From 8f7fcf6b2915fc9be647f76f0bed0762f3df8c69 Mon Sep 17 00:00:00 2001 From: Bruce Haley Date: Wed, 24 Aug 2022 17:03:55 -0700 Subject: [PATCH 1/5] Add Set-PSDebug -Trace 1 --- build/yaml/deployBotResources/common/getAppRegistration.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/build/yaml/deployBotResources/common/getAppRegistration.yml b/build/yaml/deployBotResources/common/getAppRegistration.yml index af58e8052..72dc4f224 100644 --- a/build/yaml/deployBotResources/common/getAppRegistration.yml +++ b/build/yaml/deployBotResources/common/getAppRegistration.yml @@ -41,6 +41,8 @@ steps: failOnStandardError: true scriptLocation: inlineScript inlineScript: | + Set-PSDebug -Trace 1; + $secret = New-Object -TypeName psobject $source = "" $withAppSecret = $true; @@ -80,3 +82,5 @@ steps: Write-Host "##vso[task.setvariable variable=AppId]$($secret.AppId)" Write-Host "##vso[task.setvariable variable=AppSecret]$($secret.AppSecret)" + + Set-PSDebug -Trace 0; From 7332149cecb1afe6daf4f30c3b1034f44ea07d9d Mon Sep 17 00:00:00 2001 From: Bruce Haley Date: Wed, 24 Aug 2022 17:07:06 -0700 Subject: [PATCH 2/5] Add ";" to line ends --- .../common/getAppRegistration.yml | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/build/yaml/deployBotResources/common/getAppRegistration.yml b/build/yaml/deployBotResources/common/getAppRegistration.yml index 72dc4f224..4b9185e3a 100644 --- a/build/yaml/deployBotResources/common/getAppRegistration.yml +++ b/build/yaml/deployBotResources/common/getAppRegistration.yml @@ -43,13 +43,13 @@ steps: inlineScript: | Set-PSDebug -Trace 1; - $secret = New-Object -TypeName psobject - $source = "" + $secret = New-Object -TypeName psobject; + $source = ""; $withAppSecret = $true; if("UserAssignedMSI" -eq "${{ parameters.appType }}") { $appId = (az identity show --name "${{ parameters.botName }}${{ parameters.resourceSuffix }}" --resource-group "${{ parameters.sharedResourceGroup }}" | ConvertFrom-Json).clientId; - $secret | Add-Member -MemberType NoteProperty -Name AppId -Value $appId + $secret | Add-Member -MemberType NoteProperty -Name AppId -Value $appId; $source = "UserAssignedMSI ${{ parameters.botName }}${{ parameters.resourceSuffix }}"; $withAppSecret = $false; @@ -58,29 +58,29 @@ steps: $entries = az keyvault secret list --vault-name "${{ parameters.keyVault }}" | ConvertFrom-Json | Where-Object {$_.name -like "${{ parameters.botName }}*"}; foreach ($entry in $entries) { - $secretVault = az keyvault secret show --id $entry.id | ConvertFrom-Json - $secret | Add-Member -MemberType NoteProperty -Name ($secretVault.name -replace "${{ parameters.botName }}", "") -Value "$($secretVault.value)" + $secretVault = az keyvault secret show --id $entry.id | ConvertFrom-Json; + $secret | Add-Member -MemberType NoteProperty -Name ($secretVault.name -replace "${{ parameters.botName }}", "") -Value "$($secretVault.value)"; } } else { - $source = "Pipeline Variables" - $secret | Add-Member -MemberType NoteProperty -Name AppId -Value "${{ parameters.appId }}" - $secret | Add-Member -MemberType NoteProperty -Name AppSecret -Value "${{ parameters.appSecret }}" + $source = "Pipeline Variables"; + $secret | Add-Member -MemberType NoteProperty -Name AppId -Value "${{ parameters.appId }}"; + $secret | Add-Member -MemberType NoteProperty -Name AppSecret -Value "${{ parameters.appSecret }}"; } if ([string]::IsNullOrEmpty($secret.AppId)) { - Write-Host "##vso[task.LogIssue type=error;]AppId is Null or Empty" - Write-Host "##vso[task.complete result=Failed;]DONE" + Write-Host "##vso[task.LogIssue type=error;]AppId is Null or Empty"; + Write-Host "##vso[task.complete result=Failed;]DONE"; } if ($withAppSecret -and [string]::IsNullOrEmpty($secret.AppSecret)) { - Write-Host "##vso[task.LogIssue type=error;]AppSecret is Null or Empty" - Write-Host "##vso[task.complete result=Failed;]DONE" + Write-Host "##vso[task.LogIssue type=error;]AppSecret is Null or Empty"; + Write-Host "##vso[task.complete result=Failed;]DONE"; } Write-Host "Source: $source;" Write-Host "AppId: $($secret.AppId);" - Write-Host "##vso[task.setvariable variable=AppId]$($secret.AppId)" - Write-Host "##vso[task.setvariable variable=AppSecret]$($secret.AppSecret)" + Write-Host "##vso[task.setvariable variable=AppId]$($secret.AppId)"; + Write-Host "##vso[task.setvariable variable=AppSecret]$($secret.AppSecret)"; Set-PSDebug -Trace 0; From 1e6c57f7fa75dea691c9b805c183a51e8a076cee Mon Sep 17 00:00:00 2001 From: Bruce Haley Date: Wed, 24 Aug 2022 18:13:42 -0700 Subject: [PATCH 3/5] Disable Deploy Key Vault --- .../sharedResources/createSharedResources.yml | 60 +++++++++---------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/build/yaml/sharedResources/createSharedResources.yml b/build/yaml/sharedResources/createSharedResources.yml index 188fe3ffe..e21f52793 100644 --- a/build/yaml/sharedResources/createSharedResources.yml +++ b/build/yaml/sharedResources/createSharedResources.yml @@ -84,39 +84,39 @@ stages: displayName: "Create Key Vault and App Registrations" dependsOn: Create_Resource_Group jobs: - - job: Check_Key_Vault_Object_Id - displayName: Check KeyVaultObjectId value - steps: - - checkout: none - - powershell: | - $keyVaultObjectId = '$(INTERNALKEYVAULTOBJECTID)' - if ($keyVaultObjectId -ne '') { - Write-Host "keyVaultObjectId set. The KeyVault and App Registrations will be created." - Write-Host "##vso[task.setvariable variable=createKeyVault;isOutput=true]$true" - } - else { - Write-Host "keyVaultObjectId not set. The KeyVault and App Registrations won't be created." - Write-Host "##vso[task.setvariable variable=createKeyVault;isOutput=true]$false" - } - name: checkKeyVaultObjectIdValue - failOnStderr: true - - - job: Deploy_Key_Vault - displayName: "Deploy Key Vault" - dependsOn: Check_Key_Vault_Object_Id - condition: eq(dependencies.Check_Key_Vault_Object_Id.outputs['checkKeyVaultObjectIdValue.createKeyVault'], true) - steps: - - task: AzureCLI@2 - displayName: "Deploy Key Vault" - inputs: - azureSubscription: $(AZURESUBSCRIPTION) - scriptType: pscore - scriptLocation: inlineScript - inlineScript: "az deployment group create --name $(INTERNALKEYVAULTNAME) --resource-group $(INTERNALRESOURCEGROUPNAME) --template-file build/templates/template-key-vault-resources.json --parameters keyVaultName=$(INTERNALKEYVAULTNAME) objectId=$(INTERNALKEYVAULTOBJECTID)" + # - job: Check_Key_Vault_Object_Id + # displayName: Check KeyVaultObjectId value + # steps: + # - checkout: none + # - powershell: | + # $keyVaultObjectId = '$(INTERNALKEYVAULTOBJECTID)' + # if ($keyVaultObjectId -ne '') { + # Write-Host "keyVaultObjectId set. The KeyVault and App Registrations will be created." + # Write-Host "##vso[task.setvariable variable=createKeyVault;isOutput=true]$true" + # } + # else { + # Write-Host "keyVaultObjectId not set. The KeyVault and App Registrations won't be created." + # Write-Host "##vso[task.setvariable variable=createKeyVault;isOutput=true]$false" + # } + # name: checkKeyVaultObjectIdValue + # failOnStderr: true + + # - job: Deploy_Key_Vault + # displayName: "Deploy Key Vault" + # dependsOn: Check_Key_Vault_Object_Id + # condition: eq(dependencies.Check_Key_Vault_Object_Id.outputs['checkKeyVaultObjectIdValue.createKeyVault'], true) + # steps: + # - task: AzureCLI@2 + # displayName: "Deploy Key Vault" + # inputs: + # azureSubscription: $(AZURESUBSCRIPTION) + # scriptType: pscore + # scriptLocation: inlineScript + # inlineScript: "az deployment group create --name $(INTERNALKEYVAULTNAME) --resource-group $(INTERNALRESOURCEGROUPNAME) --template-file build/templates/template-key-vault-resources.json --parameters keyVaultName=$(INTERNALKEYVAULTNAME) objectId=$(INTERNALKEYVAULTOBJECTID)" - job: Create_App_Registrations displayName: "Create App Registrations" - dependsOn: Deploy_Key_Vault + # dependsOn: Deploy_Key_Vault steps: - checkout: none - template: createAppRegistrations.yml From 41ea92f2c9c5743d1b0649b7a3926ea553216788 Mon Sep 17 00:00:00 2001 From: Bruce Haley Date: Thu, 25 Aug 2022 14:54:37 -0700 Subject: [PATCH 4/5] Fix auth for createAppRegistrations.yml --- build/yaml/sharedResources/createAppRegistrations.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build/yaml/sharedResources/createAppRegistrations.yml b/build/yaml/sharedResources/createAppRegistrations.yml index 8d7b2c1ae..992e48266 100644 --- a/build/yaml/sharedResources/createAppRegistrations.yml +++ b/build/yaml/sharedResources/createAppRegistrations.yml @@ -41,8 +41,8 @@ steps: $body = @{ grant_type = "client_credentials"; scope = "https://graph.microsoft.com/.default"; - client_id = ${{ parameters.servicePrincipalId }}; - client_secret = ${{ parameters.servicePrincipalKey }}; + client_id = $env:servicePrincipalId; + client_secret = $env:servicePrincipalKey; } Invoke-WebRequest -Uri "https://login.microsoftonline.com/${{ parameters.tenantId }}/oauth2/v2.0/token" -Method "POST" -Body $body | ConvertFrom-Json From 489d565cc3e62816cf93a70cb726401a786dd0ee Mon Sep 17 00:00:00 2001 From: Bruce Haley Date: Fri, 2 Sep 2022 16:01:55 -0700 Subject: [PATCH 5/5] Add trace --- build/yaml/sharedResources/createAppRegistrations.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/build/yaml/sharedResources/createAppRegistrations.yml b/build/yaml/sharedResources/createAppRegistrations.yml index 992e48266..facfb0f81 100644 --- a/build/yaml/sharedResources/createAppRegistrations.yml +++ b/build/yaml/sharedResources/createAppRegistrations.yml @@ -34,6 +34,7 @@ steps: scriptLocation: inlineScript inlineScript: | # Using Microsoft Graph REST API to create App Registrations (https://docs.microsoft.com/en-us/graph/api/application-post-applications) instead of Azure CLI due to Azure Active Directory Graph API has been deprecated and still in a migration process to Microsoft Graph API, more information can be found in this link (https://github.com/Azure/azure-cli/issues/12946). + Set-PSDebug -Trace 1; function GetToken() { # Get Token @@ -130,3 +131,5 @@ steps: SaveAppRegistrationIntoKeyVault "${{ parameters.keyVault }}" $bot.variables $app Write-Host "[$botName] Ending" } + + Set-PSDebug -Trace 0;