diff --git a/Makefile b/Makefile index bd444a3a2a..6a5b63f0c6 100644 --- a/Makefile +++ b/Makefile @@ -344,7 +344,7 @@ setup-local-debugging: auth: $(call target_title,"Setting up Azure Active Directory") \ && . ${MAKEFILE_DIR}/devops/scripts/check_dependencies.sh nodocker,env \ - && . ${MAKEFILE_DIR}/devops/scripts/create_aad_assets.sh + && ${MAKEFILE_DIR}/devops/scripts/create_aad_assets.sh show-core-output: $(call target_title,"Display TRE core output") \ diff --git a/devops/scripts/aad/create_api_application.sh b/devops/scripts/aad/create_api_application.sh index c7405f6e7c..e89c1fc2c8 100755 --- a/devops/scripts/aad/create_api_application.sh +++ b/devops/scripts/aad/create_api_application.sh @@ -356,7 +356,7 @@ fi echo "API_CLIENT_ID=\"${appId}\"" echo "API_CLIENT_SECRET=\"${spPassword}\"" echo "SWAGGER_UI_CLIENT_ID=\"${uxAppId}\"" -} >> "$DIR"/../../auth.env +} >> "devops/auth.env" if [[ $grantAdminConsent -eq 0 ]]; then echo -e "\e[96mNOTE: Make sure the API permissions of the app registrations have admin consent granted." diff --git a/devops/scripts/aad/create_application_administrator.sh b/devops/scripts/aad/create_application_administrator.sh index 36c8f41b54..508bff8a6f 100755 --- a/devops/scripts/aad/create_application_administrator.sh +++ b/devops/scripts/aad/create_application_administrator.sh @@ -156,8 +156,8 @@ if [[ $grantAdminConsent -eq 1 ]]; then grant_admin_consent "${spId}" "$msGraphObjectId" "${applicationPermissionId}" fi -echo "APPLICATION_ADMIN_CLIENT_ID=\"${appId}\"" > "$DIR"/../../auth.env -echo "APPLICATION_ADMIN_CLIENT_SECRET=\"${spPassword}\"" >> "$DIR"/../../auth.env +echo "APPLICATION_ADMIN_CLIENT_ID=\"${appId}\"" > "devops/auth.env" +echo "APPLICATION_ADMIN_CLIENT_SECRET=\"${spPassword}\"" >> "devops/auth.env" if [[ $grantAdminConsent -eq 0 ]]; then echo "NOTE: Make sure the API permissions of the app registrations have admin consent granted." diff --git a/devops/scripts/aad/create_automation_administrator.sh b/devops/scripts/aad/create_automation_administrator.sh index bc0d4b83e8..447c410ade 100755 --- a/devops/scripts/aad/create_automation_administrator.sh +++ b/devops/scripts/aad/create_automation_administrator.sh @@ -120,4 +120,4 @@ spPassword=$(create_or_update_service_principal "${appId}" "${resetPassword}") { echo "TEST_ACCOUNT_CLIENT_ID=\"${appId}\"" echo "TEST_ACCOUNT_CLIENT_SECRET=\"${spPassword}\"" -} >> "$DIR"/../../auth.env +} >> "devops/auth.env" diff --git a/devops/scripts/aad/get_existing_app.sh b/devops/scripts/aad/get_existing_app.sh index 8e3cc1f827..5ff6d63dd4 100755 --- a/devops/scripts/aad/get_existing_app.sh +++ b/devops/scripts/aad/get_existing_app.sh @@ -1,7 +1,6 @@ #!/bin/bash -set -euo pipefail -# Use this for debug only -# set -o xtrace + +# This script is designed to be `source`d to create reusable helper functions function show_existing_app_usage() { diff --git a/devops/scripts/aad/get_msgraph_access.sh b/devops/scripts/aad/get_msgraph_access.sh index 9569a84250..be351a23c3 100755 --- a/devops/scripts/aad/get_msgraph_access.sh +++ b/devops/scripts/aad/get_msgraph_access.sh @@ -1,7 +1,6 @@ #!/bin/bash -set -euo pipefail -# Use this for debug only -# set -o xtrace + +# This script is designed to be `source`d to create reusable helper functions # Magic string for MSGraph msGraphAppId="00000003-0000-0000-c000-000000000000" diff --git a/devops/scripts/aad/grant_admin_consent.sh b/devops/scripts/aad/grant_admin_consent.sh index fe851c59b5..aa32d51172 100755 --- a/devops/scripts/aad/grant_admin_consent.sh +++ b/devops/scripts/aad/grant_admin_consent.sh @@ -1,7 +1,6 @@ #!/bin/bash -set -euo pipefail -# Use this for debug only -# set -o xtrace + +# This script is designed to be `source`d to create reusable helper functions # Grants admin consent for the given app permission. # diff --git a/devops/scripts/aad/update_resource_access.sh b/devops/scripts/aad/update_resource_access.sh index e4d5159944..e0db1a3685 100755 --- a/devops/scripts/aad/update_resource_access.sh +++ b/devops/scripts/aad/update_resource_access.sh @@ -1,7 +1,6 @@ #!/bin/bash -set -euo pipefail -# Use this for debug only -# set -o xtrace + +# This script is designed to be `source`d to create reusable helper functions # Utility function that retrieves all of the 'requiredResourceAccess' from an application, # it then removes any access for a given `resourceAppId`, merges in a new element into the diff --git a/devops/scripts/aad/wait_for_new_app_registration.sh b/devops/scripts/aad/wait_for_new_app_registration.sh index ed8f28844e..8a2a0eaea2 100755 --- a/devops/scripts/aad/wait_for_new_app_registration.sh +++ b/devops/scripts/aad/wait_for_new_app_registration.sh @@ -1,7 +1,6 @@ #!/bin/bash -set -euo pipefail -# Use this for debug only -# set -o xtrace + +# This script is designed to be `source`d to create reusable helper functions # Notes: Before Az CLI 2.37 this would return a json document with .objectId; that is now .id diff --git a/devops/scripts/aad/wait_for_new_service_principal.sh b/devops/scripts/aad/wait_for_new_service_principal.sh index 1b518291a2..7f988cbf13 100755 --- a/devops/scripts/aad/wait_for_new_service_principal.sh +++ b/devops/scripts/aad/wait_for_new_service_principal.sh @@ -1,7 +1,6 @@ #!/bin/bash -set -euo pipefail -# Use this for debug only -# set -o xtrace + +# This script is designed to be `source`d to create reusable helper functions # This script polls looking for an app registration with the given ID. # If after the number of retries no app registration is found, the function exits. diff --git a/devops/scripts/build_deploy_ui.sh b/devops/scripts/build_deploy_ui.sh index c0914f8851..ff389834c8 100755 --- a/devops/scripts/build_deploy_ui.sh +++ b/devops/scripts/build_deploy_ui.sh @@ -3,7 +3,10 @@ set -o errexit set -o pipefail set -o nounset -pushd ./ui/app +# Get the directory that this script is in +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" + +pushd "$DIR/../../ui/app" # replace the values in the config file jq --arg rootClientId "${SWAGGER_UI_CLIENT_ID}" \ @@ -18,4 +21,4 @@ yarn build popd -DIR=./ui/app/build ./devops/scripts/upload_static_web.sh +CONTENT_DIR="$DIR/../../ui/app/build" "$DIR/upload_static_web.sh" diff --git a/devops/scripts/check_dependencies.sh b/devops/scripts/check_dependencies.sh index e66f0a7251..94ee1ee1f3 100755 --- a/devops/scripts/check_dependencies.sh +++ b/devops/scripts/check_dependencies.sh @@ -24,15 +24,15 @@ if [[ "${1:-?