Commit ae576c83 authored by Daniel Scholl's avatar Daniel Scholl
Browse files

Merge branch 'trusted-azure' into 'master'

Trusted azure

See merge request osdu/platform/ci-cd-pipelines!9
parents 74f65b8d 07fa7c0b
# EXPECTED PIPELINE INHERITED GROUP VARIABLES
# --------------------------------------------------------------------------------
# AZURE_TENANT_ID
# AZURE_SUBSCRIPTION_ID (Protected Branch)
# AZURE_SUBSCRIPTION_NAME (Protected Branch)
# AZURE (Protected Branch)
# AZURE_APP_ID (Protected Branch)
# AZURE_APP_ID_OTHER (Protected Branch)
# AZURE_BASE (Protected Branch)
# AZURE_BASENAME (Protected Branch)
# AZURE_BASENAME_21 (Protected Branch)
# AZURE_ELASTIC_HOST (Protected Branch)
# AZURE_ELASTIC_PASSWORD (Protected Branch/Masked Variable)
# AZURE_INVALID_JWT (Protected Branch)
# AZURE_NO_ACCESS_SECRET (Protected Branch/Masked Variable)
# AZURE_PRINCIPAL_ID (Protected Branch/Masked Variable)
# AZURE_PRINCIPAL_SECRET (Protected Branch/Masked Variable)
# AZURE_APP_ID (Protected Branch)
# AZURE_NO_ACCESS_ID (Protected Branch)
# AZURE_NO_ACCESS_SECRET (Protected Branch)
# AZURE_OTHER_APP_ID (Protected Branch)
# AZURE_INVALID_JWT
# AZURE_BASE
# AZURE_BASENAME
# AZURE_BASENAME_21
# AZURE_STORAGE_KEY (Protected Branch/Masked Variable)
# AZURE_SERVICEBUS_KEY (Protected Branch/Masked Variable)
# AZURE_STORAGE_KEY (Protected Branch/Masked Variable)
# AZURE_SUBSCRIPTION_ID (Protected Branch)
# AZURE_SUBSCRIPTION_NAME (Protected Branch)
# AZURE_TENANT_ID (Protected Branch)
.azure_variables:
variables:
......@@ -24,27 +27,57 @@
AZURE_RESOURCE_GROUP: ${AZURE_BASENAME}-osdu-r2-app-rg
AZURE_APPSERVICE_PLAN: ${AZURE_BASENAME}-osdu-r2-sp
AZURE_APPSERVICE_NAME: ${AZURE_BASENAME_21}-au-${AZURE_SERVICE}
AZURE_CONTAINER_REGISTRY: ${AZURE_BASE}cr
AZURE_FUNCTIONAPP_NAME: ${AZURE_BASENAME_21}-enque
# Common Section
HOST_URL: https://${AZURE_BASENAME_21}-au-${AZURE_SERVICE}.azurewebsites.net/
ENTITLEMENT_URL: https://${AZURE_BASENAME_21}-au-entitlements.azurewebsites.net/
LEGAL_URL: https://${AZURE_BASENAME_21}-au-legal.azurewebsites.net/
STORAGE_URL: https://${AZURE_BASENAME_21}-au-storage.azurewebsites.net/
SEARCH_HOST: https://${AZURE_BASENAME_21}-au-search.azurewebsites.net//api/search/v2/
AZURE_AD_TENANT_ID: $AZURE_TENANT_ID
INTEGRATION_TESTER: $AZURE_PRINCIPAL_ID
AZURE_TESTER_SERVICEPRINCIPAL_SECRET: $AZURE_PRINCIPAL_SECRET
AZURE_AD_APP_RESOURCE_ID: $AZURE_APP_ID
AZURE_STORAGE_ACCOUNT: ${AZURE_BASE}sa
MY_TENANT: opendes
DOMAIN: contoso.com
AZURE_NO_ACCESS_ID: 31225e68-0944-4b6a-b0bb-ef303ae57f16
ELASTIC_HOST: $AZURE_ELASTIC_HOST
ELASTIC_PORT: 9243
ELASTIC_USER_NAME: elastic
ELASTIC_PASSWORD: $AZURE_ELASTIC_PASSWORD
# Entitlement Section
ENTITLEMENT_MEMBER_NAME_VALID: $AZURE_PRINCIPAL_ID
AZURE_AD_OTHER_APP_RESOURCE_ID: $AZURE_OTHER_APP_ID
AZURE_AD_OTHER_APP_RESOURCE_ID: $AZURE_APP_ID_OTHER
EXPIRED_TOKEN: $AZURE_INVALID_JWT
DOMAIN: contoso.com
ENTITLEMENT_GROUP_NAME_VALID: integ.test.data.creator
ENTITLEMENT_MEMBER_NAME_INVALID: InvalidTestAdmin
# Legal Section
AZURE_LEGAL_STORAGE_ACCOUNT: ${AZURE_BASE}sa
AZURE_LEGAL_STORAGE_ACCOUNT: $AZURE_STORAGE_ACCOUNT
AZURE_LEGAL_STORAGE_KEY: $AZURE_STORAGE_KEY
LEGAL_STORAGE_CONTAINER: legal-service-azure-configuration
AZURE_LEGAL_SERVICEBUS: Endpoint=sb://${AZURE_BASENAME_21}sb.servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey=${AZURE_SERVICEBUS_KEY}
AZURE_LEGAL_TOPICNAME: legaltags
# Storage Section
TENANT_NAME: opendes
TESTER_SERVICEPRINCIPAL_SECRET: $AZURE_PRINCIPAL_SECRET
NO_DATA_ACCESS_TESTER: $AZURE_NO_ACCESS_ID
NO_DATA_ACCESS_TESTER_SERVICEPRINCIPAL_SECRET: $AZURE_NO_ACCESS_SECRET
PUBSUB_TOKEN: az
DEPLOY_ENV: empty
# Indexer & Search Section
aad_client_id: $AZURE_AD_APP_RESOURCE_ID
STORAGE_HOST: https://${AZURE_BASENAME_21}-au-storage.azurewebsites.net/
DEFAULT_DATA_PARTITION_ID_TENANT1: opendes
DEFAULT_DATA_PARTITION_ID_TENANT2: common
ENTITLEMENTS_DOMAIN: contoso.com
ENVIRONMENT: CLOUD
LEGAL_TAG: opendes-public-usa-dataset-7643990
OTHER_RELEVANT_DATA_COUNTRIES: US
# JOBS
# --------------------------------------------------------------------------------
......@@ -56,57 +89,83 @@ azure_debug:
- .azure_variables
script: |
echo "# Pipeline Variables"
echo "export AZURE_SERVICE=\"${AZURE_SERVICE}\""
echo "export AZURE_BUILD_SUBDIR=\"${AZURE_BUILD_SUBDIR}\""
echo "export AZURE_TEST_SUBDIR=\"${AZURE_TEST_SUBDIR}\""
echo "\n"
echo "export AZURE_SERVICE=\"$AZURE_SERVICE\""
echo "export AZURE_BUILD_SUBDIR=\"$AZURE_BUILD_SUBDIR\""
echo "export AZURE_TEST_SUBDIR=\"$AZURE_TEST_SUBDIR\""
echo "# Group Level Variables"
echo "export AZURE_TENANT_ID=\"${AZURE_TENANT_ID}\""
echo "export AZURE_SUBSCRIPTION_ID=\"${AZURE_SUBSCRIPTION_ID}\""
echo "export AZURE_SUBSCRIPTION_NAME=\"${AZURE_SUBSCRIPTION_NAME}\""
echo "export AZURE_PRINCIPAL_ID=\"${AZURE_PRINCIPAL_ID}\""
echo "export AZURE_PRINCIPAL_SECRET=\"${AZURE_PRINCIPAL_SECRET}\""
echo "export AZURE_APP_ID=\"${AZURE_APP_ID}\""
echo "export AZURE_NO_ACCESS_ID=\"${AZURE_NO_ACCESS_ID}\""
echo "export AZURE_NO_ACCESS_SECRET=\"${AZURE_NO_ACCESS_SECRET}\""
echo "export AZURE_OTHER_APP_ID=\"${AZURE_OTHER_APP_ID}\""
echo "export AZURE_INVALID_JWT=\"${AZURE_INVALID_JWT}\""
echo "export AZURE_BASE=\"${AZURE_BASE}\""
echo "export AZURE_BASENAME=\"${AZURE_BASENAME}\""
echo "export AZURE_BASENAME_21=\"${AZURE_BASENAME_21}\""
echo "export AZURE_STORAGE_KEY=\"${AZURE_STORAGE_KEY}\""
echo "export AZURE_SERVICEBUS_KEY=\"${AZURE_SERVICEBUS_KEY}\""
echo "\n"
echo "export AZURE_APP_ID=\"$AZURE_APP_ID\""
echo "export AZURE_APP_ID_OTHER=\"$AZURE_APP_ID_OTHER\""
echo "export AZURE_BASE=\"$AZURE_BASE\""
echo "export AZURE_BASENAME=\"$AZURE_BASENAME\""
echo "export AZURE_BASENAME_21=\"$AZURE_BASENAME_21\""
echo "export AZURE_ELASTIC_HOST=\"$AZURE_ELASTIC_HOST\""
echo "export AZURE_ELASTIC_PASSWORD=\"$AZURE_ELASTIC_PASSWORD\""
echo "export AZURE_INVALID_JWT=\"$AZURE_INVALID_JWT\""
echo "export AZURE_NO_ACCESS_SECRET=\"$AZURE_NO_ACCESS_SECRET\""
echo "export AZURE_PRINCIPAL_ID=\"$AZURE_PRINCIPAL_ID\""
echo "export AZURE_PRINCIPAL_SECRET=\"$AZURE_PRINCIPAL_SECRET\""
echo "export AZURE_SERVICEBUS_KEY=\"$AZURE_SERVICEBUS_KEY\""
echo "export AZURE_STORAGE_KEY=\"$AZURE_STORAGE_KEY\""
echo "export AZURE_SUBSCRIPTION_ID=\"$AZURE_SUBSCRIPTION_ID\""
echo "export AZURE_SUBSCRIPTION_NAME=\"$AZURE_SUBSCRIPTION_NAME\""
echo "export AZURE_TENANT_ID=\"$AZURE_TENANT_ID\""
echo "# Deploy Section"
echo "export AZURE_CLIENT_ID=\"${AZURE_PRINCIPAL_ID}\""
echo "export AZURE_CLIENT_SECRET=\"${AZURE_PRINCIPAL_SECRET}\""
echo "export AZURE_CLIENT_ID=\"\$AZURE_PRINCIPAL_ID\""
echo "export AZURE_CLIENT_SECRET=\"\$AZURE_PRINCIPAL_SECRET\""
echo "export AZURE_RESOURCE_GROUP=\"${AZURE_BASENAME}-osdu-r2-app-rg\""
echo "export AZURE_APPSERVICE_PLAN=\"${AZURE_BASENAME}-osdu-r2-sp\""
echo "export AZURE_APPSERVICE_NAME=\"${AZURE_BASENAME_21}-au-${AZURE_SERVICE}\""
echo "\n"
echo "export AZURE_CONTAINER_REGISTRY=\"${AZURE_BASE}cr\""
echo "export AZURE_FUNCTIONAPP_NAME=\"${AZURE_BASENAME_21}-enque\""
echo "# Common Section"
echo "export HOST_URL=\"https://${AZURE_BASENAME_21}-au-${AZURE_SERVICE}.azurewebsites.net/\""
echo "export ENTITLEMENT_URL=\"https://${AZURE_BASENAME_21}-au-entitlements.azurewebsites.net/\""
echo "export AZURE_AD_TENANT_ID=\"${AZURE_TENANT_ID}\""
echo "export INTEGRATION_TESTER=\"${AZURE_PRINCIPAL_ID}\""
echo "export AZURE_TESTER_SERVICEPRINCIPAL_SECRET=\"${AZURE_PRINCIPAL_SECRET}\""
echo "export AZURE_AD_APP_RESOURCE_ID=\"${AZURE_APP_ID}\""
echo "export MY_TENANT=\"opendes\""
echo "\n"
echo "export HOST_URL=\"$HOST_URL\""
echo "export ENTITLEMENT_URL=\"$ENTITLEMENT_URL\""
echo "export LEGAL_URL=\"$LEGAL_URL\""
echo "export STORAGE_URL=\"$STORAGE_URL\""
echo "export AZURE_AD_TENANT_ID=\"$STORAGE_URL\""
echo "export INTEGRATION_TESTER=\"\$AZURE_PRINCIPAL_ID\""
echo "export AZURE_TESTER_SERVICEPRINCIPAL_SECRET=\"\$AZURE_PRINCIPAL_SECRET\""
echo "export AZURE_AD_APP_RESOURCE_ID=\"$AZURE_AD_APP_RESOURCE_ID\""
echo "export MY_TENANT=\"$MY_TENANT\""
echo "export DOMAIN=\"$DOMAIN\""
echo "export ELASTIC_HOST=\"\$AZURE_ELASTIC_HOST\""
echo "export ELASTIC_PORT=\"$ELASTIC_PORT\""
echo "export ELASTIC_USER_NAME=\"$ELASTIC_USER_NAME\""
echo "export ELASTIC_PASSWORD=\"\$AZURE_ELASTIC_PASSWORD\""
echo "# Entitlement Section"
echo "export ENTITLEMENT_MEMBER_NAME_VALID=\"${AZURE_PRINCIPAL_ID}\""
echo "export AZURE_AD_OTHER_APP_RESOURCE_ID=\"${AZURE_OTHER_APP_ID}\""
echo "export EXPIRED_TOKEN=\"${AZURE_INVALID_JWT}\""
echo "export DOMAIN=\"contoso.com\""
echo "export ENTITLEMENT_GROUP_NAME_VALID=\"integ.test.data.creator\""
echo "export ENTITLEMENT_MEMBER_NAME_INVALID=\"InvalidTestAdmin\""
echo "\n"
echo "export ENTITLEMENT_MEMBER_NAME_VALID=\"\$AZURE_PRINCIPAL_ID\""
echo "export AZURE_AD_OTHER_APP_RESOURCE_ID=\"\$AZURE_APP_ID_OTHER\""
echo "export EXPIRED_TOKEN=\"\$AZURE_INVALID_JWT\""
echo "export ENTITLEMENT_GROUP_NAME_VALID=\"$ENTITLEMENT_GROUP_NAME_VALID\""
echo "export ENTITLEMENT_MEMBER_NAME_INVALID=\"$ENTITLEMENT_MEMBER_NAME_INVALID\""
echo "# Legal Section"
echo "export AZURE_LEGAL_STORAGE_ACCOUNT=\"${AZURE_BASE}sa\""
echo "export AZURE_LEGAL_STORAGE_KEY=\"${AZURE_STORAGE_KEY}\""
echo "export LEGAL_STORAGE_CONTAINER=\"legal-service-azure-configuration\""
echo "export AZURE_LEGAL_SERVICEBUS=\"Endpoint=sb://${AZURE_BASENAME_21}sb.servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey=${AZURE_SERVICEBUS_KEY}\""
echo "export AZURE_LEGAL_TOPICNAME=\"legaltags\""
echo "export AZURE_LEGAL_STORAGE_ACCOUNT=\"$AZURE_LEGAL_STORAGE_ACCOUNT\""
echo "export AZURE_LEGAL_STORAGE_KEY=\"\$AZURE_STORAGE_KEY\""
echo "export LEGAL_STORAGE_CONTAINER=\"$LEGAL_STORAGE_CONTAINER\""
echo "export AZURE_LEGAL_SERVICEBUS=\"Endpoint=sb://${AZURE_BASENAME_21}sb.servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey=\${AZURE_SERVICEBUS_KEY}\""
echo "export AZURE_LEGAL_TOPICNAME=\"$AZURE_LEGAL_TOPICNAME\""
echo ""
echo "# Storage Section"
echo "export AZURE_AD_TENANT_ID=\"$AZURE_TENANT_ID\""
echo "export TENANT_NAME=\"$TENANT_NAME\""
echo "export TESTER_SERVICEPRINCIPAL_SECRET=\"\$AZURE_PRINCIPAL_SECRET\""
echo "export AZURE_STORAGE_ACCOUNT=\"$AZURE_STORAGE_ACCOUNT\""
echo "export NO_DATA_ACCESS_TESTER=\"$NO_DATA_ACCESS_TESTER\""
echo "export NO_DATA_ACCESS_TESTER_SERVICEPRINCIPAL_SECRET=\"\$AZURE_NO_ACCESS_SECRET\""
echo "export PUBSUB_TOKEN=\"$PUBSUB_TOKEN\""
echo "export DEPLOY_ENV=\"$DEPLOY_ENV\""
echo ""
echo "# Index Section"
echo "export aad_client_id=\"$aad_client_id\""
echo "export STORAGE_HOST=\"$STORAGE_HOST\""
echo "export ELASTIC_HOST=\"$ELASTIC_HOST\""
echo "export ELASTIC_USER_NAME=\"$ELASTIC_USER_NAME\""
echo "export DEFAULT_DATA_PARTITION_ID_TENANT1=\"$DEFAULT_DATA_PARTITION_ID_TENANT1\""
echo "export DEFAULT_DATA_PARTITION_ID_TENANT2=\"$DEFAULT_DATA_PARTITION_ID_TENANT2\""
echo "export ENTITLEMENTS_DOMAIN=\"$ENTITLEMENTS_DOMAIN.com\""
echo "export ENVIRONMENT=\"$ENVIRONMENT\""
echo "export LEGAL_TAG=\"$LEGAL_TAG\""
echo "export OTHER_RELEVANT_DATA_COUNTRIES=\"$OTHER_RELEVANT_DATA_COUNTRIES\""
only:
variables:
- $AZURE_DEBUG == 'true'
......@@ -144,6 +203,9 @@ azure_containerize:
- az acr login -n ${AZURE_BASE}cr
- docker tag ${CI_REGISTRY_IMAGE}/$IMAGE ${AZURE_BASE}cr.azurecr.io/$IMAGE:${CI_BUILD_ID}
- docker push ${AZURE_BASE}cr.azurecr.io/$IMAGE:${CI_BUILD_ID}
only:
variables:
- $AZURE == 'true'
except:
variables:
- $AZURE_DEBUG == 'true'
......@@ -165,6 +227,9 @@ azure_deploy:
-Dazure.appservice.resourcegroup=$AZURE_RESOURCE_GROUP \
-Dazure.appservice.plan=$AZURE_APPSERVICE_PLAN \
-Dazure.appservice.appname=$AZURE_APPSERVICE_NAME
only:
variables:
- $AZURE == 'true'
except:
variables:
- $AZURE_DEBUG == 'true'
......@@ -180,11 +245,15 @@ azure_config:
script:
- TARGET=$(find ./$AZURE_BUILD_SUBDIR/target/ -name '*.jar' | head -n 1)
- JAR_FILE=${TARGET##*/}
- echo "Startup Jar is $JAR_FILE"
- JAVA_COMMAND="java -jar /home/site/wwwroot/${JAR_FILE}"
- JSON_TEMPLATE='{"appCommandLine":"%s"}'
- JSON_FILE="config.json"
- echo $(printf "$JSON_TEMPLATE" "$JAVA_COMMAND") > $JSON_FILE
- az webapp config set --resource-group $AZURE_RESOURCE_GROUP --name $AZURE_APPSERVICE_NAME --generic-configurations @$JSON_FILE
only:
variables:
- $AZURE == 'true'
except:
variables:
- $AZURE_DEBUG == 'true'
......@@ -197,6 +266,9 @@ azure_test:
- .azure_variables
script:
- mvn clean test -f $AZURE_TEST_SUBDIR/pom.xml
only:
variables:
- $AZURE == 'true'
except:
variables:
- $AZURE_DEBUG == 'true' || $AZURE_SKIP_TEST == 'true'
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment