Updates to support https://github.com/microsoft/AzureTRE-Deployment (#…

…2385)

* Updates to support https://github.com/microsoft/AzureTRE-Deployment
* Update paths for `.env` file imports
* Update UI scripts

Makefile

@@ -344,7 +344,7 @@ setup-local-debugging:
 auth:
 	$(call target_title,"Setting up Azure Active Directory") \
 	&& . ${MAKEFILE_DIR}/devops/scripts/check_dependencies.sh nodocker,env \
-	&& . ${MAKEFILE_DIR}/devops/scripts/create_aad_assets.sh
+	&& ${MAKEFILE_DIR}/devops/scripts/create_aad_assets.sh
 
 show-core-output:
 	$(call target_title,"Display TRE core output") \

devops/scripts/aad/create_api_application.sh

@@ -356,7 +356,7 @@ fi
   echo "API_CLIENT_ID=\"${appId}\""
   echo "API_CLIENT_SECRET=\"${spPassword}\""
   echo "SWAGGER_UI_CLIENT_ID=\"${uxAppId}\""
-} >> "$DIR"/../../auth.env
+} >> "devops/auth.env"
 
 if [[ $grantAdminConsent -eq 0 ]]; then
     echo -e "\e[96mNOTE: Make sure the API permissions of the app registrations have admin consent granted."

devops/scripts/aad/create_application_administrator.sh

@@ -156,8 +156,8 @@ if [[ $grantAdminConsent -eq 1 ]]; then
     grant_admin_consent "${spId}" "$msGraphObjectId" "${applicationPermissionId}"
 fi
 
-echo "APPLICATION_ADMIN_CLIENT_ID=\"${appId}\"" > "$DIR"/../../auth.env
-echo "APPLICATION_ADMIN_CLIENT_SECRET=\"${spPassword}\"" >> "$DIR"/../../auth.env
+echo "APPLICATION_ADMIN_CLIENT_ID=\"${appId}\"" > "devops/auth.env"
+echo "APPLICATION_ADMIN_CLIENT_SECRET=\"${spPassword}\"" >> "devops/auth.env"
 
 if [[ $grantAdminConsent -eq 0 ]]; then
     echo "NOTE: Make sure the API permissions of the app registrations have admin consent granted."

devops/scripts/aad/create_automation_administrator.sh

@@ -120,4 +120,4 @@ spPassword=$(create_or_update_service_principal "${appId}" "${resetPassword}")
 {
   echo "TEST_ACCOUNT_CLIENT_ID=\"${appId}\""
   echo "TEST_ACCOUNT_CLIENT_SECRET=\"${spPassword}\""
-} >> "$DIR"/../../auth.env
+} >> "devops/auth.env"

devops/scripts/aad/get_existing_app.sh

@@ -1,7 +1,6 @@
 #!/bin/bash
-set -euo pipefail
-# Use this for debug only
-# set -o xtrace
+
+# This script is designed to be `source`d to create reusable helper functions
 
 function show_existing_app_usage()
 {

devops/scripts/aad/get_msgraph_access.sh

@@ -1,7 +1,6 @@
 #!/bin/bash
-set -euo pipefail
-# Use this for debug only
-# set -o xtrace
+
+# This script is designed to be `source`d to create reusable helper functions
 
 # Magic string for MSGraph
 msGraphAppId="00000003-0000-0000-c000-000000000000"

devops/scripts/aad/grant_admin_consent.sh

@@ -1,7 +1,6 @@
 #!/bin/bash
-set -euo pipefail
-# Use this for debug only
-# set -o xtrace
+
+# This script is designed to be `source`d to create reusable helper functions
 
 # Grants admin consent for the given app permission.
 #

devops/scripts/aad/update_resource_access.sh

@@ -1,7 +1,6 @@
 #!/bin/bash
-set -euo pipefail
-# Use this for debug only
-# set -o xtrace
+
+# This script is designed to be `source`d to create reusable helper functions
 
 # Utility function that retrieves all of the 'requiredResourceAccess' from an application,
 # it then removes any access for a given `resourceAppId`, merges in a new element into the

devops/scripts/aad/wait_for_new_app_registration.sh

@@ -1,7 +1,6 @@
 #!/bin/bash
-set -euo pipefail
-# Use this for debug only
-# set -o xtrace
+
+# This script is designed to be `source`d to create reusable helper functions
 
 # Notes: Before Az CLI 2.37 this would return a json document with .objectId; that is now .id
 

devops/scripts/aad/wait_for_new_service_principal.sh

@@ -1,7 +1,6 @@
 #!/bin/bash
-set -euo pipefail
-# Use this for debug only
-# set -o xtrace
+
+# This script is designed to be `source`d to create reusable helper functions
 
 # This script polls looking for an app registration with the given ID.
 # If after the number of retries no app registration is found, the function exits.

devops/scripts/build_deploy_ui.sh

@@ -3,7 +3,10 @@ set -o errexit
 set -o pipefail
 set -o nounset
 
-pushd ./ui/app
+# Get the directory that this script is in
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+
+pushd "$DIR/../../ui/app"
 
 # replace the values in the config file
 jq --arg rootClientId "${SWAGGER_UI_CLIENT_ID}" \
@@ -18,4 +21,4 @@ yarn build
 
 popd
 
-DIR=./ui/app/build ./devops/scripts/upload_static_web.sh
+CONTENT_DIR="$DIR/../../ui/app/build" "$DIR/upload_static_web.sh"

devops/scripts/check_dependencies.sh

@@ -24,38 +24,38 @@ if [[ "${1:-?}" == *"auth"* ]]; then
   if [ -z "${USE_ENV_VARS_NOT_FILES:-}" ]; then
     # We only do this for local builds
     echo -e "\n\e[96mChecking for Auth setup\e[0m..."
-    if [ ! -f "$DIR"/../auth.env ]; then
+    if [ ! -f "devops/auth.env" ]; then
       echo -e "\e[31m»»» ⚠️ Auth has not been setup! 😥 Please run make auth"
       exit 1
     fi
     set -a
     # shellcheck disable=SC1091
-    . "$DIR/load_env.sh" "$DIR/../auth.env"
+    . "$DIR/load_env.sh" "devops/auth.env"
     # shellcheck disable=SC1091
-    . "$DIR/load_terraform_env.sh" "$DIR/../auth.env"
+    . "$DIR/load_terraform_env.sh" "devops/auth.env"
   fi
 fi
 
 if [[ "${1:-?}" == *"env"* ]]; then
   if [ -z "${USE_ENV_VARS_NOT_FILES:-}" ]; then
     # We only do this for local builds
     echo -e "\n\e[96mLoading local environment variables\e[0m..."
-    if [ ! -f "$DIR"/../.env ]; then
+    if [ ! -f "devops/.env" ]; then
       echo -e "\e[31m»»» ⚠️ Your devops environment has not been setup! 😥 Please create a ./devops/.env file."
       exit 1
     fi
-    if [ ! -f "$DIR"/../../templates/core/.env ]; then
+    if [ ! -f "templates/core/.env" ]; then
       echo -e "\e[31m»»» ⚠️ Your template environment has not been setup! 😥 Please create a ./templates/core/.env file."
       exit 1
     fi
     # shellcheck disable=SC1091
-    . "$DIR/load_env.sh" "$DIR/../.env"
+    . "$DIR/load_env.sh" "devops/.env"
     # shellcheck disable=SC1091
-    . "$DIR/load_terraform_env.sh" "$DIR/../.env"
+    . "$DIR/load_terraform_env.sh" "devops/.env"
     # shellcheck disable=SC1091
-    . "$DIR/load_env.sh" "$DIR/../../templates/core/.env"
+    . "$DIR/load_env.sh" "templates/core/.env"
     # shellcheck disable=SC1091
-    . "$DIR/load_terraform_env.sh" "$DIR/../../templates/core/.env"
+    . "$DIR/load_terraform_env.sh" "templates/core/.env"
   fi
 fi
 

devops/scripts/create_aad_assets.sh

@@ -5,6 +5,9 @@ set -euo pipefail
 
 : "${AAD_TENANT_ID?'You have not set your AAD_TENANT_ID in ./templates/core/.env'}"
 
+# Get the directory that this script is in
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+
 CHANGED_TENANT=0
 LOGGED_IN_TENANT_ID=$(az account show --query tenantId -o tsv)
 
@@ -27,14 +30,14 @@ if [ "${AUTO_WORKSPACE_APP_REGISTRATION:-}" == true ]; then
 fi
 
 # Create the identity that is able to administer other applications
-./devops/scripts/aad/create_application_administrator.sh \
+"$DIR/aad/create_application_administrator.sh" \
   --name "${TRE_ID}" \
   --admin-consent \
   --application-permission "${APPLICATION_PERMISSION}" \
   --reset-password $RESET_PASSWORDS
 
 # Create the identity that is able to automate the testing
-./devops/scripts/aad/create_automation_administrator.sh \
+"$DIR/aad/create_automation_administrator.sh" \
   --name "${TRE_ID}" \
   --reset-password $RESET_PASSWORDS
 
@@ -47,7 +50,7 @@ set -a
 . ./devops/auth.env
 
 # Then register an App for the TRE Core.
-./devops/scripts/aad/create_api_application.sh \
+"$DIR/aad/create_api_application.sh" \
   --name "${TRE_ID}" \
   --tre-url "https://${TRE_ID}.${LOCATION}.cloudapp.azure.com" \
   --admin-consent --automation-clientid "${TEST_ACCOUNT_CLIENT_ID}" \
@@ -62,7 +65,7 @@ if [ "${AUTO_WORKSPACE_APP_REGISTRATION:=false}" == false ]; then
   # shellcheck disable=SC1091
   . ./devops/auth.env
 
-  ./devops/scripts/aad/create_workspace_application.sh \
+  "$DIR/aad/create_workspace_application.sh" \
     --name "${TRE_ID} - workspace 1" \
     --admin-consent \
     --ux-clientid "${SWAGGER_UI_CLIENT_ID}" \

devops/scripts/upload_static_web.sh

@@ -23,14 +23,14 @@ echo "Waiting for network rule to take effect"
 sleep 30s
 echo "Created network rule on storage account"
 
-echo "Uploading ${DIR} to static web storage"
+echo "Uploading ${CONTENT_DIR} to static web storage"
 
 # shellcheck disable=SC2016
 az storage blob upload-batch \
     --account-name "${STORAGE_ACCOUNT}" \
     --auth-mode login \
     --destination '$web' \
-    --source "${DIR}" \
+    --source "${CONTENT_DIR}" \
     --no-progress \
     --only-show-errors \
     --overwrite

devops/terraform/bootstrap.sh

@@ -3,17 +3,20 @@ set -e
 
 # Baseline Azure resources
 echo -e "\n\e[34m»»» 🤖 \e[96mCreating resource group and storage account\e[0m..."
-az group create --resource-group $TF_VAR_mgmt_resource_group_name --location $LOCATION -o table
-az storage account create --resource-group $TF_VAR_mgmt_resource_group_name \
---name $TF_VAR_mgmt_storage_account_name --location $LOCATION \
+# shellcheck disable=SC2154
+az group create --resource-group "$TF_VAR_mgmt_resource_group_name" --location "$LOCATION" -o table
+# shellcheck disable=SC2154
+az storage account create --resource-group "$TF_VAR_mgmt_resource_group_name" \
+--name "$TF_VAR_mgmt_storage_account_name" --location "$LOCATION" \
 --kind StorageV2 --sku Standard_LRS -o table
 
 # Blob container
-SA_KEY=$(az storage account keys list --account-name $TF_VAR_mgmt_storage_account_name --resource-group $TF_VAR_mgmt_resource_group_name --query "[0].value" -o tsv)
-az storage container create --account-name $TF_VAR_mgmt_storage_account_name --name $TF_VAR_terraform_state_container_name --account-key $SA_KEY -o table
+SA_KEY=$(az storage account keys list --account-name "$TF_VAR_mgmt_storage_account_name" --resource-group "$TF_VAR_mgmt_resource_group_name" --query "[0].value" -o tsv)
+# shellcheck disable=SC2154
+az storage container create --account-name "$TF_VAR_mgmt_storage_account_name" --name "$TF_VAR_terraform_state_container_name" --account-key "$SA_KEY" -o table
 
 # logs container
-az storage container create --account-name $TF_VAR_mgmt_storage_account_name --name "tflogs" --account-key $SA_KEY -o table
+az storage container create --account-name "$TF_VAR_mgmt_storage_account_name" --name "tflogs" --account-key "$SA_KEY" -o table
 
 cat > bootstrap_backend.tf <<BOOTSTRAP_BACKEND
 terraform {
@@ -34,6 +37,7 @@ terraform init -input=false -backend=true -reconfigure -upgrade
 # Import the storage account & res group into state
 echo -e "\n\e[34m»»» 📤 \e[96mImporting resources to state\e[0m..."
 if ! terraform state show azurerm_resource_group.mgmt > /dev/null; then
+  echo  "/subscriptions/$ARM_SUBSCRIPTION_ID/resourceGroups/$TF_VAR_mgmt_resource_group_name"
   terraform import azurerm_resource_group.mgmt "/subscriptions/$ARM_SUBSCRIPTION_ID/resourceGroups/$TF_VAR_mgmt_resource_group_name"
 fi