Sources the configuration variables.
source ./hack/variables.sh
Variable Name | Description |
---|---|
subscription_id |
Used to set the current subscription in setup.sh |
connection_name |
Name of the automation Service Principal |
resource_name |
Name of the initial resources created by setup.py , later also used as a variable for the terraform backend initialization in init.sh via TF_VAR_storage_account_name |
resource_location |
Same as resource_name |
container_name |
Same as resource_name |
Source the variables first source ./hack/variables.sh
.
Make sure jq
is installed (brew install jq
).
- Sets current subscription based on
subscription_id
- Create a service principal
- for executing Github Actions and
- Terraform authenticating using a Service Principal with a Client Secret
- Create a initial resource group
- Create a initial storage account & container
- Create a initial key vault
- Add get, list and set secrets permissions on key vault for service principal
- Set the service principal output details in key vault to configuring the Service Principal in Terraform later. Each secret is named
$connection_name-<JSON_OUTPUT>
, e.g.markwarnekeme-clientId
, see below JSON for reference.
{
"clientId": "<clientId>",
"clientSecret": "<clientSecret>", # pragma: allowlist secret
"subscriptionId": "<subscriptionId>",
"tenantId": "<tenantId>",
"activeDirectoryEndpointUrl": "https://login.microsoftonline.com",
"resourceManagerEndpointUrl": "https://management.azure.com/",
"activeDirectoryGraphResourceId": "https://graph.windows.net/",
"sqlManagementEndpointUrl": "https://management.core.windows.net:8443/",
"galleryEndpointUrl": "https://gallery.azure.com/",
"managementEndpointUrl": "https://management.core.windows.net/"
}
Uses jq -r <JSON_PROPERTY>
to save the values. e.g. to store the clientId
.
clientId=$(echo $spn | jq -r '.clientId') #
After the setup is done successfully. The stored secrets can be fetched using secrets.sh
, make sure to be signed in using the SPN.
This setp is necessary to authenticating using a Service Principal with a Client Secret for Terraform.
source ./hack/variables.sh
source ./hack/secrets.sh
The script outputs it like:
export ARM_CLIENT_ID="00000000-0000-0000-0000-000000000000"
export ARM_CLIENT_SECRET="00000000-0000-0000-0000-000000000000" # pragma: allowlist secret
export ARM_SUBSCRIPTION_ID="00000000-0000-0000-0000-000000000000"
export ARM_TENANT_ID="00000000-0000-0000-0000-000000000000"
runs az login --service-principal
given the variables from variables.sh
.
Sets up flux to current repo.