File: deploy-test-resources.yml

package info (click to toggle)
python-azure 20250603%2Bgit-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, trixie
  • size: 851,724 kB
  • sloc: python: 7,362,925; ansic: 804; javascript: 287; makefile: 195; sh: 145; xml: 109
file content (158 lines) | stat: -rw-r--r-- 7,179 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
 
parameters:
  ServiceDirectory: ''
  ArmTemplateParameters: '@{}'
  DeleteAfterHours: 8
  Location: ''
  EnvVars: {}
  SubscriptionConfiguration: '{}'
  ServiceConnection: not-specified
  ResourceType: test
  UseFederatedAuth: true
  PersistOidcToken: false
  SelfContainedPostScript: self-contained-test-resources-post.ps1

# SubscriptionConfiguration will be splatted into the parameters of the test
# resources script. It should be JSON in the form:
# {
#   "SubscriptionId": "<subscription id>",
#   "TenantId": "<tenant id>",
#   "TestApplicationId": "<test app id>",
#   "TestApplicationSecret": "<test app secret>",
#   "ProvisionerApplicationId": "<provisioner app id>",
#   "ProvisionerApplicationSecret": "<provisioner app secret>",
#   "Environment": "AzureCloud | AzureGov | AzureChina | <other environment>"
#   "EnvironmentVariables": {
#       "SERVICE_MANAGEMENT_URL": "<service management url>",
#       "STORAGE_ENDPOINT_SUFFIX": "<storage endpoint suffix>",
#       "RESOURCE_MANAGER_URL": "<resource manager url>",
#       "SEARCH_ENDPOINT_SUFFIX": "<search endpoint suffix>",
#       "COSMOS_TABLES_ENDPOINT_SUFFIX": "<cosmos tables endpoint suffix>"
#   },
#   "ArmTemplateParameters": {
#       "keyVaultDomainSuffix": "<keyVaultDomainSuffix>",
#       "storageEndpointSuffix": "<storageEndpointSuffix>",
#       "endpointSuffix": "<endpointSuffix>",
#       "azureAuthorityHost": "<azureAuthorityHost>",
#       "keyVaultEndpointSuffix": "<keyVaultEndpointSuffix>"
#   }
# }

steps:
  - template: /eng/common/pipelines/templates/steps/cache-ps-modules.yml

  - template: /eng/common/TestResources/setup-environments.yml

  - ${{ if eq(parameters.PersistOidcToken, true) }}:
    - task: AzureCLI@2
      displayName: Set OIDC token
      env:
        ARM_OIDC_TOKEN: $(ARM_OIDC_TOKEN)
      inputs:
        azureSubscription: ${{ parameters.ServiceConnection }}
        addSpnToEnvironment: true
        scriptLocation: inlineScript
        scriptType: pscore
        inlineScript: |
          Write-Host "##vso[task.setvariable variable=ARM_OIDC_TOKEN;issecret=true]$($env:idToken)"

  - ${{ if eq('true', parameters.UseFederatedAuth) }}:
    - task: AzurePowerShell@5
      displayName: 🚀 Deploy test resources
      env:
        TEMP: $(Agent.TempDirectory)
        PoolSubnet: $(PoolSubnet)
        ${{ if eq(parameters.PersistOidcToken, true) }}:
          ARM_OIDC_TOKEN: $(ARM_OIDC_TOKEN)
        ${{ insert }}: ${{ parameters.EnvVars }}
      inputs:
        azureSubscription: ${{ parameters.ServiceConnection }}
        azurePowerShellVersion: LatestVersion
        pwsh: true
        ScriptType: InlineScript
        Inline: |
          eng/common/scripts/Import-AzModules.ps1
          $subscriptionConfiguration = @'
            ${{ parameters.SubscriptionConfiguration }}
          '@ | ConvertFrom-Json -AsHashtable;

          $context = Get-AzContext
          $subscriptionConfiguration["Environment"] = $context.Environment.Name
          $subscriptionConfiguration["SubscriptionId"] = $context.Subscription.Id
          $subscriptionConfiguration["TenantId"] = $context.Subscription.TenantId
          $subscriptionConfiguration["TestApplicationId"] = $context.Account.Id
          $subscriptionConfiguration["ProvisionerApplicationId"] = $context.Account.Id

