diff --git a/build/yaml/deployBotResources/common/getAppRegistration.yml b/build/yaml/deployBotResources/common/getAppRegistration.yml index af58e8052..4b9185e3a 100644 --- a/build/yaml/deployBotResources/common/getAppRegistration.yml +++ b/build/yaml/deployBotResources/common/getAppRegistration.yml @@ -41,13 +41,15 @@ steps: failOnStandardError: true scriptLocation: inlineScript inlineScript: | - $secret = New-Object -TypeName psobject - $source = "" + Set-PSDebug -Trace 1; + + $secret = New-Object -TypeName psobject; + $source = ""; $withAppSecret = $true; if("UserAssignedMSI" -eq "${{ parameters.appType }}") { $appId = (az identity show --name "${{ parameters.botName }}${{ parameters.resourceSuffix }}" --resource-group "${{ parameters.sharedResourceGroup }}" | ConvertFrom-Json).clientId; - $secret | Add-Member -MemberType NoteProperty -Name AppId -Value $appId + $secret | Add-Member -MemberType NoteProperty -Name AppId -Value $appId; $source = "UserAssignedMSI ${{ parameters.botName }}${{ parameters.resourceSuffix }}"; $withAppSecret = $false; @@ -56,27 +58,29 @@ steps: $entries = az keyvault secret list --vault-name "${{ parameters.keyVault }}" | ConvertFrom-Json | Where-Object {$_.name -like "${{ parameters.botName }}*"}; foreach ($entry in $entries) { - $secretVault = az keyvault secret show --id $entry.id | ConvertFrom-Json - $secret | Add-Member -MemberType NoteProperty -Name ($secretVault.name -replace "${{ parameters.botName }}", "") -Value "$($secretVault.value)" + $secretVault = az keyvault secret show --id $entry.id | ConvertFrom-Json; + $secret | Add-Member -MemberType NoteProperty -Name ($secretVault.name -replace "${{ parameters.botName }}", "") -Value "$($secretVault.value)"; } } else { - $source = "Pipeline Variables" - $secret | Add-Member -MemberType NoteProperty -Name AppId -Value "${{ parameters.appId }}" - $secret | Add-Member -MemberType NoteProperty -Name AppSecret -Value "${{ parameters.appSecret }}" + $source = "Pipeline Variables"; + $secret | Add-Member -MemberType NoteProperty -Name AppId -Value "${{ parameters.appId }}"; + $secret | Add-Member -MemberType NoteProperty -Name AppSecret -Value "${{ parameters.appSecret }}"; } if ([string]::IsNullOrEmpty($secret.AppId)) { - Write-Host "##vso[task.LogIssue type=error;]AppId is Null or Empty" - Write-Host "##vso[task.complete result=Failed;]DONE" + Write-Host "##vso[task.LogIssue type=error;]AppId is Null or Empty"; + Write-Host "##vso[task.complete result=Failed;]DONE"; } if ($withAppSecret -and [string]::IsNullOrEmpty($secret.AppSecret)) { - Write-Host "##vso[task.LogIssue type=error;]AppSecret is Null or Empty" - Write-Host "##vso[task.complete result=Failed;]DONE" + Write-Host "##vso[task.LogIssue type=error;]AppSecret is Null or Empty"; + Write-Host "##vso[task.complete result=Failed;]DONE"; } Write-Host "Source: $source;" Write-Host "AppId: $($secret.AppId);" - Write-Host "##vso[task.setvariable variable=AppId]$($secret.AppId)" - Write-Host "##vso[task.setvariable variable=AppSecret]$($secret.AppSecret)" + Write-Host "##vso[task.setvariable variable=AppId]$($secret.AppId)"; + Write-Host "##vso[task.setvariable variable=AppSecret]$($secret.AppSecret)"; + + Set-PSDebug -Trace 0; diff --git a/build/yaml/sharedResources/createAppRegistrations.yml b/build/yaml/sharedResources/createAppRegistrations.yml index 8d7b2c1ae..facfb0f81 100644 --- a/build/yaml/sharedResources/createAppRegistrations.yml +++ b/build/yaml/sharedResources/createAppRegistrations.yml @@ -34,6 +34,7 @@ steps: scriptLocation: inlineScript inlineScript: | # Using Microsoft Graph REST API to create App Registrations (https://docs.microsoft.com/en-us/graph/api/application-post-applications) instead of Azure CLI due to Azure Active Directory Graph API has been deprecated and still in a migration process to Microsoft Graph API, more information can be found in this link (https://github.com/Azure/azure-cli/issues/12946). + Set-PSDebug -Trace 1; function GetToken() { # Get Token @@ -41,8 +42,8 @@ steps: $body = @{ grant_type = "client_credentials"; scope = "https://graph.microsoft.com/.default"; - client_id = ${{ parameters.servicePrincipalId }}; - client_secret = ${{ parameters.servicePrincipalKey }}; + client_id = $env:servicePrincipalId; + client_secret = $env:servicePrincipalKey; } Invoke-WebRequest -Uri "https://login.microsoftonline.com/${{ parameters.tenantId }}/oauth2/v2.0/token" -Method "POST" -Body $body | ConvertFrom-Json @@ -130,3 +131,5 @@ steps: SaveAppRegistrationIntoKeyVault "${{ parameters.keyVault }}" $bot.variables $app Write-Host "[$botName] Ending" } + + Set-PSDebug -Trace 0; diff --git a/build/yaml/sharedResources/createSharedResources.yml b/build/yaml/sharedResources/createSharedResources.yml index 188fe3ffe..e21f52793 100644 --- a/build/yaml/sharedResources/createSharedResources.yml +++ b/build/yaml/sharedResources/createSharedResources.yml @@ -84,39 +84,39 @@ stages: displayName: "Create Key Vault and App Registrations" dependsOn: Create_Resource_Group jobs: - - job: Check_Key_Vault_Object_Id - displayName: Check KeyVaultObjectId value - steps: - - checkout: none - - powershell: | - $keyVaultObjectId = '$(INTERNALKEYVAULTOBJECTID)' - if ($keyVaultObjectId -ne '') { - Write-Host "keyVaultObjectId set. The KeyVault and App Registrations will be created." - Write-Host "##vso[task.setvariable variable=createKeyVault;isOutput=true]$true" - } - else { - Write-Host "keyVaultObjectId not set. The KeyVault and App Registrations won't be created." - Write-Host "##vso[task.setvariable variable=createKeyVault;isOutput=true]$false" - } - name: checkKeyVaultObjectIdValue - failOnStderr: true - - - job: Deploy_Key_Vault - displayName: "Deploy Key Vault" - dependsOn: Check_Key_Vault_Object_Id - condition: eq(dependencies.Check_Key_Vault_Object_Id.outputs['checkKeyVaultObjectIdValue.createKeyVault'], true) - steps: - - task: AzureCLI@2 - displayName: "Deploy Key Vault" - inputs: - azureSubscription: $(AZURESUBSCRIPTION) - scriptType: pscore - scriptLocation: inlineScript - inlineScript: "az deployment group create --name $(INTERNALKEYVAULTNAME) --resource-group $(INTERNALRESOURCEGROUPNAME) --template-file build/templates/template-key-vault-resources.json --parameters keyVaultName=$(INTERNALKEYVAULTNAME) objectId=$(INTERNALKEYVAULTOBJECTID)" + # - job: Check_Key_Vault_Object_Id + # displayName: Check KeyVaultObjectId value + # steps: + # - checkout: none + # - powershell: | + # $keyVaultObjectId = '$(INTERNALKEYVAULTOBJECTID)' + # if ($keyVaultObjectId -ne '') { + # Write-Host "keyVaultObjectId set. The KeyVault and App Registrations will be created." + # Write-Host "##vso[task.setvariable variable=createKeyVault;isOutput=true]$true" + # } + # else { + # Write-Host "keyVaultObjectId not set. The KeyVault and App Registrations won't be created." + # Write-Host "##vso[task.setvariable variable=createKeyVault;isOutput=true]$false" + # } + # name: checkKeyVaultObjectIdValue + # failOnStderr: true + + # - job: Deploy_Key_Vault + # displayName: "Deploy Key Vault" + # dependsOn: Check_Key_Vault_Object_Id + # condition: eq(dependencies.Check_Key_Vault_Object_Id.outputs['checkKeyVaultObjectIdValue.createKeyVault'], true) + # steps: + # - task: AzureCLI@2 + # displayName: "Deploy Key Vault" + # inputs: + # azureSubscription: $(AZURESUBSCRIPTION) + # scriptType: pscore + # scriptLocation: inlineScript + # inlineScript: "az deployment group create --name $(INTERNALKEYVAULTNAME) --resource-group $(INTERNALRESOURCEGROUPNAME) --template-file build/templates/template-key-vault-resources.json --parameters keyVaultName=$(INTERNALKEYVAULTNAME) objectId=$(INTERNALKEYVAULTOBJECTID)" - job: Create_App_Registrations displayName: "Create App Registrations" - dependsOn: Deploy_Key_Vault + # dependsOn: Deploy_Key_Vault steps: - checkout: none - template: createAppRegistrations.yml