Class: Makit::Azure::Cli

Inherits:

Object

• Object
• Makit::Azure::Cli

Defined in:

lib/makit/azure/cli.rb

Class Method Summary

• .authenticated? ⇒ Boolean

  Check if Azure CLI is authenticated.

• .available? ⇒ Boolean

  Check if Azure CLI is installed.

• .cdn_configured? ⇒ Boolean

  Check if CDN variables are configured.

• .cdn_endpoint_name ⇒ Object

  Get CDN endpoint name from environment variable.

• .cdn_profile_name ⇒ Object

  Get CDN profile name from environment variable.

• .cdn_resource_group ⇒ Object

  Get CDN resource group from environment variable.

• .delete_blobs(path) ⇒ Object

  Delete all blobs in a storage path.

• .grant_keyvault_access(app_id, resource_group: "LouParslow", keyvault_name: "louparslow-dev-secrets") ⇒ Boolean

  Grant Key Vault access to a service principal.

• .list_key_vaults(resource_group) ⇒ Array<Hash>

  List Key Vaults in a resource group.

• .purge_cdn_cache(path) ⇒ Object

  Purge CDN cache for a specific path.

• .static_website_endpoint ⇒ String

  Get static website endpoint URL for the storage account.

• .storage_account ⇒ Object

  Get Azure Storage account from environment variable.

• .storage_account_key ⇒ Object

  Get Azure Storage account key from environment variable.

• .upload_blobs(source, destination) ⇒ Object

  Upload files to Azure Storage.

• .validate_storage_credentials! ⇒ Object

  Validate Azure Storage credentials are set.

Class Method Details

.authenticated? ⇒ Boolean

Check if Azure CLI is authenticated

Returns:

• (Boolean)

# File 'lib/makit/azure/cli.rb', line 11

def self.authenticated?
  return false unless available?
  system("az account show > /dev/null 2>&1")
end

.available? ⇒ Boolean

Check if Azure CLI is installed

Returns:

• (Boolean)

# File 'lib/makit/azure/cli.rb', line 6

def self.available?
  system("which az > /dev/null 2>&1")
end

.cdn_configured? ⇒ Boolean

Check if CDN variables are configured

Returns:

• (Boolean)

# File 'lib/makit/azure/cli.rb', line 98

def self.cdn_configured?
  !cdn_resource_group.nil? && !cdn_resource_group.empty? &&
    !cdn_profile_name.nil? && !cdn_profile_name.empty? &&
    !cdn_endpoint_name.nil? && !cdn_endpoint_name.empty?
end

.cdn_endpoint_name ⇒ Object

Get CDN endpoint name from environment variable

# File 'lib/makit/azure/cli.rb', line 93

def self.cdn_endpoint_name
  ENV["AZURE_CDN_ENDPOINT_NAME"]
end

.cdn_profile_name ⇒ Object

Get CDN profile name from environment variable

# File 'lib/makit/azure/cli.rb', line 88

def self.cdn_profile_name
  ENV["AZURE_CDN_PROFILE_NAME"]
end

.cdn_resource_group ⇒ Object

Get CDN resource group from environment variable

# File 'lib/makit/azure/cli.rb', line 83

def self.cdn_resource_group
  ENV["AZURE_CDN_RESOURCE_GROUP"]
end

.delete_blobs(path) ⇒ Object

Delete all blobs in a storage path

Parameters:

• path (String) —

  The storage path (e.g., ‘$web/apps/portal/v0.1.0’)

# File 'lib/makit/azure/cli.rb', line 38

def self.delete_blobs(path)
  validate_storage_credentials!
  puts "  Deleting existing files in #{path}/".colorize(:yellow)
  
  cmd = [
    "az storage blob delete-batch",
    "--source '#{path}'",
    "--account-name #{storage_account}",
    "--account-key '#{storage_account_key}'",
    "--pattern '*'",
    "2>/dev/null",
  ].join(" ")
  
  system(cmd)
  # Don't fail if path doesn't exist (first deployment)
  true
end

.grant_keyvault_access(app_id, resource_group: "LouParslow", keyvault_name: "louparslow-dev-secrets") ⇒ Boolean

Grant Key Vault access to a service principal

Parameters:

• app_id (String) —

  The service principal app ID (client ID)

• resource_group (String) (defaults to: "LouParslow") —

  The Azure resource group name (default: “LouParslow”)

