Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix 01-Create-Skill-Test-Shared-Azure-Resources #605

Draft
wants to merge 5 commits into
base: main
Choose a base branch
from
Draft

Fix 01-Create-Skill-Test-Shared-Azure-Resources #605

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
8f7fcf6
Add Set-PSDebug -Trace 1
Aug 25, 2022
7332149
Add ";" to line ends
Aug 25, 2022
1e6c57f
Disable Deploy Key Vault
Aug 25, 2022
41ea92f
Fix auth for createAppRegistrations.yml
Aug 25, 2022
489d565
Add trace
Sep 2, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 18 additions & 14 deletions build/yaml/deployBotResources/common/getAppRegistration.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,13 +41,15 @@ steps:
failOnStandardError: true
scriptLocation: inlineScript
inlineScript: |
$secret = New-Object -TypeName psobject
$source = ""
Set-PSDebug -Trace 1;

$secret = New-Object -TypeName psobject;
$source = "";
$withAppSecret = $true;

if("UserAssignedMSI" -eq "${{ parameters.appType }}") {
$appId = (az identity show --name "${{ parameters.botName }}${{ parameters.resourceSuffix }}" --resource-group "${{ parameters.sharedResourceGroup }}" | ConvertFrom-Json).clientId;
$secret | Add-Member -MemberType NoteProperty -Name AppId -Value $appId
$secret | Add-Member -MemberType NoteProperty -Name AppId -Value $appId;
$source = "UserAssignedMSI ${{ parameters.botName }}${{ parameters.resourceSuffix }}";
$withAppSecret = $false;

Expand All @@ -56,27 +58,29 @@ steps:
$entries = az keyvault secret list --vault-name "${{ parameters.keyVault }}" | ConvertFrom-Json | Where-Object {$_.name -like "${{ parameters.botName }}*"};

foreach ($entry in $entries) {
$secretVault = az keyvault secret show --id $entry.id | ConvertFrom-Json
$secret | Add-Member -MemberType NoteProperty -Name ($secretVault.name -replace "${{ parameters.botName }}", "") -Value "$($secretVault.value)"
$secretVault = az keyvault secret show --id $entry.id | ConvertFrom-Json;
$secret | Add-Member -MemberType NoteProperty -Name ($secretVault.name -replace "${{ parameters.botName }}", "") -Value "$($secretVault.value)";
}
} else {
$source = "Pipeline Variables"
$secret | Add-Member -MemberType NoteProperty -Name AppId -Value "${{ parameters.appId }}"
$secret | Add-Member -MemberType NoteProperty -Name AppSecret -Value "${{ parameters.appSecret }}"
$source = "Pipeline Variables";
$secret | Add-Member -MemberType NoteProperty -Name AppId -Value "${{ parameters.appId }}";
$secret | Add-Member -MemberType NoteProperty -Name AppSecret -Value "${{ parameters.appSecret }}";
}

if ([string]::IsNullOrEmpty($secret.AppId)) {
Write-Host "##vso[task.LogIssue type=error;]AppId is Null or Empty"
Write-Host "##vso[task.complete result=Failed;]DONE"
Write-Host "##vso[task.LogIssue type=error;]AppId is Null or Empty";
Write-Host "##vso[task.complete result=Failed;]DONE";
}

if ($withAppSecret -and [string]::IsNullOrEmpty($secret.AppSecret)) {
Write-Host "##vso[task.LogIssue type=error;]AppSecret is Null or Empty"
Write-Host "##vso[task.complete result=Failed;]DONE"
Write-Host "##vso[task.LogIssue type=error;]AppSecret is Null or Empty";
Write-Host "##vso[task.complete result=Failed;]DONE";
}

Write-Host "Source: $source;"
Write-Host "AppId: $($secret.AppId);"

Write-Host "##vso[task.setvariable variable=AppId]$($secret.AppId)"
Write-Host "##vso[task.setvariable variable=AppSecret]$($secret.AppSecret)"
Write-Host "##vso[task.setvariable variable=AppId]$($secret.AppId)";
Write-Host "##vso[task.setvariable variable=AppSecret]$($secret.AppSecret)";

