Script Validation for Bash

README.md

@@ -2,40 +2,40 @@
 
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)  
 
-The [Azure Cloud](https://azure.microsoft.com/) developer sandbox solution enables software development for the [OSDU™](https://community.opengroup.org/osdu/platform) data platform. For a fully managed implementation use [Azure Data Manager for Energy](https://azure.microsoft.com/en-us/products/data-manager-for-energy).
+The developer sandbox solution enables software development for the [OSDU™](https://community.opengroup.org/osdu/platform) data platform. 
+> For a fully managed implementation use [Azure Data Manager for Energy](https://azure.microsoft.com/en-us/products/data-manager-for-energy).
 
-Open the solution directly in a Github Codespace or clone it to a local machine.
-
-[![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/azure/osdu-developer)
+Clone the repository to a local machine.
 
 ```bash
 # Clone the repository
 git clone https://github.com/Azure/osdu-developer.git
 ```
 
-## Prerequisites
+Alternatively, use a GitHub Codespace.
 
-An active __Azure Subscription__ is required with the Azure App Configuration data plane permissions of `App Configuration Data Owner` assigned to the user at the subscription as explained [here](https://learn.microsoft.com/en-us/azure/azure-app-configuration/quickstart-deployment-overview?tabs=portal#azure-app-configuration-authorization).
+ [![GitHub Codespace](https://github.com/codespaces/badge.svg)](https://codespaces.new/azure/osdu-developer)
 
+## Prerequisites
+
+> The `App Configuration Data Owner` role __must__ be assigned to the user using this solution at the subscription level. For more information see [documentation](https://learn.microsoft.com/en-us/azure/azure-app-configuration/quickstart-deployment-overview?tabs=portal#azure-app-configuration-authorization).
 
-Local Machine usage requires the following.
 
 - __Shell Requirements__: 
-  - For Windows: PowerShell Core (pwsh) is required. You can download it [here](https://github.com/PowerShell/PowerShell).
-  - For Linux or Mac: A bash POSIX-compliant shell is required.
+  - For Windows: PowerShell Core (pwsh). You can download it [here](https://github.com/PowerShell/PowerShell).
+  - For Linux or Mac: A POSIX-compliant shell (bash/zsh).
+
+- __Visual Studio Code__: Install and configure on your local machine with the [REST Client Extension](https://marketplace.visualstudio.com/items?itemName=humao.rest-client). You can download it [here](https://code.visualstudio.com/download).
 
-- __Azure CLI__: Install and configure on your local machine. You can download it [here](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli).
+- __Azure CLI__: Installed on your local machine. You can download it [here](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli).
 
-- __Azure Developer CLI__: Install and configure on your local machine. You can download it [here](https://learn.microsoft.com/en-us/azure/developer/azure-developer-cli/install-azd).
+- __Azure Developer CLI__: Installed on your local machine. You can download it [here](https://learn.microsoft.com/en-us/azure/developer/azure-developer-cli/install-azd).
 
     ```bash
     # Enable Alpha Feature Resource Group Scoped Deployments
     azd config set alpha.resourceGroupDeployments on
     ```
 
-- __Visual Studio Code__: Install and configure on your local machine with the [REST Client Extension](https://marketplace.visualstudio.com/items?itemName=humao.rest-client). You can download it [here](https://code.visualstudio.com/download).
-
-
 
 ## Setup
 
@@ -45,14 +45,14 @@ Local Machine usage requires the following.
     ```bash
     # Login and set subscription
     az login --scope https://graph.microsoft.com//.default
-    az account set --subscription <your_subscription_id>
     azd auth login
     ```
 
 2. Provision
 
     ```bash    
-    # Provision the solution
+    # Create Environment and provision the solution
+    azd init -e dev # Environment name as desired.
     azd provision
     ```
 
@@ -63,7 +63,7 @@ Local Machine usage requires the following.
     ```bash    
     # Set retrieved authorization code
     azd env set AUTH_CODE <your_auth_code>
-    azd hooks run predeploy
+    azd hooks run token
     ```
 
 4. Cleanup
@@ -95,7 +95,7 @@ azd env set SOFTWARE_BRANCH <your_branch>
 
 ### ARM Template Deployment  (Alternative)
 
-Deploying the resources is also efficient and straightforward using an ARM (Azure Resource Manager) template. While this method utilizes default settings for ease of use, navigating parameter options can be challenging if attempting customizations.
+Deploying the resources is efficient and straightforward using an ARM (Azure Resource Manager) template. While this method utilizes default settings for ease of use, navigating parameter options can be challenging if using customizations.
 
 To facilitate a smooth deployment experience, we provide a "Deploy to Azure" button. Clicking this button will redirect you to the Azure portal, where the ARM template is pre-loaded for your convenience.
 
