Sync eng/common directory with azure-sdk-tools for PR 1983 #24000
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
azure-sdk
requested review from
benbp,
danieljurek and
weshaggard
as code owners
azure-sdk
added
Central-EngSys
azure-sdk
force-pushed
the
sync-eng/common-testresources/params-1983
branch
3 times, most recently
from
9128a32
to
705574d
Compare
|
/azp run java - storage - tests |
|
Azure Pipelines successfully started running 1 pipeline(s). |
The focus of these changes is to revise the script to better support use by external contributors and others outside of the Azure SDK ecosystem and without access to the Microsoft AAD Tenant. Changes include: - Creation of a new Test Application service principal is now possible from a non-Microsoft AAD tenant. - When a new Test Application principal is created, the principle of least privilege is now applied; the new Test Application is granted ownership of the resource group associated with the test resources and no longer has access to any other resources in the subscription. - If an existing Test Application principal is specified, it will be assigned ownership of the resource group created. This supports using a Test Application principal without privileges at the subscription-level. - When no provisioner is specified, the script is now executed in the context of the caller rather than the Test Application principal. This supports using a Test Application principal that has restricted privileges and better aligns to the purpose of the Test Application principal. - The `$TestApplicationOid` is now explicitly bound at the time a new Test Application principal is created rather than having to query for it later. - Common error scenarios resulting from lack of permissions now provide messaging with more context of why the failure occurred and suggest remediation. - Added new examples to illustrate the common call patterns needed by external contributors running the script, outside of the Microsoft tenant and Azure SDK ecosystem. - Documentation has been enhanced with additional context to detail the permissions and roles assigned by the script. - Added documentation details for Bicep template use.
Key Vault needs this to deploy Managed HSMs. There's a corresponding change necessary in test-resources.json I'll roll out across languages.
azure-sdk
force-pushed
the
sync-eng/common-testresources/params-1983
branch
from
705574d
to
736f4a1
Compare
jsquire
approved these changes
Sep 13, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Sync eng/common directory with azure-sdk-tools for PR Azure/azure-sdk-tools#1983 See eng/common workflow