}" == *"auth"* ]]; then if [ -z "${USE_ENV_VARS_NOT_FILES:-}" ]; then # We only do this for local builds echo -e "\n\e[96mChecking for Auth setup\e[0m..." - if [ ! -f "$DIR"/../auth.env ]; then + if [ ! -f "devops/auth.env" ]; then echo -e "\e[31m»»» ⚠️ Auth has not been setup! 😥 Please run make auth" exit 1 fi set -a # shellcheck disable=SC1091 - . "$DIR/load_env.sh" "$DIR/../auth.env" + . "$DIR/load_env.sh" "devops/auth.env" # shellcheck disable=SC1091 - . "$DIR/load_terraform_env.sh" "$DIR/../auth.env" + . "$DIR/load_terraform_env.sh" "devops/auth.env" fi fi @@ -40,22 +40,22 @@ if [[ "${1:-?}" == *"env"* ]]; then if [ -z "${USE_ENV_VARS_NOT_FILES:-}" ]; then # We only do this for local builds echo -e "\n\e[96mLoading local environment variables\e[0m..." - if [ ! -f "$DIR"/../.env ]; then + if [ ! -f "devops/.env" ]; then echo -e "\e[31m»»» ⚠️ Your devops environment has not been setup! 😥 Please create a ./devops/.env file." exit 1 fi - if [ ! -f "$DIR"/../../templates/core/.env ]; then + if [ ! -f "templates/core/.env" ]; then echo -e "\e[31m»»» ⚠️ Your template environment has not been setup! 😥 Please create a ./templates/core/.env file." exit 1 fi # shellcheck disable=SC1091 - . "$DIR/load_env.sh" "$DIR/../.env" + . "$DIR/load_env.sh" "devops/.env" # shellcheck disable=SC1091 - . "$DIR/load_terraform_env.sh" "$DIR/../.env" + . "$DIR/load_terraform_env.sh" "devops/.env" # shellcheck disable=SC1091 - . "$DIR/load_env.sh" "$DIR/../../templates/core/.env" + . "$DIR/load_env.sh" "templates/core/.env" # shellcheck disable=SC1091 - . "$DIR/load_terraform_env.sh" "$DIR/../../templates/core/.env" + . "$DIR/load_terraform_env.sh" "templates/core/.env" fi fi diff --git a/devops/scripts/create_aad_assets.sh b/devops/scripts/create_aad_assets.sh index c0309589f7..a7ba55f375 100755 --- a/devops/scripts/create_aad_assets.sh +++ b/devops/scripts/create_aad_assets.sh @@ -5,6 +5,9 @@ set -euo pipefail : "${AAD_TENANT_ID?'You have not set your AAD_TENANT_ID in ./templates/core/.env'}" +# Get the directory that this script is in +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" + CHANGED_TENANT=0 LOGGED_IN_TENANT_ID=$(az account show --query tenantId -o tsv) @@ -27,14 +30,14 @@ if [ "${AUTO_WORKSPACE_APP_REGISTRATION:-}" == true ]; then fi # Create the identity that is able to administer other applications -./devops/scripts/aad/create_application_administrator.sh \ +"$DIR/aad/create_application_administrator.sh" \ --name "${TRE_ID}" \ --admin-consent \ --application-permission "${APPLICATION_PERMISSION}" \ --reset-password $RESET_PASSWORDS # Create the identity that is able to automate the testing -./devops/scripts/aad/create_automation_administrator.sh \ +"$DIR/aad/create_automation_administrator.sh" \ --name "${TRE_ID}" \ --reset-password $RESET_PASSWORDS @@ -47,7 +50,7 @@ set -a . ./devops/auth.env # Then register an App for the TRE Core. -./devops/scripts/aad/create_api_application.sh \ +"$DIR/aad/create_api_application.sh" \ --name "${TRE_ID}" \ --tre-url "https://${TRE_ID}.