Merge pull request #17 from surajssd/add-rg-acr-unique-names

Add unique name generation for ACR & RG
surajssd · Nov 4, 2024 · d9feb79 · d9feb79
2 parents 756666f + 4e4eabd
commit d9feb79
Show file tree

Hide file tree

Showing 4 changed files with 63 additions and 2 deletions.
diff --git a/.env-sample b/.env-sample
@@ -13,10 +13,16 @@ export ARTIFACTS_DIR="${SCRIPT_DIR}/artifacts"
 mkdir -p $ARTIFACTS_DIR
 export SSH_KEY=${ARTIFACTS_DIR}/ssh.pub
 
-export AZURE_RESOURCE_GROUP=""
+# This has to be unique in the subscription, 1-90 chars, underscores, hyphens, periods, parentheses, and letters or digits.
+export AZURE_RESOURCE_GROUP_FILE_NAME="${ARTIFACTS_DIR}/azure-resource-group"
+generate_unique_rg_name "${AZURE_RESOURCE_GROUP_FILE_NAME}"
+export AZURE_RESOURCE_GROUP="$(cat ${AZURE_RESOURCE_GROUP_FILE_NAME})"
+
 # ACR naming convention: https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-name-rules#microsoftcontainerregistry
 # This has to be unique globally, 5-50 alphanumeric characters, lowercase only.
-export AZURE_ACR_NAME=""
+export AZURE_ACR_NAME_FILE_NAME="${ARTIFACTS_DIR}/azure-acr-name"
+generate_unique_acr_name "${AZURE_ACR_NAME_FILE_NAME}"
+export AZURE_ACR_NAME="$(cat ${AZURE_ACR_NAME_FILE_NAME})"
 
 # Figure out which region has the machine availability by running ./find-region-machine-map.sh
 export AZURE_REGION="northeurope"

diff --git a/infra-setup/admin/global-rbac-setup.sh b/infra-setup/admin/global-rbac-setup.sh
@@ -111,6 +111,7 @@ for ((i = 1; i <= NUMBER_OF_AUTO_GEN_USERS; i++)); do
   fi
 
   # Assign Directory Reader role to the user
+  # TODO: May hit this issue on the actual subscription because of the admin permissiosn we have.
   info "Assigning Directory Reader role to ${USER_PRINCIPAL_NAME}"
   ERROR_RESPONSE=$(curl -s -X POST "https://graph.microsoft.com/v1.0/roleManagement/directory/roleAssignments" -H "Authorization : Bearer ${ACCESS_TOKEN}" -H "Content-Type: application/json" -d '{
     "principalId": "'${USER_PRINCIPAL_ID}'",

diff --git a/infra-setup/deploy-aks.sh b/infra-setup/deploy-aks.sh
@@ -39,9 +39,11 @@ AKS_RG="${AZURE_RESOURCE_GROUP}-aks"
 
 info "Creating Resource Group ${AZURE_RESOURCE_GROUP} in region ${AZURE_REGION} ..."
 # TODO: Failure scenario: Two different people create RG with the same name. See if the 2nd person sees failure with actionable message.
+# If this fails the unique name error then update the file artifacts/azure-acr-name
 az group create --name "${AZURE_RESOURCE_GROUP}" \
     --location "${AZURE_REGION}"
 
+# If this fails the unique name error then update the file artifacts/azure-resource-group
 info "Creating Azure Container Registry: ${AZURE_ACR_NAME} ..."
 az acr create \
     --name "${AZURE_ACR_NAME}" \

diff --git a/util/utility.sh b/util/utility.sh
@@ -26,3 +26,55 @@ function generate_ssh_key() {
     info "Generating SSH key..."
     ssh-keygen -t rsa -b 4096 -f "${SSH_KEY%.pub}" -N "" -C "SSH key for CAA AKS cluster"
 }
+
+function generate_unique_rg_name() {
+    local AZURE_RG_FILE="${1}"
+    # if the file already exists then skip
+    if [ -f "${AZURE_RG_FILE}" ]; then
+        warn "Resource Group file: '${AZURE_RG_FILE}' already exists, skipping..."
+        return
+    fi
+
+    # This has to be unique in the subscription, 1-90 chars, underscores,
+    # hyphens, periods, parentheses, and letters or digits.
+    local RG_NAME_PREFIX="rg"
+    local AZURE_USER=$(az account show --query user.name -o tsv)
+
+    # If the user is not logged in $AZURE_USER is empty
+    # And for some reason the env var $USER is empty then use $RANDOM
+    if [ -z "${AZURE_USER}" ] && [ -z "${USER}" ]; then
+        RG_USERNAME=$RANDOM$RANDOM
+    else
+        RG_USERNAME="${AZURE_USER:-$USER}"
+    fi
+    local USER_HASH=$(echo -n "${RG_USERNAME}" | sha256sum | cut -c1-6)
+    local TIMESTAMP=$(date +%s)
+
+    echo "${RG_NAME_PREFIX}-${USER_HASH}-${TIMESTAMP}" | tee "${AZURE_RG_FILE}"
+}
+
+function generate_unique_acr_name() {
+    local AZURE_ACR_FILE="${1}"
+    # if the file already exists then skip
+    if [ -f "${AZURE_ACR_FILE}" ]; then
+        warn "ACR file: '${AZURE_ACR_FILE}' already exists, skipping..."
+        return
+    fi
+
+    # This has to unique globally and 5-50 alphanumeric characters, lowercase
+    # only.
+    local ACR_NAME_PREFIX="acr"
+    local AZURE_USER=$(az account show --query user.name -o tsv)
+
+    # If the user is not logged in $AZURE_USER is empty
+    # And for some reason the env var $USER is empty then use $RANDOM
+    if [ -z "${AZURE_USER}" ] && [ -z "${USER}" ]; then
+        ACR_USERNAME=$RANDOM$RANDOM
+    else
+        ACR_USERNAME="${AZURE_USER:-$USER}"
+    fi
+    local USER_HASH=$(echo -n "${ACR_USERNAME}" | sha256sum | cut -c1-6)
+    local TIMESTAMP=$(date +%s)
+
+    echo "${ACR_NAME_PREFIX}${USER_HASH}${TIMESTAMP}" | tee "${AZURE_ACR_FILE}"
+}