Skip to content

Commit 0b53f77

Browse files
author
Sheyla Trudo
committed
fixup! Move to Resource Module
1 parent 12c74d9 commit 0b53f77

File tree

3 files changed

+130
-1
lines changed

3 files changed

+130
-1
lines changed

.pipelines/templates/artifact-storage.steps.yaml

Lines changed: 76 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,11 @@ steps:
1818
echo >&2 "##vso[task.setvariable variable=ACNCI_BUILD_SP_APP_OID;isoutput=true;]$SP_APP_OID"
1919
# Get Subscription ID.
2020
SUBSCRIPTION_ID=$(az account show | jq -rc '.id')
21+
SUBSCRIPTION_NAME=$(az account show | jq -rc '.name')
22+
TENANT_ID=$(az account show | jq -rc '.tenantId')
2123
echo >&2 "##vso[task.setvariable variable=ACNCI_BUILD_SUBSCRIPTION_ID;isoutput=true;issecret=true]$SUBSCRIPTION_ID"
24+
echo >&2 "##vso[task.setvariable variable=ACNCI_BUILD_SUBSCRIPTION_NAME;isoutput=true;issecret=true]$SUBSCRIPTION_NAME"
25+
echo >&2 "##vso[task.setvariable variable=ACNCI_BUILD_TENANTID;isoutput=true;issecret=true]$TENANT_ID"
2226
2327
2428
## Resource Groups ##
@@ -142,6 +146,78 @@ steps:
142146
MI_LIST: $(OUT_RESULT)
143147
MI_LIST_LENGTH: $(OUT_RESULT_LENGTH)
144148

149+
## MI Service Connection
150+
151+
- template: get-resources.steps.yaml
152+
parameters:
153+
resourceType: serviceconnection
154+
serviceConnection: $(ACN_TEST_SERVICE_CONNECTION)
155+
inputs:
156+
resourceGroupName: $(resourcegroups.ACNCI_BUILD_RESOURCEGROUP)
157+
buildTagDefinitionIdKey: $(ACNCI_BUILDTAG_DEFINITIONID)
158+
buildTagCreatedByAppIdKey: $(ACNCI_BUILDTAG_CREATEDBYAPPID)
159+
# SERVICECONNECTION_PRINCIPALID: ${{ parameters.inputs.serviceConnectionPrincipalId }}
160+
# SUBSCRIPTION_ID: ${{ parameters.inputs.subscriptionId }}
161+
# SUBSCRIPTION_NAME: ${{ parameters.inputs.subscriptionName }}
162+
# SERVICECONNECTION_TENANTID: ${{ parameters.inputs.tenantId }}
163+
# SERVICECONNECTION_NAME: ${{ parameters.inputs.serviceConnectionName }}
164+
165+
- template: create-or-update-resource.steps.yaml
166+
parameters:
167+
resourceType: serviceconnection
168+
serviceConnection: $(ACN_TEST_SERVICE_CONNECTION)
169+
createCondition: |
170+
and(succeeded(),
171+
or(not(variables.OUT_RESULT_LENGTH),
172+
eq(variables.OUT_RESULT_LENGTH, 'null'),
173+
lt(variables.OUT_RESULT_LENGTH, 1)))
174+
updateCondition: False
