From f6e345ec4e60c14b96b36eda5b1c2edc9eee8ee2 Mon Sep 17 00:00:00 2001 From: Jared Holgate Date: Thu, 23 Jan 2025 10:27:44 +0000 Subject: [PATCH 1/5] fix: support sp auth for requirements --- src/ALZ/Private/Tools/Test-Tooling.ps1 | 70 +++++++++++++++++--------- 1 file changed, 45 insertions(+), 25 deletions(-) diff --git a/src/ALZ/Private/Tools/Test-Tooling.ps1 b/src/ALZ/Private/Tools/Test-Tooling.ps1 index 3ddc415..2f63575 100644 --- a/src/ALZ/Private/Tools/Test-Tooling.ps1 +++ b/src/ALZ/Private/Tools/Test-Tooling.ps1 @@ -41,36 +41,56 @@ function Test-Tooling { $hasFailure = $true } - # Check if Azure CLI is installed - Write-Verbose "Checking Azure CLI installation" - $azCliPath = Get-Command az -ErrorAction SilentlyContinue - if ($azCliPath) { - $checkResults += @{ - message = "Azure CLI is installed." - result = "Success" - } - } else { - $checkResults += @{ - message = "Azure CLI is not installed. Follow the instructions here: https://learn.microsoft.com/en-us/cli/azure/install-azure-cli" - result = "Failure" + # Check if using Service Principal Auth + $nonAzCliEnvVars = @( + "ARM_CLIENT_ID", + "ARM_SUBSCRIPTION_ID", + "ARM_TENANT_ID" + ) + + $envVarsSet = $true + foreach($envVar in $nonAzCliEnvVars) { + $envVarValue = [System.Environment]::GetEnvironmentVariable($envVar) + if($envVarValue -eq $null -or $envVarValue -eq "") { + $envVarsSet = $false + break } - $hasFailure = $true } - # Check if Azure CLI is logged in - Write-Verbose "Checking Azure CLI login status" - $azCliAccount = $(az account show -o json) | ConvertFrom-Json - if ($azCliAccount) { - $checkResults += @{ - message = "Azure CLI is logged in. Tenant ID: $($azCliAccount.tenantId), Subscription: $($azCliAccount.name) ($($azCliAccount.id))" - result = "Success" - } + if($envVarsSet) { + Write-InformationColored "Using Service Principal Authentication, skipping Azure CLI checks" -ForegroundColor Yellow -NewLineBefore -InformationAction Continue } else { - $checkResults += @{ - message = "Azure CLI is not logged in. Please login to Azure CLI using 'az login -t `"00000000-0000-0000-0000-000000000000}`"', replacing the empty GUID with your tenant ID." - result = "Failure" + # Check if Azure CLI is installed + Write-Verbose "Checking Azure CLI installation" + $azCliPath = Get-Command az -ErrorAction SilentlyContinue + if ($azCliPath) { + $checkResults += @{ + message = "Azure CLI is installed." + result = "Success" + } + } else { + $checkResults += @{ + message = "Azure CLI is not installed. Follow the instructions here: https://learn.microsoft.com/en-us/cli/azure/install-azure-cli" + result = "Failure" + } + $hasFailure = $true + } + + # Check if Azure CLI is logged in + Write-Verbose "Checking Azure CLI login status" + $azCliAccount = $(az account show -o json) | ConvertFrom-Json + if ($azCliAccount) { + $checkResults += @{ + message = "Azure CLI is logged in. Tenant ID: $($azCliAccount.tenantId), Subscription: $($azCliAccount.name) ($($azCliAccount.id))" + result = "Success" + } + } else { + $checkResults += @{ + message = "Azure CLI is not logged in. Please login to Azure CLI using 'az login -t `"00000000-0000-0000-0000-000000000000}`"', replacing the empty GUID with your tenant ID." + result = "Failure" + } + $hasFailure = $true } - $hasFailure = $true } # Check if latest ALZ module is installed From f325088ccfba9fffe296df85e74cae0f6d344bde Mon Sep 17 00:00:00 2001 From: Jared Holgate Date: Thu, 23 Jan 2025 11:04:22 +0000 Subject: [PATCH 2/5] Improve validation and remove set sub id --- .../Invoke-Terraform.ps1 | 7 +++ src/ALZ/Private/Tools/Test-Tooling.ps1 | 54 ++++++++++++++++++- 2 files changed, 59 insertions(+), 2 deletions(-) diff --git a/src/ALZ/Private/Deploy-Accelerator-Helpers/Invoke-Terraform.ps1 