Merge branch 'trusted-azure' into 'master'

Trusted azure See merge request osdu/platform/ci-cd-pipelines!9

Merge branch 'trusted-azure' into 'master'
Trusted azure See merge request osdu/platform/ci-cd-pipelines!9
ae576c83 · Daniel Scholl · 74f65b8d · 07fa7c0b · ae576c83
Commit ae576c83 authored May 22, 2020 by Daniel Scholl
--- a/cloud-providers/azure.yml
+++ b/cloud-providers/azure.yml
 # EXPECTED PIPELINE INHERITED GROUP VARIABLES
 # --------------------------------------------------------------------------------
-# AZURE_TENANT_ID
-# AZURE_SUBSCRIPTION_ID     (Protected Branch)
-# AZURE_SUBSCRIPTION_NAME   (Protected Branch)
+# AZURE                     (Protected Branch)
+# AZURE_APP_ID              (Protected Branch)
+# AZURE_APP_ID_OTHER        (Protected Branch)
+# AZURE_BASE                (Protected Branch)
+# AZURE_BASENAME            (Protected Branch)
+# AZURE_BASENAME_21         (Protected Branch)
+# AZURE_ELASTIC_HOST        (Protected Branch)
+# AZURE_ELASTIC_PASSWORD    (Protected Branch/Masked Variable)
+# AZURE_INVALID_JWT         (Protected Branch)
+# AZURE_NO_ACCESS_SECRET    (Protected Branch/Masked Variable)
 # AZURE_PRINCIPAL_ID        (Protected Branch/Masked Variable)
 # AZURE_PRINCIPAL_SECRET    (Protected Branch/Masked Variable)
-# AZURE_APP_ID              (Protected Branch)
-# AZURE_NO_ACCESS_ID        (Protected Branch)
-# AZURE_NO_ACCESS_SECRET    (Protected Branch)
-# AZURE_OTHER_APP_ID        (Protected Branch)
-# AZURE_INVALID_JWT
-# AZURE_BASE
-# AZURE_BASENAME
-# AZURE_BASENAME_21
-# AZURE_STORAGE_KEY         (Protected Branch/Masked Variable)
 # AZURE_SERVICEBUS_KEY      (Protected Branch/Masked Variable)
+# AZURE_STORAGE_KEY         (Protected Branch/Masked Variable)
+# AZURE_SUBSCRIPTION_ID     (Protected Branch)
+# AZURE_SUBSCRIPTION_NAME   (Protected Branch)
+# AZURE_TENANT_ID           (Protected Branch)
+

 .azure_variables:
  variables:
@@ -24,27 +27,57 @@
    AZURE_RESOURCE_GROUP: ${AZURE_BASENAME}-osdu-r2-app-rg
    AZURE_APPSERVICE_PLAN: ${AZURE_BASENAME}-osdu-r2-sp
    AZURE_APPSERVICE_NAME: ${AZURE_BASENAME_21}-au-${AZURE_SERVICE}
+    AZURE_CONTAINER_REGISTRY: ${AZURE_BASE}cr
+    AZURE_FUNCTIONAPP_NAME: ${AZURE_BASENAME_21}-enque
    # Common Section
    HOST_URL: https://${AZURE_BASENAME_21}-au-${AZURE_SERVICE}.azurewebsites.net/
    ENTITLEMENT_URL: https://${AZURE_BASENAME_21}-au-entitlements.azurewebsites.net/
+    LEGAL_URL: https://${AZURE_BASENAME_21}-au-legal.azurewebsites.net/
+    STORAGE_URL: https://${AZURE_BASENAME_21}-au-storage.azurewebsites.net/
+    SEARCH_HOST: https://${AZURE_BASENAME_21}-au-search.azurewebsites.net//api/search/v2/
    AZURE_AD_TENANT_ID: $AZURE_TENANT_ID
    INTEGRATION_TESTER: $AZURE_PRINCIPAL_ID
