Update deploy script with presumption of existing service principal

microsoft · rickrain · Mar 27, 2019 · Mar 18, 2019 · Mar 18, 2019 · Mar 18, 2019
commit 43055b126bcf7590b9bd146d104acfcaa28a2b2d
diff --git a/cluster/azure/keyvault/variables.tf b/cluster/azure/keyvault/variables.tf
@@ -16,5 +16,4 @@ variable "resource_group_name" {
 variable "location" {
   description = "The location/region where the core network will be created. The full list of Azure regions can be found at https://azure.microsoft.com/regions"
   type = "string"
-  default = "eastus"
 }
diff --git a/cluster/deploy.sh b/cluster/deploy.sh
@@ -6,102 +6,65 @@ IFS=$'\n\t'
 # -o: prevents errors in a pipeline from being masked
 # IFS new value is less likely to cause confusing bugs when looping arrays or arguments (e.g. $@)
 
-usage() { echo "Usage: $0 -i <subscriptionId> -n <deploymentName> -l <resourceGroupLocation>" 1>&2; exit 1; }
+usage() { echo "Usage: $0 -i <APP_ID> -n <APP_SECRET> -l <TENANT_ID>" 1>&2; exit 1; }
 
-declare SUBSCRIPTION_ID=${SUBSCRIPTION_ID:=""} 
-declare DEPLOYMENT_NAME=${DEPLOYMENT_NAME:=""}
-declare RESOURCE_GROUP_LOCATON=${RESOURCE_GROUP_LOCATON:=""}
-declare DEPLOYMENT_NAME=${DEPLOYMENT_NAME:=""}
-declare DEBUG=false
+declare APP_ID=${APP_ID:=""} 
+declare APP_SECRET=${APP_SECRET:=""}
+declare TENANT_ID=${TENANT_ID:=""}
 
 # Initialize parameters specified from command line
 while getopts ":i:n:l:" arg; do
 	case "${arg}" in
 		i)
-			SUBSCRIPTION_ID=${OPTARG}
+			APP_ID=${OPTARG}
 			;;
 		n)
-			DEPLOYMENT_NAME=${OPTARG}
+			APP_SECRET=${OPTARG}
 			;;
 		l)
-			RESOURCE_GROUP_LOCATON=${OPTARG}
+			TENANT_ID=${OPTARG}
 			;;
 		esac
 done
 shift $((OPTIND-1))
 
 #Prompt for parameters is some required parameters are missing
-if [[ -z "$SUBSCRIPTION_ID" ]]; then
-	echo "Your subscription ID can be looked up with the CLI using: az account show --out json "
-	echo "Enter your subscription ID:"
-	read SUBSCRIPTION_ID
-	[[ "${SUBSCRIPTION_ID:?}" ]]
+if [[ -z "$APP_ID" ]]; then
+	echo "Enter your Application ID:"
+	read APP_ID
+	[[ "${APP_ID:?}" ]]
 fi
 
-if [[ -z "$RESOURCE_GROUP_LOCATON" ]]; then
-	echo "If creating a *new* resource group, you need to set a location "
-	echo "You can lookup locations with the CLI using: az account list-locations "
-
-	echo "Enter resource group location:"
-	read RESOURCE_GROUP_LOCATON
+if [[ -z "$APP_SECRET" ]]; then
+	echo "Enter Application secret:"
+	read APP_SECRET
 fi
 
-if [[ -z "$DEPLOYMENT_NAME" ]]; then
-	echo "Please enter a Deployment Name for your Application"
-	read DEPLOYMENT_NAME
-	[[ "${DEPLOYMENT_NAME:?}" ]]
+if [[ -z "$TENANT_ID" ]]; then
+	echo "Please enter your Tenant ID"
+	read TENANT_ID
+	[[ "${TENANT_ID:?}" ]]
 fi
 
-if [[ -z "$SUBSCRIPTION_ID" ]]; then
-	echo "Either one of subscriptionId or deploymentName is empty"
+if [[ (-z "$APP_ID") && (-z "$APP_SECRET") && (-z "$TENANT_ID") ]]; then
+	echo "Either one of Application ID or Application secret or Tenant ID is empty"
 	usage
 fi
 
-#login to azure using your credentials
+#Login to azure using your credentials
 echo "Login to Azure..."
-(
-    set +x
-	az login
-    accountsetout=`az account set --subscription $SUBSCRIPTION_ID`
-	echo $accountsetout
-    output=`az login --service-principal -u $APP_ID -p $APP_SECRET --tenant $TENANT_ID`
-    # SP_JSON=`az ad sp create-for-rbac --role="Contributor"`
-    # echo $SP_JSON
-    # export SP_NAME=`echo $SP_JSON | jq -r '.name'`
-    # export SP_PASS=`echo $SP_JSON | jq -r '.password'`
-    # export SP_TENANT=`echo $SP_JSON | jq -r '.tenant'`
-    # output=`az login --service-principal -u $SP_NAME -p $SP_PASS --tenant $SP_TENANT`
-	# echo $output
-)
-
-#set the default subscription id
-
+az login --service-principal -u $APP_ID -p $APP_SECRET --tenant $TENANT_ID
 set +e
 
-#Check for existing RG
-# TODO:DELETE az group show --name $resourceGroupName 1> /dev/null
-
-# if [ $? != 0 ]; then
-# 	echo "Resource group with name" $resourceGroupName "could not be found. Creating new resource group.."
-# 	set -e
-# 	(
-# 		set -x
-# 		az group create --name $resourceGroupName --location $resourceGroupLocation 1> /dev/null
-# 	)
-# 	else
-# 	echo "Using existing resource group..."
-# fi
-
 #Start deployment
 echo "Starting deployment..."
 (
 	[ "$DEBUG" == 'true' ] && set -x
     terraform init
     terraform apply
-	# TODO : az group deployment create --name "$DEPLOYMENT_NAME" --resource-group "$resourceGroupName" --template-file "$templateFilePath" #--parameters "@${parametersFilePath}"
 )
 
 if [ $?  == 0 ];
  then
-	echo "Template has been successfully deployed"
+	echo "Terraform Template has been successfully deployed"
 fi