From 3d638efc9a28841988ad1ad1b01385813787f77b Mon Sep 17 00:00:00 2001 From: Rick Rainey Date: Tue, 2 Apr 2019 14:57:20 -0500 Subject: [PATCH 1/6] 1. Added -n switch to automated test to indicate whether or not to cleanup resources. 2.Added assertEqual function to compare resource values with expected values. This will become more useful as additional resource types are added to the tests. --- README.md | 6 ++- tests/acr-sp-init-test.sh | 88 ++++++++++++++++++++++----------------- 2 files changed, 54 insertions(+), 40 deletions(-) diff --git a/README.md b/README.md index 104c200..9a6cb90 100644 --- a/README.md +++ b/README.md @@ -26,11 +26,13 @@ The artifacts used to deploy this project include bash scripts and Terraform tem ### Automated Test -The automated test for this setup step is in `./tests/acr-sp-init-test.sh`. It can be executed at the command line as shown below, or as part of a CI pipeline. +The automated test for this setup step is in `./tests/acr-sp-init-test.sh`. It can be executed at the command line as shown below, or as part of a CI pipeline. If you don't want the test to cleanup resources, then pass the `-n` switch. ``` bash az login -./tests/acr-sp-init-sh + +# Run test and cleanup resources created. +./tests/acr-sp-init-test.sh ``` ## Setup Shared / Core Infrastructure diff --git a/tests/acr-sp-init-test.sh b/tests/acr-sp-init-test.sh index ae6d39d..42c5311 100755 --- a/tests/acr-sp-init-test.sh +++ b/tests/acr-sp-init-test.sh @@ -7,15 +7,25 @@ suffix="Cntso Dev" bash ../setup/acr-sp-init.sh -a $appName -l $location -s "${suffix}" +cleanup=true +while getopts "n" opt; do + case $opt in + n) + # Don't cleanup test resources. + cleanup=false + ;; + esac +done + # Expected resource group properties rgName="cblt-usea-rg-cntsodev" rgLocation="eastus" -expectedRgValues='['${rgName}','${rgLocation}']' +expectedRgValues='['\"${rgName}\"','\"${rgLocation}\"']' # Expected ACR properties acrName="cbltuseaacrcntsodev" acrLocation="eastus" -expectedAcrValues='['${acrName}','${acrLocation}']' +expectedAcrValues='['\"${acrName}\"','\"${acrLocation}\"']' # Expected service principal properties declare -A spAcrNameAndRole=( @@ -23,32 +33,36 @@ declare -A spAcrNameAndRole=( ["http://cblt-usea-sp-cntsodev-push"]="AcrPush" ) +function assertEqual() { + if [[ $# != 3 ]]; then + echo "Unexpected number of parameters passed to '$0'." + echo " Parameter 1 - expected value" + echo " Parameter 2 - actual value" + echo " Parameter 3 - description of resource" + exit 1; + fi + + if [[ "$1" != "$2" ]]; then + echo "Error: Unexpected '$3' values." + echo " Actual value: '$1'" + echo " Expected value: '$2'" + exit 1; + fi +} + # Assertions + # Test resource group echo "Testing resource group..." resourceValues=$(az group show --name $rgName --query '[name,location]' --output JSON) resourceValues=${resourceValues//[[:space:]]/} -resourceValues=${resourceValues//\"/} - -if [[ "$resourceValues" != "$expectedRgValues" ]]; then - echo "Error: Unexpected resource group values." - echo " Results returned '${resourceValues}'" - echo " expected '${expectedRgValues}'" - exit 1; -fi +assertEqual $resourceValues $expectedRgValues "resource group" # Test ACR echo "Testing container registry..." resourceValues=$(az acr show --name $acrName --query '[name,location]' --output JSON) resourceValues=${resourceValues//[[:space:]]/} -resourceValues=${resourceValues//\"/} - -if [[ "$resourceValues" != "$expectedAcrValues" ]]; then - echo "Error: Unexpected container registry values." - echo " Results returned '${resourceValues}'" - echo " expected '${expectedAcrValues}'" - exit 1; -fi +assertEqual $resourceValues $expectedAcrValues "container registry" # Test service principals echo "Testing service principals..." @@ -73,26 +87,24 @@ done echo "Tests passed successfully" -# Clean up tests results -echo "Cleaning up test resources" - -echo " Cleaning up service principals and role assignments..." -for spName in ${!spAcrNameAndRole[@]} -do - # Clean up service principals and role assignments - spAppId=$(az ad sp show --id ${spName} --query appId) - spAppId="${spAppId//\"}" - az ad sp delete --id ${spAppId} -done - -# Clean up container registry -echo " Cleaning up container registry..." -az acr delete --name ${acrName} - -# Clean up resource group -echo " Cleaning up resource group..." -az group delete --name ${rgName} --yes - +# Clean up tests resources +if [[ "$cleanup" == true ]]; then + echo "Cleaning up test resources" + echo " Cleaning up service principals and role assignments..." + for spName in ${!spAcrNameAndRole[@]} + do + # Clean up service principals and role assignments + spAppId=$(az ad sp show --id ${spName} --query appId) + spAppId="${spAppId//\"}" + az ad sp delete --id ${spAppId} + done + # Clean up container registry + echo " Cleaning up container registry..." + az acr delete --name ${acrName} + # Clean up resource group + echo " Cleaning up resource group..." + az group delete --name ${rgName} --yes +fi \ No newline at end of file From 0009b0eef108c0a7f239b138f80682781d6fbb68 Mon Sep 17 00:00:00 2001 From: Rick Rainey Date: Tue, 2 Apr 2019 16:22:00 -0500 Subject: [PATCH 2/6] Add newline character that github was complaining about. --- tests/acr-sp-init-test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/acr-sp-init-test.sh b/tests/acr-sp-init-test.sh index 42c5311..7eb6d45 100755 --- a/tests/acr-sp-init-test.sh +++ b/tests/acr-sp-init-test.sh @@ -107,4 +107,4 @@ if [[ "$cleanup" == true ]]; then # Clean up resource group echo " Cleaning up resource group..." az group delete --name ${rgName} --yes -fi \ No newline at end of file +fi From 858c9ff4f5ab7d7be3a3a67949a6f21230886c58 Mon Sep 17 00:00:00 2001 From: Rick Rainey Date: Wed, 3 Apr 2019 13:43:18 -0500 Subject: [PATCH 3/6] Corrected usage output for the assertEqual function. --- tests/acr-sp-init-test.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/acr-sp-init-test.sh b/tests/acr-sp-init-test.sh index 7eb6d45..8520bf4 100755 --- a/tests/acr-sp-init-test.sh +++ b/tests/acr-sp-init-test.sh @@ -36,8 +36,8 @@ declare -A spAcrNameAndRole=( function assertEqual() { if [[ $# != 3 ]]; then echo "Unexpected number of parameters passed to '$0'." - echo " Parameter 1 - expected value" - echo " Parameter 2 - actual value" + echo " Parameter 1 - actual value" + echo " Parameter 2 - expected value" echo " Parameter 3 - description of resource" exit 1; fi From dde7d9d2e4c28cf3c9a979c9f309694dd964f113 Mon Sep 17 00:00:00 2001 From: Rick Rainey Date: Wed, 3 Apr 2019 17:19:47 -0500 Subject: [PATCH 4/6] Added logic to test for existing ACR name. --- setup/acr-sp-init.sh | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/setup/acr-sp-init.sh b/setup/acr-sp-init.sh index bf9f5b4..d7f64e7 100755 --- a/setup/acr-sp-init.sh +++ b/setup/acr-sp-init.sh @@ -105,9 +105,27 @@ az group create --name $rgName --location $location # Create the container registry. acrName="${appname}${locationCode}acr${suffix}" -acrId=$(az acr create --resource-group $rgName --name $acrName --sku Standard --query id) +acrNameAvailable=$(az acr check-name --name $acrName --query nameAvailable) +if [[ "$acrNameAvailable" == false ]]; then + # Check to see if the ACR is already in the resource group and location we want. + # If it is, then we can just continue. Otherwise, we need to abort. + acrLocation="" + acrLocation=$(az acr show --name $acrName --resource-group $rgName --query location) + acrLocation="${acrLocation//\"}" + if [[ -z $acrLocation || $acrLocation != $location ]]; then + echo "Container registry '$acrName' already exists but is not in the requested resource group '$rgName' and location '$location'." + echo "Modify your script inputs so a unique DNS name can be inferred." + exit 1; + else + echo "Using existing container registry '$acrName' in resource group '$rgName'." + acrId=$(az acr show --name $acrName --resource-group $rgName --query id) + fi +else + echo "Creating container registry '$acrName' in resource group '$rgName'." + acrId=$(az acr create --resource-group $rgName --name $acrName --sku Standard --query id) + # ToDo: Should parameterize 'sku' in the future +fi acrId="${acrId//\"}" -# ToDo: Should parameterize 'sku' in the future # Used to find/create service principals and role assignments to ACR. declare -A spAcrNameAndRole=( From ffe84d08d8d79e0b2ca127caf08934fce83db833 Mon Sep 17 00:00:00 2001 From: Rick Rainey Date: Wed, 3 Apr 2019 18:46:00 -0500 Subject: [PATCH 5/6] Added logic to automated test cleanup to not try to delete service principals you don't have permissions to delete. --- tests/acr-sp-init-test.sh | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/tests/acr-sp-init-test.sh b/tests/acr-sp-init-test.sh index 8520bf4..ed9a18f 100755 --- a/tests/acr-sp-init-test.sh +++ b/tests/acr-sp-init-test.sh @@ -91,13 +91,22 @@ echo "Tests passed successfully" if [[ "$cleanup" == true ]]; then echo "Cleaning up test resources" - echo " Cleaning up service principals and role assignments..." for spName in ${!spAcrNameAndRole[@]} do - # Clean up service principals and role assignments + # Clean up role assignments + echo " Cleaning up role assignment '${spAcrNameAndRole[$spName]}' to ACR '$acrName' for service principal '$spName'." + az role assignment delete --assignee ${spName} --scope ${acrId} --role ${spAcrNameAndRole[$spName]} + + # Clean up service principals if it's mine to delete spAppId=$(az ad sp show --id ${spName} --query appId) spAppId="${spAppId//\"}" - az ad sp delete --id ${spAppId} + spIsMineToDelete=$(az ad sp list --show-mine --query '[].appId | contains(@, `'${spAppId}'`)') + if [[ "$spIsMineToDelete" == true ]]; then + echo " Cleaning up service principal '$spName'." + az ad sp delete --id $spAppId + else + echo " Not cleaning up service principal '$spName' in Azure AD because it belongs to another user." + fi done # Clean up container registry From 5bcd226c63c276683663f9f3e02537bafa67b029 Mon Sep 17 00:00:00 2001 From: Rick Rainey Date: Thu, 4 Apr 2019 11:05:17 -0500 Subject: [PATCH 6/6] Fix typo and minor formatting change. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 9a6cb90..4560d48 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ The artifacts used to deploy this project include bash scripts and Terraform tem ``` bash az login ``` -4. Run `acr-sp-init.sh`. For example, the command below will provdision an Azure Container Registry (ACR) in East US and configure the two service principals in Azure Active Directory; one with AcrPush permission and another with AcrPull permission scoped to the ACR. The script parameter values are used to construct the name of the resource group, ACR, and service principals. +4. Run `acr-sp-init.sh`. For example, the command below will provision an Azure Container Registry (ACR) in East US and configure the two service principals in Azure Active Directory; one with _AcrPush_ permission and another with _AcrPull_ permission scoped to the ACR. The script parameter values are used to construct the name of the resource group, ACR, and service principals. ``` bash $ ./acr-sp-init.sh -a Cblt -l eastus -s CoreProd