• keyvault_name (String) (defaults to: "louparslow-dev-secrets") —

  The Key Vault name (default: “louparslow-dev-secrets”)

Returns:

• (Boolean) —

  true if successful, raises error on failure

# File 'lib/makit/azure/cli.rb', line 204

def self.grant_keyvault_access(app_id, resource_group: "LouParslow", keyvault_name: "louparslow-dev-secrets")
  unless available?
    raise "Azure CLI is not installed. Install it from: https://aka.ms/InstallAzureCLI"
  end
  
  unless authenticated?
    raise "Azure CLI is not authenticated. Run 'az login' first"
  end
  
  if app_id.nil? || app_id.empty?
    raise "Service principal app ID (appId) is required"
  end
  
  if resource_group.nil? || resource_group.empty?
    raise "Resource group name is required"
  end
  
  if keyvault_name.nil? || keyvault_name.empty?
    raise "Key Vault name is required"
  end
  
  puts "  Granting Key Vault access to service principal...".colorize(:cyan)
  puts "  App ID: #{app_id}".colorize(:white)
  puts "  Resource Group: #{resource_group}".colorize(:white)
  puts "  Key Vault: #{keyvault_name}".colorize(:white)
  
  # Get subscription ID
  puts "  Getting subscription ID...".colorize(:cyan)
  subscription_cmd = "az account show --query id -o tsv 2>/dev/null"
  subscription_id = `#{subscription_cmd}`.strip
  
  if subscription_id.nil? || subscription_id.empty?
    raise "Failed to get subscription ID. Ensure you're logged in with 'az login'"
  end
  
  puts "  Subscription ID: #{subscription_id}".colorize(:white)
  
  # Get service principal object ID
  puts "  Getting service principal object ID...".colorize(:cyan)
  sp_object_id_cmd = "az ad sp show --id '#{app_id}' --query id -o tsv 2>/dev/null"
  sp_object_id = `#{sp_object_id_cmd}`.strip
  
  if sp_object_id.nil? || sp_object_id.empty?
    raise "Failed to get service principal object ID for app ID: #{app_id}. Ensure the service principal exists."
  end
  
  puts "  Service Principal Object ID: #{sp_object_id}".colorize(:white)
  
  # Grant "Key Vault Secrets User" role
  scope = "/subscriptions/#{subscription_id}/resourceGroups/#{resource_group}/providers/Microsoft.KeyVault/vaults/#{keyvault_name}"
  puts "  Granting 'Key Vault Secrets User' role...".colorize(:cyan)
  puts "  Scope: #{scope}".colorize(:white)
  
  role_assignment_cmd = [
    "az role assignment create",
    "--assignee '#{sp_object_id}'",
    "--role 'Key Vault Secrets User'",
    "--scope '#{scope}'",
    "2>&1",
  ].join(" ")
  
  output = `#{role_assignment_cmd}`
  exit_code = $?.exitstatus
  
  if exit_code != 0
    # Check if role assignment already exists
    if output.include?("already exists") || output.include?("RoleAssignmentExists")
      puts "  Role assignment already exists (this is OK)".colorize(:yellow)
      return true
    else
      puts "  Error output: #{output}".colorize(:red)
      raise "Failed to grant Key Vault access: #{output}"
    end
  end
  
  puts "  Successfully granted Key Vault access".colorize(:green)
  true
end

.list_key_vaults(resource_group) ⇒ Array<Hash>

List Key Vaults in a resource group

Parameters:

• resource_group (String) —

  The Azure resource group name

Returns:

• (Array<Hash>) —

  Array of key vault information hashes, or empty array if none found

# File 'lib/makit/azure/cli.rb', line 157

def self.list_key_vaults(resource_group)
  unless available?
    raise "Azure CLI is not installed. Install it from: https://aka.ms/InstallAzureCLI"
  end
  
  unless authenticated?
    raise "Azure CLI is not authenticated. Run 'az login' first"
  end
  
  if resource_group.nil? || resource_group.empty?
    raise "Resource group name is required"
  end
  
  puts "  Listing Key Vaults in resource group: #{resource_group}".colorize(:cyan)
  
  # Query for key vaults in the resource group
  cmd = [
    "az keyvault list",
    "--resource-group '#{resource_group}'",
    "--query '[].{Name:name, Location:location, ResourceGroup:resourceGroup, VaultUri:properties.vaultUri}'",
    "--output json",
    "2>/dev/null",
  ].join(" ")
  
  output = `#{cmd}`.strip
  
  if output.nil? || output.empty?
    puts "  No Key Vaults found in resource group: #{resource_group}".colorize(:yellow)
    return []
  end
  
  begin
    require "json"
    key_vaults = JSON.parse(output)
    key_vaults
  rescue JSON::ParserError => e
    puts "  Error parsing Key Vault list: #{e.message}".colorize(:red)
    puts "  Raw output: #{output}".colorize(:yellow)
    []
  end
end

.purge_cdn_cache(path) ⇒ Object

Purge CDN cache for a specific path

Parameters:

• path (String) —

  The path to purge (e.g., ‘/apps/portal/v0.1.0/*’)

# File 'lib/makit/azure/cli.rb', line 106

def self.purge_cdn_cache(path)
  unless cdn_configured?
    puts "  CDN variables not configured, skipping cache purge".colorize(:yellow)
    return false
  end
  
  puts "  Purging Azure CDN cache for #{path}".colorize(:green)
  
  cmd = [
    "az cdn endpoint purge",
    "--resource-group '#{cdn_resource_group}'",
    "--profile-name '#{cdn_profile_name}'",
    "--name '#{cdn_endpoint_name}'",
    "--content-paths '#{path}'",
  ].join(" ")
  
  success = system(cmd)
  unless success
    puts "  Warning: CDN purge failed or CDN not configured".colorize(:yellow)
  end
  success
end

.static_website_endpoint ⇒ String

Get static website endpoint URL for the storage account

Returns:

• (String) —

  The static website endpoint URL (e.g., ‘louparslow.z22.web.core.windows.net’)

# File 'lib/makit/azure/cli.rb', line 131

def self.static_website_endpoint
  validate_storage_credentials!
  
  unless available?
    # Fallback if Azure CLI not available
    return "https://#{storage_account}.z22.web.core.windows.net"
  end
  
  # Try to get the static website endpoint from Azure
  cmd = "az storage account show --name #{storage_account} --query 'primaryEndpoints.web' --output tsv 2>/dev/null"
  endpoint = `#{cmd}`.strip
  
  if endpoint.nil? || endpoint.empty?
    # Fallback: construct URL from storage account name
    # This assumes the standard format, but may not work for all storage accounts
    endpoint = "https://#{storage_account}.z22.web.core.windows.net"
    puts "  Warning: Could not retrieve static website endpoint, using default format".colorize(:yellow)
  end
  
  # Remove trailing slash if present
  endpoint.chomp("/")
end

.storage_account ⇒ Object

Get Azure Storage account from environment variable

# File 'lib/makit/azure/cli.rb', line 17

def self.storage_account
  ENV["AZURE_STORAGE_ACCOUNT"]
end

.storage_account_key ⇒ Object

Get Azure Storage account key from environment variable

# File 'lib/makit/azure/cli.rb', line 22

def self.storage_account_key
  ENV["AZURE_STORAGE_ACCOUNT_KEY"]
end

.upload_blobs(source, destination) ⇒ Object

Upload files to Azure Storage

Parameters:

• source (String) —

  Local directory to upload from

• destination (String) —

  Storage path destination (e.g., ‘$web/apps/portal/v0.1.0’)

# File 'lib/makit/azure/cli.rb', line 59

def self.upload_blobs(source, destination)
  validate_storage_credentials!
  puts "  Uploading files from #{source} to #{destination}/".colorize(:green)
  
  unless Dir.exist?(source)
    raise "Source directory does not exist: #{source}"
  end
  
  cmd = [
    "az storage blob upload-batch",
    "--destination '#{destination}'",
    "--source #{source}",
    "--account-name #{storage_account}",
    "--account-key '#{storage_account_key}'",
    "--overwrite",
  ].join(" ")
  
  unless system(cmd)
    raise "Failed to upload blobs to Azure Storage"
  end
  true
end

.validate_storage_credentials! ⇒ Object

Validate Azure Storage credentials are set

# File 'lib/makit/azure/cli.rb', line 27

def self.validate_storage_credentials!
  if storage_account.nil? || storage_account.empty?
    raise "AZURE_STORAGE_ACCOUNT environment variable is not set"
  end
  if storage_account_key.nil? || storage_account_key.empty?
    raise "AZURE_STORAGE_ACCOUNT_KEY environment variable is not set"
  end
end