chore: use new monitor package w/ newly deployed resources (#576)

* chore: deploy test resourcs w/ bicep * pr-fix: use correct parameter default value * pr-fix: remove invalid blank space in job name * pr-fix: use script type 'pscore' * pr-fix: convert from json syntax error * pr-fix: correctly use env vars * pr-fix: correctly use env vars * pr-fix: remove invalid params descriptions * pr-fix: add required location & import app insights module * pr-fix: install az app insights module * pr-fix: correct usage of parameters * pr-fix: pass subscription id * pr-fix: login before creating api key * pr-fix: login before creating api key * pr-fix: correct multiple params * pr-fix: correct multiple params * pr-fix: remove unn login * pr-fix: fix json deserialization + sub id set * pr-fix: correct multiple param pass * pr-fix: remove single quotes from var names * pr-fix: correct var names * pr-fix: correct var names * pr-fix: explicitly set az context * pr-fix: use az cli alternative * pr-fix: install app insights extension * pr-fix: correct variable group name pass in * pr-fix: correct read permissions in command * pr-fix: use correct resource group * pr-temp: write output * pr-fix: use ps for api key * pr-fix: api key description * pr-fix: api permissions * pr-fix: subscription ID * pr-fix: subscription ID * pr-fix: correct json serialization * pr-fix: correct retrieving api key * pr-fix: delete api key if present * pr-fix: show app insights output * pr-fix: upsert api key * pr-fix: only expose properties * pr-fix: add system access token * pr-fix: save secrets in vault * pr-fix: correct back tick * pr-fix: correct back tick * pr-fix: correct secret name * pr-fix: add role assignments to key vault for the service principal * pr-fix: add service principal ID to bicep parameters * pr-fix: add owner role assignment for service principal to rg * pr-fix: resource group deployment * pr-fix: use correct key vault role name * pr-fix: use object id instead * pr-fix: use object id instead * pr-fix: use correct object id * pr-fix: correct secret name * pr-fix: update ci pipeline to use new resources * pr-fix: remove unused additions * pr-fix: add updated integration test run to release pipeline * pr-fix: correct template path * chore: use new monitor package w/ dev tenant resources * pr-fix: use guid for role definition * pr-fix: pass in the key vault name * pr-fix: use guid for role definition * pr-fix: add servie principal to env * pr-fix: use correct syntax * pr-fix: use single vault name * pr-fix: use correct value syntax * pr-fix: use pscal case name * pr-fix: use pascalcase names * pr-fix: use observability prefix * pr-fix: use pacal case * pr-fix: correct replacement variable names * pr-fix: use corect name * pr-fix: use correct var name * pr-fix: move to correct location * pr-fix: move to correct location * pr-fix: correct secret value * pr-fix: use workspace id * pr-fix: var name * pr-fix: pass correct instrumentation key * pr-fix: correct exception message * pr-fix: rename to original class to reduce code changes * pr-fix: minimize trace changes * pr-fix: use original namespace to reduce changes * pr-fix: reduce request, dependency and exception changes * pr-fix: cloud result for lesser changes * pr-fix: place resultcode in request
arcus-azure · Nov 15, 2024 · 69da2f0 · 69da2f0
1 parent 7b36ea9
commit 69da2f0
Show file tree

Hide file tree

Showing 36 changed files with 1,170 additions and 474 deletions.
diff --git a/build/ci-build.yml b/build/ci-build.yml
@@ -18,6 +18,10 @@ parameters:
   - name: 'Package.Version.ManualTrigger'
     type: string
     default: 'preview'
+  - name: azureServiceConnection
+    displayName: 'Azure service connection'
+    type: string
+    default: 'Azure Codit-Arcus Service Principal'
 
 resources:
   repositories:
@@ -27,7 +31,6 @@ resources:
       endpoint: arcus-azure
 
 variables:
-  - group: 'Arcus Observability - Integration Testing'
   - group: 'Arcus - GitHub Package Registry'
   - group: 'Build Configuration'
   - template: ./variables/build.yml
@@ -75,78 +78,27 @@ stages:
     dependsOn: Build
     condition: succeeded()
     jobs:
-      - job: UnitTests
-        displayName: 'Run unit tests'
-        pool:
-          vmImage: '$(Vm.Image)'
-        steps:
-          - task: DownloadPipelineArtifact@2
-            displayName: 'Download build artifacts'
-            inputs:
-              artifact: 'Build'
-              path: '$(Build.SourcesDirectory)'
-          - task: UseDotNet@2
-            displayName: 'Import .NET Core SDK ($(DotNet.Sdk.PreviousVersion))'
-            inputs:
-              packageType: 'sdk'
-              version: '$(DotNet.Sdk.PreviousVersion)'
-          - template: test/run-unit-tests.yml@templates
-            parameters:
-              dotnetSdkVersion: '$(DotNet.Sdk.Version)'
-              includePreviewVersions: $(DotNet.Sdk.IncludePreviewVersions)
-              projectName: '$(Project).Tests.Unit'
+      - template: templates/run-unit-tests.yml
 
