Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

remove secret and use cert for aad app in e2e pipeline #3116

Merged
merged 3 commits into from
May 7, 2024
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions tests_e2e/pipeline/pipeline-cleanup.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,9 +18,9 @@ parameters:
- name: service_connections
type: object
default:
- azuremanagement
- azuremanagement.china
- azuremanagement.government
- waagenttests.public
- waagenttests.china
- waagenttests.gov

pool:
name: waagent-pool
Expand Down
25 changes: 18 additions & 7 deletions tests_e2e/pipeline/pipeline.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# variables:
#
# NOTE: When creating the pipeline, "connection_info" must be added as a variable pointing to the
# corresponding key vault; see wiki for details.
# cloud specific service connection; see wiki for details.
#

parameters:
Expand Down Expand Up @@ -78,16 +78,17 @@ jobs:
architecture: 'x64'

# Extract the Azure cloud from the "connection_info" variable. Its value includes one of
# 'public', 'china', or 'government' as a suffix (the suffix comes after the last '-').
# 'public', 'china', or 'gov' as a suffix (the suffix comes after the '.').
- bash: |
case $(echo $CONNECTION_INFO | sed 's/^.*-//') in
case $(echo $CONNECTION_INFO | sed 's/.*\.//') in
public)
echo "##vso[task.setvariable variable=cloud]AzureCloud"
;;
china)
echo "##vso[task.setvariable variable=cloud]AzureChinaCloud"

;;
government)
gov)
echo "##vso[task.setvariable variable=cloud]AzureUSGovernment"
;;
*)
Expand All @@ -106,17 +107,27 @@ jobs:
- task: AzureKeyVault@2
displayName: "Fetch connection info"
inputs:
azureSubscription: 'azuremanagement'
KeyVaultName: '$(connection_info)'
azureSubscription: $(connection_info)
maddieford marked this conversation as resolved.
Show resolved Hide resolved
KeyVaultName: 'waagenttests'
SecretsFilter: '*'

- task: AzureCLI@2
narrieta marked this conversation as resolved.
Show resolved Hide resolved
displayName: "Save connection certificate"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"Download connection certificate"?

inputs:
azureSubscription: $(connection_info)
scriptType: bash
scriptLocation: inlineScript
inlineScript: |
# This temporary directory removed after the pipeline execution
mkdir -p $(Agent.TempDirectory)/app
az keyvault secret download --file $(Agent.TempDirectory)/app/cert.pem --vault-name waagenttests --name AZURE-CLIENT-CERTIFICATE

- bash: $(Build.SourcesDirectory)/tests_e2e/pipeline/scripts/execute_tests.sh
displayName: "Execute tests"
continueOnError: true
env:
SUBSCRIPTION_ID: $(SUBSCRIPTION-ID)
AZURE_CLIENT_ID: $(AZURE-CLIENT-ID)
AZURE_CLIENT_SECRET: $(AZURE-CLIENT-SECRET)
AZURE_TENANT_ID: $(AZURE-TENANT-ID)
CR_USER: $(CR-USER)
CR_SECRET: $(CR-SECRET)
Expand Down
6 changes: 5 additions & 1 deletion tests_e2e/pipeline/scripts/execute_tests.sh
Original file line number Diff line number Diff line change
Expand Up @@ -72,13 +72,17 @@ fi
#
IP_ADDRESS=$(curl -4 ifconfig.io/ip)

# certificate location in the container
AZURE_CLIENT_CERTIFICATE_PATH="/home/waagent/app/cert.pem"
narrieta marked this conversation as resolved.
Show resolved Hide resolved

docker run --rm \
--volume "$BUILD_SOURCESDIRECTORY:/home/waagent/WALinuxAgent" \
--volume "$AGENT_TEMPDIRECTORY"/ssh:/home/waagent/.ssh \
--volume "$AGENT_TEMPDIRECTORY"/app:/home/waagent/app \
--volume "$LOGS_DIRECTORY":/home/waagent/logs \
--env AZURE_CLIENT_ID \
--env AZURE_CLIENT_SECRET \
--env AZURE_TENANT_ID \
--env AZURE_CLIENT_CERTIFICATE_PATH=$AZURE_CLIENT_CERTIFICATE_PATH \
waagenttests.azurecr.io/waagenttests \
bash --login -c \
"lisa \
Expand Down
Loading