From 6e5cde0144e573ac0cb1448b6dbf78cf608fd625 Mon Sep 17 00:00:00 2001 From: Nageswara Nandigam <84482346+nagworld9@users.noreply.github.com> Date: Tue, 7 May 2024 14:31:08 -0700 Subject: [PATCH] remove secret and use cert for aad app in e2e pipeline (#3116) * remove secret and use cert * address comment --- tests_e2e/pipeline/pipeline-cleanup.yml | 6 ++--- tests_e2e/pipeline/pipeline.yml | 25 +++++++++++++++------ tests_e2e/pipeline/scripts/execute_tests.sh | 6 ++++- 3 files changed, 26 insertions(+), 11 deletions(-) diff --git a/tests_e2e/pipeline/pipeline-cleanup.yml b/tests_e2e/pipeline/pipeline-cleanup.yml index d8d894612f..c673f0378d 100644 --- a/tests_e2e/pipeline/pipeline-cleanup.yml +++ b/tests_e2e/pipeline/pipeline-cleanup.yml @@ -18,9 +18,9 @@ parameters: - name: service_connections type: object default: - - azuremanagement - - azuremanagement.china - - azuremanagement.government + - waagenttests.public + - waagenttests.china + - waagenttests.gov pool: name: waagent-pool diff --git a/tests_e2e/pipeline/pipeline.yml b/tests_e2e/pipeline/pipeline.yml index 8a7971456d..bccee67124 100644 --- a/tests_e2e/pipeline/pipeline.yml +++ b/tests_e2e/pipeline/pipeline.yml @@ -1,7 +1,7 @@ # variables: # # NOTE: When creating the pipeline, "connection_info" must be added as a variable pointing to the - # corresponding key vault; see wiki for details. + # cloud specific service connection; see wiki for details. # parameters: @@ -78,16 +78,17 @@ jobs: architecture: 'x64' # Extract the Azure cloud from the "connection_info" variable. Its value includes one of - # 'public', 'china', or 'government' as a suffix (the suffix comes after the last '-'). + # 'public', 'china', or 'gov' as a suffix (the suffix comes after the '.'). - bash: | - case $(echo $CONNECTION_INFO | sed 's/^.*-//') in + case $(echo $CONNECTION_INFO | sed 's/.*\.//') in public) echo "##vso[task.setvariable variable=cloud]AzureCloud" ;; china) echo "##vso[task.setvariable variable=cloud]AzureChinaCloud" + ;; - government) + gov) echo "##vso[task.setvariable variable=cloud]AzureUSGovernment" ;; *) @@ -106,17 +107,27 @@ jobs: - task: AzureKeyVault@2 displayName: "Fetch connection info" inputs: - azureSubscription: 'azuremanagement' - KeyVaultName: '$(connection_info)' + azureSubscription: $(connection_info) + KeyVaultName: 'waagenttests' SecretsFilter: '*' + - task: AzureCLI@2 + displayName: "Download connection certificate" + inputs: + azureSubscription: $(connection_info) + scriptType: bash + scriptLocation: inlineScript + inlineScript: | + # This temporary directory removed after the pipeline execution + mkdir -p $(Agent.TempDirectory)/app + az keyvault secret download --file $(Agent.TempDirectory)/app/cert.pem --vault-name waagenttests --name AZURE-CLIENT-CERTIFICATE + - bash: $(Build.SourcesDirectory)/tests_e2e/pipeline/scripts/execute_tests.sh displayName: "Execute tests" continueOnError: true env: SUBSCRIPTION_ID: $(SUBSCRIPTION-ID) AZURE_CLIENT_ID: $(AZURE-CLIENT-ID) - AZURE_CLIENT_SECRET: $(AZURE-CLIENT-SECRET) AZURE_TENANT_ID: $(AZURE-TENANT-ID) CR_USER: $(CR-USER) CR_SECRET: $(CR-SECRET) diff --git a/tests_e2e/pipeline/scripts/execute_tests.sh b/tests_e2e/pipeline/scripts/execute_tests.sh index d2d2f874c4..37716ec493 100755 --- a/tests_e2e/pipeline/scripts/execute_tests.sh +++ b/tests_e2e/pipeline/scripts/execute_tests.sh @@ -72,13 +72,17 @@ fi # IP_ADDRESS=$(curl -4 ifconfig.io/ip) +# certificate location in the container +AZURE_CLIENT_CERTIFICATE_PATH="/home/waagent/app/cert.pem" + docker run --rm \ --volume "$BUILD_SOURCESDIRECTORY:/home/waagent/WALinuxAgent" \ --volume "$AGENT_TEMPDIRECTORY"/ssh:/home/waagent/.ssh \ + --volume "$AGENT_TEMPDIRECTORY"/app:/home/waagent/app \ --volume "$LOGS_DIRECTORY":/home/waagent/logs \ --env AZURE_CLIENT_ID \ - --env AZURE_CLIENT_SECRET \ --env AZURE_TENANT_ID \ + --env AZURE_CLIENT_CERTIFICATE_PATH=$AZURE_CLIENT_CERTIFICATE_PATH \ waagenttests.azurecr.io/waagenttests \ bash --login -c \ "lisa \