From 52b98faf79d43bfd6ac9ce03ad05737fbcd44f60 Mon Sep 17 00:00:00 2001 From: Ian Griffiths Date: Tue, 18 Feb 2020 09:23:25 +0000 Subject: [PATCH] Modify deployment scripts to make tenancy service available to other services --- .../Marain.Tenancy.Deployment/Marain-ArmDeploy.ps1 | 7 ++++--- .../Marain-PostDeploy.ps1 | 2 ++ .../Marain.Tenancy.Deployment/Marain-PreDeploy.ps1 | 14 ++++++++++---- 3 files changed, 16 insertions(+), 7 deletions(-) diff --git a/Solutions/Marain.Tenancy.Deployment/Marain-ArmDeploy.ps1 b/Solutions/Marain.Tenancy.Deployment/Marain-ArmDeploy.ps1 index c261ea04..58fbda50 100644 --- a/Solutions/Marain.Tenancy.Deployment/Marain-ArmDeploy.ps1 +++ b/Solutions/Marain.Tenancy.Deployment/Marain-ArmDeploy.ps1 @@ -6,9 +6,10 @@ script. It is our opportunity to create Azure resources. # Marain.Instance expects us to define just this one function. Function MarainDeployment([MarainServiceDeploymentContext] $ServiceDeploymentContext) { + $TenancyAuthAppId = $ServiceDeploymentContext.GetAppId() $TemplateParameters = @{ appName="tenancy" - functionEasyAuthAadClientId=$ServiceDeploymentContext.Variables["TenancyAppId"] + functionEasyAuthAadClientId=$TenancyAuthAppId appInsightsInstrumentationKey=$ServiceDeploymentContext.InstanceContext.ApplicationInsightsInstrumentationKey } $InstanceResourceGroupName = $InstanceDeploymentContext.MakeResourceGroupName("tenancy") @@ -18,6 +19,6 @@ Function MarainDeployment([MarainServiceDeploymentContext] $ServiceDeploymentCon $TemplateParameters, $InstanceResourceGroupName) - $ServiceDeploymentContext.Variables["KeyVaultName"] = $DeploymentResult.Outputs.keyVaultName.Value - $ServiceDeploymentContext.Variables["FunctionServicePrincipalId"] = $DeploymentResult.Outputs.functionServicePrincipalId.Value + #$ServiceDeploymentContext.Variables["KeyVaultName"] = $DeploymentResult.Outputs.keyVaultName.Value + $ServiceDeploymentContext.SetAppServiceDetails($DeploymentResult.Outputs.functionServicePrincipalId.Value) } \ No newline at end of file diff --git a/Solutions/Marain.Tenancy.Deployment/Marain-PostDeploy.ps1 b/Solutions/Marain.Tenancy.Deployment/Marain-PostDeploy.ps1 index 4629faca..7dc8fe63 100644 --- a/Solutions/Marain.Tenancy.Deployment/Marain-PostDeploy.ps1 +++ b/Solutions/Marain.Tenancy.Deployment/Marain-PostDeploy.ps1 @@ -7,6 +7,8 @@ have been deployed. # Marain.Instance expects us to define just this one function. Function MarainDeployment([MarainServiceDeploymentContext] $ServiceDeploymentContext) { + $ServiceDeploymentContext.MakeAppServiceCommonService("Marain.Tenancy") + $ServiceDeploymentContext.UploadReleaseAssetAsAppServiceSitePackage( "Marain.Tenancy.Host.Functions.zip", $ServiceDeploymentContext.AppName diff --git a/Solutions/Marain.Tenancy.Deployment/Marain-PreDeploy.ps1 b/Solutions/Marain.Tenancy.Deployment/Marain-PreDeploy.ps1 index eb6eade1..74cfc51f 100644 --- a/Solutions/Marain.Tenancy.Deployment/Marain-PreDeploy.ps1 +++ b/Solutions/Marain.Tenancy.Deployment/Marain-PreDeploy.ps1 @@ -12,15 +12,21 @@ use it directly.) # Marain.Instance expects us to define just this one function. Function MarainDeployment([MarainServiceDeploymentContext] $ServiceDeploymentContext) { - $app = $ServiceDeploymentContext.DefineAzureAdAppForAppService( - "", - "TenancyAppId") + $app = $ServiceDeploymentContext.DefineAzureAdAppForAppService() $AdminAppRoleId = "7619c293-764c-437b-9a8e-698a26250efd" $app.EnsureAppRolesContain( $AdminAppRoleId, "Tenancy administrator", - "Full control over definition of claim permissions and rule sets", + "Ability to create, modify, read, and remove tenants", "TenancyAdministrator", ("User", "Application")) + + $ReaderAppRoleId = "60743a6a-63b6-42e5-a464-a08698a0e9ed" + $app.EnsureAppRolesContain( + $ReaderAppRoleId, + "Tenancy reader", + "Ability to read information about tenants", + "TenancyReader", + ("User", "Application")) } \ No newline at end of file