DEV Community

Cover image for Sftp with Az Devops
Arindam Mitra
Arindam Mitra

Posted on • Edited on

Sftp with Az Devops

#azure #devops #pipelines #community

Greetings to my fellow Technology Advocates and Specialists.

In this Session, I will demonstrate SFTP with Azure DevOps.

I had the Privilege to talk on this topic in ONE Azure Communities:-

NAME OF THE AZURE COMMUNITY TYPE OF SPEAKER SESSION
Festive Tech Calendar 2022 Virtual
LIVE RECORDED SESSIONS:-
LIVE DEMO was Recorded as part of my Presentation in FESTIVE TECH CALENDAR 2022 Forum/Platform
Duration of My Demo = 1 Hour 05 Mins 08 Secs
THIS IS HOW IT LOOKS:-
Image description
AUTOMATION OBJECTIVE:-
Validate if provided Resource Group exists. If Not, Pipeline will FAIL.
Validate if Storage Account exists inside the specified Resource Group. If Not, Pipeline will FAIL.
Validate if Hierarchical Namespace is Enabled in the specified Storage Account. If Not, Pipeline will FAIL.
Validate if Key Vault exists inside the specified Resource Group. If Not, Pipeline will FAIL.
Validate if SFTP is enabled in the specified Storage Account. If No, it will enable SFTP and Proceed to Next Validation. If Yes, It will skip and and Proceed to Next Validation.
Validate if SFTP Local User Home Directory Container exists. If Yes, Pipeline will FAIL.
Validate If SFTP Local User Exists. If Yes, Pipeline will FAIL.
If all of the above validation is SUCCESSFUL, SFTP will be Enabled or Skipped in the Storage Account (Depending upon the Status at the time), Local SSH User will be created and Password will be Generated. Finally, Local SSH Username, Password and Connection String will be stored in Key Vault.
IMPORTANT NOTE:-

The YAML Pipeline is tested on WINDOWS BUILD AGENT Only!!!

REQUIREMENTS:-
  1. Azure Subscription.
  2. Azure DevOps Organisation and Project.
  3. Service Principal with Required RBAC ( Contributor) applied on Subscription or Resource Group(s).
  4. Azure Resource Manager Service Connection in Azure DevOps.
CODE REPOSITORY:-

GitHub logo arindam0310018 / 18-Nov-2022-DevOps__Validate-Enable-SFTP

SFTP WITH AZ DEVOPS

SFTP WITH AZ DEVOPS

Greetings to my fellow Technology Advocates and Specialists.

In this Session, I will demonstrate SFTP with Azure DevOps.