          $principal = Get-AzADServicePrincipal -ApplicationId $context.Account.Id
          $subscriptionConfiguration["TestApplicationOid"] = $principal.Id
          $subscriptionConfiguration["ProvisionerApplicationOid"] = $principal.Id

          Write-Host ($subscriptionConfiguration | ConvertTo-Json)
          # Write the new SubscriptionConfiguration to be used by the remove test resources
          Write-Host "##vso[task.setvariable variable=SubscriptionConfiguration;]$($subscriptionConfiguration | ConvertTo-Json -Compress)"

          $postScriptPath = $${{ parameters.PersistOidcToken }} ? '$(Agent.TempDirectory)/${{ parameters.SelfContainedPostScript }}' : $null

          # The subscriptionConfiguration may have ArmTemplateParameters defined, so
          # pass those in via the ArmTemplateParameters flag, and handle any
          # additional parameters from the pipelines via AdditionalParameters
          eng/common/TestResources/New-TestResources.ps1 `
            -ResourceType '${{ parameters.ResourceType }}' `
            -ServiceDirectory '${{ parameters.ServiceDirectory }}' `
            -Location '${{ parameters.Location }}' `
            -DeleteAfterHours '${{ parameters.DeleteAfterHours }}' `
            @subscriptionConfiguration `
            -AdditionalParameters ${{ parameters.ArmTemplateParameters }} `
            -AllowIpRanges ('$(azsdk-corp-net-ip-ranges)' -split ',') `
            -SelfContainedPostScript $postScriptPath `
            -CI `
            -Force `
            -Verbose | Out-Null

    - ${{ if eq(parameters.PersistOidcToken, true) }}:
      # ARM deployments that take longer than 10-15 minutes (e.g. HSM) can
      # cause post scripts to fail with expired credentials.
      # Add a new task with a refreshed token as a workaround to this issue.
      - task: AzureCLI@2
        displayName: Test Resources Post with refreshed login
        env:
          ${{ insert }}: ${{ parameters.EnvVars }}
        inputs:
          azureSubscription: ${{ parameters.ServiceConnection }}
          addSpnToEnvironment: true
          scriptLocation: inlineScript
          scriptType: pscore
          inlineScript: |
            eng/common/scripts/Import-AzModules.ps1  # Support post scripts using az powershell instead of az cli
            $env:ARM_OIDC_TOKEN = $env:idToken
            $scriptPath = '$(Agent.TempDirectory)/${{ parameters.SelfContainedPostScript }}'
            Write-Host "Executing self contained test resources post script '$scriptPath'"
            & $scriptPath
            Remove-Item $scriptPath  # avoid any possible complications when we run multiple deploy templates

  - ${{ else }}:
    - pwsh: |
        eng/common/scripts/Import-AzModules.ps1
        $subscriptionConfiguration = @'
          ${{ parameters.SubscriptionConfiguration }}
        '@ | ConvertFrom-Json -AsHashtable;

        # The subscriptionConfiguration may have ArmTemplateParameters defined, so
        # pass those in via the ArmTemplateParameters flag, and handle any
        # additional parameters from the pipelines via AdditionalParameters
        eng/common/TestResources/New-TestResources.ps1 `
          -ResourceType '${{ parameters.ResourceType }}' `
          -ServiceDirectory '${{ parameters.ServiceDirectory }}' `
          -Location '${{ parameters.Location }}' `
          -DeleteAfterHours '${{ parameters.DeleteAfterHours }}' `
          @subscriptionConfiguration `
          -AdditionalParameters ${{ parameters.ArmTemplateParameters }} `
          -AllowIpRanges ('$(azsdk-corp-net-ip-ranges)' -split ',') `
          -CI `
          -ServicePrincipalAuth `
          -Force `
          -Verbose | Out-Null
      displayName: 🚀 Deploy test resources
      env:
        TEMP: $(Agent.TempDirectory)
        PoolSubnet: $(PoolSubnet)
        ${{ insert }}: ${{ parameters.EnvVars }}