Attempt app creation via terraform

benchiverton · Jul 8, 2024 · f456c61 · f456c61
1 parent 36b3b37
commit f456c61
Show file tree

Hide file tree

Showing 5 changed files with 66 additions and 2 deletions.
diff --git a/.github/workflows/instance-deploy-test.yml b/.github/workflows/instance-deploy-test.yml
@@ -83,6 +83,8 @@ jobs:
         run: |
           mkdir terraform-outputs
           terraform -chdir=instance output -raw resource_group_name > terraform-outputs/resource_group_name.txt
+          terraform -chdir=instance output -raw api_client_id > terraform-outputs/api_client_id.txt
+          terraform -chdir=instance output -raw website_client_id > terraform-outputs/website_client_id.txt
       - name: Upload terraform outputs for deploy job
         uses: actions/upload-artifact@v3
         with:
@@ -105,6 +107,8 @@ jobs:
         shell: bash
         run: |
           echo "resource_group_name=$(cat resource_group_name.txt)" >> $GITHUB_ENV
+          echo "api_client_id=$(cat api_client_id.txt)" >> $GITHUB_ENV
+          echo "website_client_id=$(cat website_client_id.txt)" >> $GITHUB_ENV
       - name: Login via Azure CLI
         uses: azure/login@v1
         with:
@@ -120,7 +124,10 @@ jobs:
           location: 'East US'
           resourceGroup: onlinestore-shared-rg
           targetPort: 8080
-          environmentVariables: OTEL_EXPORTER_OTLP_ENDPOINT=http://${{ github.head_ref }}-onlinestore-monitoring:18889
+          environmentVariables: |
+            AZUREADB2C__CLIENTID=${{ env.api_client_id }}
+            AZUREADB2C__AUDIENCE=${{ env.api_client_id }}
+            OTEL_EXPORTER_OTLP_ENDPOINT=http://${{ github.head_ref }}-onlinestore-monitoring:18889
       - name: Deploy website
         uses: azure/container-apps-deploy-action@v1
         with:
@@ -132,7 +139,10 @@ jobs:
           location: 'East US'
           resourceGroup: onlinestore-shared-rg
           targetPort: 80
-          environmentVariables: "API__BASEPATH=https://${{ github.head_ref }}-api.rockpal.co.uk"
+          environmentVariables: |
+            API__BASEPATH=https://${{ github.head_ref }}-api.rockpal.co.uk
+            API__CLIENTID=${{ env.api_client_id }}
+            AZUREADB2C__CLIENTID=${{ env.website_client_id }}
       - name: Find Comment
         uses: peter-evans/find-comment@v1
         id: fc

diff --git a/src/Website/Company.Website/overwrite-config.sh b/src/Website/Company.Website/overwrite-config.sh
@@ -1,3 +1,5 @@
 #!/bin/sh
 
 echo "`jq --arg APIBASEPATH "$API__BASEPATH" '.Api.BasePath=$APIBASEPATH' /var/www/web/appsettings.json`" > /var/www/web/appsettings.json
+echo "`jq --arg APICLIENTID "$API__CLIENTID" '.Api.ClientId=$APICLIENTID' /var/www/web/appsettings.json`" > /var/www/web/appsettings.json
+echo "`jq --arg WEBSITECLIENTID "$AZUREADB2C__CLIENTID" '.AzureAdB2C.ClientId=$WEBSITECLIENTID' /var/www/web/appsettings.json`" > /var/www/web/appsettings.json
diff --git a/terraform/instance/azuread_apps.tf b/terraform/instance/azuread_apps.tf
@@ -0,0 +1,42 @@
+resource "random_uuid" "api_permission_scope" {
+}
+
+resource "azuread_application" "api" {
+  display_name     = "${var.name}-api"
+  identifier_uris  = ["https://rockpal.onmicrosoft.com/${var.name}-api"]
+  logo_image       = filebase64("/images/icon-512.png")
+  owners           = [ "495f7cc2-440d-4501-aabc-c1f8c51a3c3d" ]
+  sign_in_audience = "AzureADandPersonalMicrosoftAccount"
+
+  api {
+    mapped_claims_enabled          = true
+    requested_access_token_version = 2
+
+    known_client_applications = []
+
+    oauth2_permission_scope {
+      admin_consent_description  = "Allows the app to access RockPal API as the signed-in user."
+      admin_consent_display_name = "Access RockPal API"
+      enabled                    = true
+      id                         = random_uuid.api_permission_scope
+      type                       = "Admin"
+      user_consent_description   = null
+      user_consent_display_name  = null
+      value                      = "access_as_user"
+    }
+  }
+
+  feature_tags {
+    enterprise = false
+    gallery    = false
+  }
+
+  web {
+    # redirect_uris = ["https://app.example.net/account"]
+
+    implicit_grant {
+      access_token_issuance_enabled = false
+      id_token_issuance_enabled     = false
+    }
+  }
+}
diff --git a/terraform/instance/images/icon-512.png b/terraform/instance/images/icon-512.png
diff --git a/terraform/instance/main.tf b/terraform/instance/main.tf
@@ -36,3 +36,13 @@ output "resource_group_name" {
   value       = azurerm_resource_group.instance.name
   sensitive   = false
 }
+
+output "api_client_id" {
+  value       = azuread_application.api.application_id
+  sensitive   = false
+}
+
+output "website_client_id" {
+  value       = azuread_application.api.application_id # TODO
+  sensitive   = false
+}