diff --git a/.gitignore b/.gitignore index b9b796d..9c73269 100644 --- a/.gitignore +++ b/.gitignore @@ -46,4 +46,7 @@ go.sum Gemfile.lock # Mac folder attribute file -.DS_Store \ No newline at end of file +.DS_Store + +# a developer can copy his/her own files in a me/ folder without having them in git +**/me/ diff --git a/Dockerfile b/Dockerfile index 91c54da..44b47f4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -20,6 +20,12 @@ ENV ARM_TENANT_ID=${BUILD_ARM_TENANT_ID} ENV ARM_TEST_LOCATION=${BUILD_ARM_TEST_LOCATION} ENV ARM_TEST_LOCATION_ALT=${BUILD_ARM_TEST_LOCATION_ALT} +# Set environment variables for go. +ENV AZURE_SUBSCRIPTION_ID=${BUILD_ARM_SUBSCRIPTION_ID} +ENV AZURE_CLIENT_ID=${BUILD_ARM_CLIENT_ID} +ENV AZURE_CLIENT_SECRET=${BUILD_ARM_CLIENT_SECRET} +ENV AZURE_TENANT_ID=${BUILD_ARM_TENANT_ID} + # Set work directory. RUN mkdir -p /go/src/${MODULE_NAME} COPY . /go/src/${MODULE_NAME} diff --git a/README.md b/README.md index a427423..1fdcfce 100644 --- a/README.md +++ b/README.md @@ -36,6 +36,7 @@ The configuration below can be used to deploy Linux DevOps agents using Azure Co ```hcl module "aci-devops-agent" { source = "Azure/aci-devops-agent/azurerm" + version = "0.9.2" resource_group_name = "rg-linux-devops-agents" location = "westeurope" enable_vnet_integration = false @@ -49,6 +50,8 @@ module "aci-devops-agent" { docker_tag = "0.2-linux" cpu = 1 memory = 4 + user_assigned_identity_ids = [] + use_system_assigned_identity = false } azure_devops_org_name = "DEVOPS_ORG_NAME" azure_devops_personal_access_token = "DEVOPS_PERSONAL_ACCESS_TOKEN" @@ -70,6 +73,7 @@ terraform destroy ``` #### Terraform ACI DevOps Agents - Deploy Linux agents in an existing virtual network + *Note: Virtual Network integration is only supported for Linux Containers in ACI. This part [does not apply to Windows Containers](https://docs.microsoft.com/en-us/azure/container-instances/container-instances-virtual-network-concepts#other-limitations).* The configuration below can be used to deploy Azure DevOps agents in Linux containers, in an existing virtual network. @@ -104,6 +108,7 @@ resource "azurerm_subnet" "aci-subnet" { module "aci-devops-agent" { source = "Azure/aci-devops-agent/azurerm" + version = "0.9.2" resource_group_name = "rg-linux-devops-agents" location = "westeurope" enable_vnet_integration = true @@ -120,6 +125,8 @@ module "aci-devops-agent" { docker_tag = "0.2-linux" cpu = 1 memory = 4 + user_assigned_identity_ids = [] + use_system_assigned_identity = false } azure_devops_org_name = "DEVOPS_ORG_NAME" @@ -148,6 +155,7 @@ The configuration below can be used to deploy Azure DevOps Linux and Windows age ```hcl module "aci-devops-agent" { source = "Azure/aci-devops-agent/azurerm" + version = "0.9.2" resource_group_name = "rg-aci-devops-agents-we" location = "westeurope" enable_vnet_integration = false @@ -161,6 +169,8 @@ module "aci-devops-agent" { docker_tag = "0.2-linux" cpu = 1 memory = 4 + user_assigned_identity_ids = [] + use_system_assigned_identity = false } windows_agents_configuration = { @@ -199,6 +209,7 @@ This module allows to download the Docker images to use for the agents from a pr ```hcl module "aci-devops-agent" { source = "Azure/aci-devops-agent/azurerm" + version = "0.9.2" resource_group_name = "rg-linux-devops-agents" location = "westeurope" enable_vnet_integration = false @@ -212,6 +223,8 @@ module "aci-devops-agent" { docker_tag = "0.2-linux" cpu = 1 memory = 4 + user_assigned_identity_ids = [] + use_system_assigned_identity = false } azure_devops_org_name = "DEVOPS_ORG_NAME" azure_devops_personal_access_token = "DEVOPS_PERSONAL_ACCESS_TOKEN" @@ -238,6 +251,63 @@ You can destroy everything using `terraform destroy`: terraform destroy ``` +#### Terraform ACI DevOps Agents - Assign identities + +This module allows to assign both system and user assigned managed identities to the containers: + +NB: managed identities for container groups have