    AZURE_TESTER_SERVICEPRINCIPAL_SECRET: $AZURE_PRINCIPAL_SECRET
    AZURE_AD_APP_RESOURCE_ID: $AZURE_APP_ID
+    AZURE_STORAGE_ACCOUNT: ${AZURE_BASE}sa
    MY_TENANT: opendes
+    DOMAIN: contoso.com
+    AZURE_NO_ACCESS_ID: 31225e68-0944-4b6a-b0bb-ef303ae57f16
+    ELASTIC_HOST: $AZURE_ELASTIC_HOST
+    ELASTIC_PORT: 9243
+    ELASTIC_USER_NAME: elastic
+    ELASTIC_PASSWORD: $AZURE_ELASTIC_PASSWORD
    # Entitlement Section
    ENTITLEMENT_MEMBER_NAME_VALID: $AZURE_PRINCIPAL_ID
-    AZURE_AD_OTHER_APP_RESOURCE_ID: $AZURE_OTHER_APP_ID
+    AZURE_AD_OTHER_APP_RESOURCE_ID: $AZURE_APP_ID_OTHER
    EXPIRED_TOKEN: $AZURE_INVALID_JWT
-    DOMAIN: contoso.com
    ENTITLEMENT_GROUP_NAME_VALID: integ.test.data.creator
    ENTITLEMENT_MEMBER_NAME_INVALID: InvalidTestAdmin
    # Legal Section
-    AZURE_LEGAL_STORAGE_ACCOUNT: ${AZURE_BASE}sa
+    AZURE_LEGAL_STORAGE_ACCOUNT: $AZURE_STORAGE_ACCOUNT
    AZURE_LEGAL_STORAGE_KEY: $AZURE_STORAGE_KEY
    LEGAL_STORAGE_CONTAINER: legal-service-azure-configuration
    AZURE_LEGAL_SERVICEBUS: Endpoint=sb://${AZURE_BASENAME_21}sb.servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey=${AZURE_SERVICEBUS_KEY}
    AZURE_LEGAL_TOPICNAME: legaltags
+    # Storage Section
+    TENANT_NAME: opendes
+    TESTER_SERVICEPRINCIPAL_SECRET: $AZURE_PRINCIPAL_SECRET
+    NO_DATA_ACCESS_TESTER: $AZURE_NO_ACCESS_ID
+    NO_DATA_ACCESS_TESTER_SERVICEPRINCIPAL_SECRET: $AZURE_NO_ACCESS_SECRET
+    PUBSUB_TOKEN: az
+    DEPLOY_ENV: empty
+    # Indexer & Search Section
+    aad_client_id: $AZURE_AD_APP_RESOURCE_ID
+    STORAGE_HOST: https://${AZURE_BASENAME_21}-au-storage.azurewebsites.net/
+    DEFAULT_DATA_PARTITION_ID_TENANT1: opendes
+    DEFAULT_DATA_PARTITION_ID_TENANT2: common
+    ENTITLEMENTS_DOMAIN: contoso.com
+    ENVIRONMENT: CLOUD
+    LEGAL_TAG: opendes-public-usa-dataset-7643990
+    OTHER_RELEVANT_DATA_COUNTRIES: US
+
+
+

 # JOBS
 # --------------------------------------------------------------------------------
@@ -56,57 +89,83 @@ azure_debug:
    - .azure_variables
  script: |
    echo "# Pipeline Variables"
-    echo "export AZURE_SERVICE=\"${AZURE_SERVICE}\""
-    echo "export AZURE_BUILD_SUBDIR=\"${AZURE_BUILD_SUBDIR}\""
-    echo "export AZURE_TEST_SUBDIR=\"${AZURE_TEST_SUBDIR}\""
-    echo "\n"
+    echo "export AZURE_SERVICE=\"$AZURE_SERVICE\""
+    echo "export AZURE_BUILD_SUBDIR=\"$AZURE_BUILD_SUBDIR\""
+    echo "export AZURE_TEST_SUBDIR=\"$AZURE_TEST_SUBDIR\""
    echo "# Group Level Variables"
-    echo "export AZURE_TENANT_ID=\"${AZURE_TENANT_ID}\""
-    echo "export AZURE_SUBSCRIPTION_ID=\"${AZURE_SUBSCRIPTION_ID}\""
-    echo "export AZURE_SUBSCRIPTION_NAME=\"${AZURE_SUBSCRIPTION_NAME}\""
-    echo "export AZURE_PRINCIPAL_ID=\"${AZURE_PRINCIPAL_ID}\""
