Integration testing sandbox environment provisioning tool for Microsoft Azure
Integration testing sandbox provisioning tool for Microsoft Azure
What does Sherlock provide for me?
Sherlock will create one or more resource groups in a subscription, and create a corresponding service principal that has rights only in that/those resource group(s). There is also a cleanup process that will routinely run to delete resource groups and service principals from past integration test runs. In essence, this is a turn-key solution that requires no administration overhead for an integration testing environment.
What is Sherlock built with?
This tool is an Azure Function app, with two functions: the first one is a web API that listens for requests to create a sandbox environment (and respond with the necessary connection information). The second Function is a cleanup process that is the cron job to remove sandbox environments in the subscription when they expire.
To quickly and easily standup Sherlock in your Azure Subscription, I highly recommend you use the Azure CLI. The following steps assume that you have the Azure CLI installed and logged in for your subscription.
$ az group create -n sherlock-rg -l eastus
$ az storage account create -g sherlock-rg -n sherlockstor -l eastus --sku Standard_LRS
$ az functionapp create -g sherlock-rg -n sherlockinttest -s sherlockstor -u https://github.com/tstringer/sherlock.git --consumption-plan-location eastus
(you will need to create a unique name for your Function App)$ az functionapp config appsettings set -g sherlock-rg -n sherlockinttest --settings AZURE_CLIENT_ID=<service_principal_app_id>
(this is going to be the service principal application ID that you have to prestage in your Azure AD tenant)$ az functionapp config appsettings set -g sherlock-rg -n sherlockinttest --settings AZURE_CLIENT_SECRET=<service_principal_key>
$ az functionapp config appsettings set -g sherlock-rg -n sherlockinttest --settings AZURE_SUBSCRIPTION_ID=<subscription_id>
$ az functionapp config appsettings set -g sherlock-rg -n sherlockinttest --settings AZURE_TENANT_ID=<tenant_id>
$ az functionapp config appsettings set -g sherlock-rg -n sherlockinttest --settings RES_PREFIX=sherlock
(this will be the prefix that is used to name provisioned resource groups and service principals)Sherlock utilizes queueing for pooling identities. This queue is provided by Azure Storage, and therefore you need to setup the account prior to using Sherlock.
💡 Note, you don't have to prestage the queue. The identity-manager
Function will create it if it doesn't already exist
Starting in v0.4.0, Sherlock now uses persistent storage for metadata, moving away from resource group tags. The storage is a PostgreSQL database. Set the following Azure Function app setting environment variables to their appropriate value:
PG_HOST
: the postgres hostnamePG_DATABASE
: the database namePG_USER
: the role to connect to postgresPG_PASSWORD
: the role's passwordWith the inception of the metadata service (meta-manager
Azure Function), you need to set the following Azure Function app setting environment variables:
META_URL
: the URL to the meta-manager
Azure Function (can be retrieved from the portal)META_KEY
: the Azure Function auth key for the meta-manager
FunctionOnce you have Sherlock setup and configured (see above), you only need to make a POST request to Sherlock. The request will look like: https://<function_app_name>.azurewebsites.net/api/sandbox-provisioning?code=<key>
, where function_app_name
is the name of the Azure Function App you used when you created it above (in my case, I used sherlockinttest
but you would have a different name).
The key
is either the existing Function key that was created with the Azure Function was created, or a newly generated key (it is recommended to create a new key for each user and integration testing framework so that it is a more secure implementation, allowing you to revoke a key without affecting more users/clients). To create a new key you will have to use the Azure Portal. Navigate to the portal, and go to your Azure Function. Click on the Manage section for the sandbox-provisioning
Function. Here you can view existing keys as well as create new keys.
Request parameters (all optional)
RES_PREFIX
or the default 'sherlock') with a request-level prefixExamples
$ curl "https://<function_app_name>.azurewebsites.net/api/sandbox-provisioning?code=<key>"
$ curl "https://<function_app_name>.azurewebsites.net/api/sandbox-provisioning?code=<key>®ion=westus&duration=120&rgcount=2"
Response
Sherlock, if successfully run, will respond with the following: