* Support writing .env files from Test Resources
If a language repo opts into it *and* if a `test-resources.bicep` file exists and lints clean of writing secrets *and* if the `.env` file is gitignore'd, write a `.env` file next to `test-resources.bicep`.
* Resolve PR feedback
* Pass -Force for . hidden files on non-Windows
---------
Co-authored-by: Heath Stewart <heaths@microsoft.com>
* Doc Updates and Revisions for External Use
The focus of these changes is to revise the script to better support use
by external contributors and others outside of the Azure SDK ecosystem and
without access to the Microsoft AAD Tenant.
Changes include:
- Creation of a new Test Application service principal is now possible
from a non-Microsoft AAD tenant.
- When a new Test Application principal is created, the principle of least
privilege is now applied; the new Test Application is granted ownership
of the resource group associated with the test resources and no longer
has access to any other resources in the subscription.
- If an existing Test Application principal is specified, it will be
assigned ownership of the resource group created. This supports using
a Test Application principal without privileges at the subscription-level.
- When no provisioner is specified, the script is now executed in the
context of the caller rather than the Test Application principal.
This supports using a Test Application principal that has restricted
privileges and better aligns to the purpose of the Test Application
principal.
- The `$TestApplicationOid` is now explicitly bound at the time a new Test
Application principal is created rather than having to query for it later.
- Common error scenarios resulting from lack of permissions now provide
messaging with more context of why the failure occurred and suggest
remediation.
- Added new examples to illustrate the common call patterns needed by
external contributors running the script, outside of the Microsoft tenant
and Azure SDK ecosystem.
- Documentation has been enhanced with additional context to detail the
permissions and roles assigned by the script.
- Added documentation details for Bicep template use.
* Add the provisioner OID to the deployment params
Key Vault needs this to deploy Managed HSMs. There's a corresponding change necessary in test-resources.json I'll roll out across languages.
* Fixing typos and spelling mistakes
Co-authored-by: Jesse Squire <jesse.squire@gmail.com>
Co-authored-by: Heath Stewart <heaths@microsoft.com>
* Use SubscriptionId throughout TestResources
Fixes#1454
* Resolve PR feedback
* Default DeleteAfterHours to 48 for SDK team
Also makes a few other adjustments for subscriptions, like restoring the previous one if available and another was specified.
* Resolve PR feedback
* Change deployment mode to Complete
Also fixes an issue where if the user opted not to deploy to the same resource group, the script would continue execution anyway.
* Use consistent aka links to satisfy link checker
Only need it for the new Update-TestResources.ps1 script, but I wanted them to look consistent.
Co-authored-by: Heath Stewart <heaths@microsoft.com>
* Improve TestResources docs and logging
Resolves#1388Resolves#1407
Also ignores cached service principal if it no longer exists. I ran into this while testing since I cleaned up old SPs.
* Add ADP test sub to look-up
Co-authored-by: Heath Stewart <heaths@microsoft.com>
* Simplify Net-TestResources usage
* docs and windows check
* Update eng/common/TestResources/New-TestResources.ps1
Co-authored-by: Heath Stewart <heaths@outlook.com>
* update markdown
* make service directory the default parameter
* Fix links
* Doc change
Co-authored-by: Pavel Krymets <pavel@krymets.com>
Co-authored-by: Heath Stewart <heaths@outlook.com>