${LOCATION}.cloudapp.azure.com" \ --admin-consent --automation-clientid "${TEST_ACCOUNT_CLIENT_ID}" \ @@ -62,7 +65,7 @@ if [ "${AUTO_WORKSPACE_APP_REGISTRATION:=false}" == false ]; then # shellcheck disable=SC1091 . ./devops/auth.env - ./devops/scripts/aad/create_workspace_application.sh \ + "$DIR/aad/create_workspace_application.sh" \ --name "${TRE_ID} - workspace 1" \ --admin-consent \ --ux-clientid "${SWAGGER_UI_CLIENT_ID}" \ diff --git a/devops/scripts/upload_static_web.sh b/devops/scripts/upload_static_web.sh index 64feaf6515..6d0803f826 100755 --- a/devops/scripts/upload_static_web.sh +++ b/devops/scripts/upload_static_web.sh @@ -23,14 +23,14 @@ echo "Waiting for network rule to take effect" sleep 30s echo "Created network rule on storage account" -echo "Uploading ${DIR} to static web storage" +echo "Uploading ${CONTENT_DIR} to static web storage" # shellcheck disable=SC2016 az storage blob upload-batch \ --account-name "${STORAGE_ACCOUNT}" \ --auth-mode login \ --destination '$web' \ - --source "${DIR}" \ + --source "${CONTENT_DIR}" \ --no-progress \ --only-show-errors \ --overwrite diff --git a/devops/terraform/bootstrap.sh b/devops/terraform/bootstrap.sh index 0e3b4f2f34..ed66734ad5 100755 --- a/devops/terraform/bootstrap.sh +++ b/devops/terraform/bootstrap.sh @@ -3,17 +3,20 @@ set -e # Baseline Azure resources echo -e "\n\e[34m»»» 🤖 \e[96mCreating resource group and storage account\e[0m..." -az group create --resource-group $TF_VAR_mgmt_resource_group_name --location $LOCATION -o table -az storage account create --resource-group $TF_VAR_mgmt_resource_group_name \ ---name $TF_VAR_mgmt_storage_account_name --location $LOCATION \ +# shellcheck disable=SC2154 +az group create --resource-group "$TF_VAR_mgmt_resource_group_name" --location "$LOCATION" -o table +# shellcheck disable=SC2154 +az storage account create --resource-group "$TF_VAR_mgmt_resource_group_name" \ +--name "$TF_VAR_mgmt_storage_account_name" --location "$LOCATION" \ --kind StorageV2 --sku Standard_LRS -o table # Blob container -SA_KEY=$(az storage account keys list --account-name $TF_VAR_mgmt_storage_account_name --resource-group $TF_VAR_mgmt_resource_group_name --query "[0].value" -o tsv) -az storage container create --account-name $TF_VAR_mgmt_storage_account_name --name $TF_VAR_terraform_state_container_name --account-key $SA_KEY -o table +SA_KEY=$(az storage account keys list --account-name "$TF_VAR_mgmt_storage_account_name" --resource-group "$TF_VAR_mgmt_resource_group_name" --query "[0].value" -o tsv) +# shellcheck disable=SC2154 +az storage container create --account-name "$TF_VAR_mgmt_storage_account_name" --name "$TF_VAR_terraform_state_container_name" --account-key "$SA_KEY" -o table # logs container -az storage container create --account-name $TF_VAR_mgmt_storage_account_name --name "tflogs" --account-key $SA_KEY -o table +az storage container create --account-name "$TF_VAR_mgmt_storage_account_name" --name "tflogs" --account-key "$SA_KEY" -o table cat > bootstrap_backend.tf < /dev/null; then + echo "/subscriptions/$ARM_SUBSCRIPTION_ID/resourceGroups/$TF_VAR_mgmt_resource_group_name" terraform import azurerm_resource_group.mgmt "/subscriptions/$ARM_SUBSCRIPTION_ID/resourceGroups/$TF_VAR_mgmt_resource_group_name" fi