I had the Privilege to talk on this topic in ONE Azure Communities:-

NAME OF THE AZURE COMMUNITY TYPE OF SPEAKER SESSION
Festive Tech Calendar 2022 Virtual
LIVE RECORDED SESSION:-
LIVE DEMO was Recorded as part of my Presentation in FESTIVE TECH CALENDAR 2022 Forum/Platform
Duration of My Demo = 1 Hour 05 Mins 08 Secs
IMAGE ALT TEXT HERE
THIS IS HOW IT LOOKS:-
Image description
AUTOMATION OBJECTIVE:-
Validate if provided Resource Group exists. If Not, Pipeline will FAIL.
Validate if Storage Account exists inside the specified Resource Group. If Not, Pipeline will FAIL.
Validate if Hierarchical Namespace is Enabled in the specified Storage Account. If Not, Pipeline will FAIL.
Validate if Key Vault exists inside the specified Resource Group. If Not, Pipeline will FAIL.
Validate if SFTP is
View on GitHub
HOW DOES MY CODE PLACEHOLDER LOOKS LIKE:-
Image description
PIPELINE CODE SNIPPET:-
AZURE DEVOPS YAML PIPELINE (azure-pipelines-storage-account-enable-sftp-v1.0.yml):- 
trigger: none ###################### #DECLARE PARAMETERS:- ###################### parameters: - name: SUBSCRIPTIONID displayName: Subscription ID Details Follow Below:- type: string default: 210e66cb-55cf-424e-8daa-6cad804ab604 values: - 210e66cb-55cf-424e-8daa-6cad804ab604 - name: RGNAME displayName: Please Provide the Resource Group Name:- type: object default: - name: STORAGEACCOUNTNAME displayName: Please Provide the Storage Account Name:- type: object default: - name: KVNAME displayName: Please Provide the Keyvault Name:- type: object default: - name: SFTP displayName: Enable or Disable SFTP:- type: string default: Enable values: - Enable - name: SFTPUSER displayName: Please Provide the SFTP Username:- type: object default: ###################### #DECLARE VARIABLES:- ###################### variables: ServiceConnection: amcloud-cicd-service-connection BuildAgent: windows-latest Permissions: rwdlc Service: blob SSHPasswd: true ######################### # Declare Build Agents:- ######################### pool: vmImage: $(BuildAgent) ################### # Declare Stages:- ################### stages: - stage: VALIDATE_RG_STORAGE_ACCOUNT_HIERARCHICAL_NAMESPACE_AND_KV jobs: - job: VALIDATE_RG_STORAGE_ACCOUNT_HIERARCHICAL_NAMESPACE_AND_KV displayName: VALIDATE RG STORAGE ACCOUNT HIERARCHICAL_NAMESPACE & KV steps: - task: AzureCLI@2 displayName: SET AZURE ACCOUNT inputs: azureSubscription: $(ServiceConnection) scriptType: ps scriptLocation: inlineScript inlineScript: | az --version az account set --subscription ${{ parameters.SUBSCRIPTIONID }} az account show - task: AzureCLI@2 displayName: VALIDATE RG STORAGE ACCOUNT HIERARCHICAL_NAMESPACE & RG inputs: azureSubscription: $(ServiceConnection) scriptType: ps scriptLocation: inlineScript inlineScript: | $i = az group exists -n ${{ parameters.RGNAME }} if ($i -eq "true") { echo "#####################################################" echo "Resource Group ${{ parameters.RGNAME }} exists!!!" echo "#####################################################" $j = az storage account check-name --name ${{ parameters.STORAGEACCOUNTNAME }} --query "reason" --out tsv if ($j -eq "AlreadyExists") { echo "###################################################################" echo "Storage Account ${{ parameters.STORAGEACCOUNTNAME }} exists!!!" echo "###################################################################" $k = az storage account show -n ${{ parameters.STORAGEACCOUNTNAME }} -g ${{ parameters.RGNAME }} --query [isHnsEnabled] --output tsv if ($k -eq "true") { echo "###################################################################" echo "Storage Account ${{ parameters.STORAGEACCOUNTNAME }} has Hierarchical Namespace Enabled!!!" echo "###################################################################" $l = az keyvault list --resource-group ${{ parameters.RGNAME }} --query [].name -o tsv if ($l -eq "${{ parameters.KVNAME }}") { echo "###################################################################" echo "Key Vault ${{ parameters.KVNAME }} exists!!!" echo "###################################################################" } else { echo "###################################################################################################" echo "Key Vault ${{ parameters.KVNAME }} DOES NOT EXISTS in Resource Group ${{ parameters.RGNAME }}!!!" echo "###################################################################################################" exit 1 } } else { echo "#######################################################################################################################" echo "Storage Account ${{ parameters.STORAGEACCOUNTNAME }} DOES NOT have Hierarchical Namespace Enabled!!!!!!" echo "#######################################################################################################################" exit 1 } } else { echo "#######################################################################################################################" echo "Storage Account ${{ parameters.STORAGEACCOUNTNAME }} DOES NOT EXISTS in Resource Group ${{ parameters.RGNAME }}!!!" echo "#######################################################################################################################" exit 1 } } else { echo "#############################################################" echo "Resource Group ${{ parameters.RGNAME }} DOES NOT EXISTS!!!" echo "#############################################################" exit 1 } - stage: SFTP_ENABLE condition: | and(succeeded(), eq('${{ parameters.SFTP }}', 'Enable') ) jobs: - job: SFTP_ENABLE displayName: ENABLE SFTP & STORE CREDENTIALS IN KV steps: - task: AzureCLI@2 displayName: ENABLE SFTP & STORE CREDENTIALS IN KV inputs: azureSubscription: $(ServiceConnection) scriptType: ps scriptLocation: inlineScript inlineScript: | $i = az storage account show -n ${{ parameters.STORAGEACCOUNTNAME }} -g ${{ parameters.RGNAME }} --query [isSftpEnabled] --output tsv if ($i -eq "false") { az storage account update -n ${{ parameters.STORAGEACCOUNTNAME }} -g ${{ parameters.RGNAME }} --enable-sftp=true echo "#####################################################" echo "SFTP Enabled for Storage Account ${{ parameters.STORAGEACCOUNTNAME }} in the Resource Group ${{ parameters.RGNAME }}!!!" echo "#####################################################" echo "Validating if SFTP Local User Home Directory Exists!!!" echo "#####################################################" $j = az storage container exists --account-name ${{ parameters.STORAGEACCOUNTNAME }} --account-key $(az storage account keys list -g ${{ parameters.RGNAME }} -n ${{ parameters.STORAGEACCOUNTNAME }} --query [0].value -o tsv) --name ${{ parameters.SFTPUSER }}-dir --query "exists" --out tsv if ($j -ne "true") { az storage container create --name ${{ parameters.SFTPUSER }}-dir --account-key $(az storage account keys list -n ${{ parameters.STORAGEACCOUNTNAME }} -g ${{ parameters.RGNAME }} --query [0].value -o tsv) --account-name ${{ parameters.STORAGEACCOUNTNAME }} echo "#####################################################" echo "SFTP User Home Directory Container ${{ parameters.SFTPUSER }}-dir created successfully!!!" echo "#####################################################" echo "Validating if SFTP Local User Exists!!!" echo "#####################################################" $k = az storage account local-user show --account-name ${{ parameters.STORAGEACCOUNTNAME }} -g ${{ parameters.RGNAME }} -n ${{ parameters.SFTPUSER }} --query [name] --output tsv if ($k -ne "${{ parameters.SFTPUSER }}") { az storage account local-user create --account-name ${{ parameters.STORAGEACCOUNTNAME }} -g ${{ parameters.RGNAME }} -n ${{ parameters.SFTPUSER }} --home-directory ${{ parameters.SFTPUSER }}-dir --permission-scope permissions=$(Permissions) service=$(Service) resource-name=${{ parameters.SFTPUSER }}-dir --has-ssh-password $(SSHPasswd) $sftppasswd = az storage account local-user regenerate-password --account-name ${{ parameters.STORAGEACCOUNTNAME }} -g ${{ parameters.RGNAME }} -n ${{ parameters.SFTPUSER }} --query [sshPassword] -o tsv az keyvault secret set --name ${{ parameters.SFTPUSER }}-username --vault-name ${{ parameters.KVNAME }} --value ${{ parameters.SFTPUSER }} az keyvault secret set --name ${{ parameters.SFTPUSER }}-passwd --vault-name ${{ parameters.KVNAME }} --value $sftppasswd az keyvault secret set --name ${{ parameters.SFTPUSER }}-connection-string --vault-name ${{ parameters.KVNAME }} --value "${{ parameters.STORAGEACCOUNTNAME }}.