-    echo "export AZURE_PRINCIPAL_SECRET=\"${AZURE_PRINCIPAL_SECRET}\""
-    echo "export AZURE_APP_ID=\"${AZURE_APP_ID}\""
-    echo "export AZURE_NO_ACCESS_ID=\"${AZURE_NO_ACCESS_ID}\""
-    echo "export AZURE_NO_ACCESS_SECRET=\"${AZURE_NO_ACCESS_SECRET}\""
-    echo "export AZURE_OTHER_APP_ID=\"${AZURE_OTHER_APP_ID}\""
-    echo "export AZURE_INVALID_JWT=\"${AZURE_INVALID_JWT}\""
-    echo "export AZURE_BASE=\"${AZURE_BASE}\""
-    echo "export AZURE_BASENAME=\"${AZURE_BASENAME}\""
-    echo "export AZURE_BASENAME_21=\"${AZURE_BASENAME_21}\""
-    echo "export AZURE_STORAGE_KEY=\"${AZURE_STORAGE_KEY}\""
-    echo "export AZURE_SERVICEBUS_KEY=\"${AZURE_SERVICEBUS_KEY}\""
-    echo "\n"
+    echo "export AZURE_APP_ID=\"$AZURE_APP_ID\""
+    echo "export AZURE_APP_ID_OTHER=\"$AZURE_APP_ID_OTHER\""
+    echo "export AZURE_BASE=\"$AZURE_BASE\""
+    echo "export AZURE_BASENAME=\"$AZURE_BASENAME\""
+    echo "export AZURE_BASENAME_21=\"$AZURE_BASENAME_21\""
+    echo "export AZURE_ELASTIC_HOST=\"$AZURE_ELASTIC_HOST\""
+    echo "export AZURE_ELASTIC_PASSWORD=\"$AZURE_ELASTIC_PASSWORD\""
+    echo "export AZURE_INVALID_JWT=\"$AZURE_INVALID_JWT\""
+    echo "export AZURE_NO_ACCESS_SECRET=\"$AZURE_NO_ACCESS_SECRET\""
+    echo "export AZURE_PRINCIPAL_ID=\"$AZURE_PRINCIPAL_ID\""
+    echo "export AZURE_PRINCIPAL_SECRET=\"$AZURE_PRINCIPAL_SECRET\""
+    echo "export AZURE_SERVICEBUS_KEY=\"$AZURE_SERVICEBUS_KEY\""
+    echo "export AZURE_STORAGE_KEY=\"$AZURE_STORAGE_KEY\""
+    echo "export AZURE_SUBSCRIPTION_ID=\"$AZURE_SUBSCRIPTION_ID\""
+    echo "export AZURE_SUBSCRIPTION_NAME=\"$AZURE_SUBSCRIPTION_NAME\""
+    echo "export AZURE_TENANT_ID=\"$AZURE_TENANT_ID\""
    echo "# Deploy Section"
-    echo "export AZURE_CLIENT_ID=\"${AZURE_PRINCIPAL_ID}\""
-    echo "export AZURE_CLIENT_SECRET=\"${AZURE_PRINCIPAL_SECRET}\""
+    echo "export AZURE_CLIENT_ID=\"\$AZURE_PRINCIPAL_ID\""
+    echo "export AZURE_CLIENT_SECRET=\"\$AZURE_PRINCIPAL_SECRET\""
    echo "export AZURE_RESOURCE_GROUP=\"${AZURE_BASENAME}-osdu-r2-app-rg\""
    echo "export AZURE_APPSERVICE_PLAN=\"${AZURE_BASENAME}-osdu-r2-sp\""
    echo "export AZURE_APPSERVICE_NAME=\"${AZURE_BASENAME_21}-au-${AZURE_SERVICE}\""
-    echo "\n"
+    echo "export AZURE_CONTAINER_REGISTRY=\"${AZURE_BASE}cr\""
+    echo "export AZURE_FUNCTIONAPP_NAME=\"${AZURE_BASENAME_21}-enque\""
    echo "# Common Section"
-    echo "export HOST_URL=\"https://${AZURE_BASENAME_21}-au-${AZURE_SERVICE}.azurewebsites.net/\""
-    echo "export ENTITLEMENT_URL=\"https://${AZURE_BASENAME_21}-au-entitlements.azurewebsites.net/\""
-    echo "export AZURE_AD_TENANT_ID=\"${AZURE_TENANT_ID}\""
-    echo "export INTEGRATION_TESTER=\"${AZURE_PRINCIPAL_ID}\""
-    echo "export AZURE_TESTER_SERVICEPRINCIPAL_SECRET=\"${AZURE_PRINCIPAL_SECRET}\""
-    echo "export AZURE_AD_APP_RESOURCE_ID=\"${AZURE_APP_ID}\""
-    echo "export MY_TENANT=\"opendes\""
-    echo "\n"
+    echo "export HOST_URL=\"$HOST_URL\""
+    echo "export ENTITLEMENT_URL=\"$ENTITLEMENT_URL\""
+    echo "export LEGAL_URL=\"$LEGAL_URL\""
+    echo "export STORAGE_URL=\"$STORAGE_URL\""
+    echo "export AZURE_AD_TENANT_ID=\"$STORAGE_URL\""
+    echo "export INTEGRATION_TESTER=\"\$AZURE_PRINCIPAL_ID\""
+    echo "export AZURE_TESTER_SERVICEPRINCIPAL_SECRET=\"\$AZURE_PRINCIPAL_SECRET\""
+    echo "export AZURE_AD_APP_RESOURCE_ID=\"$AZURE_AD_APP_RESOURCE_ID\""
+    echo "export MY_TENANT=\"$MY_TENANT\""
+    echo "export DOMAIN=\"$DOMAIN\""
+    echo "export ELASTIC_HOST=\"\$AZURE_ELASTIC_HOST\""
+    echo "export ELASTIC_PORT=\"$ELASTIC_PORT\""
+    echo "export ELASTIC_USER_NAME=\"$ELASTIC_USER_NAME\""
+    echo "export ELASTIC_PASSWORD=\"\$AZURE_ELASTIC_PASSWORD\""
    echo "# Entitlement Section"
-    echo "export ENTITLEMENT_MEMBER_NAME_VALID=\"${AZURE_PRINCIPAL_ID}\""
-    echo "export AZURE_AD_OTHER_APP_RESOURCE_ID=\"${AZURE_OTHER_APP_ID}\""
-    echo "export EXPIRED_TOKEN=\"${AZURE_INVALID_JWT}\""
-    echo "export DOMAIN=\"contoso.com\""
-    echo "export ENTITLEMENT_GROUP_NAME_VALID=\"integ.test.data.creator\""
-    echo "export ENTITLEMENT_MEMBER_NAME_INVALID=\"InvalidTestAdmin\""
-    echo "\n"
+    echo "export ENTITLEMENT_MEMBER_NAME_VALID=\"\$AZURE_PRINCIPAL_ID\""
+    echo "export AZURE_AD_OTHER_APP_RESOURCE_ID=\"\$AZURE_APP_ID_OTHER\""
+    echo "export EXPIRED_TOKEN=\"\$AZURE_INVALID_JWT\""
+    echo "export ENTITLEMENT_GROUP_NAME_VALID=\"$ENTITLEMENT_GROUP_NAME_VALID\""
+    echo "export ENTITLEMENT_MEMBER_NAME_INVALID=\"$ENTITLEMENT_MEMBER_NAME_INVALID\""
    echo "# Legal Section"
-    echo "export AZURE_LEGAL_STORAGE_ACCOUNT=\"${AZURE_BASE}sa\""
-    echo "export AZURE_LEGAL_STORAGE_KEY=\"${AZURE_STORAGE_KEY}\""
-    echo "export LEGAL_STORAGE_CONTAINER=\"legal-service-azure-configuration\""
-    echo "export AZURE_LEGAL_SERVICEBUS=\"Endpoint=sb://${AZURE_BASENAME_21}sb.servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey=${AZURE_SERVICEBUS_KEY}\""
-    echo "export AZURE_LEGAL_TOPICNAME=\"legaltags\""
+    echo "export AZURE_LEGAL_STORAGE_ACCOUNT=\"$AZURE_LEGAL_STORAGE_ACCOUNT\""
+    echo "export AZURE_LEGAL_STORAGE_KEY=\"\$AZURE_STORAGE_KEY\""
+    echo "export LEGAL_STORAGE_CONTAINER=\"$LEGAL_STORAGE_CONTAINER\""
+    echo "export AZURE_LEGAL_SERVICEBUS=\"Endpoint=sb://${AZURE_BASENAME_21}sb.servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey=\${AZURE_SERVICEBUS_KEY}\""
+    echo "export AZURE_LEGAL_TOPICNAME=\"$AZURE_LEGAL_TOPICNAME\""
+    echo ""
+    echo "# Storage Section"
+    echo "export AZURE_AD_TENANT_ID=\"$AZURE_TENANT_ID\""
