Skip to content

Commit

Permalink
Support creating test resources based on logged in user (Azure#7580)
Browse files Browse the repository at this point in the history
* Support creating resources with user auth

* Log warning if TestApplicationId is set

* missing space

* regenerate md file

* Rename
  • Loading branch information
JoshLove-msft authored Jan 24, 2024
1 parent b9e6960 commit 693b937
Show file tree
Hide file tree
Showing 2 changed files with 141 additions and 12 deletions.
22 changes: 21 additions & 1 deletion eng/common/TestResources/New-TestResources.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,9 @@ param (
[Parameter()]
[switch] $SuppressVsoCommands = ($null -eq $env:SYSTEM_TEAMPROJECTID),

[Parameter()]
[switch] $UserAuth,

# Captures any arguments not declared here (no parameter errors)
# This enables backwards compatibility with old script versions in
# hotfix branches if and when the dynamic subscription configuration
Expand Down Expand Up @@ -611,8 +614,17 @@ try {
}
}

if ($UserAuth) {
if ($TestApplicationId) {
Write-Warning "The specified TestApplicationId '$TestApplicationId' will be ignored when UserAuth is set."
}

$TestApplicationOid = (Get-AzADUser -UserPrincipalName (Get-AzContext).Account).Id
$TestApplicationId = $testApplicationOid
Log "User-based app id '$TestApplicationId' will be used."
}
# If no test application ID was specified during an interactive session, create a new service principal.
if (!$CI -and !$TestApplicationId) {
elseif (!$CI -and !$TestApplicationId) {
# Cache the created service principal in this session for frequent reuse.
$servicePrincipal = if ($AzureTestPrincipal -and (Get-AzADServicePrincipal -ApplicationId $AzureTestPrincipal.AppId) -and $AzureTestSubscription -eq $SubscriptionId) {
Log "TestApplicationId was not specified; loading cached service principal '$($AzureTestPrincipal.AppId)'"
Expand Down Expand Up @@ -1001,6 +1013,14 @@ The environment file will be named for the test resources template that it was
generated for. For ARM templates, it will be test-resources.json.env. For
Bicep templates, test-resources.bicep.env.
.PARAMETER UserAuth
Create the resource group and deploy the template using the signed in user's credentials.
No service principal will be created or used.
The environment file will be named for the test resources template that it was
generated for. For ARM templates, it will be test-resources.json.env. For
Bicep templates, test-resources.bicep.env.
.PARAMETER SuppressVsoCommands
By default, the -CI parameter will print out secrets to logs with Azure Pipelines log
commands that cause them to be redacted. For CI environments that don't support this (like
Expand Down
131 changes: 120 additions & 11 deletions eng/common/TestResources/New-TestResources.ps1.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,21 +15,25 @@ Deploys live test resources defined for a service directory to Azure.
### Default (Default)
```
New-TestResources.ps1 [-BaseName <String>] [-ResourceGroupName <String>] [-ServiceDirectory] <String>
[-TestApplicationId <String>] [-TestApplicationSecret <String>] [-TestApplicationOid <String>]
[-SubscriptionId <String>] [-DeleteAfterHours <Int32>] [-Location <String>] [-Environment <String>]
[-ArmTemplateParameters <Hashtable>] [-AdditionalParameters <Hashtable>] [-EnvironmentVariables <Hashtable>]
[-CI] [-Force] [-OutFile] [-SuppressVsoCommands] [-WhatIf] [-Confirm] [<CommonParameters>]
[-TestResourcesDirectory <String>] [-TestApplicationId <String>] [-TestApplicationSecret <String>]
[-TestApplicationOid <String>] [-SubscriptionId <String>] [-DeleteAfterHours <Int32>] [-Location <String>]
[-Environment <String>] [-ResourceType <String>] [-ArmTemplateParameters <Hashtable>]
[-AdditionalParameters <Hashtable>] [-EnvironmentVariables <Hashtable>] [-CI] [-Force] [-OutFile]
[-SuppressVsoCommands] [-UserAuth] [-NewTestResourcesRemainingArguments <Object>]
[-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm] [<CommonParameters>]
```

### Provisioner
```
New-TestResources.ps1 [-BaseName <String>] [-ResourceGroupName <String>] [-ServiceDirectory] <String>
[-TestApplicationId <String>] [-TestApplicationSecret <String>] [-TestApplicationOid <String>]
-TenantId <String> [-SubscriptionId <String>] -ProvisionerApplicationId <String>
[-TestResourcesDirectory <String>] [-TestApplicationId <String>] [-TestApplicationSecret <String>]
[-TestApplicationOid <String>] -TenantId <String> [-SubscriptionId <String>]
-ProvisionerApplicationId <String> [-ProvisionerApplicationOid <String>]
-ProvisionerApplicationSecret <String> [-DeleteAfterHours <Int32>] [-Location <String>]
[-Environment <String>] [-ArmTemplateParameters <Hashtable>] [-AdditionalParameters <Hashtable>]
[-EnvironmentVariables <Hashtable>] [-CI] [-Force] [-OutFile] [-SuppressVsoCommands] [-WhatIf] [-Confirm]
[<CommonParameters>]
[-Environment <String>] [-ResourceType <String>] [-ArmTemplateParameters <Hashtable>]
[-AdditionalParameters <Hashtable>] [-EnvironmentVariables <Hashtable>] [-CI] [-Force] [-OutFile]
[-SuppressVsoCommands] [-UserAuth] [-NewTestResourcesRemainingArguments <Object>]
[-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm] [<CommonParameters>]
```

## DESCRIPTION
Expand Down Expand Up @@ -206,8 +210,10 @@ Accept wildcard characters: False
A directory under 'sdk' in the repository root - optionally with subdirectories
specified - in which to discover ARM templates named 'test-resources.json' and
Bicep templates named 'test-resources.bicep'.
This can also be an absolute path
This can be an absolute path
or specify parent directories.
ServiceDirectory is also used for resource and
environment variable naming.
```yaml
Type: String
Expand All @@ -221,6 +227,24 @@ Accept pipeline input: False
Accept wildcard characters: False
```
### -TestResourcesDirectory
An override directory in which to discover ARM templates named 'test-resources.json' and
Bicep templates named 'test-resources.bicep'.
This can be an absolute path
or specify parent directories.
```yaml
Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
```
### -TestApplicationId
Optional Azure Active Directory Application ID to authenticate the test runner
against deployed resources.
Expand Down Expand Up @@ -376,6 +400,21 @@ Accept pipeline input: False
Accept wildcard characters: False
```
### -ProvisionerApplicationOid
{{ Fill ProvisionerApplicationOid Description }}
```yaml
Type: String
Parameter Sets: Provisioner
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
```
### -ProvisionerApplicationSecret
A service principal secret (password) used to provision test resources when a
provisioner is specified.
Expand Down Expand Up @@ -456,6 +495,21 @@ Accept pipeline input: False
Accept wildcard characters: False
```
### -ResourceType
{{ Fill ResourceType Description }}
```yaml
Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: Test
Accept pipeline input: False
Accept wildcard characters: False
```
### -ArmTemplateParameters
Optional key-value pairs of parameters to pass to the ARM template(s).
Expand Down Expand Up @@ -560,7 +614,7 @@ Accept wildcard characters: False
### -SuppressVsoCommands
By default, the -CI parameter will print out secrets to logs with Azure Pipelines log
commands that cause them to be redacted.
For CI environments that don't support this (like
For CI environments that don't support this (like
stress test clusters), this flag can be set to $false to avoid printing out these secrets to the logs.
```yaml
Expand All @@ -575,6 +629,46 @@ Accept pipeline input: False
Accept wildcard characters: False
```
### -UserAuth
Create the resource group and deploy the template using the signed in user's credentials.
No service principal will be created or used.
The environment file will be named for the test resources template that it was
generated for.
For ARM templates, it will be test-resources.json.env.
For
Bicep templates, test-resources.bicep.env.
```yaml
Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
```
### -NewTestResourcesRemainingArguments
Captures any arguments not declared here (no parameter errors)
This enables backwards compatibility with old script versions in
hotfix branches if and when the dynamic subscription configuration
secrets get updated to add new parameters.
```yaml
Type: Object
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
```
### -WhatIf
Shows what would happen if the cmdlet runs.
The cmdlet is not run.
Expand Down Expand Up @@ -606,6 +700,21 @@ Accept pipeline input: False
Accept wildcard characters: False
```
### -ProgressAction
{{ Fill ProgressAction Description }}
```yaml
Type: ActionPreference
Parameter Sets: (All)
Aliases: proga

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
```
### CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
Expand Down

0 comments on commit 693b937

Please sign in to comment.