Improve validation and remove set sub id

jaredfholgate · jaredfholgate · commit f325088ccfba · 2025-01-23T11:04:22.000Z
diff --git a/src/ALZ/Private/Deploy-Accelerator-Helpers/Invoke-Terraform.ps1 b/src/ALZ/Private/Deploy-Accelerator-Helpers/Invoke-Terraform.ps1
@@ -25,6 +25,7 @@ function Invoke-Terraform {
 
     if ($PSCmdlet.ShouldProcess("Apply Terraform", "modify")) {
         # Check and Set Subscription ID
+        $removeSubscriptionId = $false
         if($null -eq $env:ARM_SUBSCRIPTION_ID -or $env:ARM_SUBSCRIPTION_ID -eq "") {
             Write-Verbose "Setting environment variable ARM_SUBSCRIPTION_ID"
             $subscriptionId = $(az account show --query id -o tsv)
@@ -33,6 +34,7 @@ function Invoke-Terraform {
                 return
             }
             $env:ARM_SUBSCRIPTION_ID = $subscriptionId
+            $removeSubscriptionId = $true
             Write-Verbose "Environment variable ARM_SUBSCRIPTION_ID set to $subscriptionId"
         }
 
@@ -144,6 +146,11 @@ function Invoke-Terraform {
             $exitCode = $LASTEXITCODE
         }
 
+        if($removeSubscriptionId) {
+            Write-Verbose "Removing environment variable ARM_SUBSCRIPTION_ID that was set prior to this run"
+            Remove-Item $env:ARM_SUBSCRIPTION_ID = $null
+        }
+
         # Stop and display timer
         $StopWatch.Stop()
         if(!$silent) {
diff --git a/src/ALZ/Private/Tools/Test-Tooling.ps1 b/src/ALZ/Private/Tools/Test-Tooling.ps1
@@ -42,24 +42,74 @@ function Test-Tooling {
     }
 
     # Check if using Service Principal Auth
+    Write-Verbose "Checking Azure environment variables"
     $nonAzCliEnvVars = @(
         "ARM_CLIENT_ID",
         "ARM_SUBSCRIPTION_ID",
         "ARM_TENANT_ID"
     )
 
     $envVarsSet = $true
+    $envVarValid = $true
+    $envVarUnique = $true
+    $envVarAtLeastOneSet = $false
+    $envVarsWithValue = @()
+    $checkedEnvVars = @()
     foreach($envVar in $nonAzCliEnvVars) {
         $envVarValue = [System.Environment]::GetEnvironmentVariable($envVar)
-        if($envVarValue -eq $null -or $envVarValue -eq "") {
+        if($envVarValue -eq $null -or $envVarValue -eq "" ) {
             $envVarsSet = $false
             break
         }
+        $envVarAtLeastOneSet = $true
+        $envVarsWithValue += $envVar
+        if($envVarValue -notmatch("^(\{){0,1}[0-9a-fA-F]{8}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{12}(\}){0,1}$")) {
+            $envVarValid = $false
+            break
+        }
+        if($checkedEnvVars -contains $envVarValue) {
+            $envVarUnique = $false
+            break
+        }
+        $checkedEnvVars += $envVarValue
     }
 
     if($envVarsSet) {
-        Write-InformationColored "Using Service Principal Authentication, skipping Azure CLI checks" -ForegroundColor Yellow -NewLineBefore -InformationAction Continue
+        Write-Verbose "Using Service Principal Authentication, skipping Azure CLI checks"
+        if($envVarValid -and $envVarUnique) {
+            $checkResults += @{
+                message = "Azure environment variables are set and are valid unique GUIDs."
+                result  = "Success"
+            }
+        }
+
+        if(-not $envVarValid) {
+            $checkResults += @{
+                message = "Azure environment variables are set, but are not valid GUIDs."
+                result  = "Failure"
+            }
+        }
+
+        if (-not $envVarUnique) {
+            $envVarValidationOutput = ""
+            foreach($envVar in $nonAzCliEnvVars) {
+                $envVarValue = [System.Environment]::GetEnvironmentVariable($envVar)
+                $envVarValidationOutput += " $envVar ($envVarValue)"
+            }
+            $checkResults += @{
+                message = "Azure environment variables are set, but are not unique GUIDs. There is at least one duplicate:$envVarValidationOutput."
+                result  = "Failure"
+            }
+        }
+        $hasFailure = $true
     } else {
+        if($envVarAtLeastOneSet) {
+            $checkResults += @{
+                message = "At least one environment variables is set, but the other expected environment variables are not set. This could cause Terraform to fail in unexpected ways. Set environment variables: $($envVarsWithValue -join " ")."
+                result  = "Warning"
+            }
+        }
+
         # Check if Azure CLI is installed
         Write-Verbose "Checking Azure CLI installation"
         $azCliPath = Get-Command az -ErrorAction SilentlyContinue
