Fails if you don't have `bicep` installed but do have `az bicep` and was unnecessary since the check below it did it anyway.
Co-authored-by: Heath Stewart <heaths@microsoft.com>
Path.Combine will allow for fully qualified paths to override the combination. For example `Path.Combine("a","b","c:\test")` will resolve to `c:\test'. We have depended on such behavior in a few places like d66b5160f2/eng/pipelines/templates/steps/smoke-test-steps.yml (L99) so I'm reverting back to Path.Combine.
Co-authored-by: Wes Haggard <weshaggard@users.noreply.github.com>
* Support writing .env files from Test Resources
If a language repo opts into it *and* if a `test-resources.bicep` file exists and lints clean of writing secrets *and* if the `.env` file is gitignore'd, write a `.env` file next to `test-resources.bicep`.
* Resolve PR feedback
* Pass -Force for . hidden files on non-Windows
---------
Co-authored-by: Heath Stewart <heaths@microsoft.com>
Given we are using the tenantId to determine to add the prefix or not we need to make sure we have it set before we check it. For the pipelines it is set at the script calling time so it was working there but for some local scenarios it is not set yet, so we need to do it a little later in the script.
Co-authored-by: Wes Haggard <weshaggard@users.noreply.github.com>
Add the prefix to identify RGs that we are creating in our TME
tenant to identify them as potentially using local auth and violating
our safe secret standards.
Co-authored-by: Wes Haggard <Wes.Haggard@microsoft.com>
* Pass arm template parameter for TME context
* Use supportsSafeSecretStandard parameter instead
---------
Co-authored-by: Ben Broderick Phillips <bebroder@microsoft.com>
* Use -Mail for test resources local user lookup to support TME
* Auto-select TME subscription based on user context
---------
Co-authored-by: Ben Broderick Phillips <bebroder@microsoft.com>
* Remove default sub config sub-config-azure-cloud-test-resources
We no longer want to default the configuration and instead
default from the service connection which had the info we need.
* Fix quoting
---------
Co-authored-by: Wes Haggard <Wes.Haggard@microsoft.com>
* Export the subscription data from the service connection
* Update deploy-test-resources.yml
---------
Co-authored-by: Wes Haggard <Wes.Haggard@microsoft.com>
Co-authored-by: Wes Haggard <weshaggard@users.noreply.github.com>
* Add descriptive error when variable groups are not added to pipeline
* Add emoji to deploy step title to make it easier to find
* Move yaml json checking into powershell script
* Fix base sub config empty/string checking
---------
Co-authored-by: Ben Broderick Phillips <bebroder@microsoft.com>
* Do not mark values as secret that are from git-hosted sub config files
* Simplify sub config build yaml
---------
Co-authored-by: Ben Broderick Phillips <bebroder@microsoft.com>
* Set storage account test resources to disable blob public access
* Skip adding network rules to storage accounts that don't need them during cleanup
* Add succeeded check to set pipeline subnet info step
* Disable network firewall by default in resource creation/removal
---------
Co-authored-by: Ben Broderick Phillips <bebroder@microsoft.com>
* Support storage network access and worm removal in remove test resources script
* Move storage network access script to common resource helpers file
* Improve storage container deletion resilience
* Plumb through pool variable to live test cleanup template
* Add sleep for network rule application
---------
Co-authored-by: Ben Broderick Phillips <bebroder@microsoft.com>
* Ensure subConfigFiles is not an empty string
* Skip instances where $file is an empty string
---------
Co-authored-by: Daniel Jurek <djurek@microsoft.com>
* Fix default value for env vars in build-test-resource-config template
* Add empty pool condition
---------
Co-authored-by: Ben Broderick Phillips <bebroder@microsoft.com>
* Restrict live test storage account access to client IP
* Add storage pools to test resources vnet allowlist
* Use pool subnet map to reduce number of subnets added to live test resources
* snap
* Add test resource parameter to add ip ranges to storage firewall
* Validate and update ip firewall rules
* Get pool subnet using separate workload identity
---------
Co-authored-by: Ben Broderick Phillips <bebroder@microsoft.com>
* Merge subscription configuration file values with the supplied subscription config
* Bring forward working parts
* Collapse into a single task
* SubConfig-Helpers.ps1 changes
* Update remove-test-resources.yml
---------
Co-authored-by: Daniel Jurek <djurek@microsoft.com>
* Plumb env vars through deploy test resources
* Update eng/common/TestResources/deploy-test-resources.yml
Co-authored-by: Daniel Jurek <djurek@microsoft.com>
* Update eng/common/TestResources/deploy-test-resources.yml
Co-authored-by: Daniel Jurek <djurek@microsoft.com>
---------
Co-authored-by: Ben Broderick Phillips <bebroder@microsoft.com>
Co-authored-by: Daniel Jurek <djurek@microsoft.com>
* Add support for Federated Auth to test resources scripts
* Default -- UseFederatedAuth: false
* Clear secrets if FederatedAuth is set
* Template conditions use AzurePowerShell only when a service connection is needed
* Review feedback and pair with Ben
* Update docs
* http:// -> https://
---------
Co-authored-by: Daniel Jurek <djurek@microsoft.com>
* Support creating resources with user auth
* Log warning if TestApplicationId is set
* missing space
* regenerate md file
* Rename
* Update link
---------
Co-authored-by: jolov <jolov@microsoft.com>
* Force capitalize all deployment/env outputs in live test
* Update eng/common/TestResources/New-TestResources.ps1
Co-authored-by: Heath Stewart <heaths@outlook.com>
---------
Co-authored-by: Ben Broderick Phillips <bebroder@microsoft.com>
Co-authored-by: Heath Stewart <heaths@outlook.com>