${{ parameters.SFTPUSER }}@${{ parameters.STORAGEACCOUNTNAME }}.blob.core.windows.net" echo "#####################################################" echo "SFTP Local User ${{ parameters.SFTPUSER }} created successfully and Credentials Stored in ${{ parameters.KVNAME }}!!!" echo "#####################################################" } else { echo "#####################################################" echo "SFTP Local User ${{ parameters.SFTPUSER }} already Exists!!!" echo "#####################################################" exit 1 } } else { echo "#####################################################" echo "SFTP User Home Directory Container ${{ parameters.SFTPUSER }}-dir already Exists!!!" echo "#####################################################" exit 1 } } else { echo "#####################################################" echo "SFTP is already Enabled for Storage Account ${{ parameters.STORAGEACCOUNTNAME }} in the Resource Group ${{ parameters.RGNAME }}!!!" echo "#####################################################" $l = az storage container exists --account-name ${{ parameters.STORAGEACCOUNTNAME }} --account-key $(az storage account keys list -g ${{ parameters.RGNAME }} -n ${{ parameters.STORAGEACCOUNTNAME }} --query [0].value -o tsv) --name ${{ parameters.SFTPUSER }}-dir --query "exists" --out tsv if ($l -ne "true") { az storage container create --name ${{ parameters.SFTPUSER }}-dir --account-key $(az storage account keys list -n ${{ parameters.STORAGEACCOUNTNAME }} -g ${{ parameters.RGNAME }} --query [0].value -o tsv) --account-name ${{ parameters.STORAGEACCOUNTNAME }} echo "#####################################################" echo "SFTP User Home Directory Container ${{ parameters.SFTPUSER }}-dir created successfully!!!" echo "#####################################################" echo "Validating if SFTP Local User Exists!!!" echo "#####################################################" $m = az storage account local-user show --account-name ${{ parameters.STORAGEACCOUNTNAME }} -g ${{ parameters.RGNAME }} -n ${{ parameters.SFTPUSER }} --query [name] --output tsv if ($m -ne "${{ parameters.SFTPUSER }}") { az storage account local-user create --account-name ${{ parameters.STORAGEACCOUNTNAME }} -g ${{ parameters.RGNAME }} -n ${{ parameters.SFTPUSER }} --home-directory ${{ parameters.SFTPUSER }}-dir --permission-scope permissions=$(Permissions) service=$(Service) resource-name=${{ parameters.SFTPUSER }}-dir --has-ssh-password $(SSHPasswd) $sftppasswd = az storage account local-user regenerate-password --account-name ${{ parameters.STORAGEACCOUNTNAME }} -g ${{ parameters.RGNAME }} -n ${{ parameters.SFTPUSER }} --query [sshPassword] -o tsv az keyvault secret set --name ${{ parameters.SFTPUSER }}-username --vault-name ${{ parameters.KVNAME }} --value ${{ parameters.SFTPUSER }} az keyvault secret set --name ${{ parameters.SFTPUSER }}-passwd --vault-name ${{ parameters.KVNAME }} --value $sftppasswd az keyvault secret set --name ${{ parameters.SFTPUSER }}-connection-string --vault-name ${{ parameters.KVNAME }} --value "${{ parameters.STORAGEACCOUNTNAME }}.${{ parameters.SFTPUSER }}@${{ parameters.STORAGEACCOUNTNAME }}.blob.core.windows.net" echo "#####################################################" echo "SFTP Local User ${{ parameters.SFTPUSER }} created successfully and Credentials Stored in ${{ parameters.KVNAME }}!!!" echo "#####################################################" } else { echo "#####################################################" echo "SFTP Local User ${{ parameters.SFTPUSER }} already Exists!!!" echo "#####################################################" exit 1 } } else { echo "#####################################################" echo "SFTP User Home Directory Container ${{ parameters.SFTPUSER }}-dir already Exists!!!" echo "#####################################################" exit 1 } }
Enter fullscreen mode Exit fullscreen mode

Now, let me explain each part of YAML Pipeline for better understanding.

PART #1:-
BELOW FOLLOWS PIPELINE RUNTIME VARIABLES CODE SNIPPET:- 
###################### #DECLARE PARAMETERS:- ###################### parameters: - name: SUBSCRIPTIONID displayName: Subscription ID Details Follow Below:- type: string default: 210e66cb-55cf-424e-8daa-6cad804ab604 values: - 210e66cb-55cf-424e-8daa-6cad804ab604 - name: RGNAME displayName: Please Provide the Resource Group Name:- type: object default: - name: STORAGEACCOUNTNAME displayName: Please Provide the Storage Account Name:- type: object default: - name: KVNAME displayName: Please Provide the Keyvault Name:- type: object default: - name: SFTP displayName: Enable or Disable SFTP:- type: string default: Enable values: - Enable - name: SFTPUSER displayName: Please Provide the SFTP Username:- type: object default:
Enter fullscreen mode Exit fullscreen mode
PART #2:-
BELOW FOLLOWS PIPELINE VARIABLES CODE SNIPPET:- 
###################### #DECLARE VARIABLES:- ###################### variables: ServiceConnection: amcloud-cicd-service-connection BuildAgent: windows-latest Permissions: rwdlc Service: blob SSHPasswd: true
Enter fullscreen mode Exit fullscreen mode
NOTE:-
Please change the values of the variables accordingly.
The entire YAML pipeline is build using Runtime Parameters and Variables. No Values are Hardcoded.
PART #3:-
This is a 2 Stage Pipeline:-
STAGE #1 - VALIDATE_RG_STORAGE_ACCOUNT_HIERARCHICAL_NAMESPACE_AND_KV:-
In this Stage, Pipeline will validate Resource Group, Storage Account (With Hierarchal Namespace), and Key Vault. If any one of the Azure Resource is Not Available, Pipeline will FAIL and the Next Stage will get SKIPPED. 
- stage: VALIDATE_RG_STORAGE_ACCOUNT_HIERARCHICAL_NAMESPACE_AND_KV jobs: - job: VALIDATE_RG_STORAGE_ACCOUNT_HIERARCHICAL_NAMESPACE_AND_KV displayName: VALIDATE RG STORAGE ACCOUNT HIERARCHICAL_NAMESPACE & KV steps: - task: AzureCLI@2 displayName: SET AZURE ACCOUNT inputs: azureSubscription: $(ServiceConnection) scriptType: ps scriptLocation: inlineScript inlineScript: | az --version az account set --subscription ${{ parameters.SUBSCRIPTIONID }} az account show - task: AzureCLI@2 displayName: VALIDATE RG STORAGE ACCOUNT HIERARCHICAL_NAMESPACE & RG inputs: azureSubscription: $(ServiceConnection) scriptType: ps scriptLocation: inlineScript inlineScript: | $i = az group exists -n ${{ parameters.RGNAME }} if ($i -eq "true") { echo "#####################################################" echo "Resource Group ${{ parameters.RGNAME }} exists!!!" echo "#####################################################" $j = az storage account check-name --name ${{ parameters.STORAGEACCOUNTNAME }} --query "reason" --out tsv if ($j -eq "AlreadyExists") { echo "###################################################################" echo "Storage Account ${{ parameters.STORAGEACCOUNTNAME }} exists!!!" echo "###################################################################" $k = az storage account show -n ${{ parameters.STORAGEACCOUNTNAME }} -g ${{ parameters.RGNAME }} --query [isHnsEnabled] --output tsv if ($k -eq "true") { echo "###################################################################" echo "Storage Account ${{ parameters.STORAGEACCOUNTNAME }} has Hierarchical Namespace Enabled!!!" echo "###################################################################" $l = az keyvault list --resource-group ${{ parameters.RGNAME }} --query [].name -o tsv if ($l -eq "${{ parameters.KVNAME }}") { echo "###################################################################" echo "Key Vault ${{ parameters.KVNAME }} exists!!!" echo "###################################################################" } else { echo "###################################################################################################" echo "Key Vault ${{ parameters.KVNAME }} DOES NOT EXISTS in Resource Group ${{ parameters.RGNAME }}!!!" echo "###################################################################################################" exit 1 } } else { echo "#######################################################################################################################" echo "Storage Account ${{ parameters.STORAGEACCOUNTNAME }} DOES NOT have Hierarchical Namespace Enabled!!!!!!" echo "#######################################################################################################################" exit 1 } } else { echo "#######################################################################################################################" echo "Storage Account ${{ parameters.STORAGEACCOUNTNAME }} DOES NOT EXISTS in Resource Group ${{ parameters.RGNAME }}!!!" echo "#######################################################################################################################" exit 1 } } else { echo "#############################################################" echo "Resource Group ${{ parameters.RGNAME }} DOES NOT EXISTS!!!" echo "#############################################################" exit 1 }
Enter fullscreen mode Exit fullscreen mode
STAGE #2 - SFTP_ENABLE:-
In this Stage, Pipeline has Conditions in Place.
Condition #1: The Previous Stage has to be Successful.
Condition #2: The User should Select option "Enable". 
- stage: SFTP_ENABLE condition: | and(succeeded(), eq('${{ parameters.SFTP }}', 'Enable') )
Enter fullscreen mode Exit fullscreen mode
BELOW FOLLOWS THE LOGIC DEFINED TO ENABLE SFTP IN STORAGE ACCOUNT AND STORE CREDENTIALS IN THE MENTIONED KEYVAULT:-
Validate if SFTP is enabled in the specified Storage Account. If No, it will enable SFTP and Proceed to Next Validation. If Yes, It will skip and and Proceed to Next Validation.
Validate if SFTP Local User Home Directory Container exists. If Yes, Pipeline will FAIL.
Validate If SFTP Local User Exists. If Yes, Pipeline will FAIL.
If all of the above validation is SUCCESSFUL, SFTP will be Enabled or Skipped in the Storage Account (Depending upon the Status at the time), Local SSH User will be created and Password will be Generated. Finally, Local SSH Username, Password and Connection String will be stored in Key Vault. 
jobs: - job: SFTP_ENABLE displayName: ENABLE SFTP & STORE CREDENTIALS IN KV steps: - task: AzureCLI@2 displayName: ENABLE SFTP & STORE CREDENTIALS IN KV inputs: azureSubscription: $(ServiceConnection) scriptType: ps scriptLocation: inlineScript inlineScript: | $i = az storage account show -n ${{ parameters.STORAGEACCOUNTNAME }} -g ${{ parameters.RGNAME }} --query [isSftpEnabled] --output tsv if ($i -eq "false") { az storage account update -n ${{ parameters.STORAGEACCOUNTNAME }} -g ${{ parameters.RGNAME }} --enable-sftp=true echo "#####################################################" echo "SFTP Enabled for Storage Account ${{ parameters.STORAGEACCOUNTNAME }} in the Resource Group ${{ parameters.RGNAME }}!!!" echo "#####################################################" echo "Validating if SFTP Local User Home Directory Exists!!!" echo "#####################################################" $j = az storage container exists --account-name ${{ parameters.STORAGEACCOUNTNAME }} --account-key $(az storage account keys list -g ${{ parameters.RGNAME }} -n ${{ parameters.STORAGEACCOUNTNAME }} --query [0].value -o tsv) --name ${{ parameters.SFTPUSER }}-dir --query "exists" --out tsv if ($j -ne "true") { az storage container create --name ${{ parameters.SFTPUSER }}-dir --account-key $(az storage account keys list -n ${{ parameters.STORAGEACCOUNTNAME }} -g ${{ parameters.RGNAME }} --query [0].value -o tsv) --account-name ${{ parameters.STORAGEACCOUNTNAME }} echo "#####################################################" echo "SFTP User Home Directory Container ${{ parameters.SFTPUSER }}-dir created successfully!!!" echo "#####################################################" echo "Validating if SFTP Local User Exists!!!" echo "#####################################################" $k = az storage account local-user show --account-name ${{ parameters.STORAGEACCOUNTNAME }} -g ${{ parameters.RGNAME }} -n ${{ parameters.SFTPUSER }} --query [name] --output tsv if ($k -ne "${{ parameters.SFTPUSER }}") { az storage account local-user create --account-name ${{ parameters.STORAGEACCOUNTNAME }} -g ${{ parameters.RGNAME }} -n ${{ parameters.SFTPUSER }} --home-directory ${{ parameters.SFTPUSER }}-dir --permission-scope permissions=$(Permissions) service=$(Service) resource-name=${{ parameters.SFTPUSER }}-dir --has-ssh-password $(SSHPasswd) $sftppasswd = az storage account local-user regenerate-password --account-name ${{ parameters.STORAGEACCOUNTNAME }} -g ${{ parameters.RGNAME }} -n ${{ parameters.SFTPUSER }} --query [sshPassword] -o tsv az keyvault secret set --name ${{ parameters.SFTPUSER }}-username --vault-name ${{ parameters.KVNAME }} --value ${{ parameters.SFTPUSER }} az keyvault secret set --name ${{ parameters.SFTPUSER }}-passwd --vault-name ${{ parameters.KVNAME }} --value $sftppasswd az keyvault secret set --name ${{ parameters.SFTPUSER }}-connection-string --vault-name ${{ parameters.KVNAME }} --value "${{ parameters.STORAGEACCOUNTNAME }}.