Skip to content

Commit

Permalink
Sync eng/common directory with azure-sdk-tools for PR 1983 (Azure#20618)
Browse files Browse the repository at this point in the history 
* Doc Updates and Revisions for External Use

The focus of these changes is to revise the script to better support use
by external contributors and others outside of the Azure SDK ecosystem and
without access to the Microsoft AAD Tenant.

Changes include:

- Creation of a new Test Application service principal is now possible
  from a non-Microsoft AAD tenant.

- When a new Test Application principal is created, the principle of least
  privilege is now applied; the new Test Application is granted ownership
  of the resource group associated with the test resources and no longer
  has access to any other resources in the subscription.

- If an existing Test Application principal is specified, it will be
  assigned ownership of the resource group created.  This supports using
  a Test Application principal without privileges at the subscription-level.

- When no provisioner is specified, the script is now executed in the
  context of the caller rather than the Test Application principal.
  This supports using a Test Application principal that has restricted
  privileges and better aligns to the purpose of the Test Application
  principal.

- The `$TestApplicationOid` is now explicitly bound at the time a new Test
  Application principal is created rather than having to query for it later.

- Common error scenarios resulting from lack of permissions now provide
  messaging with more context of why the failure occurred and suggest
  remediation.

- Added new examples to illustrate the common call patterns needed by
  external contributors running the script, outside of the Microsoft tenant
  and Azure SDK ecosystem.

- Documentation has been enhanced with additional context to detail the
  permissions and roles assigned by the script.

- Added documentation details for Bicep template use.

* Add the provisioner OID to the deployment params

Key Vault needs this to deploy Managed HSMs. There's a corresponding change necessary in test-resources.json I'll roll out across languages.

* Fixing typos and spelling mistakes

Co-authored-by: Jesse Squire <jesse.squire@gmail.com>
Co-authored-by: Heath Stewart <heaths@microsoft.com>
  • Loading branch information
@azure-sdk @jsquire @heaths
3 people committed Sep 13, 2021
1 parent b7b7e36 commit 5450368
Show file tree
Hide file tree
Showing 3 changed files with 376 additions and 115 deletions.
Loading

0 comments on commit 5450368

Please sign in to comment.