Merge pull request #50 from Microsoft/acr-setup-02

Rick Rainey · web-flow · commit 863307da84dd · 2019-04-04T14:22:32.000-05:00
#37 changes requested for automated test in PR #47 (see comments)
diff --git a/README.md b/README.md
@@ -16,7 +16,7 @@ The artifacts used to deploy this project include bash scripts and Terraform tem
     ``` bash
     az login
     ```
-4. Run `acr-sp-init.sh`.  For example, the command below will provdision an Azure Container Registry (ACR) in East US and configure the two service principals in Azure Active Directory; one with AcrPush permission and another with AcrPull permission scoped to the ACR.  The script parameter values are used to construct the name of the resource group, ACR, and service principals.
+4. Run `acr-sp-init.sh`.  For example, the command below will provision an Azure Container Registry (ACR) in East US and configure the two service principals in Azure Active Directory; one with _AcrPush_ permission and another with _AcrPull_ permission scoped to the ACR.  The script parameter values are used to construct the name of the resource group, ACR, and service principals.
 
     ``` bash
     $ ./acr-sp-init.sh -a Cblt -l eastus -s CoreProd
@@ -26,11 +26,13 @@ The artifacts used to deploy this project include bash scripts and Terraform tem
     
 ### Automated Test
 
-The automated test for this setup step is in `./tests/acr-sp-init-test.sh`.  It can be executed at the command line as shown below, or as part of a CI pipeline.
+The automated test for this setup step is in `./tests/acr-sp-init-test.sh`.  It can be executed at the command line as shown below, or as part of a CI pipeline.  If you don't want the test to cleanup resources, then pass the `-n` switch.
 
 ``` bash
 az login
-./tests/acr-sp-init-sh
+
+# Run test and cleanup resources created.
+./tests/acr-sp-init-test.sh
 ```
 
 ## Setup Shared / Core Infrastructure
diff --git a/setup/acr-sp-init.sh b/setup/acr-sp-init.sh
@@ -105,9 +105,27 @@ az group create --name $rgName --location $location
 
 # Create the container registry.
 acrName="${appname}${locationCode}acr${suffix}"
-acrId=$(az acr create --resource-group $rgName --name $acrName --sku Standard --query id)
+acrNameAvailable=$(az acr check-name --name $acrName --query nameAvailable)
+if [[ "$acrNameAvailable" == false ]]; then
+    # Check to see if the ACR is already in the resource group and location we want.
+    # If it is, then we can just continue.  Otherwise, we need to abort.
+    acrLocation=""
+    acrLocation=$(az acr show --name $acrName --resource-group $rgName --query location)
+    acrLocation="${acrLocation//\"}"
+    if [[ -z $acrLocation || $acrLocation != $location ]]; then
+        echo "Container registry '$acrName' already exists but is not in the requested resource group '$rgName' and location '$location'."
+        echo "Modify your script inputs so a unique DNS name can be inferred."
+        exit 1;
+    else
+        echo "Using existing container registry '$acrName' in resource group '$rgName'."
+        acrId=$(az acr show --name $acrName --resource-group $rgName --query id)
+    fi
+else
+    echo "Creating container registry '$acrName' in resource group '$rgName'."
+    acrId=$(az acr create --resource-group $rgName --name $acrName --sku Standard --query id)
+    # ToDo: Should parameterize 'sku' in the future 
+fi
 acrId="${acrId//\"}"
-# ToDo: Should parameterize 'sku' in the future 
 
 # Used to find/create service principals and role assignments to ACR.
 declare -A spAcrNameAndRole=(
diff --git a/tests/acr-sp-init-test.sh b/tests/acr-sp-init-test.sh
@@ -7,48 +7,62 @@ suffix="Cntso Dev"
 
 bash ../setup/acr-sp-init.sh -a $appName -l $location -s "${suffix}"
 
+cleanup=true
+while getopts "n" opt; do
+    case $opt in
+        n)
+            # Don't cleanup test resources.
+            cleanup=false
+            ;;
+    esac
+done
+
 # Expected resource group properties
 rgName="cblt-usea-rg-cntsodev"
 rgLocation="eastus"
-expectedRgValues='['${rgName}','${rgLocation}']'
+expectedRgValues='['\"${rgName}\"','\"${rgLocation}\"']'
 
 # Expected ACR properties
 acrName="cbltuseaacrcntsodev"
 acrLocation="eastus"
-expectedAcrValues='['${acrName}','${acrLocation}']'
+expectedAcrValues='['\"${acrName}\"','\"${acrLocation}\"']'
 
 # Expected service principal properties
 declare -A spAcrNameAndRole=(
     ["http://cblt-usea-sp-cntsodev-pull"]="AcrPull"
     ["http://cblt-usea-sp-cntsodev-push"]="AcrPush"
 )
 
+function assertEqual() {
+   if [[ $# != 3 ]]; then
+       echo "Unexpected number of parameters passed to '$0'."
+       echo "  Parameter 1 - actual value"
+       echo "  Parameter 2 - expected value"
+       echo "  Parameter 3 - description of resource"
+       exit 1;
+   fi
+   
+   if [[ "$1" != "$2" ]]; then
+       echo "Error: Unexpected '$3' values."
+       echo "  Actual value:   '$1'"
+       echo "  Expected value: '$2'"
+       exit 1;
+   fi
+}
+
 # Assertions
+
 # Test resource group
 echo "Testing resource group..."
 resourceValues=$(az group show --name $rgName --query '[name,location]' --output JSON)
 resourceValues=${resourceValues//[[:space:]]/}
-resourceValues=${resourceValues//\"/}
-
-if [[ "$resourceValues" != "$expectedRgValues" ]]; then
-    echo "Error: Unexpected resource group values."
-    echo "  Results returned '${resourceValues}'"
-    echo "          expected '${expectedRgValues}'"
-    exit 1;
-fi
+assertEqual $resourceValues $expectedRgValues "resource group"
 
 # Test ACR
 echo "Testing container registry..."
 resourceValues=$(az acr show --name $acrName --query '[name,location]' --output JSON)
 resourceValues=${resourceValues//[[:space:]]/}
-resourceValues=${resourceValues//\"/}
-
-if [[ "$resourceValues" != "$expectedAcrValues" ]]; then
-    echo "Error: Unexpected container registry values."
-    echo "  Results returned '${resourceValues}'"
-    echo "          expected '${expectedAcrValues}'"
-    exit 1;
-fi
+assertEqual $resourceValues $expectedAcrValues "container registry"
 
 # Test service principals
 echo "Testing service principals..."
@@ -73,26 +87,33 @@ done
 
 echo "Tests passed successfully"
 
-# Clean up tests results
-echo "Cleaning up test resources"
-
-echo "  Cleaning up service principals and role assignments..."
-for spName in ${!spAcrNameAndRole[@]}
-do
-    # Clean up service principals and role assignments
-    spAppId=$(az ad sp show --id ${spName} --query appId)
-    spAppId="${spAppId//\"}"
-    az ad sp delete --id ${spAppId}
-done
-
-# Clean up container registry
-echo "  Cleaning up container registry..."
-az acr delete --name ${acrName}
-
-# Clean up resource group
-echo "  Cleaning up resource group..."
-az group delete --name ${rgName} --yes
-
-
-
-
+# Clean up tests resources
+if [[ "$cleanup" == true ]]; then
+    echo "Cleaning up test resources"
+
+    for spName in ${!spAcrNameAndRole[@]}
+    do
+        # Clean up role assignments
+        echo "  Cleaning up role assignment '${spAcrNameAndRole[$spName]}' to ACR '$acrName' for service principal '$spName'."
+        az role assignment delete --assignee ${spName} --scope ${acrId} --role ${spAcrNameAndRole[$spName]}
+
+        # Clean up service principals if it's mine to delete
+        spAppId=$(az ad sp show --id ${spName} --query appId)
+        spAppId="${spAppId//\"}"
+        spIsMineToDelete=$(az ad sp list --show-mine --query '[].appId | contains(@, `'${spAppId}'`)')
+        if [[ "$spIsMineToDelete" == true ]]; then
+            echo "  Cleaning up service principal '$spName'."
+            az ad sp delete --id $spAppId
+        else
+            echo "  Not cleaning up service principal '$spName' in Azure AD because it belongs to another user."
+        fi 
+    done
+
+    # Clean up container registry
+    echo "  Cleaning up container registry..."
+    az acr delete --name ${acrName}
+
+    # Clean up resource group
+    echo "  Cleaning up resource group..."
+    az group delete --name ${rgName} --yes
+fi