limitations. Only Linux container groups that are not deployed to a virtual network can be assigned managed identities. See and for more details. + +```hcl +resource "azurerm_user_assigned_identity" "example1" { + resource_group_name = "rg-terraform-azure-devops-agents-e2e-tests-${var.random_suffix}" + location = var.location + + name = "identity1" +} +resource "azurerm_user_assigned_identity" "example2" { + resource_group_name = "rg-terraform-azure-devops-agents-e2e-tests-${var.random_suffix}" + location = var.location + + name = "identity2" +} +module "aci-devops-agent" { + source = "Azure/aci-devops-agent/azurerm" + version = "0.9.2" + resource_group_name = "rg-linux-devops-agents" + location = "westeurope" + enable_vnet_integration = false + create_resource_group = true + + linux_agents_configuration = { + agent_name_prefix = "linux-agent" + agent_pool_name = "DEVOPS_POOL_NAME" + count = 2, + docker_image = "jcorioland.azurecr.io/azure-devops/aci-devops-agent" + docker_tag = "0.2-linux" + cpu = 1 + memory = 4 + user_assigned_identity_ids = [azurerm_user_assigned_identity.example1.id, data.azurerm_identity.example2.id] + use_system_assigned_identity = true + } + azure_devops_org_name = "DEVOPS_ORG_NAME" + azure_devops_personal_access_token = "DEVOPS_PERSONAL_ACCESS_TOKEN" +} +``` + +Then, you can just Terraform it: + +```bash +terraform init +terraform plan -out aci-linux-devops-agents.plan +terraform apply "aci-linux-devops-agents.plan" +``` + +You can destroy everything using `terraform destroy`: + +```bash +terraform destroy +``` + ## Test ### Configurations @@ -260,7 +330,7 @@ We provide 2 ways to build, run, and test the module on a local development mach We provide simple script to quickly set up module development environment: ```sh -$ curl -sSL https://raw.githubusercontent.com/Azure/terramodtest/master/tool/env_setup.sh | sudo bash +curl -sSL https://raw.githubusercontent.com/Azure/terramodtest/master/tool/env_setup.sh | sudo bash ``` #### Run test @@ -268,9 +338,9 @@ $ curl -sSL https://raw.githubusercontent.com/Azure/terramodtest/master/tool/env Then simply run it in local shell: ```sh -$ bundle install -$ rake build -$ rake full +bundle install +rake build +rake full ``` ### Docker @@ -286,13 +356,20 @@ We provide a Dockerfile to build a new image based `FROM` the `microsoft/terrafo This builds the custom image: ```sh -$ docker build --build-arg BUILD_ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID --build-arg BUILD_ARM_CLIENT_ID=$ARM_CLIENT_ID --build-arg BUILD_ARM_CLIENT_SECRET=$ARM_CLIENT_SECRET --build-arg BUILD_ARM_TENANT_ID=$ARM_TENANT_ID -t azure-devops-agent-aci-test . +docker build \ + --build-arg BUILD_ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID \ + --build-arg BUILD_ARM_CLIENT_ID=$ARM_CLIENT_ID \ + --build-arg BUILD_ARM_CLIENT_SECRET=$ARM_CLIENT_SECRET \ + --build-arg BUILD_ARM_TENANT_ID=$ARM_TENANT_ID \ + -t azure-devops-agent-aci-test . ``` +NB: cf `az ad sp create-for-rbac --help` to get build-arg values + This runs the build and unit tests: ```sh -$ docker run --rm \ +docker run --rm \ -e TF_VAR_azure_devops_org_name=$AZDO_ORG_NAME \ -e TF_VAR_azure_devops_personal_access_token=$AZDO_PAT \ -e TF_VAR_azure_devops_pool_name=$AZDO_POOL_NAME \ @@ -302,7 +379,7 @@ $ docker run --rm \ This runs the end to end tests: ```sh -$ docker run --rm \ +docker run --rm \ -e TF_VAR_azure_devops_org_name=$AZDO_ORG_NAME \ -e TF_VAR_azure_devops_personal_access_token=$AZDO_PAT \ -e TF_VAR_azure_devops_pool_name=$AZDO_POOL_NAME \ @@ -312,7 +389,7 @@ $ docker run --rm \ This runs the full tests: ```sh -$ docker run --rm \ +docker run --rm \ -e TF_VAR_azure_devops_org_name=$AZDO_ORG_NAME \ -e TF_VAR_azure_devops_personal_access_token=$AZDO_PAT \ -e TF_VAR_azure_devops_pool_name=$AZDO_POOL_NAME \ diff --git a/Rakefile b/Rakefile index 2ef9aa8..628b7ce 100644 --- a/Rakefile +++ b/Rakefile @@ -30,7 +30,7 @@ end namespace :integration do task :test do - success = system ("cd test && go test -v ./ -timeout 30m -parallel 1") + success = system ("cd test && go test -v ./ -timeout 60m -parallel 1") if not success raise "ERROR: Go test failed!