+    echo "export TENANT_NAME=\"$TENANT_NAME\""
+    echo "export TESTER_SERVICEPRINCIPAL_SECRET=\"\$AZURE_PRINCIPAL_SECRET\""
+    echo "export AZURE_STORAGE_ACCOUNT=\"$AZURE_STORAGE_ACCOUNT\""
+    echo "export NO_DATA_ACCESS_TESTER=\"$NO_DATA_ACCESS_TESTER\""
+    echo "export NO_DATA_ACCESS_TESTER_SERVICEPRINCIPAL_SECRET=\"\$AZURE_NO_ACCESS_SECRET\""
+    echo "export PUBSUB_TOKEN=\"$PUBSUB_TOKEN\""
+    echo "export DEPLOY_ENV=\"$DEPLOY_ENV\""
+    echo ""
+    echo "# Index Section"
+    echo "export aad_client_id=\"$aad_client_id\""
+    echo "export STORAGE_HOST=\"$STORAGE_HOST\""
+    echo "export ELASTIC_HOST=\"$ELASTIC_HOST\""
+    echo "export ELASTIC_USER_NAME=\"$ELASTIC_USER_NAME\""
+    echo "export DEFAULT_DATA_PARTITION_ID_TENANT1=\"$DEFAULT_DATA_PARTITION_ID_TENANT1\""
+    echo "export DEFAULT_DATA_PARTITION_ID_TENANT2=\"$DEFAULT_DATA_PARTITION_ID_TENANT2\""
+    echo "export ENTITLEMENTS_DOMAIN=\"$ENTITLEMENTS_DOMAIN.com\""
+    echo "export ENVIRONMENT=\"$ENVIRONMENT\""
+    echo "export LEGAL_TAG=\"$LEGAL_TAG\""
+    echo "export OTHER_RELEVANT_DATA_COUNTRIES=\"$OTHER_RELEVANT_DATA_COUNTRIES\""
  only:
    variables:
      - $AZURE_DEBUG == 'true'
@@ -144,6 +203,9 @@ azure_containerize:
    - az acr login -n ${AZURE_BASE}cr
    - docker tag ${CI_REGISTRY_IMAGE}/$IMAGE ${AZURE_BASE}cr.azurecr.io/$IMAGE:${CI_BUILD_ID}
    - docker push ${AZURE_BASE}cr.azurecr.io/$IMAGE:${CI_BUILD_ID}
+  only:
+    variables:
+      - $AZURE == 'true'
  except:
    variables:
      - $AZURE_DEBUG == 'true'
@@ -165,6 +227,9 @@ azure_deploy:
      -Dazure.appservice.resourcegroup=$AZURE_RESOURCE_GROUP \
      -Dazure.appservice.plan=$AZURE_APPSERVICE_PLAN \
      -Dazure.appservice.appname=$AZURE_APPSERVICE_NAME
+  only:
+    variables:
+      - $AZURE == 'true'
  except:
    variables:
      - $AZURE_DEBUG == 'true'
@@ -180,11 +245,15 @@ azure_config:
  script:
    - TARGET=$(find ./$AZURE_BUILD_SUBDIR/target/ -name '*.jar' | head -n 1)
    - JAR_FILE=${TARGET##*/}
+    - echo "Startup Jar is $JAR_FILE"
    - JAVA_COMMAND="java -jar /home/site/wwwroot/${JAR_FILE}"
    - JSON_TEMPLATE='{"appCommandLine":"%s"}'
    - JSON_FILE="config.json"
    - echo $(printf "$JSON_TEMPLATE" "$JAVA_COMMAND") > $JSON_FILE
    - az webapp config set --resource-group $AZURE_RESOURCE_GROUP --name $AZURE_APPSERVICE_NAME --generic-configurations @$JSON_FILE
+  only:
+    variables:
+      - $AZURE == 'true'
  except:
    variables:
      - $AZURE_DEBUG == 'true'
@@ -197,6 +266,9 @@ azure_test:
    - .azure_variables
  script:
    - mvn clean test -f $AZURE_TEST_SUBDIR/pom.xml
+  only:
+    variables:
+      - $AZURE == 'true'
  except:
    variables:
      - $AZURE_DEBUG == 'true' || $AZURE_SKIP_TEST == 'true'