175+
inputs:
176+
serviceConnectionName: $(managedidentity.ACNCI_MANAGEDIDENTITY_NAME)-serviceconnection
177+
serviceConnectionPrincipalId: $(managedidentity.ACNCI_MANAGEDIDENTITY_OBJECTID)
178+
subscriptionId: $(build.ACNCI_BUILD_SUBSCRIPTION_ID)
179+
subscriptionName: $(build.ACNCI_BUILD_SUBSCRIPTION_NAME)
180+
tenantId: $(build.ACNCI_BUILD_TENANT_ID)
181+
buildTagDefinitionIdKey: $(ACNCI_BUILDTAG_DEFINITIONID)
182+
buildTagCreatedByAppIdKey: $(ACNCI_BUILDTAG_CREATEDBYAPPID)
183+
buildTagCreatedByBuildIdKey: $(ACNCI_BUILDTAG_CREATEDBYBUILDID)
184+
185+
- task: AzureCLI@2
186+
name: managedidentity
187+
displayName: "[Output] Build User ServiceConnection Details"
188+
inputs:
189+
azureSubscription: $(ACN_TEST_SERVICE_CONNECTION)
190+
scriptType: bash
191+
scriptLocation: inlineScript
192+
addSpnToEnvironment: true
193+
inlineScript: |
194+
set -e
195+
[[ -n $SYSTEM_DEBUG ]] && [[ $SYSTEM_DEBUG =~ $IS_TRUE ]] && set -x || set +x
196+
197+
# Select MI to use
198+
RANDOM_SELECT=`tr -dc '1-9' < /dev/urandom | head -c${1:-7}`
199+
IDX=$(( "$RANDOM_SELECT" % "$SC_LIST_LENGTH" ))
200+
SC_DATA=$(echo "$SC_LIST" | jq --argjson IDX "$IDX" -rc '.[$IDX]')
201+
202+
echo "$SC_DATA"
203+
exit 1
204+
SC_ID=$(echo "$SC_DATA" | jq -r '.id')
205+
echo >&2 "##vso[task.setvariable variable=ACNCI_SERVICECONNECTION_ID;isoutput=true]$SC_ID"
206+
SC_PRINCIPALID=$(echo "$SC_DATA" | jq -r '.principalId')
207+
echo >&2 "##vso[task.setvariable variable=ACNCI_SERVICECONNECTION_NAME;isoutput=true]$SC_PRINCIPALID"
208+
SC_APPID=$(echo "$SC_DATA" | jq -r '.clientId')
209+
echo >&2 "##vso[task.setvariable variable=ACNCI_MANAGEDIDENTITY_APPID;isoutput=true]$SC_APPID"
210+
SC_NAME=$(echo "$SC_DATA" | jq -r '.name')
211+
echo >&2 "##vso[task.setvariable variable=ACNCI_MANAGEDIDENTITY_NAME;isoutput=true]$SC_NAME"
212+
env:
213+
SC_LIST: $(OUT_RESULT)
214+
SC_LIST_LENGTH: $(OUT_RESULT_LENGTH)
215+
216+
# SERVICECONNECTION_PRINCIPALID: ${{ parameters.inputs.serviceConnectionPrincipalId }}
217+
# SUBSCRIPTION_ID: ${{ parameters.inputs.subscriptionId }}
218+
# SUBSCRIPTION_NAME: ${{ parameters.inputs.subscriptionName }}
219+
# SERVICECONNECTION_TENANTID: ${{ parameters.inputs.tenantId }}
220+
# SERVICECONNECTION_NAME: ${{ parameters.inputs.serviceConnectionName }}
145221