@@ -106,7 +106,6 @@ The application expects an [OAuth 2.0 and OpenID Connect (OIDC)](https://learn.m
 During the deployment process, identity information is necessary and required to be provided in the deployment form:
 
 - `Email Address`: Specify a valid email address to be used as the first user.
-
 - `Application Client Id`: Specify the Application Client Id. (This is the unique application ID of this application.)
 - `Application Client Secret`: Specify the Application Client Secret. (A valid secret for the application client ID.)
 - `Application Client Principal OID`: Specify the Enterprise Application Object Id. (This is the unique ID of the service principal object associated with the application.)

azure.yaml

@@ -1,4 +1,3 @@
-# yaml-language-server: $schema=https://raw.githubusercontent.com/Azure/azure-dev/main/schemas/v1.0/azure.yaml.json
 
 name: osdu-developer
 metadata:
@@ -9,12 +8,12 @@ infra:
 hooks:
   preprovision:
     posix:
-      interactive: false
+      interactive: true
       continueOnError: false
       shell: sh
       run: ./scripts/hook-preprovision.sh
     windows:
-      interactive: false
+      interactive: true
       continueOnError: false
       shell: pwsh
       run: .\scripts\hook-preprovision.ps1
@@ -31,14 +30,14 @@ hooks:
       shell: pwsh
       run: .\scripts\hook-postprovision.ps1
 
-  predeploy:
+  token:
     posix:
       interactive: false
       continueOnError: false
       shell: sh
-      run: ./scripts/hook-predeploy.sh
+      run: ./scripts/hook-token.sh
     windows:
       interactive: false
       continueOnError: false
       shell: pwsh
-      run: .\scripts\hook-predeploy.ps1
+      run: .\scripts\hook-token.ps1

scripts/Dockerfile-provision

@@ -1,3 +1,4 @@
+# NOTE: Hooks can run in a Docker Container but when using azure CLI has issues with MSAL Token Cache.
 FROM mcr.microsoft.com/azure-cli:latest
 
 # Install OS packages
@@ -20,7 +21,6 @@ RUN pip3 install --no-cache-dir --upgrade pip setuptools wheel httpie \
     && pip3 install --no-cache-dir --force-reinstall pycryptodome
 
 # Copy the script into the container
-COPY functions.sh /usr/local/bin/functions.sh
 COPY hook-postprovision.sh /usr/local/bin/postprovision.sh
 COPY hook-preprovision.sh /usr/local/bin/preprovision.sh
 COPY hook-predeploy.sh /usr/local/bin/predeploy.sh

scripts/hook-postprovision.ps1

@@ -67,8 +67,8 @@ function Check-FluxCompliance {
             Write-Output "Software has been installed."
             break
         } else {
-            Write-Output "Software still installing, retrying in 30 seconds."
-            Start-Sleep -Seconds 30
+            Write-Output "Software still installing, retrying in 1 minute."
+            Start-Sleep -Seconds 60
         }
     }
 

scripts/hook-postprovision.sh

@@ -48,7 +48,7 @@ while getopts ":hs:" opt; do
       exit 0
       ;;
     s )
-      AZURE_SUBSCRIPTION=$OPTARG
+      AZURE_SUBSCRIPTION_ID=$OPTARG
       ;;
     \? )
       echo "Invalid option: -$OPTARG" >&2
@@ -66,22 +66,13 @@ shift $((OPTIND -1))
 
 ###############################
 # Checks
-if [[ -z "$AZURE_SUBSCRIPTION" ]];
+if [[ -z "$AZURE_SUBSCRIPTION_ID" ]];
 then
     echo "Error: You must provide a SubscriptionId" >&2
     print_help
     exit 1
 fi
 
-# Check Azure CLI version.
-REQUIRED_AZ_CLI_VERSION="2.58.0"
-CURRENT_AZ_CLI_VERSION="$(az --version | head -n 1 | awk -F' ' '{print $2}')"
-
-if [[ $(echo -e "$REQUIRED_AZ_CLI_VERSION\n$CURRENT_AZ_CLI_VERSION"|sort -V|head -n1) != $REQUIRED_AZ_CLI_VERSION ]]; then
-  echo "This script requires Azure CLI version $REQUIRED_AZ_CLI_VERSION or higher. You have version $CURRENT_AZ_CLI_VERSION."
-  exit 1
-fi
-
 if [ -z $AZURE_CLIENT_ID ]; then
   echo 'ERROR: AZURE_CLIENT_ID not provided'
   exit 1;
@@ -97,6 +88,9 @@ if [ -z $AKS_NAME ]; then
   exit 1;
 fi
 
