From f62721bfc704a691dc73cf28f70ece7a9e6a84ad Mon Sep 17 00:00:00 2001 From: "David R. Williamson" Date: Fri, 7 Jan 2022 15:24:44 -0800 Subject: [PATCH 1/2] Move more LA steps under conditional --- .../E2ETestsSetup/e2eTestsSetup.ps1 | 38 +++++++++---------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/e2e/test/prerequisites/E2ETestsSetup/e2eTestsSetup.ps1 b/e2e/test/prerequisites/E2ETestsSetup/e2eTestsSetup.ps1 index 9c55fae637..b5409fe17b 100644 --- a/e2e/test/prerequisites/E2ETestsSetup/e2eTestsSetup.ps1 +++ b/e2e/test/prerequisites/E2ETestsSetup/e2eTestsSetup.ps1 @@ -479,8 +479,8 @@ az role assignment create --assignee $systemIdentityPrincipal --role "Storage Bl # Uploading root CA certificate to IoT hub and verifying ################################################################################################################################## -$certExits = az iot hub certificate list -g $ResourceGroup --hub-name $iotHubName --query "value[?name=='$hubUploadCertificateName']" --output tsv -if ($certExits) +$certExists = az iot hub certificate list -g $ResourceGroup --hub-name $iotHubName --query "value[?name=='$hubUploadCertificateName']" --output tsv +if ($certExists) { Write-Host "`nDeleting existing certificate from IoT hub." $etag = az iot hub certificate show -g $ResourceGroup --hub-name $iotHubName --name $hubUploadCertificateName --query 'etag' @@ -593,8 +593,8 @@ $symmetricKeySampleEnrollmentPrimaryKey = az iot dps enrollment show -g $Resourc ################################################################################################################################## $dpsIdScope = az iot dps show -g $ResourceGroup --name $dpsName --query 'properties.idScope' --output tsv -$certExits = az iot dps certificate list -g $ResourceGroup --dps-name $dpsName --query "value[?name=='$uploadCertificateName']" --output tsv -if ($certExits) +$certExists = az iot dps certificate list -g $ResourceGroup --dps-name $dpsName --query "value[?name=='$uploadCertificateName']" --output tsv +if ($certExists) { Write-Host "`nDeleting existing certificate from DPS." $etag = az iot dps certificate show -g $ResourceGroup --dps-name $dpsName --certificate-name $uploadCertificateName --query 'etag' @@ -653,24 +653,24 @@ az iot dps enrollment create ` if ($EnableIotHubSecuritySolution) { - Write-Host "`nCreating a self-signed certificate and placing it in $ResourceGroup." + Write-Host "`nCreating a self-signed certificate lor LA and placing it in $ResourceGroup." az ad app credential reset --id $logAnalyticsAppId --create-cert --keyvault $keyVaultName --cert $ResourceGroup --output none Write-Host "`nSuccessfully created a self signed certificate for your application $logAnalyticsAppRegnName in $keyVaultName key vault with cert name $ResourceGroup." -} -Write-Host "`nFetching the certificate binary." -$selfSignedCerts = "$PSScriptRoot\selfSignedCerts" -if (Test-Path $selfSignedCerts -PathType Leaf) -{ - Remove-Item -r $selfSignedCerts -} + Write-Host "`nFetching the certificate binary for LA." + $selfSignedCerts = "$PSScriptRoot\selfSignedCerts" + if (Test-Path $selfSignedCerts -PathType Leaf) + { + Remove-Item -r $selfSignedCerts + } -az keyvault secret download --file $selfSignedCerts --vault-name $keyVaultName -n $ResourceGroup --encoding base64 -$fileContent = Get-Content $selfSignedCerts -AsByteStream -$fileContentB64String = [System.Convert]::ToBase64String($fileContent); + az keyvault secret download --file $selfSignedCerts --vault-name $keyVaultName -n $ResourceGroup --encoding base64 + $fileContent = Get-Content $selfSignedCerts -AsByteStream + $fileContentB64String = [System.Convert]::ToBase64String($fileContent); -Write-Host "`nSuccessfully fetched the certificate bytes. Removing the cert file from the disk." -Remove-Item -r $selfSignedCerts + Write-Host "`nSuccessfully fetched the certificate bytes for LA. Removing the cert file from the disk." + Remove-Item -r $selfSignedCerts +} ################################################################################################################################### # Store all secrets in a KeyVault - Values will be pulled down from here to configure environment variables @@ -698,10 +698,8 @@ $keyvaultKvps = @{ "DPS-GROUPX509-CERTIFICATE-CHAIN" = $dpsGroupX509CertificateChain; "STORAGE-ACCOUNT-CONNECTION-STRING" = $storageAccountConnectionString; "MSFT-TENANT-ID" = "72f988bf-86f1-41af-91ab-2d7cd011db47"; - "LA-AAD-APP-ID" = $logAnalyticsAppId; "IOTHUB-CLIENT-ID" = $iotHubAadTestAppId; "IOTHUB-CLIENT-SECRET" = $iotHubAadTestAppPassword; - "LA-AAD-APP-CERT-BASE64" = $fileContentB64String; "DPS-GLOBALDEVICEENDPOINT-INVALIDCERT" = "invalidcertgde1.westus.cloudapp.azure.com"; "PIPELINE-ENVIRONMENT" = "prod"; "HUB-CHAIN-DEVICE-PFX-CERTIFICATE" = $iothubX509ChainDevicePfxCertificate; @@ -741,6 +739,8 @@ $keyvaultKvps = @{ if ($EnableIotHubSecuritySolution) { $keyvaultKvps.Add("LA-WORKSPACE-ID", $workspaceId) + $keyvaultKvps.Add("LA-AAD-APP-CERT-BASE64", $fileContentB64String) + $keyvaultKvps.Add("LA-AAD-APP-ID", $logAnalyticsAppId) } Write-Host "`nWriting secrets to KeyVault $keyVaultName." From b30653f22f3899517007268c852dd354f0ee399b Mon Sep 17 00:00:00 2001 From: "David R. Williamson" Date: Mon, 10 Jan 2022 10:20:50 -0800 Subject: [PATCH 2/2] Update e2e/test/prerequisites/E2ETestsSetup/e2eTestsSetup.ps1 Co-authored-by: Azad Abbasi --- e2e/test/prerequisites/E2ETestsSetup/e2eTestsSetup.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e2e/test/prerequisites/E2ETestsSetup/e2eTestsSetup.ps1 b/e2e/test/prerequisites/E2ETestsSetup/e2eTestsSetup.ps1 index b5409fe17b..3da24c2d80 100644 --- a/e2e/test/prerequisites/E2ETestsSetup/e2eTestsSetup.ps1 +++ b/e2e/test/prerequisites/E2ETestsSetup/e2eTestsSetup.ps1 @@ -653,7 +653,7 @@ az iot dps enrollment create ` if ($EnableIotHubSecuritySolution) { - Write-Host "`nCreating a self-signed certificate lor LA and placing it in $ResourceGroup." + Write-Host "`nCreating a self-signed certificate for LA and placing it in $ResourceGroup." az ad app credential reset --id $logAnalyticsAppId --create-cert --keyvault $keyVaultName --cert $ResourceGroup --output none Write-Host "`nSuccessfully created a self signed certificate for your application $logAnalyticsAppRegnName in $keyVaultName key vault with cert name $ResourceGroup."