Set-PSDebug -Trace 0;
7 changes: 5 additions & 2 deletions build/yaml/sharedResources/createAppRegistrations.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,15 +34,16 @@ steps:
scriptLocation: inlineScript
inlineScript: |
# Using Microsoft Graph REST API to create App Registrations (https://docs.microsoft.com/en-us/graph/api/application-post-applications) instead of Azure CLI due to Azure Active Directory Graph API has been deprecated and still in a migration process to Microsoft Graph API, more information can be found in this link (https://github.com/Azure/azure-cli/issues/12946).
Set-PSDebug -Trace 1;

function GetToken() {
# Get Token

$body = @{
grant_type = "client_credentials";
scope = "https://graph.microsoft.com/.default";
client_id = ${{ parameters.servicePrincipalId }};
client_secret = ${{ parameters.servicePrincipalKey }};
client_id = $env:servicePrincipalId;
client_secret = $env:servicePrincipalKey;
}

Invoke-WebRequest -Uri "https://login.microsoftonline.com/${{ parameters.tenantId }}/oauth2/v2.0/token" -Method "POST" -Body $body | ConvertFrom-Json
Expand Down Expand Up @@ -130,3 +131,5 @@ steps:
SaveAppRegistrationIntoKeyVault "${{ parameters.keyVault }}" $bot.variables $app
Write-Host "[$botName] Ending"
}

Set-PSDebug -Trace 0;
60 changes: 30 additions & 30 deletions build/yaml/sharedResources/createSharedResources.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,39 +84,39 @@ stages:
displayName: "Create Key Vault and App Registrations"
dependsOn: Create_Resource_Group
jobs:
- job: Check_Key_Vault_Object_Id
displayName: Check KeyVaultObjectId value
steps:
- checkout: none
- powershell: |
$keyVaultObjectId = '$(INTERNALKEYVAULTOBJECTID)'
if ($keyVaultObjectId -ne '') {
Write-Host "keyVaultObjectId set. The KeyVault and App Registrations will be created."
Write-Host "##vso[task.setvariable variable=createKeyVault;isOutput=true]$true"
}
else {
Write-Host "keyVaultObjectId not set. The KeyVault and App Registrations won't be created."
Write-Host "##vso[task.setvariable variable=createKeyVault;isOutput=true]$false"
}
name: checkKeyVaultObjectIdValue
failOnStderr: true

- job: Deploy_Key_Vault
displayName: "Deploy Key Vault"
dependsOn: Check_Key_Vault_Object_Id
condition: eq(dependencies.Check_Key_Vault_Object_Id.outputs['checkKeyVaultObjectIdValue.createKeyVault'], true)
steps:
- task: AzureCLI@2
displayName: "Deploy Key Vault"
inputs:
azureSubscription: $(AZURESUBSCRIPTION)
scriptType: pscore
scriptLocation: inlineScript
inlineScript: "az deployment group create --name $(INTERNALKEYVAULTNAME) --resource-group $(INTERNALRESOURCEGROUPNAME) --template-file build/templates/template-key-vault-resources.json --parameters keyVaultName=$(INTERNALKEYVAULTNAME) objectId=$(INTERNALKEYVAULTOBJECTID)"
# - job: Check_Key_Vault_Object_Id
# displayName: Check KeyVaultObjectId value
# steps:
# - checkout: none
# - powershell: |
# $keyVaultObjectId = '$(INTERNALKEYVAULTOBJECTID)'
# if ($keyVaultObjectId -ne '') {
# Write-Host "keyVaultObjectId set. The KeyVault and App Registrations will be created."
# Write-Host "##vso[task.setvariable variable=createKeyVault;isOutput=true]$true"
# }
# else {
# Write-Host "keyVaultObjectId not set. The KeyVault and App Registrations won't be created."
# Write-Host "##vso[task.setvariable variable=createKeyVault;isOutput=true]$false"
# }
# name: checkKeyVaultObjectIdValue
# failOnStderr: true

# - job: Deploy_Key_Vault
# displayName: "Deploy Key Vault"
# dependsOn: Check_Key_Vault_Object_Id
# condition: eq(dependencies.Check_Key_Vault_Object_Id.outputs['checkKeyVaultObjectIdValue.createKeyVault'], true)
# steps:
# - task: AzureCLI@2
# displayName: "Deploy Key Vault"
# inputs:
# azureSubscription: $(AZURESUBSCRIPTION)
# scriptType: pscore
# scriptLocation: inlineScript
# inlineScript: "az deployment group create --name $(INTERNALKEYVAULTNAME) --resource-group $(INTERNALRESOURCEGROUPNAME) --template-file build/templates/template-key-vault-resources.json --parameters keyVaultName=$(INTERNALKEYVAULTNAME) objectId=$(INTERNALKEYVAULTOBJECTID)"

- job: Create_App_Registrations
displayName: "Create App Registrations"
dependsOn: Deploy_Key_Vault
# dependsOn: Deploy_Key_Vault
steps:
- checkout: none
- template: createAppRegistrations.yml
Expand Down