${{ parameters.SFTPUSER }}@${{ parameters.STORAGEACCOUNTNAME }}.blob.core.windows.net" echo "#####################################################" echo "SFTP Local User ${{ parameters.SFTPUSER }} created successfully and Credentials Stored in ${{ parameters.KVNAME }}!!!" echo "#####################################################" } else { echo "#####################################################" echo "SFTP Local User ${{ parameters.SFTPUSER }} already Exists!!!" echo "#####################################################" exit 1 } } else { echo "#####################################################" echo "SFTP User Home Directory Container ${{ parameters.SFTPUSER }}-dir already Exists!!!" echo "#####################################################" exit 1 } } else { echo "#####################################################" echo "SFTP is already Enabled for Storage Account ${{ parameters.STORAGEACCOUNTNAME }} in the Resource Group ${{ parameters.RGNAME }}!!!" echo "#####################################################" $l = az storage container exists --account-name ${{ parameters.STORAGEACCOUNTNAME }} --account-key $(az storage account keys list -g ${{ parameters.RGNAME }} -n ${{ parameters.STORAGEACCOUNTNAME }} --query [0].value -o tsv) --name ${{ parameters.SFTPUSER }}-dir --query "exists" --out tsv if ($l -ne "true") { az storage container create --name ${{ parameters.SFTPUSER }}-dir --account-key $(az storage account keys list -n ${{ parameters.STORAGEACCOUNTNAME }} -g ${{ parameters.RGNAME }} --query [0].value -o tsv) --account-name ${{ parameters.STORAGEACCOUNTNAME }} echo "#####################################################" echo "SFTP User Home Directory Container ${{ parameters.SFTPUSER }}-dir created successfully!!!" echo "#####################################################" echo "Validating if SFTP Local User Exists!!!" echo "#####################################################" $m = az storage account local-user show --account-name ${{ parameters.STORAGEACCOUNTNAME }} -g ${{ parameters.RGNAME }} -n ${{ parameters.SFTPUSER }} --query [name] --output tsv if ($m -ne "${{ parameters.SFTPUSER }}") { az storage account local-user create --account-name ${{ parameters.STORAGEACCOUNTNAME }} -g ${{ parameters.RGNAME }} -n ${{ parameters.SFTPUSER }} --home-directory ${{ parameters.SFTPUSER }}-dir --permission-scope permissions=$(Permissions) service=$(Service) resource-name=${{ parameters.SFTPUSER }}-dir --has-ssh-password $(SSHPasswd) $sftppasswd = az storage account local-user regenerate-password --account-name ${{ parameters.STORAGEACCOUNTNAME }} -g ${{ parameters.RGNAME }} -n ${{ parameters.SFTPUSER }} --query [sshPassword] -o tsv az keyvault secret set --name ${{ parameters.SFTPUSER }}-username --vault-name ${{ parameters.KVNAME }} --value ${{ parameters.SFTPUSER }} az keyvault secret set --name ${{ parameters.SFTPUSER }}-passwd --vault-name ${{ parameters.KVNAME }} --value $sftppasswd az keyvault secret set --name ${{ parameters.SFTPUSER }}-connection-string --vault-name ${{ parameters.KVNAME }} --value "${{ parameters.STORAGEACCOUNTNAME }}.${{ parameters.SFTPUSER }}@${{ parameters.STORAGEACCOUNTNAME }}.blob.core.windows.net" echo "#####################################################" echo "SFTP Local User ${{ parameters.SFTPUSER }} created successfully and Credentials Stored in ${{ parameters.KVNAME }}!!!" echo "#####################################################" } else { echo "#####################################################" echo "SFTP Local User ${{ parameters.SFTPUSER }} already Exists!!!" echo "#####################################################" exit 1 } } else { echo "#####################################################" echo "SFTP User Home Directory Container ${{ parameters.SFTPUSER }}-dir already Exists!!!" echo "#####################################################" exit 1 } }
Enter fullscreen mode Exit fullscreen mode

NOW ITS TIME TO TEST !!!...

TEST CASES:-
TEST CASE #1: VALIDATE RESOURCE GROUP, STORAGE ACCOUNT (WITH HIERARCHICAL NAMESPACE) AND KEY VAULT:-
DESIRED OUTPUT: PIPELINE FAILS WHEN RESOURCE GROUP DOES NOT EXISTS.
Image description
Image description
Image description
DESIRED OUTPUT: PIPELINE FAILS WHEN STORAGE ACCOUNT DOES NOT EXISTS.
Image description
Image description
Image description
DESIRED OUTPUT: PIPELINE FAILS WHEN STORAGE ACCOUNT DOES NOT HAVE HIERARCHICAL NAMESPACE ENABLED.
Image description
Image description
Image description
DESIRED OUTPUT: PIPELINE FAILS WHEN KEY VAULT DOES NOT EXISTS.
Image description
Image description
Image description
TEST CASE #2: SFTP NOT ENABLED, LOCAL SSH USER AND HOME DIRECTORY CONTAINER DOES NOT EXISTS:-
Image description
Image description
DESIRED OUTPUT: SFTP IS ENABLED. LOCAL USER IS CREATED WITH HOME DIRECTORY CONTAINER. PASSWORD GENERATED. ALL CREDENTIALS STORED IN KEY VAULT.
Image description
Image description
Image description
Image description
Image description
Image description
TEST CASE #3: SFTP ALREADY ENABLED. LOCAL SSH USER DOES NOT EXISTS BUT PREVIOUSLY CREATED LOCAL SSH USER`S HOME DIRECTORY CONTAINER ALREADY EXISTS:-
Image description
Image description
DESIRED OUTPUT: PIPELINE FAILS. LOCAL SSH USER CREATED PREVIOUSLY WAS DELETED BUT HOME DIRECTORY STILL EXISTS
Image description
Image description
Image description
TEST CASE #4: SFTP ENABLED, LOCAL SSH USER ALREADY EXISTS:-
Image description
DESIRED OUTPUT: PIPELINE FAILS SINCE WE ARE TRYING TO CREATE LOCAL SSH USER WITH SAME NAME WHICH ALREADY EXISTS
Image description
Image description
Image description
TEST CASE #5: SFTP ENABLED, CREATE NEW ADDITIONAL LOCAL SSH USER AND HOME DIRECTORY CONTAINER:-
Image description
Image description
Image description
DESIRED OUTPUT: ADDITIONAL NEW LOCAL USER IS CREATED WITH HOME DIRECTORY CONTAINER. PASSWORD GENERATED. ALL CREDENTIALS STORED IN KEY VAULT.
Image description
Image description
Image description
Image description
Image description
Image description

Hope You Enjoyed the Session!!!

Stay Safe | Keep Learning | Spread Knowledge

Top comments (0)