b/src/ALZ/Private/Deploy-Accelerator-Helpers/Invoke-Terraform.ps1 index 3c16a9b..e65ad26 100644 --- a/src/ALZ/Private/Deploy-Accelerator-Helpers/Invoke-Terraform.ps1 +++ b/src/ALZ/Private/Deploy-Accelerator-Helpers/Invoke-Terraform.ps1 @@ -25,6 +25,7 @@ function Invoke-Terraform { if ($PSCmdlet.ShouldProcess("Apply Terraform", "modify")) { # Check and Set Subscription ID + $removeSubscriptionId = $false if($null -eq $env:ARM_SUBSCRIPTION_ID -or $env:ARM_SUBSCRIPTION_ID -eq "") { Write-Verbose "Setting environment variable ARM_SUBSCRIPTION_ID" $subscriptionId = $(az account show --query id -o tsv) @@ -33,6 +34,7 @@ function Invoke-Terraform { return } $env:ARM_SUBSCRIPTION_ID = $subscriptionId + $removeSubscriptionId = $true Write-Verbose "Environment variable ARM_SUBSCRIPTION_ID set to $subscriptionId" } @@ -144,6 +146,11 @@ function Invoke-Terraform { $exitCode = $LASTEXITCODE } + if($removeSubscriptionId) { + Write-Verbose "Removing environment variable ARM_SUBSCRIPTION_ID that was set prior to this run" + Remove-Item $env:ARM_SUBSCRIPTION_ID = $null + } + # Stop and display timer $StopWatch.Stop() if(!$silent) { diff --git a/src/ALZ/Private/Tools/Test-Tooling.ps1 b/src/ALZ/Private/Tools/Test-Tooling.ps1 index 2f63575..90e3da6 100644 --- a/src/ALZ/Private/Tools/Test-Tooling.ps1 +++ b/src/ALZ/Private/Tools/Test-Tooling.ps1 @@ -42,6 +42,7 @@ function Test-Tooling { } # Check if using Service Principal Auth + Write-Verbose "Checking Azure environment variables" $nonAzCliEnvVars = @( "ARM_CLIENT_ID", "ARM_SUBSCRIPTION_ID", @@ -49,17 +50,66 @@ function Test-Tooling { ) $envVarsSet = $true + $envVarValid = $true + $envVarUnique = $true + $envVarAtLeastOneSet = $false + $envVarsWithValue = @() + $checkedEnvVars = @() foreach($envVar in $nonAzCliEnvVars) { $envVarValue = [System.Environment]::GetEnvironmentVariable($envVar) - if($envVarValue -eq $null -or $envVarValue -eq "") { + if($envVarValue -eq $null -or $envVarValue -eq "" ) { $envVarsSet = $false break } + $envVarAtLeastOneSet = $true + $envVarsWithValue += $envVar + if($envVarValue -notmatch("^(\{){0,1}[0-9a-fA-F]{8}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{12}(\}){0,1}$")) { + $envVarValid = $false + break + } + if($checkedEnvVars -contains $envVarValue) { + $envVarUnique = $false + break + } + $checkedEnvVars += $envVarValue } if($envVarsSet) { - Write-InformationColored "Using Service Principal Authentication, skipping Azure CLI checks" -ForegroundColor Yellow -NewLineBefore -InformationAction Continue + Write-Verbose "Using Service Principal Authentication, skipping Azure CLI checks" + if($envVarValid -and $envVarUnique) { + $checkResults += @{ + message = "Azure environment variables are set and are valid unique GUIDs." + result = "Success" + } + } + + if(-not $envVarValid) { + $checkResults += @{ + message = "Azure environment variables are set, but are not valid GUIDs." + result = "Failure" + } + } + + if (-not $envVarUnique) { + $envVarValidationOutput = "" + foreach($envVar in $nonAzCliEnvVars) { + $envVarValue = [System.Environment]::GetEnvironmentVariable($envVar) + $envVarValidationOutput += " $envVar ($envVarValue)" + } + $checkResults += @{ + message = "Azure environment variables are set, but are not unique GUIDs. There is at least one duplicate:$envVarValidationOutput." + result = "Failure" + } + } + $hasFailure = $true } else { + if($envVarAtLeastOneSet) { + $checkResults += @{ + message = "At least one environment variables is set, but the other expected environment variables are not set. This could cause Terraform to fail in unexpected ways. Set environment variables: $($envVarsWithValue -join " ")." + result = "Warning" + } + } + # Check if Azure CLI is installed Write-Verbose "Checking Azure CLI installation" $azCliPath = Get-Command az -ErrorAction SilentlyContinue From 366c0879c8af5c9471cee38cc591143fed0e0697 Mon Sep 17 00:00:00 2001 From: Jared Holgate Date: Thu, 23 Jan 2025 11:22:34 +0000 Subject: [PATCH 3/5] Colour the warning --- src/ALZ/Private/Tools/Test-Tooling.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/src/ALZ/Private/Tools/Test-Tooling.ps1 b/src/ALZ/Private/Tools/Test-Tooling.ps1 index 90e3da6..3e270d3 100644 --- a/src/ALZ/Private/Tools/Test-Tooling.ps1 +++ b/src/ALZ/Private/Tools/Test-Tooling.ps1 @@ -166,6 +166,7 @@ function Test-Tooling { switch ($_.result) { 'Success' { $color = "92"; break } 'Failure' { $color = "91"; break } + 'Warning' { $color = "93"; break } default { $color = "0" } } $e = [char]27 From a954c7c789de864a9da04c6d227495f1377f0d6c Mon Sep 17 00:00:00 2001 From: Jared Holgate Date: Thu, 23 Jan 2025 11:34:55 +0000 Subject: [PATCH 4/5] Fix validation and colour warning --- src/ALZ/Private/Tools/Test-Tooling.ps1 | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/src/ALZ/Private/Tools/Test-Tooling.ps1 b/src/ALZ/Private/Tools/Test-Tooling.ps1 index 3e270d3..aca580c 100644 --- a/src/ALZ/Private/Tools/Test-Tooling.ps1 +++ b/src/ALZ/Private/Tools/Test-Tooling.ps1 @@ -59,17 +59,17 @@ function Test-Tooling { $envVarValue = [System.Environment]::GetEnvironmentVariable($envVar) if($envVarValue -eq $null -or $envVarValue -eq "" ) { $envVarsSet = $false - break + continue } $envVarAtLeastOneSet = $true $envVarsWithValue += $envVar if($envVarValue -notmatch("^(\{){0,1}[0-9a-fA-F]{8}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{12}(\}){0,1}$")) { $envVarValid = $false - break + continue } if($checkedEnvVars -contains $envVarValue) { $envVarUnique = $false - break + continue } $checkedEnvVars += $envVarValue } @@ -85,7 +85,7 @@ function Test-Tooling { if(-not $envVarValid) { $checkResults += @{ - message = "Azure environment variables are set, but are not valid GUIDs." + message = "Azure environment variables are set, but are not all valid GUIDs." result = "Failure" } } @@ -104,8 +104,13 @@ function Test-Tooling { $hasFailure = $true } else { if($envVarAtLeastOneSet) { + $envVarValidationOutput = "" + foreach($envVar in $envVarsWithValue) { + $envVarValue = [System.Environment]::GetEnvironmentVariable($envVar) + $envVarValidationOutput += " $envVar ($envVarValue)" + } $checkResults += @{ - message = "At least one environment variables is set, but the other expected environment variables are not set. This could cause Terraform to fail in unexpected ways. Set environment variables: $($envVarsWithValue -join " ")." + message = "At least one environment variable is set, but the other expected environment variables are not set. This could cause Terraform to fail in unexpected ways. Set environment variables:$envVarValidationOutput." result = "Warning" } } From b9b5150a18543dc4199ad2c3ba59dd27438a4fd6 Mon Sep 17 00:00:00 2001 From: Jared Holgate Date: Thu, 23 Jan 2025 11:39:36 +0000 Subject: [PATCH 5/5] Move failure flag --- src/ALZ/Private/Tools/Test-Tooling.ps1 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/ALZ/Private/Tools/Test-Tooling.ps1 b/src/ALZ/Private/Tools/Test-Tooling.ps1 index aca580c..d9da6ed 100644 --- a/src/ALZ/Private/Tools/Test-Tooling.ps1 +++ b/src/ALZ/Private/Tools/Test-Tooling.ps1 @@ -88,6 +88,7 @@ function Test-Tooling { message = "Azure environment variables are set, but are not all valid GUIDs." result = "Failure" } + $hasFailure = $true } if (-not $envVarUnique) { @@ -100,8 +101,8 @@ function Test-Tooling { message = "Azure environment variables are set, but are not unique GUIDs. There is at least one duplicate:$envVarValidationOutput." result = "Failure" } + $hasFailure = $true } - $hasFailure = $true } else { if($envVarAtLeastOneSet) { $envVarValidationOutput = ""