\n".red end diff --git a/main.tf b/main.tf index f77594f..14bcbd9 100644 --- a/main.tf +++ b/main.tf @@ -19,6 +19,15 @@ data "azurerm_subnet" "subnet" { resource_group_name = var.vnet_resource_group_name } +locals { + # umi == user managed identity, smi == system managed identity + use_umi = length(var.linux_agents_configuration.user_assigned_identity_ids) > 0 + use_smi = var.linux_agents_configuration.use_system_assigned_identity + identity_block_smi = local.use_smi && !local.use_umi ? [1] : [] + identity_block_umi = local.use_umi && !local.use_smi ? [1] : [] + identity_block_umi_and_smi = local.use_umi && local.use_smi ? [1] : [] +} + # Linux Agents - deployed only if variable linux_agents_configuration.count > 0 resource "azurerm_network_profile" "linux_network_profile" { @@ -78,6 +87,31 @@ resource "azurerm_container_group" "linux-container-group" { server = var.image_registry_credential.server } } + + # identity block generated depending on cases + # if a system assigned managed identity only is requested + dynamic "identity" { + for_each = local.identity_block_smi + content { + type = "SystemAssigned" + } + } + # if user assigned managed identities only are requested + dynamic "identity" { + for_each = local.identity_block_umi + content { + type = "UserAssigned" + identity_ids = var.linux_agents_configuration.user_assigned_identity_ids + } + } + # if both system and user assigned managed identities are requested + dynamic "identity" { + for_each = local.identity_block_umi_and_smi + content { + type = "SystemAssigned, UserAssigned" + identity_ids = var.linux_agents_configuration.user_assigned_identity_ids + } + } } # Windows Agents - deployed only if variable windows_agents_configuration.count > 0 diff --git a/test/azure_devops_agent_aci_test.go b/test/azure_devops_agent_aci_test.go index 223f0be..89f95db 100644 --- a/test/azure_devops_agent_aci_test.go +++ b/test/azure_devops_agent_aci_test.go @@ -6,6 +6,7 @@ import ( "math/rand" "os" "strconv" + "strings" "testing" "time" @@ -13,6 +14,8 @@ import ( test_structure "github.com/gruntwork-io/terratest/modules/test-structure" "github.com/microsoft/azure-devops-go-api/azuredevops" "github.com/microsoft/azure-devops-go-api/azuredevops/taskagent" + "github.com/Azure/azure-sdk-for-go/services/containerinstance/mgmt/2020-11-01/containerinstance" + "github.com/Azure/go-autorest/autorest/azure/auth" ) // This function tests the deployment of Azure DevOps Linux agents @@ -78,6 +81,94 @@ func TestDeployAzureDevOpsLinuxAgents(t *testing.T) { }) } +// This function tests the deployment of Azure DevOps Linux agents with managed identities +func TestDeployAzureDevOpsLinuxAgentsWithManagedIdentities(t *testing.T) { + t.Parallel() + + fixtureFolder := "./fixture/linux-agents-managed-identities" + + // generate a random suffix for the test + rand.Seed(time.Now().UnixNano()) + randomInt := rand.Intn(9999) + randomSuffix := strconv.Itoa(randomInt) + os.Setenv("TF_VAR_random_suffix", randomSuffix) + + // randomize the agent pool name + devopsPoolName := os.Getenv("TF_VAR_azure_devops_pool_name") + testPoolName := fmt.Sprintf("%s-%s", devopsPoolName, randomSuffix) + os.Setenv("TF_VAR_azure_devops_pool_name", testPoolName) + + devopsOrganizationName := os.Getenv("TF_VAR_azure_devops_org_name") + devopsPersonalAccessToken := os.Getenv("TF_VAR_azure_devops_personal_access_token") + devopsOrganizationURL := fmt.Sprintf("https://dev.azure.com/%s", devopsOrganizationName) + + defer deleteAzureDevOpsAgentTestPool(testPoolName, devopsOrganizationURL, devopsPersonalAccessToken) + err := createAzureDevOpsAgentTestPool(testPoolName, devopsOrganizationURL, devopsPersonalAccessToken) + if err != nil { + t.Fatalf("Cannot create Azure DevOps