+if [ -z $AZURE_CLIENT_OID ]; then
+  AZURE_CLIENT_OID=$(az ad app show --id $AZURE_CLIENT_ID --query id -o tsv | tr -d '\r')
+fi
 
 ###############################
 # Checking Flux Compliance
@@ -105,19 +99,19 @@ echo "Checking Software Installation..."
 # Initialize timer
 end=$((SECONDS+1200))  # 1200 seconds = 20 minutes
 
-# Loop to check Flux compliance every 30 seconds up to 10 minutes
+# Loop to check Flux compliance every minute up to 20 minutes
 while [ $SECONDS -lt $end ]; do
 
-    compliance_state=$(az k8s-configuration flux show -t managedClusters -g $AZURE_RESOURCE_GROUP --cluster-name $AKS_NAME --name flux-system --query 'complianceState' -otsv)
+    compliance_state=$(az k8s-configuration flux show -t managedClusters -g $AZURE_RESOURCE_GROUP --cluster-name $AKS_NAME --name flux-system --query 'complianceState' -o tsv | tr -d '\r')
 
     echo "Current Software State: $compliance_state"
 
     if [ "$compliance_state" == "Compliant" ]; then
         echo "Software has been installed."
         break
     else
-        echo "Software still installing, retrying in 30 seconds."
-        sleep 30
+        echo "Software still installing, retrying in 1 minute."
+        sleep 60
     fi
 done
 
@@ -131,29 +125,29 @@ fi
 redirect_uris=()  # Initialize an empty array to hold the redirect URIs
 
 # Fetch Node Resource Group from AKS Cluster
-node_resource_group=$(az aks show -g $AZURE_RESOURCE_GROUP -n $AKS_NAME --query nodeResourceGroup -o tsv)
+node_resource_group=$(az aks show -g $AZURE_RESOURCE_GROUP -n $AKS_NAME --query nodeResourceGroup -o tsv | tr -d '\r')
 
 # Fetch Public IP Address of the Load Balancer named 'kubernetes'
-public_ip=$(az network public-ip list -g "$node_resource_group" --query "[?contains(name, 'kubernetes')].ipAddress" -otsv)
+public_ip=$(az network public-ip list -g "$node_resource_group" --query "[?contains(name, 'kubernetes')].ipAddress" -o tsv | tr -d '\r')
 if [[ -n $public_ip ]]; then
     echo "Adding Public Web Endpoint: ${public_ip}"
     redirect_uris+=("https://$public_ip/auth/")  # Add public ingress URI
 fi
 azd env set INGRESS_EXTERNAL https://$public_ip/auth/
 
 # Fetch Private IP Address from the Load Balancer named 'kubernetes-internal'
-private_ip=$(az network lb frontend-ip list --lb-name kubernetes-internal -g "$node_resource_group" --query [].privateIPAddress -otsv)
+private_ip=$(az network lb frontend-ip list --lb-name kubernetes-internal -g "$node_resource_group" --query [].privateIPAddress -o tsv | tr -d '\r')
 if [[ -n $private_ip ]]; then
     echo "Adding Private Web Endpoint: ${private_ip}"
     redirect_uris+=("https://$private_ip/auth/")  # Add private ingress URI
 fi
 azd env set INGRESS_INTERNAL https://$private_ip/auth/
 
-_oid=$(az ad app show --id $AZURE_CLIENT_ID --query id -o tsv)
+
 
 # Update Azure AD app only if there are URIs to add
 if [ ${#redirect_uris[@]} -gt 0 ]; then
-    echo "=================================================================="
+    echo -e "\n=================================================================="
     echo "Adding Redirect URIs: ${redirect_uris[@]}"
     echo "=================================================================="
 
@@ -182,12 +176,23 @@ EOF
 )
 
     # Update web and SPA redirect URIs with implicitGrantSettings
+    echo -e "\n=================================================================="
+    echo "Patching AD Application: ${AZURE_CLIENT_OID}"
+    echo "=================================================================="
     az rest \
       --method "PATCH" \
-      --uri "https://graph.microsoft.com/v1.0/applications/${_oid}" \
+      --uri "https://graph.microsoft.com/v1.0/applications/${AZURE_CLIENT_OID}" \
       --headers "Content-Type=application/json" \
       --body "$JSON_PAYLOAD"
 fi
 
 sleep 30
-open "$(azd env get-values | grep INGRESS_EXTERNAL | cut -d'=' -f2 | tr -d ' ')"
+
+URL=$(azd env get-values | grep INGRESS_EXTERNAL | cut -d'=' -f2 | tr -d '"')
+
+if [[ "$(uname)" == "Darwin" ]]; then
+  open "$URL"
+else
+  URL=$(echo "$URL" | sed 's/^https:/http:/')
+  powershell.exe /c start "$URL"
+fi