Skip to content

Commit

Permalink
Use SubscriptionId throughout TestResources
Browse files Browse the repository at this point in the history 
Fixes #1454
  • Loading branch information
@heaths @azure-sdk
heaths authored and azure-sdk committed Mar 31, 2021
1 parent e2b6d4a commit 5e6d278
Show file tree
Hide file tree
Showing 3 changed files with 69 additions and 31 deletions.
81 changes: 57 additions & 24 deletions eng/common/TestResources/New-TestResources.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ param (
# Azure SDK Developer Playground subscription
[Parameter()]
[ValidatePattern('^[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$')]
[string] $SubscriptionId = 'faa080af-c1d8-40ad-9cce-e1a450ca5b57',
[string] $SubscriptionId,

[Parameter(ParameterSetName = 'Provisioner', Mandatory = $true)]
[ValidatePattern('^[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$')]
Expand Down Expand Up @@ -200,35 +200,62 @@ try {
# Make sure the user is logged in to create a service principal.
$context = Get-AzContext;
if (!$context) {
$subscriptionName = $SubscriptionId

# Use cache of well-known team subs without having to be authenticated.
$wellKnownSubscriptions = @{
'faa080af-c1d8-40ad-9cce-e1a450ca5b57' = 'Azure SDK Developer Playground'
'a18897a6-7e44-457d-9260-f2854c0aca42' = 'Azure SDK Engineering System'
'2cd617ea-1866-46b1-90e3-fffb087ebf9b' = 'Azure SDK Test Resources'
# Use the given subscription ID if provided.
$subscriptionArgs = if ($SubscriptionId) {
@{Subscription = $SubscriptionId}
} else {
@{}
}

if ($wellKnownSubscriptions.ContainsKey($SubscriptionId)) {
$subscriptionName = '{0} ({1})' -f $wellKnownSubscriptions[$SubscriptionId], $SubscriptionId
# TODO: Should we default DeleteAfterHours for the Playground sub to 48hrs or even a week? Could really help with costs.
# Or should we prompt - default and ask to opt out of DeleteAfterHours?

Log 'Logging you in...'
$context = (Connect-AzAccount @subscriptionArgs).Context

# Warn that a "random" subscription was selected.
if (!$SubscriptionId) {
$subscriptionName = $context.Subscription.Id

# Use cache of well-known team subs without having to be authenticated.
$wellKnownSubscriptions = @{
'faa080af-c1d8-40ad-9cce-e1a450ca5b57' = 'Azure SDK Developer Playground'
'a18897a6-7e44-457d-9260-f2854c0aca42' = 'Azure SDK Engineering System'
'2cd617ea-1866-46b1-90e3-fffb087ebf9b' = 'Azure SDK Test Resources'
}

if ($wellKnownSubscriptions.ContainsKey($subscriptionName)) {
$subscriptionName = '{0} ({1})' -f $wellKnownSubscriptions[$subscriptionName], $subscriptionName
}

Write-Warning "No subscription was specified, so $subscriptionName was automatically selected."
}
}

# Make sure subscription and tenant IDs are set.
if (!$SubscriptionId) {
$SubscriptionId = $context.Subscription.Id
$PSBoundParameters['SubscriptionId'] = $SubscriptionId
}

Log "You are not logged in; connecting to $subscriptionName"
$context = (Connect-AzAccount -Subscription $SubscriptionId).Context
if (!$TenantId) {
$TenantId = $context.Subscription.TenantId
}

# If no test application ID is specified during an interactive session, create a new service principal.
if (!$TestApplicationId) {

# Cache the created service principal in this session for frequent reuse.
$servicePrincipal = if ($AzureTestPrincipal -and (Get-AzADServicePrincipal -ApplicationId $AzureTestPrincipal.ApplicationId)) {
$servicePrincipal = if ($AzureTestPrincipal -and (Get-AzADServicePrincipal -ApplicationId $AzureTestPrincipal.ApplicationId) -and $AzureTestSubscription -eq $SubscriptionId) {
Log "TestApplicationId was not specified; loading cached service principal '$($AzureTestPrincipal.ApplicationId)'"
$AzureTestPrincipal
} else {
Log 'TestApplicationId was not specified; creating a new service principal'
$global:AzureTestPrincipal = New-AzADServicePrincipal -Role Owner
$global:AzureTestPrincipal = New-AzADServicePrincipal -Role Owner -Scope "/subscriptions/$SubscriptionId"
$global:AzureTestSubscription = $SubscriptionId

Log "Created service principal '$AzureTestPrincipal'"
Log "Created service principal '$($AzureTestPrincipal.ApplicationId)'"
$AzureTestPrincipal
}

Expand All @@ -251,13 +278,15 @@ try {
if ($ProvisionerApplicationId) {
$null = Disable-AzContextAutosave -Scope Process

Log "Logging into service principal '$ProvisionerApplicationId'"
Log "Logging into service principal '$ProvisionerApplicationId'."
Write-Warning 'Logging into service principal may fail until the principal is fully propagated.'