agent pool for the test: %v", err) + } + + // Deploy the example + test_structure.RunTestStage(t, "setup", func() { + terraformOptions := configureTerraformOptions(t, fixtureFolder) + + // Save the options so later test stages can use them + test_structure.SaveTerraformOptions(t, fixtureFolder, terraformOptions) + + // This will init and apply the resources and fail the test if there are any errors + terraform.InitAndApply(t, terraformOptions) + }) + + // Check whether the length of output meets the requirement + test_structure.RunTestStage(t, "validate", func() { + // add wait time for ACI to get connectivity + time.Sleep(45 * time.Second) + + // ensure deployment was successful + expectedAgentsCount := 2 + + actualAgentsCount, err := getAgentsCount(testPoolName, devopsOrganizationURL, devopsPersonalAccessToken) + + if err != nil { + t.Fatalf("Cannot retrieve the number of agents that were deployed: %v", err) + } + + if expectedAgentsCount != actualAgentsCount { + t.Fatalf("Test failed. Expected number of agents is %d. Actual number of agents is %d", expectedAgentsCount, actualAgentsCount) + } + + // ensure managed identities were assigned: 1 system identity, 2 user assigned identities + expectedAgentSystemIdentitiesCount := 1 + expectedAgentUserAssignedIdentitiesCount := 2 + + terraformOptions := test_structure.LoadTerraformOptions(t, fixtureFolder) + // remove quotes because of https://github.com/hashicorp/terraform/issues/27100 + resourceGroupName := removeQuotes(terraform.Output(t, terraformOptions, "resource_group_name")) + linuxContainerGroupName := removeQuotes(terraform.Output(t, terraformOptions, "linux_container_group_name")) + + systemIdentitiesCount, userAssignedIdentitiesCount, err := getAgentIdentitiesCount(resourceGroupName, linuxContainerGroupName) + + if err != nil { + t.Fatalf("Cannot retrieve the identities for agents that were deployed: %v", err) + } + + if expectedAgentSystemIdentitiesCount != systemIdentitiesCount || expectedAgentUserAssignedIdentitiesCount != userAssignedIdentitiesCount { + t.Fatalf("Test failed. System identities: %d (actual) vs %d (expected), user assigned identities %d (actual) vs %d (expected)", + systemIdentitiesCount, expectedAgentSystemIdentitiesCount, userAssignedIdentitiesCount, expectedAgentUserAssignedIdentitiesCount) + } + + if expectedAgentUserAssignedIdentitiesCount != userAssignedIdentitiesCount { + t.Fatalf("Test failed. Expected number of agent user assigned identities is %d. Actual number of agent user assigned identities is %d", expectedAgentUserAssignedIdentitiesCount, userAssignedIdentitiesCount) + } + }) + + // At the end of the test, clean up any resources that were created + test_structure.RunTestStage(t, "teardown", func() { + terraformOptions := test_structure.LoadTerraformOptions(t, fixtureFolder) + terraform.Destroy(t, terraformOptions) + }) +} + // This function tests the deployment of Azure DevOps Linux agents into an existing virtual network func TestDeployAzureDevOpsLinuxAgentsInVirtualNetwork(t *testing.T) { t.Parallel() @@ -330,6 +421,38 @@ func getAgentsCount(devopsPoolName string, devopsOrganizationURL string, devopsP return len(*agents), nil } +func getAgentIdentitiesCount(resourceGroupName string, containerGroupName string) (int, int, error) { + systemAssignedIdentitiesCount := 0 + userAssignedIdentitiesCount := 0 + + azSubscriptionId := os.Getenv("AZURE_SUBSCRIPTION_ID") + ctx := context.Background() + + authorizer, err := auth.NewAuthorizerFromEnvironment() + if err != nil { + return -1, -1, err + } + + containerGroupsClient := containerinstance.NewContainerGroupsClient(azSubscriptionId) + containerGroupsClient.Authorizer = authorizer + containerGroup, err := containerGroupsClient.Get(ctx, resourceGroupName, containerGroupName) + if err != nil { + return -1, -1, err + } + + if containerGroup.Identity != nil { + if strings.Contains(fmt.Sprintf("%s", containerGroup.Identity.Type), "SystemAssigned") { + systemAssignedIdentitiesCount = 1 + } + + if containerGroup.Identity.UserAssignedIdentities != nil { + userAssignedIdentitiesCount = len(containerGroup.Identity.UserAssignedIdentities) + } + } + + return systemAssignedIdentitiesCount, userAssignedIdentitiesCount, nil +} + func createAzureDevOpsAgentTestPool(devopsPoolName string, devopsOrganizationURL string, devopsPersonalAccessToken string) error { ctx := context.Background() devopsConnection := azuredevops.NewPatConnection(devopsOrganizationURL, devopsPersonalAccessToken) @@ -389,3 +512,13 @@ func getAgentPool(ctx context.Context, devopsTaskAgentClient taskagent.Client, d return &(*matchingAgentPools)[0], nil } + +func removeQuotes(s string) (string) { + if len(s) > 0 && s[0] == '"' { + s = s[1:] + } + if len(s) > 0 && s[len(s)-1] == '"' { + s = s[:len(s)-1] + } + return s +} \ No newline at end of file diff --git a/test/fixture/linux-agents-import-rg/main.tf b/test/fixture/linux-agents-import-rg/main.tf index 3a41940..94cedb8 100644 --- a/test/fixture/linux-agents-import-rg/main.tf +++ b/test/fixture/linux-agents-import-rg/main.tf @@ -8,13 +8,15 @@ module "aci-devops-agent" { enable_vnet_integration = false create_resource_group = false linux_agents_configuration = { - agent_name_prefix = "linuxagent-${var.random_suffix}" - count = var.agents_count - docker_image = var.agent_docker_image - docker_tag = var.agent_docker_tag - agent_pool_name = var.azure_devops_pool_name - cpu = 1 - memory = 4 + agent_name_prefix = "linuxagent-${var.random_suffix}" + count = var.agents_count + docker_image = var.agent_docker_image + docker_tag = var.agent_docker_tag + agent_pool_name = var.azure_devops_pool_name + cpu = 1 + memory = 4 + user_assigned_identity_ids = [] + use_system_assigned_identity = false } resource_group_name = azurerm_resource_group.rg.name location = azurerm_resource_group.rg.location diff --git a/test/fixture/linux-agents-managed-identities/main.tf b/test/fixture/linux-agents-managed-identities/main.tf new file mode 100644 index 0000000..698b6be --- /dev/null +++ b/test/fixture/linux-agents-managed-identities/main.tf @@ -0,0 +1,38 @@ +locals { + resource_group_name = "rg-terraform-azure-devops-agents-e2e-tests-${var.random_suffix}" +} +resource "azurerm_resource_group" "rg" { + name = local.resource_group_name + location = var.location +} +resource "azurerm_user_assigned_identity" "example1" { + resource_group_name = azurerm_resource_group.rg.name + location = azurerm_resource_group.rg.location + name = "identity1" +} +resource "azurerm_user_assigned_identity" "example2" { + resource_group_name = azurerm_resource_group.rg.name + location = azurerm_resource_group.rg.location + name = "identity2" +} +module "aci-devops-agent" { + source = "../../../" + enable_vnet_integration = false + create_resource_group = false + linux_agents_configuration = { + agent_name_prefix = "linuxagent-${var.random_suffix}" + count = var.agents_count + docker_image = var.agent_docker_image + docker_tag = var.agent_docker_tag + agent_pool_name = var.azure_devops_pool_name + cpu = 1 + memory = 4 + user_assigned_identity_ids = [azurerm_user_assigned_identity.example1.id, azurerm_user_assigned_identity.example2.id] + use_system_assigned_identity = true + } + resource_group_name = azurerm_resource_group.rg.name + location = var.location + azure_devops_org_name = var.azure_devops_org_name + azure_devops_personal_access_token = var.azure_devops_personal_access_token + depends_on = [azurerm_resource_group.rg] +} \ No newline at end of file diff --git a/test/fixture/linux-agents-managed-identities/output.tf b/test/fixture/linux-agents-managed-identities/output.tf new file mode 100644 index 0000000..b1acb80 --- /dev/null +++ b/test/fixture/linux-agents-managed-identities/output.tf @@ -0,0 +1,8 @@ +output "resource_group_name" { + value = azurerm_resource_group.rg.name + description = "resource group where linux