   - stage: IntegrationTests
     displayName: Integration Tests
     dependsOn: Build
     condition: succeeded()
     jobs:
-      - job: IntegrationTests
-        displayName: 'Run integration tests'
-        pool:
-          vmImage: '$(Vm.Image)'
-        steps:
-          - task: DownloadPipelineArtifact@2
-            displayName: 'Download build artifacts'
-            inputs:
-              artifact: 'Build'
-              path: '$(Build.SourcesDirectory)'
-          - task: UseDotNet@2
-            displayName: 'Import .NET Core SDK ($(DotNet.Sdk.PreviousVersion))'
-            inputs:
-              packageType: 'sdk'
-              version: '$(DotNet.Sdk.PreviousVersion)'
-          - template: test/run-integration-tests.yml@templates
-            parameters:
-              dotnetSdkVersion: '$(DotNet.Sdk.Version)'
-              includePreviewVersions: $(DotNet.Sdk.IncludePreviewVersions)
-              projectName: '$(Project).Tests.Integration'
-              category: 'Integration'
+      - template: templates/run-self-contained-integration-tests.yml
+        parameters:
+          azureServiceConnection: '${{ parameters.azureServiceConnection }}'
 
   - stage: DockerTests
     displayName: Docker Tests
     dependsOn: Build
     condition: succeeded()
     jobs:
-      - job: DockerTests
-        displayName: 'Run Docker tests'
-        pool:
-          vmImage: '$(Vm.Image)'
-        steps:
-          - task: DownloadPipelineArtifact@2
-            displayName: 'Download build artifacts'
-            inputs:
-              artifact: 'Build'
-              path: '$(Build.SourcesDirectory)'
-          - task: UseDotNet@2
-            displayName: 'Import .NET Core SDK ($(DotNet.Sdk.PreviousVersion))'
-            inputs:
-              packageType: 'sdk'
-              version: '$(DotNet.Sdk.PreviousVersion)'
-          - template: templates/run-docker-integration-tests.yml
-            parameters:
-              dockerProjectName: '$(Project).Tests.Runtimes.AzureFunction'
-              httpPort: '$(AzureFunctions.HttpPort)'
+      - template: templates/run-docker-integration-tests.yml
+        parameters:
+          dockerProjectName: '$(Project).Tests.Runtimes.AzureFunction'
+          httpPort: '$(AzureFunctions.HttpPort)'
+          azureServiceConnection: '${{ parameters.azureServiceConnection }}'
 
   - stage: ReleaseToMyget
     displayName: 'Release to MyGet'

diff --git a/build/deploy-test-resources.yml b/build/deploy-test-resources.yml
@@ -0,0 +1,45 @@
+name: Arcus Observability - Deploy test resources
+
+trigger: none
+pr: none
+
+parameters:
+  - name: azureServiceConnection
+    displayName: 'Azure service connection'
+    type: string
+    default: 'Azure Codit-Arcus Service Principal'
+  - name: resourceGroupName
+    displayName: 'Resource group name'
+    default: arcus-observability-dev-we-rg
+
+variables:
+  - template: ./variables/build.yml
+  - template: ./variables/test.yml
+
+stages:
+  - stage: Deploy
+    jobs:
+      - job: DeployBicep
+        displayName: 'Deploy test resources'
+        pool:
+          vmImage: '$(Vm.Image)'
+        steps:
+          - task: AzureCLI@2
+            env:
+              SYSTEM_ACCESSTOKEN: $(System.AccessToken)
+            inputs:
+              azureSubscription: '${{ parameters.azureServiceConnection }}'
+              addSpnToEnvironment: true
+              scriptType: 'pscore'
+              scriptLocation: 'inlineScript'
+              inlineScript: |
+                $objectId = (az ad sp show --id $env:servicePrincipalId | ConvertFrom-Json).id
+                az deployment sub create `
+                  --location westeurope `
+                  --template-file ./build/templates/deploy-test-resources.bicep `
+                  --parameters location=westeurope `
+                  --parameters resourceGroupName=${{ parameters.resourceGroupName }} `
+                  --parameters instrumentationKey_secretName=${{ variables['Arcus.Observability.ApplicationInsights.InstrumentationKey.SecretName'] }} `
+                  --parameters workspaceId_secretName=${{ variables['Arcus.Observability.LogAnalytics.WorkspaceId.SecretName'] }} `
+                  --parameters keyVaultName=${{ variables['Arcus.Observability.KeyVault.Name'] }} `
+                  --parameters servicePrincipal_objectId=$objectId
diff --git a/build/nuget-release.yml b/build/nuget-release.yml
@@ -6,6 +6,10 @@ pr: none
 parameters:
   - name: 'Package.Version'
     type: 'string'
+  - name: azureServiceConnection
+    displayName: 'Azure service connection'
+    type: string
+    default: 'Azure Codit-Arcus Service Principal'
 
 resources:
   repositories:
@@ -15,7 +19,6 @@ resources:
       endpoint: arcus-azure
 
 variables:
-  - group: 'Arcus Observability - Integration Testing'
   - group: 'Build Configuration'
   - template: ./variables/build.yml
   - template: ./variables/test.yml
@@ -57,78 +60,27 @@ stages:
     dependsOn: Build
     condition: succeeded()
     jobs:
-      - job: UnitTests
-        displayName: 'Run unit tests'
-        pool:
-          vmImage: '$(Vm.Image)'
-        steps:
-          - task: DownloadPipelineArtifact@2
-            displayName: 'Download build artifacts'
-            inputs:
-              artifact: 'Build'
-              path: '$(Build.SourcesDirectory)'
-          - task: UseDotNet@2
-            displayName: 'Import .NET Core SDK ($(DotNet.Sdk.PreviousVersion))'
-            inputs:
-              packageType: 'sdk'
-              version: '$(DotNet.Sdk.PreviousVersion)'
-          - template: test/run-unit-tests.yml@templates
-            parameters:
-              dotnetSdkVersion: '$(DotNet.Sdk.Version)'
-              includePreviewVersions: $(DotNet.Sdk.IncludePreviewVersions)
-              projectName: '$(Project).Tests.Unit'
+      - template: templates/run-unit-tests.yml
 
   - stage: IntegrationTests
     displayName: Integration Tests
     dependsOn: Build
     condition: succeeded()
     jobs:
-      - job: IntegrationTests
-        displayName: 'Run integration tests'
-        pool:
-          vmImage: '$(Vm.Image)'
-        steps:
-          - task: DownloadPipelineArtifact@2
-            displayName: 'Download build artifacts'
-            inputs:
-              artifact: 'Build'
-              path: '$(Build.SourcesDirectory)'
-          - task: UseDotNet@2
-            displayName: 'Import .NET Core SDK ($(DotNet.Sdk.PreviousVersion))'
-            inputs:
-              packageType: 'sdk'
-              version: '$(DotNet.Sdk.PreviousVersion)'
-          - template: test/run-integration-tests.yml@templates
-            parameters:
-              dotnetSdkVersion: '$(DotNet.Sdk.Version)'
-              includePreviewVersions: $(DotNet.Sdk.IncludePreviewVersions)
-              projectName: '$(Project).Tests.Integration'
-              category: 'Integration'
+      - template: templates/run-self-contained-integration-tests.yml
+        parameters:
+          azureServiceConnection: '${{ parameters.azureServiceConnection }}'
 
   - stage: DockerTests
     displayName: Docker Tests
     dependsOn: Build
     condition: succeeded()
     jobs:
-      - job: DockerTests
-        displayName: 'Run Docker tests'
-        pool:
-          vmImage: '$(Vm.Image)'
-        steps:
-          - task: DownloadPipelineArtifact@2
-            displayName: 'Download build artifacts'
-            inputs:
-              artifact: 'Build'
-              path: '$(Build.SourcesDirectory)'
-          - task: UseDotNet@2
-            displayName: 'Import .NET Core SDK ($(DotNet.Sdk.PreviousVersion))'
-            inputs:
-              packageType: 'sdk'
-              version: '$(DotNet.Sdk.PreviousVersion)'
-          - template: templates/run-docker-integration-tests.yml
-            parameters:
-              dockerProjectName: '$(Project).Tests.Runtimes.AzureFunction'
-              httpPort: '$(AzureFunctions.HttpPort)'
+      - template: templates/run-docker-integration-tests.yml
+        parameters:
+          dockerProjectName: '$(Project).Tests.Runtimes.AzureFunction'
+          httpPort: '$(AzureFunctions.HttpPort)'
+          azureServiceConnection: '${{ parameters.azureServiceConnection }}'
 
   - stage: Release
     displayName: 'Release to NuGet.org'

diff --git a/build/templates/deploy-test-resources.bicep b/build/templates/deploy-test-resources.bicep
@@ -0,0 +1,90 @@
+// Define the location for the deployment of the components.
+param location string
+
+// Define the name of the resource group where the components will be deployed.
+param resourceGroupName string
+
+// Define the name of the secret that will store the Application Insights Instrumentation Key.
+param instrumentationKey_secretName string
+
+// Define the name of the secret that will store the Application Insights workspace resource ID.
+param workspaceId_secretName string
+
+// Define the name of the Key Vault.
+param keyVaultName string
+
+// Define the Service Principal ID that needs access full access to the deployed resource group.
+param servicePrincipal_objectId string
+
+targetScope='subscription'
+
+module resourceGroup 'br/public:avm/res/resources/resource-group:0.2.3' = {
+  name: 'resourceGroupDeployment'
+  params: {
+    name: resourceGroupName
+    location: location
+  }
+}
+
+resource rg 'Microsoft.Resources/resourceGroups@2021-04-01' existing = {
+  name: resourceGroupName
+}
+
+module workspace 'br/public:avm/res/operational-insights/workspace:0.3.4' = {
+  name: 'workspaceDeployment'
+  dependsOn: [
+    resourceGroup
+  ]
+  scope: rg
+  params: {
+    name: 'arcus-observability-dev-we-workspace'
+    location: location
+  }
+}
+
+module component 'br/public:avm/res/insights/component:0.3.0' = {
+  name: 'componentDeployment'
+  dependsOn: [
+    resourceGroup
+  ]
+  scope: rg
+  params: {
+    name: 'arcus-observability-dev-we-app-insights'
+    workspaceResourceId: workspace.outputs.resourceId
+    location: location
+    roleAssignments: [
+      {
+        principalId: servicePrincipal_objectId
+        roleDefinitionIdOrName: '73c42c96-874c-492b-b04d-ab87d138a893'
+      }
+    ]
+  }
+}
+
+module vault 'br/public:avm/res/key-vault/vault:0.6.1' = {
+  name: 'vaultDeployment'
+  dependsOn: [
+    resourceGroup
+  ]
+  scope: rg
+  params: {
+    name: keyVaultName
+    location: location
+    roleAssignments: [
+      {
+        principalId: servicePrincipal_objectId
+        roleDefinitionIdOrName: 'Key Vault Secrets officer'
+      }
+    ]
+    secrets: [
+      {
+        name: instrumentationKey_secretName
+        value: component.outputs.instrumentationKey
+      }
+      {
+        name: workspaceId_secretName
+        value: workspace.outputs.logAnalyticsWorkspaceId
+      }
+    ]
+  }
+}
diff --git a/build/templates/import-keyvault-secrets.yml b/build/templates/import-keyvault-secrets.yml
@@ -0,0 +1,31 @@
+parameters:
+  azureServiceConnection: ''
+
+steps:
+  - task: AzureCLI@2
+    displayName: 'Import secrets from Azure Key Vault'
+    inputs:
+      azureSubscription: '${{ parameters.azureServiceConnection }}'
+      addSpnToEnvironment: true
+      scriptType: 'pscore'
+      scriptLocation: 'inlineScript'
+      inlineScript: |
+        Set-PSRepository -Name PSGallery -InstallationPolicy Trusted
+        Install-Module -Name Arcus.Scripting.DevOps -AllowClobber
+
+        Set-AzDevOpsVariable -Name 'Arcus.Observability.TenantId' -Value $env:tenantId
+        Set-AzDevOpsVariable -Name 'Arcus.Observability.ServicePrincipal.ClientId' -Value $env:servicePrincipalId
+        Set-AzDevOpsVariable -Name 'Arcus.Observability.ServicePrincipal.ClientSecret' -Value $env:servicePrincipalKey
+
+        $keyVaultName = $env:ARCUS_OBSERVABILITY_KEYVAULT_NAME
+        Write-Host "Importing secrets from Key Vault: $keyVaultName"
+
+        $instrumentationKey_secretName = $env:ARCUS_OBSERVABILITY_APPLICATIONINSIGHTS_INSTRUMENTATIONKEY_SECRETNAME
+        Write-Host "Importing secret: $instrumentationKey_secretName"
+        $instrumentationKeySecret = az keyvault secret show --name "$instrumentationKey_secretName" --vault-name "$keyVaultName" | ConvertFrom-Json
+        Set-AzDevOpsVariable -AsSecret -Name 'Arcus.Observability.ApplicationInsights.InstrumentationKey' -Value $instrumentationKeySecret.value
+
+        $resourceId_secretName = $env:ARCUS_OBSERVABILITY_LOGANALYTICS_WORKSPACEID_SECRETNAME
+        Write-Host "Importing secret: $resourceId_secretName"
+        $resourceIdSecret = az keyvault secret show --name "$resourceId_secretName" --vault-name "$keyVaultName" | ConvertFrom-Json
+        Set-AzDevOpsVariable -AsSecret -Name 'Arcus.Observability.ApplicationInsights.LogAnalytics.WorkspaceId' -Value $resourceIdSecret.value