Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

pipeline additional vars secrs #3155

Merged
merged 16 commits into from
Feb 8, 2024
38 changes: 27 additions & 11 deletions cli/azd/pkg/infra/provisioning/bicep/bicep_provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,10 @@ type BicepProvider struct {
alphaFeatureManager *alpha.FeatureManager
clock clock.Clock
ignoreDeploymentState bool
// compileBicepResult is cached to avoid recompiling the same bicep file multiple times in the same azd run.
vhvb1989 marked this conversation as resolved.
Show resolved Hide resolved
compileBicepMemoryCache *compileBicepResult
vhvb1989 marked this conversation as resolved.
Show resolved Hide resolved
// prevent resolving parameters multiple times in the same azd run.
ensureParamsInMemoryCache azure.ArmParameters
}

var ErrResourceGroupScopeNotSupported = fmt.Errorf(
Expand Down Expand Up @@ -153,6 +157,10 @@ func (p *BicepProvider) EnsureEnv(ctx context.Context) error {
return nil
}

// prompt parameters during initialization and ignore any errors.
// This strategy takes advantage of the bicep compilation from initialization and allows prompting for required inputs
_, _ = p.ensureParameters(ctx, compileResult.Template)

scope, err := compileResult.Template.TargetScope()
if err != nil {
return err
Expand Down Expand Up @@ -351,12 +359,7 @@ func (p *BicepProvider) plan(ctx context.Context) (*deploymentDetails, error) {

// for .bicep, azd must load a parameters.json file and create the ArmParameters
if isBicepFile(modulePath) {
parameters, err := p.loadParameters(ctx)
if err != nil {
return nil, fmt.Errorf("resolving bicep parameters file: %w", err)
}

configuredParameters, err := p.ensureParameters(ctx, compileResult.Template, parameters)
configuredParameters, err := p.ensureParameters(ctx, compileResult.Template)
if err != nil {
return nil, err
}
Expand Down Expand Up @@ -1658,6 +1661,10 @@ type compileBicepResult struct {
func (p *BicepProvider) compileBicep(
ctx context.Context, modulePath string,
) (*compileBicepResult, error) {
if p.compileBicepMemoryCache != nil {
return p.compileBicepMemoryCache, nil
}

var compiled string
var parameters azure.ArmParameters

Expand Down Expand Up @@ -1756,12 +1763,13 @@ func (p *BicepProvider) compileBicep(
}
}
}

return &compileBicepResult{
p.compileBicepMemoryCache = &compileBicepResult{
RawArmTemplate: rawTemplate,
Template: template,
Parameters: parameters,
}, nil
}

return p.compileBicepMemoryCache, nil
}

func combineMetadata(base map[string]json.RawMessage, override map[string]json.RawMessage) map[string]json.RawMessage {
Expand Down Expand Up @@ -1860,8 +1868,16 @@ func (p *BicepProvider) modulePath() string {
func (p *BicepProvider) ensureParameters(
ctx context.Context,
template azure.ArmTemplate,
parameters azure.ArmParameters,
) (azure.ArmParameters, error) {
if p.ensureParamsInMemoryCache != nil {
return p.ensureParamsInMemoryCache, nil
vhvb1989 marked this conversation as resolved.
Show resolved Hide resolved
}

parameters, err := p.loadParameters(ctx)
if err != nil {
return nil, fmt.Errorf("resolving bicep parameters file: %w", err)
}

if len(template.Parameters) == 0 {
return azure.ArmParameters{}, nil
}
Expand Down Expand Up @@ -1963,7 +1979,7 @@ func (p *BicepProvider) ensureParameters(
p.console.Message(ctx, fmt.Sprintf("warning: failed to save configured values: %v", err))
}
}

p.ensureParamsInMemoryCache = maps.Clone(configuredParameters)
return configuredParameters, nil
}

Expand Down
48 changes: 48 additions & 0 deletions cli/azd/pkg/pipeline/pipeline.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,10 @@ package pipeline

import (
"context"
"maps"
"os"
"path/filepath"
"slices"

"github.com/azure/azure-dev/cli/azd/pkg/graphsdk"
"github.com/azure/azure-dev/cli/azd/pkg/infra/provisioning"
Expand Down Expand Up @@ -118,6 +120,52 @@ type CiProvider interface {
) *CredentialOptions
}

type ConfigOptions struct {
Variables []string
Secrets []string
AdditionalVariablesAsSecrets bool
}

// SecretsAndVar returns the list of variables and secrets to be used in the pipeline
// The initial values reference azd known values, which are merged with the ones defined on azure.yaml by the user.
func (c *ConfigOptions) SecretsAndVars(
initialVariables, initialSecrets, env map[string]string) (variables map[string]string, secrets map[string]string) {
variables = maps.Clone(initialVariables)
secrets = maps.Clone(initialSecrets)

// each provider (gh/ado) is setting some variables which we don't want to make them secrets as well when
// AdditionalVariablesAsSecrets is set to true.
// The next list helps to filter out those variables.
// TODO: remove the secret/variables from the providers and make the manager to create the variables and secrets list.
// A provider should only receive the list of variables and secrets to be used in the pipeline.
knownVars := []string{
"AZURE_LOCATION",
"AZURE_ENV_NAME",
"AZURE_SERVICE_CONNECTION",
"AZURE_SUBSCRIPTION_ID",
"AZURE_RESOURCE_GROUP",
"ARM_TENANT_ID",
"RS_RESOURCE_GROUP",
"RS_STORAGE_ACCOUNT",
"RS_CONTAINER_NAME",
}

for key, value := range env {
if slices.Contains(c.Variables, key) {
vhvb1989 marked this conversation as resolved.
Show resolved Hide resolved
variables[key] = value
}
if slices.Contains(c.Secrets, key) {
secrets[key] = value
}
// AdditionalVariablesAsSecrets automatically adds all variables not explicitly defined as secrets
if c.AdditionalVariablesAsSecrets && !slices.Contains(c.Variables, key) && !slices.Contains(knownVars, key) {
secrets[key] = value
}
}

return variables, secrets
}

func folderExists(folderPath string) bool {
if _, err := os.Stat(folderPath); err == nil {
return true
Expand Down
Loading