diff --git a/src/ALZ/Private/Deploy-Accelerator-Helpers/Invoke-Terraform.ps1 b/src/ALZ/Private/Deploy-Accelerator-Helpers/Invoke-Terraform.ps1 index 3c16a9b..e65ad26 100644 --- a/src/ALZ/Private/Deploy-Accelerator-Helpers/Invoke-Terraform.ps1 +++ b/src/ALZ/Private/Deploy-Accelerator-Helpers/Invoke-Terraform.ps1 @@ -25,6 +25,7 @@ function Invoke-Terraform { if ($PSCmdlet.ShouldProcess("Apply Terraform", "modify")) { # Check and Set Subscription ID + $removeSubscriptionId = $false if($null -eq $env:ARM_SUBSCRIPTION_ID -or $env:ARM_SUBSCRIPTION_ID -eq "") { Write-Verbose "Setting environment variable ARM_SUBSCRIPTION_ID" $subscriptionId = $(az account show --query id -o tsv) @@ -33,6 +34,7 @@ function Invoke-Terraform { return } $env:ARM_SUBSCRIPTION_ID = $subscriptionId + $removeSubscriptionId = $true Write-Verbose "Environment variable ARM_SUBSCRIPTION_ID set to $subscriptionId" } @@ -144,6 +146,11 @@ function Invoke-Terraform { $exitCode = $LASTEXITCODE } + if($removeSubscriptionId) { + Write-Verbose "Removing environment variable ARM_SUBSCRIPTION_ID that was set prior to this run" + Remove-Item $env:ARM_SUBSCRIPTION_ID = $null + } + # Stop and display timer $StopWatch.Stop() if(!$silent) { diff --git a/src/ALZ/Private/Tools/Test-Tooling.ps1 b/src/ALZ/Private/Tools/Test-Tooling.ps1 index 3ddc415..d9da6ed 100644 --- a/src/ALZ/Private/Tools/Test-Tooling.ps1 +++ b/src/ALZ/Private/Tools/Test-Tooling.ps1 @@ -41,36 +41,112 @@ function Test-Tooling { $hasFailure = $true } - # Check if Azure CLI is installed - Write-Verbose "Checking Azure CLI installation" - $azCliPath = Get-Command az -ErrorAction SilentlyContinue - if ($azCliPath) { - $checkResults += @{ - message = "Azure CLI is installed." - result = "Success" + # Check if using Service Principal Auth + Write-Verbose "Checking Azure environment variables" + $nonAzCliEnvVars = @( + "ARM_CLIENT_ID", + "ARM_SUBSCRIPTION_ID", + "ARM_TENANT_ID" + ) + + $envVarsSet = $true + $envVarValid = $true + $envVarUnique = $true + $envVarAtLeastOneSet = $false + $envVarsWithValue = @() + $checkedEnvVars = @() + foreach($envVar in $nonAzCliEnvVars) { + $envVarValue = [System.Environment]::GetEnvironmentVariable($envVar) + if($envVarValue -eq $null -or $envVarValue -eq "" ) { + $envVarsSet = $false + continue } - } else { - $checkResults += @{ - message = "Azure CLI is not installed. Follow the instructions here: https://learn.microsoft.com/en-us/cli/azure/install-azure-cli" - result = "Failure" + $envVarAtLeastOneSet = $true + $envVarsWithValue += $envVar + if($envVarValue -notmatch("^(\{){0,1}[0-9a-fA-F]{8}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{12}(\}){0,1}$")) { + $envVarValid = $false + continue } - $hasFailure = $true + if($checkedEnvVars -contains $envVarValue) { + $envVarUnique = $false + continue + } + $checkedEnvVars += $envVarValue } - # Check if Azure CLI is logged in - Write-Verbose "Checking Azure CLI login status" - $azCliAccount = $(az account show -o json) | ConvertFrom-Json - if ($azCliAccount) { - $checkResults += @{ - message = "Azure CLI is logged in. Tenant ID: $($azCliAccount.tenantId), Subscription: $($azCliAccount.name) ($($azCliAccount.id))" - result = "Success" + if($envVarsSet) { + Write-Verbose "Using Service Principal Authentication, skipping Azure CLI checks" + if($envVarValid -and $envVarUnique) { + $checkResults += @{ + message = "Azure environment variables are set and are valid unique GUIDs." + result = "Success" + } + } + + if(-not $envVarValid) { + $checkResults += @{ + message = "Azure environment variables are set, but are not all valid GUIDs." + result = "Failure" + } + $hasFailure = $true + } + + if (-not $envVarUnique) { + $envVarValidationOutput = "" + foreach($envVar in $nonAzCliEnvVars) { + $envVarValue = [System.Environment]::GetEnvironmentVariable($envVar) + $envVarValidationOutput += " $envVar ($envVarValue)" + } + $checkResults += @{ + message = "Azure environment variables are set, but are not unique GUIDs. There is at least one duplicate:$envVarValidationOutput." + result = "Failure" + } + $hasFailure = $true } } else { - $checkResults += @{ - message = "Azure CLI is not logged in. Please login to Azure CLI using 'az login -t `"00000000-0000-0000-0000-000000000000}`"', replacing the empty GUID with your tenant ID." - result = "Failure" + if($envVarAtLeastOneSet) { + $envVarValidationOutput = "" + foreach($envVar in $envVarsWithValue) { + $envVarValue = [System.Environment]::GetEnvironmentVariable($envVar) + $envVarValidationOutput += " $envVar ($envVarValue)" + } + $checkResults += @{ + message = "At least one environment variable is set, but the other expected environment variables are not set. This could cause Terraform to fail in unexpected ways. Set environment variables:$envVarValidationOutput." + result = "Warning" + } + } + + # Check if Azure CLI is installed + Write-Verbose "Checking Azure CLI installation" + $azCliPath = Get-Command az -ErrorAction SilentlyContinue + if ($azCliPath) { + $checkResults += @{ + message = "Azure CLI is installed." + result = "Success" + } + } else { + $checkResults += @{ + message = "Azure CLI is not installed. Follow the instructions here: https://learn.microsoft.com/en-us/cli/azure/install-azure-cli" + result = "Failure" + } + $hasFailure = $true + } + + # Check if Azure CLI is logged in + Write-Verbose "Checking Azure CLI login status" + $azCliAccount = $(az account show -o json) | ConvertFrom-Json + if ($azCliAccount) { + $checkResults += @{ + message = "Azure CLI is logged in. Tenant ID: $($azCliAccount.tenantId), Subscription: $($azCliAccount.name) ($($azCliAccount.id))" + result = "Success" + } + } else { + $checkResults += @{ + message = "Azure CLI is not logged in. Please login to Azure CLI using 'az login -t `"00000000-0000-0000-0000-000000000000}`"', replacing the empty GUID with your tenant ID." + result = "Failure" + } + $hasFailure = $true } - $hasFailure = $true } # Check if latest ALZ module is installed @@ -96,6 +172,7 @@ function Test-Tooling { switch ($_.result) { 'Success' { $color = "92"; break } 'Failure' { $color = "91"; break } + 'Warning' { $color = "93"; break } default { $color = "0" } } $e = [char]27