container agent are deployed" +} +output "linux_container_group_name" { + value = module.aci-devops-agent.linux_agents_names[0] + description = "name of the first Linux container group" +} diff --git a/test/fixture/linux-agents-managed-identities/provider.tf b/test/fixture/linux-agents-managed-identities/provider.tf new file mode 100644 index 0000000..49f3ab5 --- /dev/null +++ b/test/fixture/linux-agents-managed-identities/provider.tf @@ -0,0 +1,12 @@ +terraform { + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = ">= 2.0" + } + } +} + +provider "azurerm" { + features {} +} \ No newline at end of file diff --git a/test/fixture/linux-agents-managed-identities/variables.tf b/test/fixture/linux-agents-managed-identities/variables.tf new file mode 100644 index 0000000..c128a26 --- /dev/null +++ b/test/fixture/linux-agents-managed-identities/variables.tf @@ -0,0 +1,43 @@ +variable "azure_devops_org_name" { + type = string + description = "The name of the Azure DevOps organization in which the containerized agents will be deployed (e.g. https://dev.azure.com/YOUR_ORGANIZATION_NAME, must exist)" +} + +variable "azure_devops_pool_name" { + type = string + description = "The name of the Azure DevOps agent pool in which the containerized agents will be deployed (must exist)" +} + +variable "azure_devops_personal_access_token" { + type = string + description = "The personal access token to use to connect to Azure DevOps (see https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/v2-windows?view=azure-devops#permissions)" +} + +variable "location" { + type = string + description = "The Azure location to use" + default = "westeurope" +} + +variable "agent_docker_image" { + type = string + description = "The Docker image to use for the Linux agent" + default = "jcorioland/aci-devops-agent" +} + +variable "agent_docker_tag" { + type = string + description = "The Docker tag to use for the Linux agent" + default = "0.2-linux" +} + +variable "agents_count" { + type = number + description = "The number of agents to create" + default = 2 +} + +variable "random_suffix" { + type = number + description = "A random suffix for resources generated during the test" +} diff --git a/test/fixture/linux-agents-private-registry/main.tf b/test/fixture/linux-agents-private-registry/main.tf index 4ff5ff2..c8602e8 100644 --- a/test/fixture/linux-agents-private-registry/main.tf +++ b/test/fixture/linux-agents-private-registry/main.tf @@ -3,13 +3,15 @@ module "aci-devops-agent" { enable_vnet_integration = false create_resource_group = true linux_agents_configuration = { - agent_name_prefix = "linuxagent-${var.random_suffix}" - count = var.agents_count - docker_image = var.agent_docker_image - docker_tag = var.agent_docker_tag - agent_pool_name = var.azure_devops_pool_name - cpu = 1 - memory = 4 + agent_name_prefix = "linuxagent-${var.random_suffix}" + count = var.agents_count + docker_image = var.agent_docker_image + docker_tag = var.agent_docker_tag + agent_pool_name = var.azure_devops_pool_name + cpu = 1 + memory = 4 + user_assigned_identity_ids = [] + use_system_assigned_identity = false } image_registry_credential = { username = var.docker_registry_username diff --git a/test/fixture/linux-agents-vnet/main.tf b/test/fixture/linux-agents-vnet/main.tf index d7c527d..e8098fa 100644 --- a/test/fixture/linux-agents-vnet/main.tf +++ b/test/fixture/linux-agents-vnet/main.tf @@ -34,13 +34,15 @@ module "aci-devops-agent" { vnet_name = azurerm_virtual_network.vnet.name subnet_name = azurerm_subnet.aci-subnet.name linux_agents_configuration = { - agent_name_prefix = "linuxagent-${var.random_suffix}" - count = var.agents_count - docker_image = var.agent_docker_image - docker_tag = var.agent_docker_tag - agent_pool_name = var.azure_devops_pool_name - cpu = 1 - memory = 4 + agent_name_prefix = "linuxagent-${var.random_suffix}" + count = var.agents_count + docker_image = var.agent_docker_image + docker_tag = var.agent_docker_tag + agent_pool_name = var.azure_devops_pool_name + cpu = 1 + memory = 4 + user_assigned_identity_ids = [] + use_system_assigned_identity = false } resource_group_name = "rg-terraform-azure-devops-agents-e2e-tests-${var.random_suffix}" location = var.location diff --git a/test/fixture/linux-agents/main.tf b/test/fixture/linux-agents/main.tf index fb2c701..bebc73a 100644 --- a/test/fixture/linux-agents/main.tf +++ b/test/fixture/linux-agents/main.tf @@ -3,13 +3,15 @@ module "aci-devops-agent" { enable_vnet_integration = false create_resource_group = true linux_agents_configuration = { - agent_name_prefix = "linuxagent-${var.random_suffix}" - count = var.agents_count - docker_image = var.agent_docker_image - docker_tag = var.agent_docker_tag - agent_pool_name = var.azure_devops_pool_name - cpu = 1 - memory = 4 + agent_name_prefix = "linuxagent-${var.random_suffix}" + count = var.agents_count + docker_image = var.agent_docker_image + docker_tag = var.agent_docker_tag + agent_pool_name = var.azure_devops_pool_name + cpu = 1 + memory = 4 + user_assigned_identity_ids = [] + use_system_assigned_identity = false } resource_group_name = "rg-terraform-azure-devops-agents-e2e-tests-${var.random_suffix}" location = var.location diff --git a/test/fixture/linux-and-windows-agents/main.tf b/test/fixture/linux-and-windows-agents/main.tf index ae2b270..94eee54 100644 --- a/test/fixture/linux-and-windows-agents/main.tf +++ b/test/fixture/linux-and-windows-agents/main.tf @@ -3,13 +3,15 @@ module "aci-devops-agent" { enable_vnet_integration = false create_resource_group = true linux_agents_configuration = { - agent_name_prefix = "linux-agent-${var.random_suffix}" - count = 2, - docker_image = var.linux_agent_docker_image - docker_tag = var.linux_agent_docker_tag - agent_pool_name = var.linux_azure_devops_pool_name - cpu = 1 - memory = 4 + agent_name_prefix = "linux-agent-${var.random_suffix}" + count = 2, + docker_image = var.linux_agent_docker_image + docker_tag = var.linux_agent_docker_tag + agent_pool_name = var.linux_azure_devops_pool_name + cpu = 1 + memory = 4 + user_assigned_identity_ids = [] + use_system_assigned_identity = false } windows_agents_configuration = { agent_name_prefix = "windows-agent-${var.random_suffix}" diff --git a/test/go.mod b/test/go.mod index ba3571b..45f9a56 100644 --- a/test/go.mod +++ b/test/go.mod @@ -1,9 +1,14 @@ module test -go 1.13 +go 1.14 require ( github.com/docker/distribution v2.7.1+incompatible github.com/gruntwork-io/terratest v0.27.2 github.com/microsoft/azure-devops-go-api/azuredevops v1.0.0-b1 + github.com/Azure/azure-sdk-for-go v55.1.0+incompatible + github.com/Azure/go-autorest/autorest v0.11.19 + github.com/Azure/go-autorest/autorest/azure/auth v0.5.7 + github.com/Azure/go-autorest/autorest/to v0.4.0 + github.com/Azure/go-autorest/autorest/validation v0.3.1 ) diff --git a/variables.tf b/variables.tf index ce6aba6..751a5d0 100644 --- a/variables.tf +++ b/variables.tf @@ -50,23 +50,27 @@ variable "azure_devops_personal_access_token" { variable "linux_agents_configuration" { type = object({ - count = string, - docker_image = string, - docker_tag = string, - agent_name_prefix = string, - agent_pool_name = string, - cpu = string, - memory = string + count = string, + docker_image = string, + docker_tag = string, + agent_name_prefix = string, + agent_pool_name = string, + cpu = string, + memory = string, + user_assigned_identity_ids = list(string), + use_system_assigned_identity = bool }) description = "(Optional) The configuration of the Linux agents to deploy" default = { - count = 0, - docker_image = "", - docker_tag = "", - agent_name_prefix = "", - agent_pool_name = "", - cpu = "1", - memory = "2" + count = 0, + docker_image = "", + docker_tag = "", + agent_name_prefix = "", + agent_pool_name = "", + cpu = "1", + memory = "2", + user_assigned_identity_ids = [], + use_system_assigned_identity = false } }