146222
## MI Role Definition ##
147223

@@ -297,7 +373,6 @@ steps:
297373
- task: AzureCLI@2
298374
name: build_storage
299375
displayName: "[Provision] Establish Build Storage"
300-
condition: not(or(failed(), skipped()))
301376
inputs:
302377
azureSubscription: $(ACN_TEST_SERVICE_CONNECTION)
303378
scriptType: bash

.pipelines/templates/create-or-update-resource.steps.yaml

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@ parameters:
2323
- storageaccounts
2424
- roledefinition
2525
- managedidentity
26+
- serviceconnection
2627

2728
- name: inputs
2829
type: object
@@ -65,6 +66,13 @@ steps:
6566
MANAGEDIDENTITY_NAME: ${{ parameters.inputs.managedIdentityName }}
6667
MANAGEDIDENTITY_LOCATION: ${{ parameters.inputs.managedIdentityLocation }}
6768

69+
${{ elseif eq(parameters.resourceType, 'serviceconnection') }}:
70+
SERVICECONNECTION_PRINCIPALID: ${{ parameters.inputs.serviceConnectionPrincipalId }}
71+
SUBSCRIPTION_ID: ${{ parameters.inputs.subscriptionId }}
72+
SUBSCRIPTION_NAME: ${{ parameters.inputs.subscriptionName }}
73+
SERVICECONNECTION_TENANTID: ${{ parameters.inputs.tenantId }}
74+
SERVICECONNECTION_NAME: ${{ parameters.inputs.serviceConnectionName }}
75+
6876
inputs:
6977
azureSubscription: ${{ parameters.serviceConnection }}
7078
scriptType: bash
@@ -123,6 +131,24 @@ steps:
123131
"$ACNCI_BUILDTAG_CREATEDBYBUILDID"="$BUILD_BUILDID" \
124132
"$ACNCI_BUILDTAG_CREATEDBYAPPID"="$servicePrincipalId"
125133
134+
${{ elseif eq(parameters.resourceType, 'serviceconnection') }}:
135+
inlineScript: |
136+
set -e
137+
[[ -n $SYSTEM_DEBUG ]] && [[ $SYSTEM_DEBUG =~ $IS_TRUE ]] && set -x || set +x
138+
139+
az devops service-endpoint azurerm create \
140+
--org "https://dev.azure.com/msazure/" \
141+
--azure-rm-service-principal-id "$SERVICECONNECTION_PRINCIPALID" \
142+
--azure-rm-subscription-id "$SUBSCRIPTION_ID" \
143+
--azure-rm-subscription-name "$SUBSCRIPTION_NAME" \
144+
--azure-rm-tenant-id "$SERVICECONNECTION_TENANTID"\
145+
--name "SERVICECONNECTION_NAME" \
146+
--project "One" \
147+
--tags "$ACNCI_BUILDTAG_DEFINITIONID"="$SYSTEM_DEFINITIONID" \
148+
"$ACNCI_BUILDTAG_CREATEDBYBUILDID"="$BUILD_BUILDID" \
149+
"$ACNCI_BUILDTAG_CREATEDBYAPPID"="$servicePrincipalId"
150+
151+
126152
127153
- ${{ if parameters.refreshAfterCreation }}:
128154
# Update data list

.pipelines/templates/get-resources.steps.yaml

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@ parameters:
1111
- storageaccounts
1212
- roledefinition
1313
- managedidentity
14+
- serviceconnection
1415

1516
- name: inputs
1617
type: object
@@ -48,6 +49,10 @@ steps:
4849
${{ elseif eq(parameters.resourceType, 'managedidentity') }}:
4950
RESOURCEGROUP_NAME: ${{ parameters.inputs.resourceGroupName }}
5051

52+
${{ elseif eq(parameters.resourceType, 'serviceconnection') }}:
53+
# Allows use of az devops commands
54+
AZURE_DEVOPS_EXT_PAT: $(System.AccessToken)
55+
5156
inputs:
5257
azureSubscription: ${{ parameters.serviceConnection }}
5358
scriptType: bash
@@ -161,3 +166,26 @@ steps:
161166

162167
echo >&2 "##vso[task.setvariable variable=${VAR_NAME};]$MI_LIST"
163168
echo >&2 "##vso[task.setvariable variable=${VAR_NAME}_LENGTH;]$MI_LIST_LENGTH"
169+
170+
${{ elseif eq(parameters.resourceType, 'serviceconnection') }}:
171+
inlineScript: |
172+
set -eu
173+
[[ -n $SYSTEM_DEBUG ]] && [[ $SYSTEM_DEBUG =~ $IS_TRUE ]] && set -x || set +x
174+
175+
R_QUERY="[? tags.\""$BUILDTAG_DEFINITIONID"\" && tags.\""$BUILDTAG_CREATEDBYAPPID"\"]"
176+
# JSON of Returned Results
177+
R_LIST=$(az devops service-endpoint list \
178+
--query "$R_QUERY" -ojson | \
179+
jq -rc \
180+
--arg BUILDTAG_CREATEDBYAPPID "$BUILDTAG_CREATEDBYAPPID" \
181+
--arg APPID "$servicePrincipalId" \
182+
--arg BUILDTAG_DEFINITIONID "$BUILDTAG_DEFINITIONID" \
183+
--arg DEFINITIONID "$SYSTEM_DEFINITIONID" \
184+
'[ .[] | select(.tags[$BUILDTAG_DEFINITIONID] == $DEFINITIONID ) | select( .tags[$BUILDTAG_CREATEDBYAPPID] == $APPID) ]')
185+
DEF=$(echo "$R_LIST" | jq -rc .[0])
186+
DEFS_FOUND=$(echo "$R_LIST" | jq length)
187+
188+
# Export the available storage account list..
189+
# uses custom variable naming if specified.
190+
echo >&2 "##vso[task.setvariable variable=${VAR_NAME};]$DEF"
191+
echo >&2 "##vso[task.setvariable variable=${VAR_NAME}_LENGTH;]$DEFS_FOUND"

0 commit comments

Comments
 (0)