CSPL-4208: Fix aks integration test setup (#1609)

rlieberman-splunk · web-flow · commit 72dc0e62db0d · 2025-11-06T07:32:26.000-06:00
* try --no-ssh-key for aks create

* add role assignment

* set servicePrincipal

* comment dependency for now

* comment dependency for now

* use object id

* remove aad graph api

* update azure cli version

* update azure cli version

* update azure cli version

* update azure cli version

* cleanup
diff --git a/.env b/.env
@@ -3,7 +3,7 @@ REVIEWERS=vivekr-splunk,rlieberman-splunk,patrykw-splunk,Igor-splunk,kasiakoziol
 GO_VERSION=1.23.0
 AWSCLI_URL=https://awscli.amazonaws.com/awscli-exe-linux-x86_64-2.8.6.zip
 KUBECTL_VERSION=v1.29.1
-AZ_CLI_VERSION=2.30.0
+AZ_CLI_VERSION=2.79.0
 EKSCTL_VERSION=v0.215.0
 EKS_CLUSTER_K8_VERSION=1.34
 EKS_INSTANCE_TYPE=m5.2xlarge
diff --git a/.github/workflows/int-test-azure-workflow.yml b/.github/workflows/int-test-azure-workflow.yml
@@ -75,7 +75,18 @@ jobs:
       with:
         azcliversion: ${{ steps.dotenv.outputs.AZ_CLI_VERSION }}
         inlineScript: |
-          az aks create -n ${{ env.TEST_CLUSTER_NAME }} -g ${{ secrets.AZURE_RESOURCE_GROUP_NAME }} --generate-ssh-keys -l westus --service-principal ${{ secrets.AZURE_CREDENTIALS_CLIENT_ID }} --client-secret ${{ secrets.AZURE_CREDENTIALS_CLIENT_SECRET }} --node-count ${{ env.CLUSTER_WORKERS }} --node-vm-size standard_d8_v3
+          # Use Microsoft Graph-compatible SP lookup
+          SP_OBJECT_ID=$(az ad sp list --filter "appId eq '${{ secrets.AZURE_CREDENTIALS_CLIENT_ID }}'" --query "[].id" --output tsv)
+          if [ -z "$SP_OBJECT_ID" ]; then
+            echo "Service Principal Object ID not found. Check AZURE_CREDENTIALS_CLIENT_ID permission/scopes."
+            exit 1
+          fi
+
+          # Assign AcrPull role
+          az role assignment create --assignee-object-id $SP_OBJECT_ID --assignee-principal-type ServicePrincipal --role AcrPull --scope $(az acr show --name ${{ secrets.AZURE_CONTAINER_REGISTRY }} --query id --output tsv)
+
+          # Create AKS
+          az aks create -n ${{ env.TEST_CLUSTER_NAME }} -g ${{ secrets.AZURE_RESOURCE_GROUP_NAME }} --no-ssh-key -l westus --service-principal ${{ secrets.AZURE_CREDENTIALS_CLIENT_ID }} --client-secret ${{ secrets.AZURE_CREDENTIALS_CLIENT_SECRET }} --node-count ${{ env.CLUSTER_WORKERS }} --node-vm-size standard_d8_v3
     - name: Wait for Cluster to be Ready
       uses: azure/CLI@v1
       with:
