822e8b8..0f997fd1e 100644 --- a/eng/common/TestResources/New-TestResources.ps1 +++ b/eng/common/TestResources/New-TestResources.ps1 @@ -93,7 +93,7 @@ param ( [switch] $SuppressVsoCommands = ($null -eq $env:SYSTEM_TEAMPROJECTID), [Parameter()] - [switch] $UseUserCredentials, + [switch] $UserAuth, # Captures any arguments not declared here (no parameter errors) # This enables backwards compatibility with old script versions in @@ -614,9 +614,9 @@ try { } } - if ($UseUserCredentials) { + if ($UserAuth) { if ($TestApplicationId) { - Write-Warning "The specified TestApplicationId '$TestApplicationId' will be ignored when UseUserCredentials is set." + Write-Warning "The specified TestApplicationId '$TestApplicationId' will be ignored when UserAuth is set." } $TestApplicationOid = (Get-AzADUser -UserPrincipalName (Get-AzContext).Account).Id @@ -1013,7 +1013,7 @@ The environment file will be named for the test resources template that it was generated for. For ARM templates, it will be test-resources.json.env. For Bicep templates, test-resources.bicep.env. -.PARAMETER UseUserCredentials +.PARAMETER UserAuth Create the resource group and deploy the template using the signed in user's credentials. No service principal will be created or used. diff --git a/eng/common/TestResources/New-TestResources.ps1.md b/eng/common/TestResources/New-TestResources.ps1.md index cb1f7c1ac..9cb6756d2 100644 --- a/eng/common/TestResources/New-TestResources.ps1.md +++ b/eng/common/TestResources/New-TestResources.ps1.md @@ -19,7 +19,7 @@ New-TestResources.ps1 [-BaseName ] [-ResourceGroupName ] [-Servi [-TestApplicationOid ] [-SubscriptionId ] [-DeleteAfterHours ] [-Location ] [-Environment ] [-ResourceType ] [-ArmTemplateParameters ] [-AdditionalParameters ] [-EnvironmentVariables ] [-CI] [-Force] [-OutFile] - [-SuppressVsoCommands] [-UseUserCredentials] [-NewTestResourcesRemainingArguments ] + [-SuppressVsoCommands] [-UserAuth] [-NewTestResourcesRemainingArguments ] [-ProgressAction ] [-WhatIf] [-Confirm] [] ``` @@ -32,7 +32,7 @@ New-TestResources.ps1 [-BaseName ] [-ResourceGroupName ] [-Servi -ProvisionerApplicationSecret [-DeleteAfterHours ] [-Location ] [-Environment ] [-ResourceType ] [-ArmTemplateParameters ] [-AdditionalParameters ] [-EnvironmentVariables ] [-CI] [-Force] [-OutFile] - [-SuppressVsoCommands] [-UseUserCredentials] [-NewTestResourcesRemainingArguments ] + [-SuppressVsoCommands] [-UserAuth] [-NewTestResourcesRemainingArguments ] [-ProgressAction ] [-WhatIf] [-Confirm] [] ``` @@ -629,7 +629,7 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -UseUserCredentials +### -UserAuth Create the resource group and deploy the template using the signed in user's credentials. No service principal will be created or used. From 405f4db9d806fe1ad9772fee6a56b429a63c31e8 Mon Sep 17 00:00:00 2001 From: jolov Date: Wed, 24 Jan 2024 14:52:39 -0800 Subject: [PATCH 6/6] Update link --- eng/common/TestResources/New-TestResources.ps1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eng/common/TestResources/New-TestResources.ps1.md b/eng/common/TestResources/New-TestResources.ps1.md index 9cb6756d2..b09ba04df 100644 --- a/eng/common/TestResources/New-TestResources.ps1.md +++ b/eng/common/TestResources/New-TestResources.ps1.md @@ -716,7 +716,7 @@ Accept wildcard characters: False ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS