Skip to content

Commit

Permalink
implementation of MISE middleware
Browse files Browse the repository at this point in the history
  • Loading branch information
@hawkowl @SrinivasAtmakuri
hawkowl authored and SrinivasAtmakuri committed Jul 18, 2024
1 parent ce31826 commit 51130b5
Show file tree
Hide file tree
Showing 17 changed files with 903 additions and 24 deletions.
18 changes: 18 additions & 0 deletions pkg/deploy/assets/rp-production-parameters.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,9 @@
"fpServicePrincipalId": {
"value": ""
},
"fpTenantId": {
"value": ""
},
"gatewayDomains": {
"value": ""
},
Expand All @@ -99,6 +102,21 @@
"mdsdEnvironment": {
"value": ""
},
"miseAddress": {
"value": "http://localhost:5000"
},
"miseAllowedHosts": {
"value": "*"
},
"miseLogLevel": {
"value": "Information"
},
"miseValidAppIDs": {
"value": ""
},
"miseValidAudiences": {
"value": ""
},
"nonZonalRegions": {
"value": [
"eastasia",
Expand Down
23 changes: 22 additions & 1 deletion pkg/deploy/assets/rp-production.json
View file

Large diffs are not rendered by default.

6 changes: 6 additions & 0 deletions pkg/deploy/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,7 @@ type Configuration struct {
ExtraServiceKeyvaultAccessPolicies []interface{} `json:"extraServiceKeyvaultAccessPolicies,omitempty" value:"required"`
FluentbitImage *string `json:"fluentbitImage,omitempty" value:"required"`
FPClientID *string `json:"fpClientId,omitempty" value:"required"`
FPTENANTID *string `json:"fpTenantId,omitempty" value:"required"`
FPServerCertCommonName *string `json:"fpServerCertCommonName,omitempty"`
FPServicePrincipalID *string `json:"fpServicePrincipalId,omitempty" value:"required"`
GatewayDomains []string `json:"gatewayDomains,omitempty"`
Expand All @@ -78,6 +79,11 @@ type Configuration struct {
KeyvaultPrefix *string `json:"keyvaultPrefix,omitempty" value:"required"`
MDMFrontendURL *string `json:"mdmFrontendUrl,omitempty" value:"required"`
MDSDEnvironment *string `json:"mdsdEnvironment,omitempty" value:"required"`
MISELOGLEVEL *string `json:"miseLogLevel,omitempty"`
MISEADDRESS *string `json:"miseAddress,omitempty"`
MISEALLOWEDHOSTS *string `json:"miseAllowedHosts,omitempty"`
MISEVALIDAUDIENCES []string `json:"miseValidAudiences,omitempty"`
MISEVALIDAPPIDs []string `json:"miseValidAppIDs,omitempty"`
NonZonalRegions []string `json:"nonZonalRegions,omitempty"`
PortalAccessGroupIDs []string `json:"portalAccessGroupIds,omitempty" value:"required"`
PortalClientID *string `json:"portalClientId,omitempty" value:"required"`
Expand Down
13 changes: 13 additions & 0 deletions pkg/deploy/devconfig.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -146,6 +146,7 @@ func DevConfig(_env env.Core) (*Config, error) {
},
FluentbitImage: to.StringPtr(version.FluentbitImage(os.Getenv("USER") + "aro." + _env.Environment().ContainerRegistryDNSSuffix)),
FPClientID: to.StringPtr(os.Getenv("AZURE_FP_CLIENT_ID")),
FPTENANTID: to.StringPtr(os.Getenv("AZURE_TENANT_ID")),
FPServicePrincipalID: to.StringPtr(os.Getenv("AZURE_FP_SERVICE_PRINCIPAL_ID")),
GatewayDomains: []string{
"eastus-shared.ppe.warm.ingest.monitor.core.windows.net",
Expand All @@ -167,6 +168,17 @@ func DevConfig(_env env.Core) (*Config, error) {
GlobalSubscriptionID: to.StringPtr(_env.SubscriptionID()),
MDMFrontendURL: to.StringPtr("https://global.ppe.microsoftmetrics.com/"),
MDSDEnvironment: to.StringPtr(version.DevGenevaLoggingEnvironment),
MISELOGLEVEL: to.StringPtr("Information"),
MISEADDRESS: to.StringPtr("http://localhost:5000"),
MISEALLOWEDHOSTS: to.StringPtr("*"),
MISEVALIDAUDIENCES: []string{
"https://management.core.windows.net/",
_env.Environment().ResourceManagerEndpoint,
},
MISEVALIDAPPIDs: []string{
"2187cde1-7e28-4645-9104-19edfa500053",
"2187cde1-7e28-4645-9104-19edfa500052",
},
PortalAccessGroupIDs: []string{
os.Getenv("AZURE_PORTAL_ACCESS_GROUP_IDS"),
},
Expand All @@ -183,6 +195,7 @@ func DevConfig(_env env.Core) (*Config, error) {
"DisableReadinessDelay",
"EnableOCMEndpoints",
"RequireOIDCStorageWebEndpoint",
"EnableMISE",
},
// TODO update this to support FF
RPImagePrefix: to.StringPtr(os.Getenv("USER") + "aro.azurecr.io/aro"),
Expand Down
24 changes: 24 additions & 0 deletions pkg/deploy/generator/resources_rp.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -376,6 +376,7 @@ func (g *generator) rpVMSS() *arm.Resource {
"databaseAccountName",
"fluentbitImage",
"fpClientId",
"fpTenantId",
"fpServicePrincipalId",
"gatewayDomains",
"gatewayResourceGroupName",
Expand All @@ -384,6 +385,9 @@ func (g *generator) rpVMSS() *arm.Resource {
"keyvaultPrefix",
"mdmFrontendUrl",
"mdsdEnvironment",
"miseLogLevel",
"miseAddress",
"miseAllowedHosts",
"portalAccessGroupIds",
"portalClientId",
"portalElevatedGroupIds",
Expand All @@ -409,6 +413,18 @@ func (g *generator) rpVMSS() *arm.Resource {
)
}

// convert array variables to string using ARM string() function to be passed via customScript later
for _, variable := range []string{
"miseValidAudiences",
"miseValidAppIDs",
} {
parts = append(parts,
fmt.Sprintf("'%s=$(base64 -d <<<'''", strings.ToUpper(variable)),
fmt.Sprintf("base64(string(parameters('%s')))", variable),
"''')\n'",
)
}

for _, variable := range []string{
"adminApiCaBundle",
"armApiCaBundle",
Expand All @@ -424,6 +440,14 @@ func (g *generator) rpVMSS() *arm.Resource {
"'MDMIMAGE=''"+version.MdmImage("")+"''\n'",
)

parts = append(parts,
"'OTELIMAGE=''"+version.OTelImage("")+"''\n'",
)

parts = append(parts,
"'MISEIMAGE=''"+version.MiseImage("")+"''\n'",
)

parts = append(parts,
"'LOCATION=$(base64 -d <<<'''",
"base64(resourceGroup().location)",
Expand Down
Loading

0 comments on commit 51130b5

Please sign in to comment.