File Service Validations (#132)

* Modified app config local access and route for file. * Changing auth rules for file. * Updated database collecitons. * Updated service env documentation. * Added prereqs. * Removed AKS extensions. * Added rbac pre-req. * Bicep changes. * Add in Subscription. * Add in Subscription. * Removed DB collections * Add in Subscription.
Azure · Jul 26, 2024 · ac13a72 · ac13a72
1 parent 4f8b6ca
commit ac13a72
Show file tree

Hide file tree

Showing 16 changed files with 397 additions and 207 deletions.
diff --git a/README.md b/README.md
@@ -28,6 +28,8 @@ GitOps uses Git as a single source of truth for declarative components and appli
 
 - __Azure Subscription__: An active Microsoft Azure subscription.
 
+- __Azure RBAC Role__: Ensure the `App Configuration Data Owner` role has been assigned on the desired Azure Subscription as explained [here](https://learn.microsoft.com/en-us/azure/azure-app-configuration/quickstart-deployment-overview?tabs=portal#manage-azure-app-configuration-data-in-deployment).
+
 - __Azure CLI__: Install and configured on your local machine. You can download it [here](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli).
 
 - __Azure Developer CLI__: Install and configured on your local machine. You can download it [here](https://learn.microsoft.com/en-us/azure/developer/azure-developer-cli/install-azd).
@@ -39,6 +41,10 @@ GitOps uses Git as a single source of truth for declarative components and appli
 
 - __Visual Studio Code__: Install and configure on your local machine with the [REST Client Extension](https://marketplace.visualstudio.com/items?itemName=humao.rest-client). You can download it [here](https://code.visualstudio.com/download)
 
+- **Docker Desktop**: Install and configure on your local machine. You can download it [here](https://www.docker.com/products/docker-desktop).
+
+- **Optional**: Either **PowerShell Core** or a **Bash shell in WSL**. You can download PowerShell Core [here](https://github.com/PowerShell/PowerShell) and set up WSL [here](https://docs.microsoft.com/en-us/windows/wsl/install).
+
 
 ## Setup
 

diff --git a/bicep/modules/app-configuration/main.bicep b/bicep/modules/app-configuration/main.bicep
@@ -38,7 +38,7 @@ param sku string = 'Standard'
 param createMode string = 'Default'
 
 @description('Optional. Disables all authentication methods other than AAD authentication.')
-param disableLocalAuth bool = false
+param disableLocalAuth bool = true
 
 @description('Optional. Enables system assigned managed identity on the resource.')
 param systemAssignedIdentity bool = false
@@ -139,7 +139,7 @@ var diagnosticsMetrics = [for metric in metricsToEnable: {
 var identityType = systemAssignedIdentity ? 'SystemAssigned' : !empty(userAssignedIdentities) ? 'UserAssigned' : 'None'
 
 
-resource configStore 'Microsoft.AppConfiguration/configurationStores@2023-03-01' = {
+resource configStore 'Microsoft.AppConfiguration/configurationStores@2023-08-01-preview' = {
   name: length(name) > 50 ? substring(name, 0, 50) : name
   location: location
   tags: tags
@@ -156,6 +156,10 @@ resource configStore 'Microsoft.AppConfiguration/configurationStores@2023-03-01'
   properties: {
     createMode: createMode
     disableLocalAuth: disableLocalAuth
+    dataPlaneProxy: disableLocalAuth ? {
+      authenticationMode: 'Pass-through'
+      privateLinkDelegation: 'Disabled'
+  } : null
     encryption: enableCMEK ? {
       keyVaultProperties: {
         identityClientId: cmekConfiguration.identityId

diff --git a/bicep/modules/blade_partition.bicep b/bicep/modules/blade_partition.bicep
@@ -141,66 +141,45 @@ var partitionLayerConfig = {
     backup: 'Continuous'
     containers: [
       {
-        name: 'LegalTag'
+        name: 'Authority'
         kind: 'Hash'
         paths: [
           '/id'
         ]
       }
       {
-        name: 'StorageRecord'
+        name: 'EntityType'
         kind: 'Hash'
         paths: [
           '/id'
         ]
       }
       {
-        name: 'StorageSchema'
-        kind: 'Hash'
-        paths: [
-          '/kind'
-        ]
-      }
-      {
-        name: 'TenantInfo'
+        name: 'FileLocationEntity'
         kind: 'Hash'
         paths: [
           '/id'
         ]
       }
       {
-        name: 'UserInfo'
-        kind: 'Hash'
-        paths: [
-          '/id'
-        ]
-      }
-      {
-        name: 'Authority'
+        name: 'IngestionStrategy'
         kind: 'Hash'
         paths: [
-          '/id'
+          '/workflowType'
         ]
       }
       {
-        name: 'EntityType'
+        name: 'LegalTag'
         kind: 'Hash'
         paths: [
           '/id'
         ]
       }
       {
-        name: 'SchemaInfo'
-        kind: 'Hash'
-        paths: [
-          '/partitionId'
-        ]
-      }
-      {
-        name: 'Source'
+        name: 'MappingInfo'
         kind: 'Hash'
         paths: [
-          '/id'
+          '/sourceSchemaKind'
         ]
       }
       {
@@ -225,80 +204,87 @@ var partitionLayerConfig = {
         ]
       }
       {
-        name: 'IngestionStrategy'
+        name: 'RelationshipStatus'
         kind: 'Hash'
         paths: [
-          '/workflowType'
+          '/id'
         ]
       }
       {
-        name: 'RelationshipStatus'
+        name: 'ReplayIndexStatus'
         kind: 'Hash'
         paths: [
           '/id'
         ]
       }
       {
-        name: 'MappingInfo'
+        name: 'SchemaInfo'
         kind: 'Hash'
         paths: [
-          '/sourceSchemaKind'
+          '/partitionId'
         ]
       }
       {
-        name: 'FileLocationInfo'
+        name: 'Source'
         kind: 'Hash'
         paths: [
           '/id'
         ]
       }
       {
-        name: 'WorkflowCustomOperatorInfo'
+        name: 'StorageRecord'
         kind: 'Hash'
         paths: [
-          '/operatorId'
+          '/id'
         ]
       }
       {
-        name: 'WorkflowV2'
+        name: 'StorageSchema'
         kind: 'Hash'
         paths: [
-          '/partitionKey'
+          '/kind'
         ]
       }
       {
-        name: 'WorkflowRunV2'
+        name: 'TenantInfo'
         kind: 'Hash'
         paths: [
-          '/partitionKey'
+          '/id'
         ]
       }
       {
-        name: 'WorkflowCustomOperatorV2'
+        name: 'UserInfo'
         kind: 'Hash'
         paths: [
-          '/partitionKey'
+          '/id'
         ]
       }
       {
-        name: 'WorkflowTasksSharingInfoV2'
+        name: 'Workflow'
         kind: 'Hash'
         paths: [
-          '/partitionKey'
+          '/workflowId'
         ]
       }
       {
-        name: 'Status'
+        name: 'WorkflowCustomOperatorInfo'
         kind: 'Hash'
         paths: [
-          '/correlationId'
+          '/operatorId'
+        ]
+      }
+      {
+        name: 'WorkflowRun'
+        kind: 'Hash'
+        paths: [
+          '/partitionKey'
         ]
       }
       {
-        name: 'DataSetDetails'
+        name: 'WorkflowRunStatus'
         kind: 'Hash'
         paths: [
-          '/correlationId'
+          '/partitionKey'
         ]
       }
     ]

diff --git a/charts/osdu-developer-base/templates/kv-secrets.yaml b/charts/osdu-developer-base/templates/kv-secrets.yaml
@@ -13,6 +13,8 @@ spec:
       key: principal-clientpassword
     - objectName: "app-dev-sp-tenant-id"
       key: tenant-id
+    - objectName: "subscription-id"
+      key: subscription-id
     - objectName: "app-dev-sp-id"  
       key: principal-clientid
     - objectName: "app-dev-sp-username"  
@@ -52,5 +54,8 @@ spec:
         - |
           objectName: insights-connection
           objectType: secret
+        - |
+          objectName: subscription-id
+          objectType: secret
     tenantId: {{ .Values.azure.tenantId }} # the tenant ID of the KeyVault
 {{- end }}