From c1b215144d95d0b9172ba5e51df0b99f937c33c3 Mon Sep 17 00:00:00 2001 From: jolov Date: Wed, 24 Jan 2024 08:59:57 -0800 Subject: [PATCH 1/6] Support creating resources with user auth --- .../TestResources/New-TestResources.ps1 | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/eng/common/TestResources/New-TestResources.ps1 b/eng/common/TestResources/New-TestResources.ps1 index 0c63c29d7c..0db2dfee73 100644 --- a/eng/common/TestResources/New-TestResources.ps1 +++ b/eng/common/TestResources/New-TestResources.ps1 @@ -92,6 +92,9 @@ param ( [Parameter()] [switch] $SuppressVsoCommands = ($null -eq $env:SYSTEM_TEAMPROJECTID), + [Parameter()] + [switch] $UseUserCredentials, + # Captures any arguments not declared here (no parameter errors) # This enables backwards compatibility with old script versions in # hotfix branches if and when the dynamic subscription configuration @@ -611,8 +614,14 @@ try { } } + + if ($UseUserCredentials) { + $TestApplicationOid = (Get-AzADUser -UserPrincipalName (Get-AzContext).Account).Id + $TestApplicationId = $testApplicationOid + Log "User-based app id '$TestApplicationId' will be used." + } # If no test application ID was specified during an interactive session, create a new service principal. - if (!$CI -and !$TestApplicationId) { + elseif (!$CI -and !$TestApplicationId) { # Cache the created service principal in this session for frequent reuse. $servicePrincipal = if ($AzureTestPrincipal -and (Get-AzADServicePrincipal -ApplicationId $AzureTestPrincipal.AppId) -and $AzureTestSubscription -eq $SubscriptionId) { Log "TestApplicationId was not specified; loading cached service principal '$($AzureTestPrincipal.AppId)'" @@ -1001,6 +1010,14 @@ The environment file will be named for the test resources template that it was generated for. For ARM templates, it will be test-resources.json.env. For Bicep templates, test-resources.bicep.env. +.PARAMETER UseUserCredentials +Create the resource group and deploy the template using the signed in user's credentials. +No service principal will be created or used. + +The environment file will be named for the test resources template that it was +generated for. For ARM templates, it will be test-resources.json.env. For +Bicep templates, test-resources.bicep.env. + .PARAMETER SuppressVsoCommands By default, the -CI parameter will print out secrets to logs with Azure Pipelines log commands that cause them to be redacted. For CI environments that don't support this (like From e4711cdd2a645cb920f708f19ccf5bd1c1b0514a Mon Sep 17 00:00:00 2001 From: jolov Date: Wed, 24 Jan 2024 09:27:01 -0800 Subject: [PATCH 2/6] Log warning if TestApplicationId is set --- eng/common/TestResources/New-TestResources.ps1 | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/eng/common/TestResources/New-TestResources.ps1 b/eng/common/TestResources/New-TestResources.ps1 index 0db2dfee73..caa4c8fb98 100644 --- a/eng/common/TestResources/New-TestResources.ps1 +++ b/eng/common/TestResources/New-TestResources.ps1 @@ -614,8 +614,11 @@ try { } } - if ($UseUserCredentials) { + if ($TestApplicationId){ + Write-Warning "The specified TestApplicationId '$TestApplicationId' will be ignored when UseUserCredentials is set." + } + $TestApplicationOid = (Get-AzADUser -UserPrincipalName (Get-AzContext).Account).Id $TestApplicationId = $testApplicationOid Log "User-based app id '$TestApplicationId' will be used." From b09e6a63bfc6d79e17f7967181effeb1c7d45ce6 Mon Sep 17 00:00:00 2001 From: jolov Date: Wed, 24 Jan 2024 09:30:27 -0800 Subject: [PATCH 3/6] missing space --- eng/common/TestResources/New-TestResources.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eng/common/TestResources/New-TestResources.ps1 b/eng/common/TestResources/New-TestResources.ps1 index caa4c8fb98..bf822e8b8c 100644 --- a/eng/common/TestResources/New-TestResources.ps1 +++ b/eng/common/TestResources/New-TestResources.ps1 @@ -615,7 +615,7 @@ try { } if ($UseUserCredentials) { - if ($TestApplicationId){ + if ($TestApplicationId) { Write-Warning "The specified TestApplicationId '$TestApplicationId' will be ignored when UseUserCredentials is set." } From 730ef541d6c63ea53b91fd28b7ea1a6ebb0f154d Mon Sep 17 00:00:00 2001 From: jolov Date: Wed, 24 Jan 2024 10:38:06 -0800 Subject: [PATCH 4/6] regenerate md file --- .../TestResources/New-TestResources.ps1.md | 133 ++++++++++++++++-- 1 file changed, 121 insertions(+), 12 deletions(-) diff --git a/eng/common/TestResources/New-TestResources.ps1.md b/eng/common/TestResources/New-TestResources.ps1.md index