From b3d3140659c32f41f1439420ab19fb173d51b655 Mon Sep 17 00:00:00 2001 From: Tony Schneider Date: Mon, 3 Jun 2024 10:59:47 -0500 Subject: [PATCH] add functions and related assets to deploy shared e2e environment to new tenant --- hack/devtools/deploy-shared-env.sh | 32 ++++ pkg/deploy/assets/e2e-aro-spn-keyvault.json | 40 +++++ pkg/deploy/assets/e2e-secret-storage.json | 155 ++++++++++++++++++++ 3 files changed, 227 insertions(+) create mode 100644 pkg/deploy/assets/e2e-aro-spn-keyvault.json create mode 100644 pkg/deploy/assets/e2e-secret-storage.json diff --git a/hack/devtools/deploy-shared-env.sh b/hack/devtools/deploy-shared-env.sh index 4835a6cc2..4e25bcb17 100644 --- a/hack/devtools/deploy-shared-env.sh +++ b/hack/devtools/deploy-shared-env.sh @@ -60,6 +60,14 @@ deploy_oic_dev() { "storageAccountDomain=$(echo ${RESOURCEGROUP//-})" >/dev/null } +deploy_rp_managed_identity() { + echo "########## Deploying RP Managed Identity (for hive/aks) in RG $RESOURCEGROUP ##########" + az deployment group create \ + -g "$RESOURCEGROUP" \ + -n rp-managed-identity \ + --template-file pkg/deploy/assets/rp-production-managed-identity.json +} + deploy_aks_dev() { echo "########## Deploying aks-development in RG $RESOURCEGROUP ##########" az deployment group create \ @@ -240,6 +248,30 @@ clean_env() { done } +deploy_e2e_secret_storage() { + az deployment group create \ + --name e2esecretstorage \ + --resource-group global-infra \ + --parameters storageAccounts_e2earosecrets_name=$SECRET_SA_ACCOUNT_NAME \ + --template-file pkg/deploy/assets/e2e-secret-storage.json +} + +deploy_aro_spn_keyvault() { + az deployment group create \ + --name aroe2eprincipals \ + --resource-group global-infra \ + --parameters \ + "vaults_aro_e2e_principals_name=$VAULTS_ARO_E2E_PRINCIPALS_NAME" \ + "tenant_id=$AZURE_TENANT_ID" \ + --template-file pkg/deploy/assets/e2e-aro-spn-keyvault.json +} + +deploy_aro_spns() { + # Create ARO cluster service principals + + +} + echo "##########################################" echo "##### ARO V4 Dev Env helper sourced ######" echo "##########################################" diff --git a/pkg/deploy/assets/e2e-aro-spn-keyvault.json b/pkg/deploy/assets/e2e-aro-spn-keyvault.json new file mode 100644 index 000000000..03950f77e --- /dev/null +++ b/pkg/deploy/assets/e2e-aro-spn-keyvault.json @@ -0,0 +1,40 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "vaults_aro_e2e_principals_name": { + "defaultValue": "aro-classic-e2e-principals", + "type": "String" + }, + "tenant_id":{ + "defaultValue": "93b21e64-4824-439a-b893-46c9b2a51082", + "type": "String" + } + }, + "variables": {}, + "resources": [ + { + "type": "Microsoft.KeyVault/vaults", + "apiVersion": "2023-07-01", + "name": "[parameters('vaults_aro_e2e_principals_name')]", + "location": "eastus", + "properties": { + "sku": { + "family": "A", + "name": "Standard" + }, + "tenantId": "[parameters('tenant_id')]", + "accessPolicies": [], + "enabledForDeployment": false, + "enabledForDiskEncryption": false, + "enabledForTemplateDeployment": false, + "enableSoftDelete": true, + "softDeleteRetentionInDays": 90, + "enableRbacAuthorization": true, + "vaultUri": "[concat('https://', parameters('vaults_aro_e2e_principals_name'), '.vault.azure.net/')]", + "provisioningState": "Succeeded", + "publicNetworkAccess": "Enabled" + } + } + ] +} diff --git a/pkg/deploy/assets/e2e-secret-storage.json b/pkg/deploy/assets/e2e-secret-storage.json new file mode 100644 index 000000000..f880ef330 --- /dev/null +++ b/pkg/deploy/assets/e2e-secret-storage.json @@ -0,0 +1,155 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "storageAccounts_e2earosecrets_name": { + "defaultValue": "e2earoclassicsecrets", + "type": "String" + } + }, + "variables": {}, + "resources": [ + { + "type": "Microsoft.Storage/storageAccounts", + "apiVersion": "2023-04-01", + "name": "[parameters('storageAccounts_e2earosecrets_name')]", + "location": "eastus", + "sku": { + "name": "Standard_RAGRS", + "tier": "Standard" + }, + "kind": "StorageV2", + "properties": { + "dnsEndpointType": "Standard", + "defaultToOAuthAuthentication": false, + "publicNetworkAccess": "Enabled", + "allowCrossTenantReplication": true, + "minimumTlsVersion": "TLS1_2", + "allowBlobPublicAccess": true, + "allowSharedKeyAccess": true, + "networkAcls": { + "bypass": "AzureServices", + "virtualNetworkRules": [], + "ipRules": [], + "defaultAction": "Allow" + }, + "supportsHttpsTrafficOnly": true, + "encryption": { + "requireInfrastructureEncryption": false, + "services": { + "file": { + "keyType": "Account", + "enabled": true + }, + "blob": { + "keyType": "Account", + "enabled": true + } + }, + "keySource": "Microsoft.Storage" + }, + "accessTier": "Hot" + } + }, + { + "type": "Microsoft.Storage/storageAccounts/blobServices", + "apiVersion": "2023-04-01", + "name": "[concat(parameters('storageAccounts_e2earosecrets_name'), '/default')]", + "dependsOn": [ + "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccounts_e2earosecrets_name'))]" + ], + "sku": { + "name": "Standard_RAGRS", + "tier": "Standard" + }, + "properties": { + "changeFeed": { + "enabled": false + }, + "restorePolicy": { + "enabled": false + }, + "containerDeleteRetentionPolicy": { + "enabled": true, + "days": 7 + }, + "cors": { + "corsRules": [] + }, + "deleteRetentionPolicy": { + "allowPermanentDelete": false, + "enabled": true, + "days": 7 + }, + "isVersioningEnabled": true + } + }, + { + "type": "Microsoft.Storage/storageAccounts/fileServices", + "apiVersion": "2023-04-01", + "name": "[concat(parameters('storageAccounts_e2earosecrets_name'), '/default')]", + "dependsOn": [ + "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccounts_e2earosecrets_name'))]" + ], + "sku": { + "name": "Standard_RAGRS", + "tier": "Standard" + }, + "properties": { + "protocolSettings": { + "smb": {} + }, + "cors": { + "corsRules": [] + }, + "shareDeleteRetentionPolicy": { + "enabled": true, + "days": 7 + } + } + }, + { + "type": "Microsoft.Storage/storageAccounts/queueServices", + "apiVersion": "2023-04-01", + "name": "[concat(parameters('storageAccounts_e2earosecrets_name'), '/default')]", + "dependsOn": [ + "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccounts_e2earosecrets_name'))]" + ], + "properties": { + "cors": { + "corsRules": [] + } + } + }, + { + "type": "Microsoft.Storage/storageAccounts/tableServices", + "apiVersion": "2023-04-01", + "name": "[concat(parameters('storageAccounts_e2earosecrets_name'), '/default')]", + "dependsOn": [ + "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccounts_e2earosecrets_name'))]" + ], + "properties": { + "cors": { + "corsRules": [] + } + } + }, + { + "type": "Microsoft.Storage/storageAccounts/blobServices/containers", + "apiVersion": "2023-04-01", + "name": "[concat(parameters('storageAccounts_e2earosecrets_name'), '/default/secrets')]", + "dependsOn": [ + "[resourceId('Microsoft.Storage/storageAccounts/blobServices', parameters('storageAccounts_e2earosecrets_name'), 'default')]", + "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccounts_e2earosecrets_name'))]" + ], + "properties": { + "immutableStorageWithVersioning": { + "enabled": false + }, + "defaultEncryptionScope": "$account-encryption-key", + "denyEncryptionScopeOverride": false, + "publicAccess": "None" + } + } + ] +} \ No newline at end of file