Implement error handling into shell scripts (#72)

* - Added error handling to configure_asc script - Suppressed "create" output in configure_asc script * - Added error handling to config_create script - Remove commented lines from configure_asc script * - Added error handling to config_validate script * - Added error handling to get_sp_identity script - Corrected SP lookup * - Added error handling to mlz_config_create script * - Updated echo lines
Azure · Mar 15, 2021 · 9f49c48 · 9f49c48
1 parent a9fe463
commit 9f49c48
Show file tree

Hide file tree

Showing 5 changed files with 84 additions and 27 deletions.
diff --git a/scripts/config/config_create.sh b/scripts/config/config_create.sh
@@ -40,18 +40,27 @@ tf_name=$(basename "${tf_dir}")
 
 # create TF Resource Group and Storage Account for Terraform State files
 echo "Validating Resource Group for Terraform state..."
-if [[ -z $(az group show --name "${tf_rg_name}" --subscription "${tf_sub_id}" --query name --output tsv) ]];then
+rg_exists="az group show \
+    --name ${tf_rg_name} \
+    --subscription ${tf_sub_id}"
+
+if ! $rg_exists &> /dev/null; then
     echo "Resource Group does not exist...creating resource group ${tf_rg_name}"
     az group create \
         --subscription "${tf_sub_id}" \
         --location "${mlz_config_location}" \
-        --name "${tf_rg_name}"
+        --name "${tf_rg_name}" \
+        --output none
 else
     echo "Resource Group already exists...getting resource group"
 fi
 
 echo "Validating Storage Account for Terraform state..."
-if [[ -z $(az storage account show --name "${tf_sa_name}" --subscription "${tf_sub_id}" --query name --output tsv) ]];then
+sa_exists="az storage account show \
+    --name ${tf_sa_name} \
+    --subscription ${tf_sub_id}"
+
+if ! $sa_exists &> /dev/null; then
     echo "Storage Account does not exist...creating storage account ${tf_sa_name}"
     az storage account create \
         --name "${tf_sa_name}" \

diff --git a/scripts/config/config_validate.sh b/scripts/config/config_validate.sh
@@ -33,18 +33,26 @@ config_vars="${tf_dir}/config.vars"
 if [[ -s "${config_vars}" ]]; then
    source "${tf_dir}/config.vars"
 else
-   echo The variable file "${config_vars}" is either empty or does not exist. Please verify file and re-run script
+   echo "The variable file ${config_vars} is either empty or does not exist. Please verify file and re-run script"
    exit 1
 fi
 
 # Validate Terraform Backend resource group
-if [[ -z $(az group exists --name "${tf_be_rg_name}" --subscription "${sub_id}") ]]; then
-   echo Config Resource Group "${tf_be_rg_name}" does not exist...validate config.vars file and re-run script
+rg_exists="az group show \
+    --name ${tf_be_rg_name} \
+    --subscription ${sub_id}"
+
+if ! $rg_exists &> /dev/null; then
+   echo "Config Resource Group ${tf_be_rg_name} does not exist...validate config.vars file and re-run script"
    exit 1
 fi
 
 # Validate config key vault
-if [[ -z $(az keyvault show --name "${mlz_cfg_kv_name}" --subscription "${mlz_cfg_sub_id}") ]]; then
-   echo Config Key Vault "${mlz_cfg_kv_name}" does not exist...validate config.vars file and re-run script
+kv_exists="az keyvault show \
+    --name ${mlz_cfg_kv_name} \
+    --subscription ${mlz_cfg_sub_id}"
+
+if ! $kv_exists &> /dev/null; then
+   echo "Config Key Vault ${mlz_cfg_kv_name} does not exist...validate config.vars file and re-run script"
    exit 1
 fi
diff --git a/scripts/config/get_sp_identity.sh b/scripts/config/get_sp_identity.sh
@@ -35,8 +35,13 @@ config_vars=$1
 # Source configuration file
 . "${config_vars}"
 
-if [[ -z $(az keyvault secret show --name "${sp_client_id_secret_name}" --vault-name "${mlz_cfg_kv_name}" --subscription "${mlz_cfg_sub_id}") ]]; then
-   echo The Key Vault secret "${sp_client_id_secret_name}" does not exist...validate config.vars file and re-run script
+kv_id_exists="az keyvault secret show \
+    --name ${sp_client_id_secret_name} \
+    --vault-name ${mlz_cfg_kv_name} \
+    --subscription ${mlz_cfg_sub_id}"
+
+if ! $kv_id_exists &> /dev/null; then
+   echo "The Key Vault secret ${sp_client_id_secret_name} does not exist...validate config.vars file and re-run script"
    exit 1
 else
    client_id=$(az keyvault secret show \
@@ -49,8 +54,13 @@ else
 fi
 
 # Query Key Vault for Service Principal Password
-if [[ -z $(az keyvault secret show --name "${sp_client_pwd_secret_name}" --vault-name "${mlz_cfg_kv_name}" --subscription "${mlz_cfg_sub_id}") ]]; then
-   echo The Key Vault secret "${sp_client_pwd_secret_name}" does not exist...validate config.vars file and re-run script
+kv_pwd_exists="az keyvault secret show \
+    --name ${sp_client_pwd_secret_name} \
+    --vault-name ${mlz_cfg_kv_name} \
+    --subscription ${mlz_cfg_sub_id}"
+
+if ! $kv_pwd_exists &> /dev/null; then
+   echo "The Key Vault secret ${sp_client_pwd_secret_name} does not exist...validate config.vars file and re-run script"
    exit 1
 else
    client_secret=$(az keyvault secret show \
@@ -63,8 +73,10 @@ else
 fi
 
 # Validate Service Principal exists
-echo Verifying Service Principal with Client ID: "${client_id}"
-if [[ -z $(az ad sp list --filter "appId eq '${client_id}'") ]]; then
-    echo Service Principal with Client ID "${client_id}" could not be found...validate config.vars file and re-run script
-    exit 1
+sp_exists="az ad sp show \
+   --id ${client_id}"
+
+if ! $sp_exists &> /dev/null; then
+   echo "Service Principal with Client ID ${client_id} could not be found...validate config.vars file and re-run script"
+   exit 1
 fi
diff --git a/scripts/config/mlz_config_create.sh b/scripts/config/mlz_config_create.sh
@@ -61,18 +61,27 @@ sp_objid=$(az ad sp show \
     --output tsv)
 
 # Validate or create Terraform Config resource group
-if [[ -z $(az group show --name "${mlz_rg_name}" --subscription "${mlz_config_subid}" --query name --output tsv) ]];then
+rg_exists="az group show \
+    --name ${mlz_rg_name} \
+    --subscription ${mlz_config_subid}"
+
+if ! $rg_exists &> /dev/null; then
     echo "Resource Group does not exist...creating resource group ${mlz_rg_name}"
     az group create \
         --subscription "${mlz_config_subid}" \
         --location "${mlz_config_location}" \
-        --name "${mlz_rg_name}"
+        --name "${mlz_rg_name}" \
+        --output none
 else
     echo "Resource Group already exists...getting resource group"
 fi
 
 # Create Key Vault
-if [[ -z $(az keyvault show --name "${mlz_kv_name}" --subscription "${mlz_config_subid}" --query name --output tsv) ]];then
+kv_exists="az keyvault show \
+    --name ${mlz_kv_name} \
+    --subscription ${mlz_config_subid}"
+
+if ! $kv_exists &> /dev/null; then
     echo "Key Vault ${mlz_kv_name} does not exist...creating Key Vault"
     az keyvault create \
         --name "${mlz_kv_name}" \

diff --git a/scripts/security-center/configure_asc.sh b/scripts/security-center/configure_asc.sh
@@ -53,19 +53,29 @@ do
     . "${BASH_SOURCE%/*}"/generate_names.sh "${mlz_env_name}" "${sub}"
 
         # Create Resource Group for Log Analytics workspace
-        if [[ -z $(az group show --name "${mlz_lawsrg_name}" --subscription "${sub}" --query name --output tsv) ]]; then
+        rg_exists="az group show \
+            --name ${mlz_lawsrg_name} \
+            --subscription ${sub}"
+
+        if ! $rg_exists &> /dev/null; then
             echo "Resource Group does not exist...creating resource group ${mlz_lawsrg_name}"
             az group create \
                 --subscription "${sub}" \
                 --location "${mlz_config_location}" \
-                --name "${mlz_lawsrg_name}"
+                --name "${mlz_lawsrg_name}" \
+                --output none
         else
             echo "Resource Group ${mlz_lawsrg_name} already exists. Verify desired ASC configuration and re-run script"
             exit 1
         fi
 
         # Create Log Analytics workspace
-        if [[ -z $(az monitor log-analytics workspace show --resource-group "${mlz_lawsrg_name}" --workspace-name "${mlz_laws_name}" --subscription "${sub}") ]]; then
+        laws_exists="az monitor log-analytics workspace show \
+            --resource-group ${mlz_lawsrg_name} \
+            --workspace-name ${mlz_laws_name}
+            --subscription ${sub}"
+
+        if ! $laws_exists &> /dev/null; then
             echo "Log Analytics workspace does not exist...creating workspace ${mlz_laws_name}"
             lawsId=$(az monitor log-analytics workspace create \
             --resource-group "${mlz_lawsrg_name}" \
@@ -85,7 +95,8 @@ do
             az security pricing create \
             --name VirtualMachines \
             --subscription "${sub}" \
-            --tier "Standard"
+            --tier "Standard" \
+            --output none
         fi
 
         # Set ASC pricing tier on Storage Accounts
@@ -94,11 +105,17 @@ do
             az security pricing create \
             --name StorageAccounts \
             --subscription "${sub}" \
-            --tier "Standard"
+            --tier "Standard" \
+            --output none
         fi
 
         # Create default setting for ASC Log Analytics workspace
-        if [[ -z $(az security workspace-setting show --name default --subscription "${sub}" --only-show-errors) ]];then
+        ascwss_exists="az security workspace-setting show \
+            --name default \
+            --subscription ${sub} \
+            --only-show-errors"
+
+        if ! $ascwss_exists &> /dev/null; then
 
             sleep_time_in_seconds=30
             max_wait_in_minutes=30
@@ -114,7 +131,8 @@ do
             az security workspace-setting create \
                 --name "default" \
                 --target-workspace "${lawsId}" \
-                --subscription "${sub}"
+                --subscription "${sub}" \
+                --output none
 
             count=1
 
@@ -145,7 +163,8 @@ do
             --auto-provision "On" \
             --subscription  "${sub}" \
             --name "default" \
-            --only-show-errors
+            --only-show-errors \
+            --output none
     else
         echo "ASC auto-provisioning is already set to \"On\". Verify desired ASC configuration and re-run script"
         exit 1