* Merge subscription configuration file values with the supplied subscription config
* Bring forward working parts
* Collapse into a single task
* SubConfig-Helpers.ps1 changes
* Update remove-test-resources.yml
---------
Co-authored-by: Daniel Jurek <djurek@microsoft.com>
* Plumb env vars through deploy test resources
* Update eng/common/TestResources/deploy-test-resources.yml
Co-authored-by: Daniel Jurek <djurek@microsoft.com>
* Update eng/common/TestResources/deploy-test-resources.yml
Co-authored-by: Daniel Jurek <djurek@microsoft.com>
---------
Co-authored-by: Ben Broderick Phillips <bebroder@microsoft.com>
Co-authored-by: Daniel Jurek <djurek@microsoft.com>
* Add support for Federated Auth to test resources scripts
* Default -- UseFederatedAuth: false
* Clear secrets if FederatedAuth is set
* Template conditions use AzurePowerShell only when a service connection is needed
* Review feedback and pair with Ben
* Update docs
* http:// -> https://
---------
Co-authored-by: Daniel Jurek <djurek@microsoft.com>
* Support creating resources with user auth
* Log warning if TestApplicationId is set
* missing space
* regenerate md file
* Rename
* Update link
---------
Co-authored-by: jolov <jolov@microsoft.com>
* Force capitalize all deployment/env outputs in live test
* Update eng/common/TestResources/New-TestResources.ps1
Co-authored-by: Heath Stewart <heaths@outlook.com>
---------
Co-authored-by: Ben Broderick Phillips <bebroder@microsoft.com>
Co-authored-by: Heath Stewart <heaths@outlook.com>
* Remove ARM deployment after deploy
* Update eng/common/TestResources/New-TestResources.ps1
Co-authored-by: Heath Stewart <heaths@outlook.com>
* Apply suggestions from code review
---------
Co-authored-by: Ben Broderick Phillips <bebroder@microsoft.com>
Co-authored-by: Heath Stewart <heaths@outlook.com>
* Consolidate naming logic and generate short hash names for local use
* Shorten long lines
* Handle issues with EnvironmentVariable parameter ref being updated
* Warn on env variable overwrite. Base name generation off resource group
* Use SHA256 algorithm for short name hash
---------
Co-authored-by: Ben Broderick Phillips <bebroder@microsoft.com>
* Do not fail remove test resources step when env var is not set.
* Handle empty service directories in remove test resources script
Co-authored-by: Ben Broderick Phillips <bebroder@microsoft.com>
* Infer live resource group name based on service directory name
* Simplify service directory path splitting
* Use common logic for username and basename generation
* Rename GetServiceName to GetServiceLeafDirectoryName
Co-authored-by: Ben Broderick Phillips <bebroder@microsoft.com>
* Update test resources SP password creation to support Az >= 7.1.0
* Check Az.Resources module version
Co-authored-by: Ben Broderick Phillips <bebroder@microsoft.com>
* Support AAD graph and Microsoft Graph service principal APIs
* Consolidate service principal wrapper creation
Co-authored-by: Ben Broderick Phillips <bebroder@microsoft.com>
The focus of these changes is to ensure that the service principal is
explicitly granted the "Owner" role on the active resource group, whether
the principal was newly created or a cached instance was used.
Co-authored-by: Jesse Squire <jesse.squire@gmail.com>
* Use stress test environment defaults for group and subscription
* Fix parameter passing from deploy-stress-tests.ps1 script
* Redact stress deployment logs and simplify image handling
* Use DevopsLogging parameter to prevent secret logging in non-devops CI environments
* Use switch type for DevopsLogging parameter
* Remove boolean parameter usage in favor of [switch]
* Add default parameter set usage comment
* Throw when clusterGroup and/or subscription is not specified for custom environments
* Add helper function for logging azure pipelines vso commands
* Invert SuppressVsoCommands binary default value
* Vso command fixes
Co-authored-by: Ben Broderick Phillips <bebroder@microsoft.com>
* Exclude certain live test deployment outputs from being marked as log secrets
* debug
* Update subscription configuration merge jobs to use secret handler
* Rename subscription config helper function script
* Fix variable name reference in scope
Co-authored-by: Ben Broderick Phillips <bebroder@microsoft.com>
* Doc Updates and Revisions for External Use
The focus of these changes is to revise the script to better support use
by external contributors and others outside of the Azure SDK ecosystem and
without access to the Microsoft AAD Tenant.
Changes include:
- Creation of a new Test Application service principal is now possible
from a non-Microsoft AAD tenant.
- When a new Test Application principal is created, the principle of least
privilege is now applied; the new Test Application is granted ownership
of the resource group associated with the test resources and no longer
has access to any other resources in the subscription.
- If an existing Test Application principal is specified, it will be
assigned ownership of the resource group created. This supports using
a Test Application principal without privileges at the subscription-level.
- When no provisioner is specified, the script is now executed in the
context of the caller rather than the Test Application principal.
This supports using a Test Application principal that has restricted
privileges and better aligns to the purpose of the Test Application
principal.
- The `$TestApplicationOid` is now explicitly bound at the time a new Test
Application principal is created rather than having to query for it later.
- Common error scenarios resulting from lack of permissions now provide
messaging with more context of why the failure occurred and suggest
remediation.
- Added new examples to illustrate the common call patterns needed by
external contributors running the script, outside of the Microsoft tenant
and Azure SDK ecosystem.
- Documentation has been enhanced with additional context to detail the
permissions and roles assigned by the script.
- Added documentation details for Bicep template use.
* Add the provisioner OID to the deployment params
Key Vault needs this to deploy Managed HSMs. There's a corresponding change necessary in test-resources.json I'll roll out across languages.
* Fixing typos and spelling mistakes
Co-authored-by: Jesse Squire <jesse.squire@gmail.com>
Co-authored-by: Heath Stewart <heaths@microsoft.com>