$provisionerSecret = ConvertTo-SecureString -String $ProvisionerApplicationSecret -AsPlainText -Force
$provisionerCredential = [System.Management.Automation.PSCredential]::new($ProvisionerApplicationId, $provisionerSecret)

# Use the given subscription ID if provided.
$subscriptionArgs = if ($SubscriptionId) {
@{SubscriptionId = $SubscriptionId}
@{Subscription = $SubscriptionId}
} else {
@{}
}
Expand Down Expand Up @@ -292,7 +321,7 @@ try {

# If the ServiceDirectory is an absolute path use the last directory name
# (e.g. D:\foo\bar\ -> bar)
$serviceName = if (Split-Path -IsAbsolute $ServiceDirectory) {
$serviceName = if (Split-Path -IsAbsolute $ServiceDirectory) {
Split-Path -Leaf $ServiceDirectory
} else {
$ServiceDirectory
Expand Down Expand Up @@ -413,16 +442,16 @@ try {
$lastDebugPreference = $DebugPreference
try {
if ($CI) {
$DebugPreference = "Continue"
$DebugPreference = 'Continue'
}
New-AzResourceGroupDeployment -Name $BaseName -ResourceGroupName $resourceGroup.ResourceGroupName -TemplateFile $templateFile -TemplateParameterObject $templateFileParameters
} catch {
Write-Output @"
Write-Output @'
#####################################################
# For help debugging live test provisioning issues, #
# see http://aka.ms/azsdk/engsys/live-test-help, #
#####################################################
"@
'@
throw
} finally {
$DebugPreference = $lastDebugPreference
Expand Down Expand Up @@ -466,7 +495,7 @@ try {

if ($OutFile) {
if (!$IsWindows) {
Write-Host "File option is supported only on Windows"
Write-Host 'File option is supported only on Windows'
}

$outputFile = "$templateFile.env"
Expand Down Expand Up @@ -595,7 +624,11 @@ is passed to the ARM template as 'tenantId'.
Optional subscription ID to use for new resources when logging in as a
provisioner. You can also use Set-AzContext if not provisioning.
The default is the Azure SDK Developer Playground subscription ID.
If you do not specify a SubscriptionId and are not logged in, once will be
automatically selected for you by the Connect-AzAccount cmdlet.
Once you are logged in (or were previously), the selected SubscriptionId
will be used for subsequent operations that are specific to a subscription.
.PARAMETER ProvisionerApplicationId
The AAD Application ID used to provision test resources when a provisioner is
Expand Down Expand Up @@ -660,8 +693,8 @@ Save test environment settings into a test-resources.json.env file next to test-
The environment file would be scoped to the current repository directory.
.EXAMPLE
Connect-AzAccount -Subscription "REPLACE_WITH_SUBSCRIPTION_ID"
New-TestResources.ps1 -ServiceDirectory 'keyvault'
Connect-AzAccount -Subscription 'REPLACE_WITH_SUBSCRIPTION_ID'
New-TestResources.ps1 keyvault
Run this in a desktop environment to create new AAD apps and Service Principals
that can be used to provision resources and run live tests.
Expand Down
13 changes: 8 additions & 5 deletions eng/common/TestResources/New-TestResources.ps1.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,8 +55,8 @@ specified in $ProvisionerApplicationId and $ProvisionerApplicationSecret.

### EXAMPLE 1
```
Connect-AzAccount -Subscription "REPLACE_WITH_SUBSCRIPTION_ID"
New-TestResources.ps1 -ServiceDirectory 'keyvault'
Connect-AzAccount -Subscription 'REPLACE_WITH_SUBSCRIPTION_ID'
New-TestResources.ps1 keyvault
```

Run this in a desktop environment to create new AAD apps and Service Principals
Expand Down Expand Up @@ -228,10 +228,13 @@ Accept wildcard characters: False
### -SubscriptionId
Optional subscription ID to use for new resources when logging in as a
provisioner.
You can also use Set-AzContext if not provisioning.
provisioner. You can also use Set-AzContext if not provisioning.
The default is the Azure SDK Developer Playground subscription ID.
If you do not specify a SubscriptionId and are not logged in, once will be
automatically selected for you by the Connect-AzAccount cmdlet.
Once you are logged in (or were previously), the selected SubscriptionId
will be used for subsequent operations that are specific to a subscription.
```yaml
Type: String
Expand Down
6 changes: 4 additions & 2 deletions eng/common/TestResources/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,11 +24,13 @@ example using Azure Search. The script will create a service principal automatic
or you may create a service principal you can save and reuse subsequently.

Note that `-Subscription` is an optional parameter but recommended if your account
is a member of multiple subscriptions.
is a member of multiple subscriptions. If you didn't specify it when logging in,
you should select your desired subscription using `Select-AzSubscription`. The
default can be saved using `Set-AzDefault` for future sessions.

```powershell
Connect-AzAccount -Subscription 'YOUR SUBSCRIPTION ID'
eng\common\TestResources\New-TestResources.ps1 -ServiceDirectory 'search' -SubscriptionId 'YOUR SUBSCRIPTION ID'
eng\common\TestResources\New-TestResources.ps1 search
```

The `OutFile` switch will be set by default if you are running this for a .NET project on Windows. This will save test environment settings
Expand Down

0 comments on commit 5e6d278

Please sign in to comment.