Skip to content

Commit

Permalink
[CI] Remove flag -EnableRbacAuthorization and Restore Deleted KVs (#4013
Browse files Browse the repository at this point in the history
)

* Remove flag -EnableRbacAuthorization

* Add commands to restore deleted key vaults
  • Loading branch information
fhibf authored Aug 13, 2024
1 parent 6028ea2 commit ee01474
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 24 deletions.
29 changes: 8 additions & 21 deletions build/jobs/add-aad-test-environment.yml
Original file line number Diff line number Diff line change
Expand Up @@ -36,34 +36,21 @@ steps:
resource = $resource
}
# If a deleted keyvault exists, remove it first
# If a deleted keyvault with purge protection exists, try to restore it.
$environmentName = "$(DeploymentEnvironmentName)".ToLower() -replace "\.", ""
Write-Host "Installed module and set variables"
$vaultName = "${environmentName}-ts"
if (Get-AzKeyVault -VaultName $vaultName -Location "westus" -InRemovedState)
$vaultLocation = "westus"
$vaultResourceGroupName = $ResourceGroupName
if (Get-AzKeyVault -VaultName $vaultName -Location $vaultLocation -InRemovedState)
{
Write-Host "Attempting to delete vault ${vaultName}"
try
{
Remove-AzKeyVault -VaultName $vaultName -InRemovedState -Location "westus" -Force
}
catch
{
if ($_.ErrorDetails -eq "Operation 'DeletedVaultPurge' is not allowed.")
{
# With purge protection enabled, it's impossible to delete a Key Vault before its expiration.
Write-Host "Attempting to restore vault ${vaultName}"
Write-Error "Unable to delete vault ${vaultName}."
Write-Error $_.ErrorDetails
}
else
{
throw $_
}
}
Undo-AzKeyVaultRemoval -VaultName $vaultName -ResourceGroupName $vaultResourceGroupName -Location $vaultLocation -Confirm
Write-Host "KeyVault $vaultName is restored"
}
Write-Host "Cleaned up keyvaults"
Write-Host "Restored keyvaults"
try
{
Expand Down
4 changes: 2 additions & 2 deletions build/jobs/provision-deploy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -95,8 +95,8 @@ jobs:
Write-Host "Check for keyvaults in removed state..."
if (Get-AzKeyVault -VaultName $webAppName -Location $(ResourceGroupRegion) -InRemovedState)
{
Remove-AzKeyVault -VaultName $webAppName -InRemovedState -Location $(ResourceGroupRegion) -Force
Write-Host "Deleted KeyVault in RemovedState."
Undo-AzKeyVaultRemoval -VaultName $webAppName -ResourceGroupName $parameters.resourceGroup -Location $(ResourceGroupRegion) -Confirm
Write-Host "KeyVault $webAppName is restored"
}

Write-Host "Provisioning Resource Group"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ function Add-AadTestAuthEnvironment {

if (!$keyVault) {
Write-Host "Creating keyvault with the name $KeyVaultName"
New-AzKeyVault -VaultName $KeyVaultName -ResourceGroupName $ResourceGroupName -Location $EnvironmentLocation -EnableRbacAuthorization | Out-Null
New-AzKeyVault -VaultName $KeyVaultName -ResourceGroupName $ResourceGroupName -Location $EnvironmentLocation | Out-Null
}

$retryCount = 0
Expand Down

0 comments on commit ee01474

Please sign in to comment.