Configure Legal Service (#102)

Validated functionality of Legal Service.

README.md

@@ -293,16 +293,20 @@ Prior to running this command on the ingress url `https://<your_ingress>/auth/`
 
 ```bash
 azd env set AUTH_CODE <your_auth_code>
-azd deploy
-azd env show AUTH_TOKEN
+azd hooks run predeploy
 ```
 
-This command deploys some additional configuration helpful to using the solution.
+This command performs the following actions:
 
-_Posthook_
+1. Adds the first user to the platform with an operator role.
+2. Retrieves an openid refresh token for the first user.
+3. Writes necessary environment to the Visual Studio Code settings file.
+
+
+__Execute Rest Scripts__
+
+Using the Rest Client Extension for VSCode an environment has been conveniently added in `.vscode/scipts` which can be selected and the scripts now in `tools/rest-scripts` can be used to run api checks.
 
-1. Configure the Initial User into Entitlements.
-2. Using a provided Authorization Code get an initial user refresh token.
 
 
 __Removal and Cleaning up__

azure.yaml

@@ -76,20 +76,3 @@ hooks:
           echo "Docker is not installed."
           exit 1
         fi
-  postdeploy:
-    posix:
-      interactive: false
-      continueOnError: false
-      shell: sh
-      run: |
-        env_vars=$(azd env get-values | tr -d '"' | awk '{print "-e " $0}')
-        # Check if Docker command exists
-        if command -v docker &> /dev/null; then
-          echo "Building Docker Image"
-          docker buildx build --no-cache -f scripts/Dockerfile-provision -t azd-provision scripts
-          docker run --rm -v $(pwd):/workspace -v "${HOME}/.azure:/root/.azure" $env_vars -e AZURE_CONFIG_DIR=/root/.azure azd-provision /usr/local/bin/postdeploy.sh -s ${AZURE_SUBSCRIPTION_ID}
-          sleep 5
-        else
-          echo "Docker is not installed."
-          exit 1
-        fi

bicep/main.bicep

@@ -361,6 +361,7 @@ module partitionBlade 'modules/blade_partition.bicep' = {
 
     partitionSize: tier
     partitions: configuration.partitions
+    managedIdentityName: stampIdentity.outputs.name
   }
   dependsOn: [
     networkBlade
@@ -436,7 +437,6 @@ module serviceBlade 'modules/blade_service.bicep' = {
   ]
 }
 
-output KEYVAULT_NAME string = commonBlade.outputs.keyvaultName
 output ACR_NAME string = serviceBlade.outputs.registryName
 output AKS_NAME string = serviceBlade.outputs.clusterName
 

bicep/modules/blade_partition.bicep

@@ -62,13 +62,16 @@ param partitions array = [
   }
 ]
 
+@description('The managed identity name for deployment scripts')
+param managedIdentityName string
+
 /////////////////////////////////
 // Configuration 
 /////////////////////////////////
 var partitionLayerConfig = {
   secrets: {
     storageAccountName: 'storage'
-    storageAccountKey: 'key'
+    storageAccountKey: 'storage-key'
     cosmosConnectionString: 'cosmos-connection'
     cosmosEndpoint: 'cosmos-endpoint'
     cosmosPrimaryKey: 'cosmos-primary-key'
@@ -539,6 +542,23 @@ module partitonNamespace 'br/public:avm/res/service-bus/namespace:0.4.2' = [for
   }
 }]
 
+
+// Deployment Scripts are not enabled yet for Private Link
+// https://github.com/Azure/bicep/issues/6540
+module blobUpload './script-blob-upload/main.bicep' = [for (partition, index) in partitions: {
+  name: '${bladeConfig.sectionName}-storage-blob-upload-${index}'
+  params: {
+    storageAccountName: partitionStorage[index].outputs.name
+    location: location
+
+    useExistingManagedIdentity: true
+    managedIdentityName: managedIdentityName
+    existingManagedIdentitySubId: subscription().subscriptionId
+    existingManagedIdentityResourceGroupName:resourceGroup().name
+  }
+}]
+
+
 // Output partitionStorage names
 output partitionStorageNames string[] = [for (partition, index) in partitions: partitionStorage[index].outputs.name]
 output partitionServiceBusNames string[] = [for (partition, index) in partitions: partitonNamespace[index].outputs.name]