This repository holds the source code for the Office for the Internal Market Azure Function. The main components are:
- Azure Function App C# source code
Before cloning this repository the following prerequisites must be installed on the development PC:
- Visual Studio 2019
In order to debug or run the Function App locally you will need to:
- have access to a SharePoint library formatted for the submissions data
- App registration to access SharePoint see Deployment Prerequistes below
- The certificate generated by the above process must be installed on the development PC
- create a local.settings.json file in the root source folder. This needs to be configured with all the environment variables required by the Function App see Create Azure Function App below
- PREREQUISITE 1: Create Certificate
- PREREQUISITE 2: Create Azure App Registration and configure App permissions
- PREREQUISITE 3: Create Azure Function App
Each prerequisite is described in more detail below.
NB: this description uses a PowerShell script to create a certificate, over methods can also be utilised.
-
Create a PowerShell Script (E.g. CreateAzureCertificate.ps1) with the following contents:
$certCommonName = "SPAccess" $certValidYears = 2 $certOutputPath = "C:\Temp" # Install PnP PowerShell module if not already installed if (!(Get-Module SharePointPnPPowerShellOnline -ListAvailable)) { Write-Host "Installing SharePoint PnP PowerShell Module" Install-Module SharePointPnPPowerShellOnline -Scope CurrentUser } # Generate Certificate paths $certCerPath = Join-Path -Path $certOutputPath -ChildPath "$certCommonName.cer" $certPfxPath = Join-Path -Path $certOutputPath -ChildPath "$certCommonName.pfx" $certCsvPath = Join-Path -Path $certOutputPath -ChildPath "$certCommonName.csv" # Request certificate password from users $certPassword = Read-Host -Prompt "Enter a password for the generated PFX file" -AsSecureString # Generate Certificate Write-Host "Generating Certificate CER and PFX files" $cert = New-PnPAzureCertificate -CommonName $certCommonName ` -ValidYears $certValidYears ` -OutCert $certCerPath ` -OutPfx $certPfxPath ` -CertificatePassword $certPassword Write-Host "Generating Certificate CSV file" $cert | Export-Csv -Path $certCsvPath -NoTypeInformation
If required, edit the $certCommonName, $certValidYears and $certOutputPath variables to suit.
-
Execute the PowerShell Script. During execution, the PowerShell script will:
- Install the 'SharePoint PnP PowerShell Online' online module. This requires an active internet connection. If an active internet connection is not available; the module will need to be installed manually prior to executing the script; the MSI Installer (SharePointPnPPowerShellOnline.msi) can be downloaded from https://github.com/pnp/powershell/releases
- Prompt the user for a password for the generated PFX file.
- Create a certificate and save it as a .cer and password protected .pfx file
- Save the certificate as text (.csv)
-
Securely store the password and files
-
Logon to the Azure Portal with an administrative account
-
Navigate to 'Azure Active Directory'
-
Click 'App registrations'
-
Click 'New registration'
-
Give the registration a name and choose 'Accounts in this organizational directory only', then click 'Register':
-
Click 'Certificates & secrets'
-
Click 'Upload certificate' and select the .cer certificate file created in PREREQUISITE 1 of this guide. Click 'Add'. Once complete, the certificate should be displayed in the dialog
-
Click 'API permissions'
-
Using the 'Add a permission' button; add the following 5 permissions:
- SharePoint ⇒ Application permissions ⇒ Sites ⇒ Sites.ReadWrite.All
-
Click 'Grant admin consent for [tenant name]', and click 'Yes' to grant consent
-
Logon to the Azure Portal with an administrative account
-
From the dashboard select 'Create a resource'
-
Search and select 'Function App'
-
Click 'Create'
-
On Basics:
- Select the subscription and Resource Group (or create a new one)
- Provide a unique Function App name
- Select .Net 'Runtime stack', version 3
- Select a suitable Region
-
Click Next : Hosting
- Select or create new storage account
- Operating System: Windows
- Plan type: Consumption (serverless)
-
Click Next : Networking (preview)
-
Click Next : Monitoring
- Enable Application Insights, if required
-
Click Next : Tags
- Add any tags required
-
Click Next : Review + create; Review settings and create the Function App
-
Once created, go to the new resource
-
Select Settings ⇒ TLS/SSL settings
-
Under Bindings set 'HTTP Only' on 'On'
-
Under Private Key Certificates (.pfx) upload the certificate file created above
-
Select Settings ⇒ Configuration. Under Application settings add the following settings
Name Value CASE_USERS_LIST SAU cases initial case team, CASEWORK_HUBSITE SharePoint Casework hub CASEWORK_LINK_CRON Case work linkage CRON settings CASEWORK_REQUESTS_LIST SharePoint Casework Requests list name CERT_THUMBPRINT Thumbprint of certificate loaded into Function App CLIENT_ID Guid of App Registration created above OIM_SITE_COLLECTION Url of the SharePoint site collection containing list PAP_URL SAU PAP url NEW_REQUEST_SUBJECT New request submitted email subject RFI_RESPONSE_SUBJECT RFI Response submitted email subject RFI_RESPONSES_LIST SAU cases RFI Responses list ROLE_MAPPINGS Thumbprint of certificate loaded into Function App SAU_CASES_SITE SharePoint SAU cases site SAU_PROJECT_TYPE_ID SAU Casework Project type ID STORAGE_CONN SAU PAP attachments connection STORAGE_CONTAINER SAU PAP container SUBMISSIONS_LIST SAU cases submission list TEAM_ASSIGNED_CRON Team assigned CRON settings TEAM_ASSIGNED_DAYS Team assigned days TENANT_ID SharePoint tenant id WEBSITE_LOAD_CERTIFICATES Thumbprint of certificate loaded into Function App WITHDRAW_REQUEST_SUBJECT Withdraw request email subject
Publish code to Functional App
- View the destination Function App in Azure
- From the Overview click ‘Get publish profile’ to download the publish profile
- Open the development solution in Visual Studio
- Select Build ⇒ Publish [Solution name]
- Select ‘New’ (NB: this step may not occur if there are no existing profiles)
- Select ‘Import Profile’
- Browse to the downloaded publish profile file and import
- Remove any Service Dependencies
- Click ‘Publish’
- Check Output to ensure Publish was successful