Improve security on kusto ingestion (#24987)

vidai-msft · web-flow · commit 1ef937a366ad · 2024-05-27T12:58:53.000+08:00
diff --git a/.azure-pipelines/live-test.yml b/.azure-pipelines/live-test.yml
@@ -240,3 +240,13 @@ stages:
         targetType: filePath
         filePath: ./tools/TestFx/Live/SendLiveTestReport.ps1
         arguments: -EmailServiceConnectionString '$(EmailServiceConnectionString)' -EmailFrom '$(EmailFrom)'
+
+    - task: AzurePowerShell@5
+      displayName: Save live test results
+      condition: or(eq(variables['Build.Reason'], 'Schedule'), eq(variables['Build.SourceBranch'], 'refs/heads/internal/release'))
+      inputs:
+        pwsh: true
+        azurePowerShellVersion: latestVersion
+        azureSubscription: $(KustoServiceConnectionName)
+        scriptType: filePath
+        scriptPath: ./tools/TestFx/Live/SaveLiveTestResult.ps1
diff --git a/.azure-pipelines/util/live-test-steps.yml b/.azure-pipelines/util/live-test-steps.yml
@@ -134,23 +134,6 @@ jobs:
       filePath: ./tools/TestFx/Live/InvokeLiveTestCITask.ps1
       arguments: -UseWindowsPowerShell ('${{ parameters.psVersion }}' -eq '5.1') -ScriptFile './tools/TestFx/Live/InvokeLiveTestScenarios.ps1 -OSVersion ${{ parameters.vmImage }} -RunPlatform ${{ parameters.osType }} -RunPowerShell ${{ parameters.psVersion }}'
 
-  - template: get-keyvault-secret-steps.yml
-    parameters:
-      serviceConnectionName: $(KustoServiceConnectionName)
-      keyVaultName: $(KustoServicePrincipalKeyVaultName)
-      secretName: $(KustoServicePrincipalSecretName)
-      outVar: 'KustoServicePrincipalSecret'
-      execCondition: and(succeeded(), ne(variables['skipLatest'], 'true'))
-
-  - task: PowerShell@2
-    displayName: Save live test results to Kusto
-    condition: and(succeeded(), ne(variables['skipLatest'], 'true'), or(eq(variables['Build.Reason'], 'Schedule'), eq(variables['Build.SourceBranch'], 'refs/heads/internal/release')))
-    inputs:
-      pwsh: true
-      targetType: filePath
-      filePath: ./tools/TestFx/Live/SaveLiveTestResult.ps1
-      arguments: $(KustoTenantId) $(KustoServicePrincipalId) $(KustoServicePrincipalSecret) $(KustoClusterName) $(KustoClusterRegion)
-
   - task: PublishPipelineArtifact@1
     displayName: Publish live test results to pipeline artifact
     condition: and(succeeded(), ne(variables['skipLatest'], 'true'))
diff --git a/tools/TestFx/Live/SaveLiveTestResult.ps1 b/tools/TestFx/Live/SaveLiveTestResult.ps1
@@ -1,32 +1,17 @@
-param (
-    [Parameter(Mandatory, Position = 0)]
-    [ValidateNotNullOrEmpty()]
-    [guid] $TenantId,
+$ltResults = Get-ChildItem -Path ${env:DATALOCATION} -Filter "LiveTestAnalysis" -Directory -Recurse -ErrorAction SilentlyContinue | Get-ChildItem -Filter "Raw" -Directory | Get-ChildItem -Filter "*.csv" -File | Select-Object -ExpandProperty FullName
+if ($null -ne $ltResults) {
+    Write-Host "##[group]Start uploading live test results."
 
-    [Parameter(Mandatory, Position = 1)]
-    [ValidateNotNullOrEmpty()]
-    [guid] $ServicePrincipalId,
+    $localDate = [DateTime]::UtcNow.AddHours(8).ToString("yyyy-MM-dd")
+    $context = New-AzStorageContext -StorageAccountName ${env:STORAGEACCOUNTNAME}
+    $ltResults | ForEach-Object {
+        $ltCsv = $_
+        $ltCsvCore = Split-Path -Path $ltCsv -Parent | Split-Path -Parent | Split-Path -Parent | Split-Path -Leaf
+        $ltCsvName = Split-Path -Path $ltCsv -Leaf
+        Set-AzStorageBlobContent -Container ${env:STORAGEBLOBCONTAINERNAME} -Blob "$localDate/$ltCsvCore/$ltCsvName" -File $ltCsv -Context $context -Force
 
-    [Parameter(Mandatory, Position = 2)]
-    [ValidateNotNullOrEmpty()]
-    [string] $ServicePrincipalSecret,
+        Write-Host "##[section]Uploaded live test result $ltCsv."
+    }
 
-    [Parameter(Mandatory, Position = 3)]
-    [ValidateNotNullOrEmpty()]
-    [string] $ClusterName,
-
-    [Parameter(Mandatory, Position = 4)]
-    [ValidateNotNullOrEmpty()]
-    [string] $ClusterRegion
-)
-
-$ltDir = Join-Path -Path ${env:DATALOCATION} -ChildPath "LiveTestAnalysis" | Join-Path -ChildPath "Raw"
-$ltResults = Get-ChildItem -Path $ltDir -Filter "*.csv" -File -ErrorAction SilentlyContinue | Select-Object -ExpandProperty FullName
-
-if (![string]::IsNullOrEmpty($ltResults)) {
-    Import-Module "./tools/TestFx/Utilities/KustoUtility.psd1" -ArgumentList $TenantId, $ServicePrincipalId, $ServicePrincipalSecret, $ClusterName, $ClusterRegion -Force
-    Add-KustoData -DatabaseName ${env:LIVETESTDATABASENAME} -TableName ${env:LIVETESTTABLENAME} -CsvFile $ltResults
-}
-else {
-    Write-Host "##[warning]No live test data was found."
+    Write-Host "##[endgroup]"
 }