a18e2e5b8d..cb1f7c1ac9 100644 --- a/eng/common/TestResources/New-TestResources.ps1.md +++ b/eng/common/TestResources/New-TestResources.ps1.md @@ -15,21 +15,25 @@ Deploys live test resources defined for a service directory to Azure. ### Default (Default) ``` New-TestResources.ps1 [-BaseName ] [-ResourceGroupName ] [-ServiceDirectory] - [-TestApplicationId ] [-TestApplicationSecret ] [-TestApplicationOid ] - [-SubscriptionId ] [-DeleteAfterHours ] [-Location ] [-Environment ] - [-ArmTemplateParameters ] [-AdditionalParameters ] [-EnvironmentVariables ] - [-CI] [-Force] [-OutFile] [-SuppressVsoCommands] [-WhatIf] [-Confirm] [] + [-TestResourcesDirectory ] [-TestApplicationId ] [-TestApplicationSecret ] + [-TestApplicationOid ] [-SubscriptionId ] [-DeleteAfterHours ] [-Location ] + [-Environment ] [-ResourceType ] [-ArmTemplateParameters ] + [-AdditionalParameters ] [-EnvironmentVariables ] [-CI] [-Force] [-OutFile] + [-SuppressVsoCommands] [-UseUserCredentials] [-NewTestResourcesRemainingArguments ] + [-ProgressAction ] [-WhatIf] [-Confirm] [] ``` ### Provisioner ``` New-TestResources.ps1 [-BaseName ] [-ResourceGroupName ] [-ServiceDirectory] - [-TestApplicationId ] [-TestApplicationSecret ] [-TestApplicationOid ] - -TenantId [-SubscriptionId ] -ProvisionerApplicationId + [-TestResourcesDirectory ] [-TestApplicationId ] [-TestApplicationSecret ] + [-TestApplicationOid ] -TenantId [-SubscriptionId ] + -ProvisionerApplicationId [-ProvisionerApplicationOid ] -ProvisionerApplicationSecret [-DeleteAfterHours ] [-Location ] - [-Environment ] [-ArmTemplateParameters ] [-AdditionalParameters ] - [-EnvironmentVariables ] [-CI] [-Force] [-OutFile] [-SuppressVsoCommands] [-WhatIf] [-Confirm] - [] + [-Environment ] [-ResourceType ] [-ArmTemplateParameters ] + [-AdditionalParameters ] [-EnvironmentVariables ] [-CI] [-Force] [-OutFile] + [-SuppressVsoCommands] [-UseUserCredentials] [-NewTestResourcesRemainingArguments ] + [-ProgressAction ] [-WhatIf] [-Confirm] [] ``` ## DESCRIPTION @@ -206,8 +210,10 @@ Accept wildcard characters: False A directory under 'sdk' in the repository root - optionally with subdirectories specified - in which to discover ARM templates named 'test-resources.json' and Bicep templates named 'test-resources.bicep'. -This can also be an absolute path +This can be an absolute path or specify parent directories. +ServiceDirectory is also used for resource and +environment variable naming. ```yaml Type: String @@ -221,6 +227,24 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -TestResourcesDirectory +An override directory in which to discover ARM templates named 'test-resources.json' and +Bicep templates named 'test-resources.bicep'. +This can be an absolute path +or specify parent directories. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -TestApplicationId Optional Azure Active Directory Application ID to authenticate the test runner against deployed resources. @@ -376,6 +400,21 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -ProvisionerApplicationOid +{{ Fill ProvisionerApplicationOid Description }} + +```yaml +Type: String +Parameter Sets: Provisioner +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -ProvisionerApplicationSecret A service principal secret (password) used to provision test resources when a provisioner is specified. @@ -456,6 +495,21 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -ResourceType +{{ Fill ResourceType Description }} + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: Test +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -ArmTemplateParameters Optional key-value pairs of parameters to pass to the ARM template(s). @@ -560,7 +614,7 @@ Accept wildcard characters: False ### -SuppressVsoCommands By default, the -CI parameter will print out secrets to logs with Azure Pipelines log commands that cause them to be redacted. -For CI environments that don't support this (like +For CI environments that don't support this (like stress test clusters), this flag can be set to $false to avoid printing out these secrets to the logs. ```yaml @@ -575,6 +629,46 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -UseUserCredentials +Create the resource group and deploy the template using the signed in user's credentials. +No service principal will be created or used. + +The environment file will be named for the test resources template that it was +generated for. +For ARM templates, it will be test-resources.json.env. +For +Bicep templates, test-resources.bicep.env. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -NewTestResourcesRemainingArguments +Captures any arguments not declared here (no parameter errors) +This enables backwards compatibility with old script versions in +hotfix branches if and when the dynamic subscription configuration +secrets get updated to add new parameters. + +```yaml +Type: Object +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -WhatIf Shows what would happen if the cmdlet runs. The cmdlet is not run. @@ -606,8 +700,23 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -ProgressAction +{{ Fill ProgressAction Description }} + +```yaml +Type: ActionPreference +Parameter Sets: (All) +Aliases: proga + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS From fd13dc2d2c2f0c4befa5b852d0ea3e8c07e3f1ff Mon Sep 17 00:00:00 2001 From: jolov Date: Wed, 24 Jan 2024 14:07:17 -0800 Subject: [PATCH 5/6] Rename --- eng/common/TestResources/New-TestResources.ps1 | 8 ++++---- eng/common/TestResources/New-TestResources.ps1.md | 6 +++--- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/eng/common/TestResources/New-TestResources.ps1 b/eng/common/TestResources/New-TestResources.ps1 index bf822e8b8c..0f997fd1e9 100644 --- a/eng/common/TestResources/New-TestResources.ps1 +++ b/eng/common/TestResources/New-TestResources.ps1 @@ -93,7 +93,7 @@ param ( [switch] $SuppressVsoCommands = ($null -eq $env:SYSTEM_TEAMPROJECTID), [Parameter()] - [switch] $UseUserCredentials, + [switch] $UserAuth, # Captures any arguments not declared here (no parameter errors) # This enables backwards compatibility with old script versions in @@ -614,9 +614,9 @@ try { } } - if ($UseUserCredentials) { + if ($UserAuth) { if ($TestApplicationId) { - Write-Warning "The specified TestApplicationId '$TestApplicationId' will be ignored when UseUserCredentials is set." + Write-Warning "The specified TestApplicationId '$TestApplicationId' will be ignored when UserAuth is set." } $TestApplicationOid = (Get-AzADUser -UserPrincipalName (Get-AzContext).Account).Id @@ -1013,7 +1013,7 @@ The environment file will be named for the test resources template that it was generated for. For ARM templates, it will be test-resources.json.env. For Bicep templates, test-resources.bicep.env. -.PARAMETER UseUserCredentials +.PARAMETER UserAuth Create the resource group and deploy the template using the signed in user's credentials. No service principal will be created or used. diff --git a/eng/common/TestResources/New-TestResources.ps1.md b/eng/common/TestResources/New-TestResources.ps1.md index cb1f7c1ac9..9cb6756d24 100644 --- a/eng/common/TestResources/New-TestResources.ps1.md +++ b/eng/common/TestResources/New-TestResources.ps1.md @@ -19,7 +19,7 @@ New-TestResources.ps1 [-BaseName ] [-ResourceGroupName ] [-Servi [-TestApplicationOid ] [-SubscriptionId ] [-DeleteAfterHours ] [-Location ] [-Environment ] [-ResourceType ] [-ArmTemplateParameters ] [-AdditionalParameters ] [-EnvironmentVariables ] [-CI] [-Force] [-OutFile] - [-SuppressVsoCommands] [-UseUserCredentials] [-NewTestResourcesRemainingArguments ] + [-SuppressVsoCommands] [-UserAuth] [-NewTestResourcesRemainingArguments ] [-ProgressAction ] [-WhatIf] [-Confirm] [] ``` @@ -32,7 +32,7 @@ New-TestResources.ps1 [-BaseName ] [-ResourceGroupName ] [-Servi -ProvisionerApplicationSecret [-DeleteAfterHours ] [-Location ] [-Environment ] [-ResourceType ] [-ArmTemplateParameters ] [-AdditionalParameters ] [-EnvironmentVariables ] [-CI] [-Force] [-OutFile] - [-SuppressVsoCommands] [-UseUserCredentials] [-NewTestResourcesRemainingArguments ] + [-SuppressVsoCommands] [-UserAuth] [-NewTestResourcesRemainingArguments ] [-ProgressAction ] [-WhatIf] [-Confirm] [] ``` @@ -629,7 +629,7 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -UseUserCredentials +### -UserAuth Create the resource group and deploy the template using the signed in user's credentials. No service principal will be created or used. From 3cd1e3f97febdb24694364f6d0cb6037d7aa1380 Mon Sep 17 00:00:00 2001 From: jolov Date: Wed, 24 Jan 2024 14:52:39 -0800 Subject: [PATCH 6/6] Update link --- eng/common/TestResources/New-TestResources.ps1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eng/common/TestResources/New-TestResources.ps1.md b/eng/common/TestResources/New-TestResources.ps1.md index 9cb6756d24..b09ba04df5 100644 --- a/eng/common/TestResources/New-TestResources.ps1.md +++ b/eng/common/TestResources/New-TestResources.ps1.md @@ -716,7 +716,7 @@ Accept wildcard characters: False ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS