From a23fbe756aa2b1977e9737865ef8210c8b14fcb5 Mon Sep 17 00:00:00 2001 From: stijnmoreels <9039753+stijnmoreels@users.noreply.github.com> Date: Thu, 11 Jul 2024 08:47:32 +0200 Subject: [PATCH 01/17] chore: add bicep to deploy storage test resources --- build/deploy-test-resources.yml | 48 ++++++++++++++++++++++++++++ build/templates/test-resources.bicep | 32 +++++++++++++++++++ build/variables/test.yml | 2 ++ 3 files changed, 82 insertions(+) create mode 100644 build/deploy-test-resources.yml create mode 100644 build/templates/test-resources.bicep create mode 100644 build/variables/test.yml diff --git a/build/deploy-test-resources.yml b/build/deploy-test-resources.yml new file mode 100644 index 00000000..a00d65f9 --- /dev/null +++ b/build/deploy-test-resources.yml @@ -0,0 +1,48 @@ +name: Arcus Testing - Deploy test resources + +trigger: none +pr: none + +parameters: + - name: azureServiceConnection + displayName: 'Azure service connection' + type: string + default: 'Azure Codit-Arcus Service Principal' + - name: resourceGroupName + displayName: 'Resource group name' + default: arcus-testing-dev-we-rg + +variables: + - template: ./variables/build.yml + +resources: + repositories: + - repository: templates + type: github + name: arcus-azure/azure-devops-templates + endpoint: arcus-azure + +stages: + - stage: Deploy + jobs: + - job: DeployBicep + displayName: 'Deploy test resources' + pool: + vmImage: $(Vm.Image) + steps: + - task: AzureCLI@2 + env: + SYSTEM_ACCESSTOKEN: $(System.AccessToken) + inputs: + azureSubscription: '${{ parameters.azureServiceConnection }}' + addSpnToEnvironment: true + scriptType: 'pscore' + scriptLocation: 'inlineScript' + inlineScript: | + $deployOutput = az deployment sub create ` + --location westeurope ` + --template-file ./build/templates/test-resources.bicep ` + --parmeters location=westeurope ` + --parameters resourceGroupName=${{ parameters.resourceGroupName }} ` + --parameters storageAccountName=${{ variables['Arcus.Testing.StorageAccount.Name'] }} ` + diff --git a/build/templates/test-resources.bicep b/build/templates/test-resources.bicep new file mode 100644 index 00000000..f34e603a --- /dev/null +++ b/build/templates/test-resources.bicep @@ -0,0 +1,32 @@ +// Define the location for the deployment of the components. +param location string + +// Define the name of the resource group where the components will be deployed. +param resourceGroupName string + +// Define the name of the storage account that will be created. +param storageAccountName string + +targetScope = 'subscription' + +module resourceGroup 'br/public:avm/res/resources/resource-group:0.2.3' = { + name: 'resourceGroupDeployment' + params: { + name: resourceGroupName + location: location + } +} + +resource rg 'Microsoft.Resources/resourceGroups@2021-04-01' existing = { + name: resourceGroupName +} + +module storageAccount 'br/public:avm/res/storage/storage-account:0.9.1' = { + name: 'storageAccountDeployment' + scope: rg + params: { + name: storageAccountName + location: location + allowBlobPublicAccess: true + } +} diff --git a/build/variables/test.yml b/build/variables/test.yml new file mode 100644 index 00000000..a092a471 --- /dev/null +++ b/build/variables/test.yml @@ -0,0 +1,2 @@ +variables: + Arcus.Testing.StorageAccount.Name: 'arcustestingstorage' \ No newline at end of file From 23847eb307b385a9bacea0e97b4c820ab70b4563 Mon Sep 17 00:00:00 2001 From: stijnmoreels <9039753+stijnmoreels@users.noreply.github.com> Date: Thu, 11 Jul 2024 08:51:11 +0200 Subject: [PATCH 02/17] pr-fix: add test variables to deploy pipeline --- build/deploy-test-resources.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/build/deploy-test-resources.yml b/build/deploy-test-resources.yml index a00d65f9..c82c6bc4 100644 --- a/build/deploy-test-resources.yml +++ b/build/deploy-test-resources.yml @@ -14,6 +14,7 @@ parameters: variables: - template: ./variables/build.yml + - template: ./variables/test.yml resources: repositories: From 2e21ca97845002c0137ff3e2cf471f9cc41bd16b Mon Sep 17 00:00:00 2001 From: stijnmoreels <9039753+stijnmoreels@users.noreply.github.com> Date: Thu, 11 Jul 2024 08:53:35 +0200 Subject: [PATCH 03/17] pr-fix: remove invalid end backtic token in storge account name param --- build/deploy-test-resources.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/deploy-test-resources.yml b/build/deploy-test-resources.yml index c82c6bc4..ac0710c7 100644 --- a/build/deploy-test-resources.yml +++ b/build/deploy-test-resources.yml @@ -45,5 +45,5 @@ stages: --template-file ./build/templates/test-resources.bicep ` --parmeters location=westeurope ` --parameters resourceGroupName=${{ parameters.resourceGroupName }} ` - --parameters storageAccountName=${{ variables['Arcus.Testing.StorageAccount.Name'] }} ` + --parameters storageAccountName=${{ variables['Arcus.Testing.StorageAccount.Name'] }} From d8bcba3dc72856eb0869a10bd139bfd2d63ab183 Mon Sep 17 00:00:00 2001 From: stijnmoreels <9039753+stijnmoreels@users.noreply.github.com> Date: Thu, 11 Jul 2024 08:57:54 +0200 Subject: [PATCH 04/17] pr-fix: param name for location typo --- build/deploy-test-resources.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/deploy-test-resources.yml b/build/deploy-test-resources.yml index ac0710c7..2d6f1b74 100644 --- a/build/deploy-test-resources.yml +++ b/build/deploy-test-resources.yml @@ -43,7 +43,7 @@ stages: $deployOutput = az deployment sub create ` --location westeurope ` --template-file ./build/templates/test-resources.bicep ` - --parmeters location=westeurope ` + --parameters location=westeurope ` --parameters resourceGroupName=${{ parameters.resourceGroupName }} ` --parameters storageAccountName=${{ variables['Arcus.Testing.StorageAccount.Name'] }} From d47eb13a9dfa739e1b88786142512d6ab7f97974 Mon Sep 17 00:00:00 2001 From: stijnmoreels <9039753+stijnmoreels@users.noreply.github.com> Date: Fri, 12 Jul 2024 06:57:34 +0200 Subject: [PATCH 05/17] pr-chore: add managed identity connection as pipeline variables --- build/ci-build.yml | 50 ++++--------------------- build/deploy-test-resources.yml | 3 +- build/nuget-release.yml | 53 +++++---------------------- build/templates/integration-tests.yml | 44 ++++++++++++++++++++++ build/templates/test-resources.bicep | 36 ++++++++++++++++++ build/templates/unit-tests.yml | 23 ++++++++++++ build/variables/test.yml | 3 +- 7 files changed, 124 insertions(+), 88 deletions(-) create mode 100644 build/templates/integration-tests.yml create mode 100644 build/templates/unit-tests.yml diff --git a/build/ci-build.yml b/build/ci-build.yml index 5d638c60..32ad91a4 100644 --- a/build/ci-build.yml +++ b/build/ci-build.yml @@ -18,6 +18,10 @@ parameters: - name: 'Package.Version.ManualTrigger' type: string default: 'preview' + - name: azureServiceConnection + displayName: 'Azure service connection' + type: string + default: 'Azure Codit-Arcus Service Principal' resources: repositories: @@ -67,54 +71,16 @@ stages: dependsOn: Build condition: succeeded() jobs: - - job: UnitTests - displayName: 'Run unit tests' - pool: - vmImage: '$(Vm.Image)' - steps: - - task: DownloadPipelineArtifact@2 - displayName: 'Download build artifacts' - inputs: - artifact: 'Build' - path: '$(Build.SourcesDirectory)' - - task: UseDotNet@2 - displayName: 'Import .NET SDK ($(DotNet.Sdk.VersionBC))' - inputs: - packageType: 'sdk' - version: '$(DotNet.Sdk.VersionBC)' - - template: test/run-unit-tests.yml@templates - parameters: - dotnetSdkVersion: '$(DotNet.Sdk.Version)' - projectName: '$(Project).Tests.Unit' - includePreviewVersions: $(DotNet.Sdk.IncludePreviewVersions) + - template: templates/unit-tests.yml - stage: IntegrationTests displayName: Integration Tests dependsOn: Build condition: succeeded() jobs: - - job: IntegrationTests - displayName: 'Run integration tests' - pool: - vmImage: '$(Vm.Image)' - steps: - - task: DownloadPipelineArtifact@2 - displayName: 'Download build artifacts' - inputs: - artifact: 'Build' - path: '$(Build.SourcesDirectory)' - - task: UseDotNet@2 - displayName: 'Import .NET SDK ($(DotNet.Sdk.VersionBC))' - inputs: - packageType: 'sdk' - version: '$(DotNet.Sdk.VersionBC)' - - template: test/run-integration-tests.yml@templates - parameters: - dotnetSdkVersion: '$(DotNet.Sdk.Version)' - projectName: '$(Project).Tests.Integration' - category: 'Integration' - includePreviewVersions: $(DotNet.Sdk.IncludePreviewVersions) - + - template: templates/integration-tests.yml + inputs: + azureServiceConnection: '${{ parameters.azureServiceConnection }}' - stage: ReleaseToMyget displayName: 'Release to MyGet' diff --git a/build/deploy-test-resources.yml b/build/deploy-test-resources.yml index 2d6f1b74..6bc97e0b 100644 --- a/build/deploy-test-resources.yml +++ b/build/deploy-test-resources.yml @@ -45,5 +45,4 @@ stages: --template-file ./build/templates/test-resources.bicep ` --parameters location=westeurope ` --parameters resourceGroupName=${{ parameters.resourceGroupName }} ` - --parameters storageAccountName=${{ variables['Arcus.Testing.StorageAccount.Name'] }} - + --parameters storageAccountName=${{ variables['Arcus.Testing.StorageAccount.Name'] }} \ No newline at end of file diff --git a/build/nuget-release.yml b/build/nuget-release.yml index 25f24ba6..67081d93 100644 --- a/build/nuget-release.yml +++ b/build/nuget-release.yml @@ -6,6 +6,10 @@ pr: none parameters: - name: 'Package.Version' type: 'string' + - name: azureServiceConnection + displayName: 'Azure service connection' + type: string + default: 'Azure Codit-Arcus Service Principal' resources: repositories: @@ -55,53 +59,16 @@ stages: dependsOn: Build condition: succeeded() jobs: - - job: UnitTests - displayName: 'Run unit tests' - pool: - vmImage: '$(Vm.Image)' - steps: - - task: DownloadPipelineArtifact@2 - displayName: 'Download build artifacts' - inputs: - artifact: 'Build' - path: '$(Build.SourcesDirectory)' - - task: UseDotNet@2 - displayName: 'Import .NET SDK ($(DotNet.Sdk.VersionBC))' - inputs: - packageType: 'sdk' - version: '$(DotNet.Sdk.VersionBC)' - - template: test/run-unit-tests.yml@templates - parameters: - dotnetSdkVersion: '$(DotNet.Sdk.Version)' - projectName: '$(Project).Tests.Unit' - includePreviewVersions: $(DotNet.Sdk.IncludePreviewVersions) - + - template: templates/unit-tests.yml - stage: IntegrationTests displayName: Integration Tests dependsOn: Build condition: succeeded() jobs: - - job: IntegrationTests - displayName: 'Run integration tests' - pool: - vmImage: '$(Vm.Image)' - steps: - - task: DownloadPipelineArtifact@2 - displayName: 'Download build artifacts' - inputs: - artifact: 'Build' - path: '$(Build.SourcesDirectory)' - - task: UseDotNet@2 - displayName: 'Import .NET SDK ($(DotNet.Sdk.VersionBC))' - inputs: - packageType: 'sdk' - version: '$(DotNet.Sdk.VersionBC)' - - template: test/run-integration-tests.yml@templates - parameters: - dotnetSdkVersion: '$(DotNet.Sdk.Version)' - projectName: '$(Project).Tests.Integration' - includePreviewVersions: $(DotNet.Sdk.IncludePreviewVersions) + - template: templates/integration-tests.yml + inputs: + azureServiceConnection: '${{ parameters.azureServiceConnection }}' - stage: Release displayName: 'Release to NuGet.org' @@ -124,9 +91,9 @@ stages: parameters: repositoryName: '$(Repository)' releaseNotes: | - Install the $(Project) packages that you need via NuGet, for instance [$(Project).Logging](https://www.nuget.org/packages/$(Project).Logging/$(Build.BuildNumber)): + Install the $(Project) packages that you need via NuGet, for instance [$(Project).Logging](https://www.nuget.org/packages/$(Project).Logging.Xunit/$(Build.BuildNumber)): ```shell - PM > Install-Package $(Project).Logging --Version $(Build.BuildNumber) + PM > Install-Package $(Project).Logging.Xunit --Version $(Build.BuildNumber) ``` For a complete list of all $(Project) packages see the [documentation](https://github.com/arcus-azure/arcus.testing/blob/master/docs/index.md). ## What's new? diff --git a/build/templates/integration-tests.yml b/build/templates/integration-tests.yml new file mode 100644 index 00000000..da04915f --- /dev/null +++ b/build/templates/integration-tests.yml @@ -0,0 +1,44 @@ +parameters: + azureServiceConnection: '' + +jobs: + - job: IntegrationTests + displayName: 'Run integration tests' + pool: + vmImage: '$(Vm.Image)' + steps: + - task: DownloadPipelineArtifact@2 + displayName: 'Download build artifacts' + inputs: + artifact: 'Build' + path: '$(Build.SourcesDirectory)' + + - task: UseDotNet@2 + displayName: 'Import .NET SDK ($(DotNet.Sdk.VersionBC))' + inputs: + packageType: 'sdk' + version: '$(DotNet.Sdk.VersionBC)' + + - task: AzureCLI@2 + displayName: 'Import secrets from Azure Key Vault' + env: + ARCUS_KEYVAULT_NAME: $(Arcus.Testing.KeyVault.Name) + inputs: + azureSubscription: '${{ parameters.azureServiceConnection }}' + scriptType: 'pscore' + scriptLocation: 'inlineScript' + addSpnToEnvironment: true + inlineScript: | + Set-PSRepository -Name PSGallery -InstallationPolicy Trusted + Install-Module -Name Arcus.Scripting.DevOps -AllowClobber + + # TODO: get Key Vault secret and set it as secret pipeline variable. + Set-AzDevOpsVariable -Name 'Arcus.Testing.TenantId' -Value $env:tenantId + Set-AzDevOpsVariable -Name 'Arcus.Testing.ServicePrincipal.ClientId' -Value $env:servicePrincipalId + Set-AzDevOpsVariable -Name 'Arcus.Testing.ServicePrincipal.ClientSecret' -Value $env:servicePrincipalKey + + - template: test/run-integration-tests.yml@templates + parameters: + dotnetSdkVersion: '$(DotNet.Sdk.Version)' + projectName: '$(Project).Tests.Integration' + includePreviewVersions: $(DotNet.Sdk.IncludePreviewVersions) \ No newline at end of file diff --git a/build/templates/test-resources.bicep b/build/templates/test-resources.bicep index f34e603a..227b45fe 100644 --- a/build/templates/test-resources.bicep +++ b/build/templates/test-resources.bicep @@ -7,6 +7,12 @@ param resourceGroupName string // Define the name of the storage account that will be created. param storageAccountName string +// Define the name of the key vault where the necessary secrets will be stored to access the deployed test resources. +param keyVaultName string + +// Define the Service Principal ID that needs access full access to the deployed resource group. +param servicePrincipal_objectId string + targetScope = 'subscription' module resourceGroup 'br/public:avm/res/resources/resource-group:0.2.3' = { @@ -28,5 +34,35 @@ module storageAccount 'br/public:avm/res/storage/storage-account:0.9.1' = { name: storageAccountName location: location allowBlobPublicAccess: true + roleAssignments: [ + { + principalId: servicePrincipal_objectId + roleDefinitionIdOrName: 'Storage Blob Data Contributor' + } + { + principalId: servicePrincipal_objectId + roleDefinitionIdOrName: 'Storage Table Data Contributor' + } + ] + } +} + +module vault 'br/public:avm/res/key-vault/vault:0.6.1' = { + name: 'vaultDeployment' + dependsOn: [ + resourceGroup + ] + scope: rg + params: { + name: keyVaultName + location: location + roleAssignments: [ + { + principalId: servicePrincipal_objectId + roleDefinitionIdOrName: 'Key Vault Secrets officer' + } + ] + secrets: [ + ] } } diff --git a/build/templates/unit-tests.yml b/build/templates/unit-tests.yml new file mode 100644 index 00000000..c2bec201 --- /dev/null +++ b/build/templates/unit-tests.yml @@ -0,0 +1,23 @@ +jobs: + - job: UnitTests + displayName: 'Run unit tests' + pool: + vmImage: '$(Vm.Image)' + steps: + - task: DownloadPipelineArtifact@2 + displayName: 'Download build artifacts' + inputs: + artifact: 'Build' + path: '$(Build.SourcesDirectory)' + + - task: UseDotNet@2 + displayName: 'Import .NET SDK ($(DotNet.Sdk.VersionBC))' + inputs: + packageType: 'sdk' + version: '$(DotNet.Sdk.VersionBC)' + + - template: test/run-unit-tests.yml@templates + parameters: + dotnetSdkVersion: '$(DotNet.Sdk.Version)' + projectName: '$(Project).Tests.Unit' + includePreviewVersions: $(DotNet.Sdk.IncludePreviewVersions) \ No newline at end of file diff --git a/build/variables/test.yml b/build/variables/test.yml index a092a471..365f922f 100644 --- a/build/variables/test.yml +++ b/build/variables/test.yml @@ -1,2 +1,3 @@ variables: - Arcus.Testing.StorageAccount.Name: 'arcustestingstorage' \ No newline at end of file + Arcus.Testing.StorageAccount.Name: 'arcustestingstorage' + Arcus.Testing.KeyVault.Name: 'arcus-testing-kv' \ No newline at end of file From 29ed07e2691070809506efe2a97c14627462f4a9 Mon Sep 17 00:00:00 2001 From: stijnmoreels <9039753+stijnmoreels@users.noreply.github.com> Date: Fri, 12 Jul 2024 07:03:33 +0200 Subject: [PATCH 06/17] pr-fix: correct param in yaml deploy pipeline --- build/deploy-test-resources.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/build/deploy-test-resources.yml b/build/deploy-test-resources.yml index 6bc97e0b..094942c7 100644 --- a/build/deploy-test-resources.yml +++ b/build/deploy-test-resources.yml @@ -40,9 +40,12 @@ stages: scriptType: 'pscore' scriptLocation: 'inlineScript' inlineScript: | + $objectId = (az ad sp show --id $env:servicePrincipalId | ConvertFrom-Json).id $deployOutput = az deployment sub create ` --location westeurope ` --template-file ./build/templates/test-resources.bicep ` --parameters location=westeurope ` --parameters resourceGroupName=${{ parameters.resourceGroupName }} ` - --parameters storageAccountName=${{ variables['Arcus.Testing.StorageAccount.Name'] }} \ No newline at end of file + --parameters storageAccountName=${{ variables['Arcus.Testing.StorageAccount.Name'] }} ` + --parameters keyVaultName=${{ variables['Arcus.Testing.KeyVault.Name'] }} ` + --parameters servicePrincipal_objectId=$objectId ` \ No newline at end of file From ffd749770ddf71fc19a1b590584bd125fdf41077 Mon Sep 17 00:00:00 2001 From: stijnmoreels <9039753+stijnmoreels@users.noreply.github.com> Date: Fri, 12 Jul 2024 07:05:50 +0200 Subject: [PATCH 07/17] pr-fix: remove invalid end backtick in parameters --- build/deploy-test-resources.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/deploy-test-resources.yml b/build/deploy-test-resources.yml index 094942c7..86ee631c 100644 --- a/build/deploy-test-resources.yml +++ b/build/deploy-test-resources.yml @@ -48,4 +48,4 @@ stages: --parameters resourceGroupName=${{ parameters.resourceGroupName }} ` --parameters storageAccountName=${{ variables['Arcus.Testing.StorageAccount.Name'] }} ` --parameters keyVaultName=${{ variables['Arcus.Testing.KeyVault.Name'] }} ` - --parameters servicePrincipal_objectId=$objectId ` \ No newline at end of file + --parameters servicePrincipal_objectId=$objectId \ No newline at end of file From 02e05a7acc7b85baab24b9124e7257bdbb410c45 Mon Sep 17 00:00:00 2001 From: Stijn Moreels <9039753+stijnmoreels@users.noreply.github.com> Date: Fri, 12 Jul 2024 09:06:04 +0200 Subject: [PATCH 08/17] pr-fix: allow public access --- build/templates/test-resources.bicep | 1 + 1 file changed, 1 insertion(+) diff --git a/build/templates/test-resources.bicep b/build/templates/test-resources.bicep index 227b45fe..54067fbd 100644 --- a/build/templates/test-resources.bicep +++ b/build/templates/test-resources.bicep @@ -34,6 +34,7 @@ module storageAccount 'br/public:avm/res/storage/storage-account:0.9.1' = { name: storageAccountName location: location allowBlobPublicAccess: true + publicNetworkAccess: 'Enabled' roleAssignments: [ { principalId: servicePrincipal_objectId From 4deea50364173a08f029d8116f8d703195ffeb6a Mon Sep 17 00:00:00 2001 From: Stijn Moreels <9039753+stijnmoreels@users.noreply.github.com> Date: Fri, 12 Jul 2024 09:07:34 +0200 Subject: [PATCH 09/17] Update nuget-release.yml --- build/nuget-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/nuget-release.yml b/build/nuget-release.yml index 67081d93..e92f0ecd 100644 --- a/build/nuget-release.yml +++ b/build/nuget-release.yml @@ -67,7 +67,7 @@ stages: condition: succeeded() jobs: - template: templates/integration-tests.yml - inputs: + parameters: azureServiceConnection: '${{ parameters.azureServiceConnection }}' - stage: Release From 91f4ee14c1bd470faaa504ad79c42950f701b946 Mon Sep 17 00:00:00 2001 From: Stijn Moreels <9039753+stijnmoreels@users.noreply.github.com> Date: Fri, 12 Jul 2024 09:07:48 +0200 Subject: [PATCH 10/17] Update ci-build.yml --- build/ci-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/ci-build.yml b/build/ci-build.yml index 32ad91a4..4b2b2b67 100644 --- a/build/ci-build.yml +++ b/build/ci-build.yml @@ -79,7 +79,7 @@ stages: condition: succeeded() jobs: - template: templates/integration-tests.yml - inputs: + parameters: azureServiceConnection: '${{ parameters.azureServiceConnection }}' - stage: ReleaseToMyget From 67c42760de63b452b97f71811105398f1755118e Mon Sep 17 00:00:00 2001 From: stijnmoreels <9039753+stijnmoreels@users.noreply.github.com> Date: Fri, 12 Jul 2024 09:26:11 +0200 Subject: [PATCH 11/17] pr-fix: add smoke tests --- build/deploy-test-resources.yml | 25 ++++++++++++++++++++++--- build/templates/smoke-tests.ps1 | 11 +++++++++++ 2 files changed, 33 insertions(+), 3 deletions(-) create mode 100644 build/templates/smoke-tests.ps1 diff --git a/build/deploy-test-resources.yml b/build/deploy-test-resources.yml index 86ee631c..7503e770 100644 --- a/build/deploy-test-resources.yml +++ b/build/deploy-test-resources.yml @@ -32,8 +32,6 @@ stages: vmImage: $(Vm.Image) steps: - task: AzureCLI@2 - env: - SYSTEM_ACCESSTOKEN: $(System.AccessToken) inputs: azureSubscription: '${{ parameters.azureServiceConnection }}' addSpnToEnvironment: true @@ -48,4 +46,25 @@ stages: --parameters resourceGroupName=${{ parameters.resourceGroupName }} ` --parameters storageAccountName=${{ variables['Arcus.Testing.StorageAccount.Name'] }} ` --parameters keyVaultName=${{ variables['Arcus.Testing.KeyVault.Name'] }} ` - --parameters servicePrincipal_objectId=$objectId \ No newline at end of file + --parameters servicePrincipal_objectId=$objectId + + - stage: SmokeTests + dependsOn: Deploy + condition: succeeded() + jobs: + - job: RunSmokeTests + displayName: 'Run smoke tests' + pool: + vmImage: $(Vm.Image) + steps: + - task: AzureCLI@2 + env: + resourceGroupName: ${{ parameters.resourceGroupName }} + inputs: + azureSubscription: '${{ parameters.azureServiceConnection }}' + addSpnToEnvironment: true + scriptType: 'pscore' + scriptLocation: 'inlineScript' + inlineScript: | + Install-Module -Name Pester -Force -SkipPublisherCheck -MaximumVersion 5.1.1 + Invoke-Pester -Script "./build/templates/smoke-tests.ps1" -OutputFile "./pester.test.results.xml" -OutputFormat 'NUnitXML' -EnableExit \ No newline at end of file diff --git a/build/templates/smoke-tests.ps1 b/build/templates/smoke-tests.ps1 new file mode 100644 index 00000000..429bb92e --- /dev/null +++ b/build/templates/smoke-tests.ps1 @@ -0,0 +1,11 @@ +BeforeAll { + $clientSecret = ConvertTo-SecureString $env:servicePrincipalKey -AsPlainText -Force + $pscredential = New-Object -TypeName System.Management.Automation.PSCredential($env:servicePrincipalId, $clientSecret) + Connect-AzAccount -ServicePrincipal -Tenant $env:tenantId -Credential +} + +Describe 'Storage account' { + It 'Service principal has access to storage account' { + Get-AzStorageContainer -ResourceGroupName $env:resourceGroupName + } +} \ No newline at end of file From 82e59f1b660dbda5a2c91aa002a18c963e59462c Mon Sep 17 00:00:00 2001 From: stijnmoreels <9039753+stijnmoreels@users.noreply.github.com> Date: Fri, 12 Jul 2024 09:32:49 +0200 Subject: [PATCH 12/17] pr-fix: correct az module loading --- build/deploy-test-resources.yml | 3 ++- build/templates/smoke-tests.ps1 | 10 +++++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/build/deploy-test-resources.yml b/build/deploy-test-resources.yml index 7503e770..96e6d505 100644 --- a/build/deploy-test-resources.yml +++ b/build/deploy-test-resources.yml @@ -66,5 +66,6 @@ stages: scriptType: 'pscore' scriptLocation: 'inlineScript' inlineScript: | - Install-Module -Name Pester -Force -SkipPublisherCheck -MaximumVersion 5.1.1 + Install-Module -Name Az -Force -AllowClobber -SkipPublisherCheck + Install-Module -Name Pester -Force -SkipPublisherCheck Invoke-Pester -Script "./build/templates/smoke-tests.ps1" -OutputFile "./pester.test.results.xml" -OutputFormat 'NUnitXML' -EnableExit \ No newline at end of file diff --git a/build/templates/smoke-tests.ps1 b/build/templates/smoke-tests.ps1 index 429bb92e..6ffe77ff 100644 --- a/build/templates/smoke-tests.ps1 +++ b/build/templates/smoke-tests.ps1 @@ -5,7 +5,15 @@ BeforeAll { } Describe 'Storage account' { - It 'Service principal has access to storage account' { + It 'Service principal can get blob container' { Get-AzStorageContainer -ResourceGroupName $env:resourceGroupName } + It 'Service principal can create blob container' { + $containerName = 'test-container' + try { + New-AzStorageContainer -ResourceGroupName $env:resourceGroupName -Name $containerName + } finally { + Remove-AzStorageContainer -ResourceGroupName $env:resourceGroupName -Name $containerName -Force + } + } } \ No newline at end of file From 847139ef29ecc58aa7757039bb850b6a158fcc61 Mon Sep 17 00:00:00 2001 From: stijnmoreels <9039753+stijnmoreels@users.noreply.github.com> Date: Fri, 12 Jul 2024 09:37:18 +0200 Subject: [PATCH 13/17] pr-fix: add ps credential argument --- build/templates/smoke-tests.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/templates/smoke-tests.ps1 b/build/templates/smoke-tests.ps1 index 6ffe77ff..40b96593 100644 --- a/build/templates/smoke-tests.ps1 +++ b/build/templates/smoke-tests.ps1 @@ -1,7 +1,7 @@ BeforeAll { $clientSecret = ConvertTo-SecureString $env:servicePrincipalKey -AsPlainText -Force $pscredential = New-Object -TypeName System.Management.Automation.PSCredential($env:servicePrincipalId, $clientSecret) - Connect-AzAccount -ServicePrincipal -Tenant $env:tenantId -Credential + Connect-AzAccount -ServicePrincipal -Tenant $env:tenantId -Credential $pscredential } Describe 'Storage account' { From 405bc48e5597f6e1a2f760a8bee04801d198a277 Mon Sep 17 00:00:00 2001 From: stijnmoreels <9039753+stijnmoreels@users.noreply.github.com> Date: Fri, 12 Jul 2024 09:43:03 +0200 Subject: [PATCH 14/17] pr-fix: remove resource group param --- build/deploy-test-resources.yml | 8 +++++++- build/templates/smoke-tests.ps1 | 6 +++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/build/deploy-test-resources.yml b/build/deploy-test-resources.yml index 96e6d505..6bb5ffa9 100644 --- a/build/deploy-test-resources.yml +++ b/build/deploy-test-resources.yml @@ -68,4 +68,10 @@ stages: inlineScript: | Install-Module -Name Az -Force -AllowClobber -SkipPublisherCheck Install-Module -Name Pester -Force -SkipPublisherCheck - Invoke-Pester -Script "./build/templates/smoke-tests.ps1" -OutputFile "./pester.test.results.xml" -OutputFormat 'NUnitXML' -EnableExit \ No newline at end of file + Invoke-Pester -Script "./build/templates/smoke-tests.ps1" -OutputFile "./pester.test.results.xml" -OutputFormat 'NUnitXML' -EnableExit + - task: PublishTestResults@2 + displayName: 'Publish test results' + inputs: + testResultsFormat: 'NUnit' + testResultsFiles: '**/pester.test.results.xml' + failTaskOnFailedTests: true \ No newline at end of file diff --git a/build/templates/smoke-tests.ps1 b/build/templates/smoke-tests.ps1 index 40b96593..000c6443 100644 --- a/build/templates/smoke-tests.ps1 +++ b/build/templates/smoke-tests.ps1 @@ -6,14 +6,14 @@ BeforeAll { Describe 'Storage account' { It 'Service principal can get blob container' { - Get-AzStorageContainer -ResourceGroupName $env:resourceGroupName + Get-AzStorageContainer } It 'Service principal can create blob container' { $containerName = 'test-container' try { - New-AzStorageContainer -ResourceGroupName $env:resourceGroupName -Name $containerName + New-AzStorageContainer -Name $containerName } finally { - Remove-AzStorageContainer -ResourceGroupName $env:resourceGroupName -Name $containerName -Force + Remove-AzStorageContainer -Name $containerName -Force } } } \ No newline at end of file From e20c9cd02d0eb88f33b8be2da2cfac4d5341d0d2 Mon Sep 17 00:00:00 2001 From: stijnmoreels <9039753+stijnmoreels@users.noreply.github.com> Date: Fri, 12 Jul 2024 09:50:58 +0200 Subject: [PATCH 15/17] pr-fix: pass the storage context --- build/deploy-test-resources.yml | 1 + build/templates/smoke-tests.ps1 | 9 ++++++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/build/deploy-test-resources.yml b/build/deploy-test-resources.yml index 6bb5ffa9..61803bf3 100644 --- a/build/deploy-test-resources.yml +++ b/build/deploy-test-resources.yml @@ -60,6 +60,7 @@ stages: - task: AzureCLI@2 env: resourceGroupName: ${{ parameters.resourceGroupName }} + storageAccountName: $(Arcus.Testing.StorageAccount.Name) inputs: azureSubscription: '${{ parameters.azureServiceConnection }}' addSpnToEnvironment: true diff --git a/build/templates/smoke-tests.ps1 b/build/templates/smoke-tests.ps1 index 000c6443..435b6750 100644 --- a/build/templates/smoke-tests.ps1 +++ b/build/templates/smoke-tests.ps1 @@ -5,15 +5,18 @@ BeforeAll { } Describe 'Storage account' { + BeforeEach { + $storageContext = New-AzStorageContext -StorageAccountName $env:storageAccountName -UseConnectedAccount + } It 'Service principal can get blob container' { - Get-AzStorageContainer + Get-AzStorageContainer -Context $storageContext } It 'Service principal can create blob container' { $containerName = 'test-container' try { - New-AzStorageContainer -Name $containerName + New-AzStorageContainer -Name $containerName -Context $storageContext } finally { - Remove-AzStorageContainer -Name $containerName -Force + Remove-AzStorageContainer -Name $containerName -Context $storageContext -Force } } } \ No newline at end of file From 74ecc90953069dd822c62995cd5d88ad218348f4 Mon Sep 17 00:00:00 2001 From: stijnmoreels <9039753+stijnmoreels@users.noreply.github.com> Date: Fri, 12 Jul 2024 10:08:44 +0200 Subject: [PATCH 16/17] pr-fix: add network acl --- build/templates/smoke-tests.ps1 | 10 ++++------ build/templates/test-resources.bicep | 6 ++++++ 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/build/templates/smoke-tests.ps1 b/build/templates/smoke-tests.ps1 index 435b6750..369c4dc9 100644 --- a/build/templates/smoke-tests.ps1 +++ b/build/templates/smoke-tests.ps1 @@ -1,11 +1,9 @@ -BeforeAll { - $clientSecret = ConvertTo-SecureString $env:servicePrincipalKey -AsPlainText -Force - $pscredential = New-Object -TypeName System.Management.Automation.PSCredential($env:servicePrincipalId, $clientSecret) - Connect-AzAccount -ServicePrincipal -Tenant $env:tenantId -Credential $pscredential -} - Describe 'Storage account' { BeforeEach { + $clientSecret = ConvertTo-SecureString $env:servicePrincipalKey -AsPlainText -Force + $pscredential = New-Object -TypeName System.Management.Automation.PSCredential($env:servicePrincipalId, $clientSecret) + Connect-AzAccount -ServicePrincipal -Tenant $env:tenantId -Credential $pscredential + $storageContext = New-AzStorageContext -StorageAccountName $env:storageAccountName -UseConnectedAccount } It 'Service principal can get blob container' { diff --git a/build/templates/test-resources.bicep b/build/templates/test-resources.bicep index 54067fbd..83def3a3 100644 --- a/build/templates/test-resources.bicep +++ b/build/templates/test-resources.bicep @@ -35,6 +35,12 @@ module storageAccount 'br/public:avm/res/storage/storage-account:0.9.1' = { location: location allowBlobPublicAccess: true publicNetworkAccess: 'Enabled' + networkAcls: { + bypass: 'AzureServices' + defaultAction: 'Allow' + ipRules: [] + virtualNetworkRules: [] + } roleAssignments: [ { principalId: servicePrincipal_objectId From 8c0cc2f67c0da781a7fd7a0fdd57fbfedf106d40 Mon Sep 17 00:00:00 2001 From: stijnmoreels <9039753+stijnmoreels@users.noreply.github.com> Date: Fri, 12 Jul 2024 10:15:42 +0200 Subject: [PATCH 17/17] pr-fix: place before-all before all --- build/templates/smoke-tests.ps1 | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/build/templates/smoke-tests.ps1 b/build/templates/smoke-tests.ps1 index 369c4dc9..435b6750 100644 --- a/build/templates/smoke-tests.ps1 +++ b/build/templates/smoke-tests.ps1 @@ -1,9 +1,11 @@ +BeforeAll { + $clientSecret = ConvertTo-SecureString $env:servicePrincipalKey -AsPlainText -Force + $pscredential = New-Object -TypeName System.Management.Automation.PSCredential($env:servicePrincipalId, $clientSecret) + Connect-AzAccount -ServicePrincipal -Tenant $env:tenantId -Credential $pscredential +} + Describe 'Storage account' { BeforeEach { - $clientSecret = ConvertTo-SecureString $env:servicePrincipalKey -AsPlainText -Force - $pscredential = New-Object -TypeName System.Management.Automation.PSCredential($env:servicePrincipalId, $clientSecret) - Connect-AzAccount -ServicePrincipal -Tenant $env:tenantId -Credential $pscredential - $storageContext = New-AzStorageContext -StorageAccountName $env:storageAccountName -UseConnectedAccount } It 'Service principal can get blob container' {