Merge pull request #154 from v-fearam/feat/managed-identity-initial

Managed identity
mspnp · Oct 29, 2024 · 1c4f022 · 1c4f022
2 parents e793b93 + 03168a1
commit 1c4f022
Show file tree

Hide file tree

Showing 22 changed files with 1,053 additions and 532 deletions.
diff --git a/.github/workflows/deploy-clientapp.yaml b/.github/workflows/deploy-clientapp.yaml
@@ -116,11 +116,11 @@ jobs:
         with:
           inlineScript: |
             Folder=$(echo ${{ steps.gitversion.outputs.fullSemVer }} | sed  's/+//g')
-            az storage blob upload-batch -s "./src/ClientApp/public" --destination "\$web\\$Folder" --account-name ${{ github.event.inputs.azureStorageAccountName }} --content-encoding br --pattern "*.html" --content-type "text/html" 
-            az storage blob upload-batch -s "./src/ClientApp/public" --destination "\$web\\$Folder" --account-name ${{ github.event.inputs.azureStorageAccountName }} --content-encoding br --pattern "*.js" --content-type "application/javascript"
-            az storage blob upload-batch -s "./src/ClientApp/public" --destination "\$web\\$Folder" --account-name ${{ github.event.inputs.azureStorageAccountName }} --content-encoding br --pattern "*.js.map" --content-type "application/octet-stream"
-            az storage blob upload-batch -s "./src/ClientApp/public" --destination "\$web\\$Folder" --account-name ${{ github.event.inputs.azureStorageAccountName }} --content-encoding br --pattern "*.json" --content-type "application/json"
-            az storage blob upload-batch -s "./src/ClientApp/public" --destination "\$web\\$Folder" --account-name ${{ github.event.inputs.azureStorageAccountName }} --pattern "*.txt" --content-type "text/plain"
+            az storage blob upload-batch -s "./src/ClientApp/public" --destination "\$web\\$Folder" --account-name ${{ github.event.inputs.azureStorageAccountName }} --content-encoding br --pattern "*.html" --content-type "text/html" --auth-mode login
+            az storage blob upload-batch -s "./src/ClientApp/public" --destination "\$web\\$Folder" --account-name ${{ github.event.inputs.azureStorageAccountName }} --content-encoding br --pattern "*.js" --content-type "application/javascript" --auth-mode login
+            az storage blob upload-batch -s "./src/ClientApp/public" --destination "\$web\\$Folder" --account-name ${{ github.event.inputs.azureStorageAccountName }} --content-encoding br --pattern "*.js.map" --content-type "application/octet-stream" --auth-mode login
+            az storage blob upload-batch -s "./src/ClientApp/public" --destination "\$web\\$Folder" --account-name ${{ github.event.inputs.azureStorageAccountName }} --content-encoding br --pattern "*.json" --content-type "application/json" --auth-mode login
+            az storage blob upload-batch -s "./src/ClientApp/public" --destination "\$web\\$Folder" --account-name ${{ github.event.inputs.azureStorageAccountName }} --pattern "*.txt" --content-type "text/plain" --auth-mode login
             # target new version
             az cdn endpoint update --resource-group ${{ github.event.inputs.resourceGroupName }} --profile-name ${{ github.event.inputs.azureCdnName }} --name ${{ github.event.inputs.azureCdnName }} --origin-path /$Folder
             AZURE_CDN_ENDPOINT_HOSTNAME=$(az cdn endpoint show --resource-group ${{ github.event.inputs.resourceGroupName }} --name ${{ github.event.inputs.azureCdnName }} --profile-name ${{ github.event.inputs.azureCdnName }} --query hostName -o tsv)

diff --git a/src/ClientApp/package-lock.json b/src/ClientApp/package-lock.json
diff --git a/src/ClientApp/readme.md b/src/ClientApp/readme.md
@@ -56,10 +56,10 @@ az account set --subscription <your-subscription-id>
 export STORAGE_ACCOUNT_NAME=<storage account name>
 
 # Create the storage account
-az storage account create --name $STORAGE_ACCOUNT_NAME --resource-group $RESOURCEGROUP --location $LOCATION --kind StorageV2
+az storage account create --name $STORAGE_ACCOUNT_NAME --resource-group $RESOURCEGROUP --location $LOCATION --kind StorageV2 --allow-shared-key-access false
 
 # Enable static web site support for the storage account
-az storage blob service-properties update --account-name $STORAGE_ACCOUNT_NAME --static-website --404-document 404.html --index-document index.html
+az storage blob service-properties update --account-name $STORAGE_ACCOUNT_NAME --static-website --404-document 404.html --index-document index.html  --auth-mode login
 
 # Retrieve the static website endpoint
 export WEB_SITE_URL=$(az storage account show --name $STORAGE_ACCOUNT_NAME --resource-group $RESOURCEGROUP --query primaryEndpoints.web --output tsv)
@@ -140,6 +140,9 @@ git push newremote master
        ```bash
          # Assign built-in Contributor RBAC role for creating resource groups and performing deployments at the resource group level
          az role assignment create --role contributor --subscription $AZURE_SUBSCRIPTION_ID --assignee-object-id  $GH_ACTION_FEDERATED_IDENTITY_SP_OBJECT_ID --assignee-principal-type ServicePrincipal --scope $AZURE_RESOURCEGROUP_RESOURCE_ID
+
+         # Assign built-in Contributor RBAC role for adding files to the Blob container
+         az role assignment create  --assignee $GH_ACTION_FEDERATED_IDENTITY_SP_OBJECT_ID --role "Storage Blob Data Contributor" --scope $(az storage account show --name $STORAGE_ACCOUNT_NAME --resource-group $RESOURCEGROUP --query id --output tsv)
        ```
 
    1. Add federated credentials

diff --git a/src/DroneSimulator/Serverless.Simulator/Program.cs b/src/DroneSimulator/Serverless.Simulator/Program.cs
@@ -8,6 +8,9 @@
 using System.Threading.Tasks.Dataflow;
 using Azure.Messaging.EventHubs.Producer;
 using Azure.Messaging.EventHubs;
+using Azure.Messaging.EventHubs.Consumer;
+using System.Xml.Linq;
+using Azure.Identity;
 
 namespace Serverless.Simulator
 {
@@ -166,20 +169,21 @@ private static async Task GenerateTelemetryAsync<T>(Func<T, string, bool, T> fac
 
         }
 
-        private static (string EventHubConnectionString,
+        private static (string fullyQualifiedNamespace, string eventHubName,
             int MillisecondsToRun, int GenerateKeyframeGap, int NumberOfDevices) ParseArguments()
         {
-            var eventHubConnectionString = Environment.GetEnvironmentVariable("EVENT_HUB_CONNECTION_STRING");
+            var fullyQualifiedNamespace = Environment.GetEnvironmentVariable("FUllY_QUALIFIED_NAMESPACE");
+            var eventHubName = Environment.GetEnvironmentVariable("EVENT_HUB_NAME");
             var numberOfMillisecondsToRun = (int.TryParse(Environment.GetEnvironmentVariable("SECONDS_TO_RUN"), out int outputSecondToRun) ? outputSecondToRun : 0) * 1000;
             var generateKeyframeGap = int.TryParse(Environment.GetEnvironmentVariable("GENERATE_KEYFRAME_GAP"), out int genKeyframeGap) ? genKeyframeGap : 100;
             var numberOfDevices = int.TryParse(Environment.GetEnvironmentVariable("NUMBER_OF_DEVICES"), out int numDevices) ? numDevices : 1000;
 
-            if (string.IsNullOrWhiteSpace(eventHubConnectionString))
+            if (string.IsNullOrWhiteSpace(fullyQualifiedNamespace))
             {
-                throw new ArgumentException("eventHubConnectionString must be provided");
+                throw new ArgumentException("fullyQualifiedNamespace must be provided");
             }
 
-            return (eventHubConnectionString, numberOfMillisecondsToRun, generateKeyframeGap, numberOfDevices);
+            return (fullyQualifiedNamespace, eventHubName, numberOfMillisecondsToRun, generateKeyframeGap, numberOfDevices);
         }
 
         // blocking collection that helps to print to console the messages on progress on the generation/send to event hub.
@@ -228,8 +232,8 @@ public static async Task<int> Main(string[] args)
         {
             try
             {
-                var (EventHubConnectionString, MillisecondsToRun, GenerateKeyframeGap, NumberOfDevices) = ParseArguments();
-                var eventHubClient = new EventHubProducerClient(EventHubConnectionString);
+                var (fullyQualifiedNamespace, eventHubName, MillisecondsToRun, GenerateKeyframeGap, NumberOfDevices) = ParseArguments();
+                var eventHubClient = new EventHubProducerClient(fullyQualifiedNamespace, eventHubName, new DefaultAzureCredential());
                 cts = MillisecondsToRun == 0 ? new CancellationTokenSource() : new CancellationTokenSource(MillisecondsToRun);
 
                 Console.CancelKeyPress += (s, e) =>
@@ -241,7 +245,7 @@ public static async Task<int> Main(string[] args)
 
                 AsyncConsole console = new AsyncConsole(cts.Token);
 
-                var eventHubClientPool = new ObjectPool<EventHubProducerClient>(() => new EventHubProducerClient(EventHubConnectionString), 100);
+                var eventHubClientPool = new ObjectPool<EventHubProducerClient>(() => new EventHubProducerClient(fullyQualifiedNamespace, eventHubName, new DefaultAzureCredential()), 100);
 
                 var tasks = new List<Task>();
                 for (int i = 0; i < NumberOfDevices; i++)

diff --git a/src/DroneSimulator/Serverless.Simulator/Serverless.Simulator.csproj b/src/DroneSimulator/Serverless.Simulator/Serverless.Simulator.csproj
@@ -15,7 +15,8 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Azure.Messaging.EventHubs" Version="5.11.1" />
+    <PackageReference Include="Azure.Identity" Version="1.12.0" />
+    <PackageReference Include="Azure.Messaging.EventHubs" Version="5.11.5" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
   </ItemGroup>
 

diff --git a/src/DroneStatus/dotnet/DroneStatusFunctionApp/DroneStatusFunctionApp.csproj b/src/DroneStatus/dotnet/DroneStatusFunctionApp/DroneStatusFunctionApp.csproj
@@ -6,6 +6,13 @@
     <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>enable</Nullable>
   </PropertyGroup>
+  <ItemGroup>
+    <None Remove="local.settings.template.json" />
+  </ItemGroup>
+  <ItemGroup>
+    <Content Include="local.settings.template.json" />
+    <Content Include="local.settings.json" />
+  </ItemGroup>
   <ItemGroup>
     <FrameworkReference Include="Microsoft.AspNetCore.App" />
     <PackageReference Include="Microsoft.Azure.Functions.Worker" Version="1.21.0" />

diff --git a/src/DroneStatus/dotnet/DroneStatusFunctionApp/GetStatusFunction.cs b/src/DroneStatus/dotnet/DroneStatusFunctionApp/GetStatusFunction.cs
@@ -5,16 +5,11 @@
 
 namespace DroneStatusFunctionApp
 {
-    public class GetStatusFunction
+    public class GetStatusFunction(ILogger<GetStatusFunction> logger)
     {
         public const string GetDeviceStatusRoleName = "GetStatus";
 
-        private readonly ILogger<GetStatusFunction> _logger;
-
-        public GetStatusFunction(ILogger<GetStatusFunction> logger)
-        {
-            _logger = logger;
-        }
+        private readonly ILogger<GetStatusFunction> _logger = logger;
 
         [Function("GetStatusFunction")]
         public IActionResult Run([HttpTrigger(AuthorizationLevel.Function, "get")] HttpRequest req,

diff --git a/src/DroneStatus/dotnet/DroneStatusFunctionApp/local.settings.template.json b/src/DroneStatus/dotnet/DroneStatusFunctionApp/local.settings.template.json
@@ -0,0 +1,10 @@
+{
+  "IsEncrypted": false,
+  "Values": {
+    "AzureWebJobsStorage": "UseDevelopmentStorage=true",
+    "FUNCTIONS_WORKER_RUNTIME": "dotnet-isolated",
+    "COSMOSDB_CONNECTION_STRING__accountEndpoint": "your value",
+    "COSMOSDB_DATABASE_COL": "your value",
+    "COSMOSDB_DATABASE_NAME": "your value"
+  }
+}