Fixing Managed Identity Issue allowing connection between App Service and Azure Purview #579
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…n the template. Also removing bacpac file url parameter, and copying it to user's storage account as part of the template. This simplifies the flow for user
… so changes could be done only at single place
…deploymentenhancement
…deploymentenhancement
…more bug fixes and doc change
…deploymentenhancement
…tor role, consolidating bacpac into one
…deploymentenhancement
…nce notebook to get it working, and an extra permisison is required in notebook to submit job on Synapse
… run notebook samples
…t can communicate with Azure Purview
jainr
changed the title
jainr
requested review from
Yuqing-cat,
blrchen,
edwincheung,
hangfei,
windoze and
xiaoyongzhu
blrchen
approved these changes
Aug 13, 2022
xiaoyongzhu
approved these changes
Aug 15, 2022
ahlag
pushed a commit
to ahlag/feathr
that referenced
this pull request
Aug 26, 2022
… and Azure Purview (feathr-ai#579) * Adding EventHub creation to the deployment script * Upgrading API versions and fixing the if clause of KV property creation for EH * Removing the need to ask for Principal Id from user and creating it in the template. Also removing bacpac file url parameter, and copying it to user's storage account as part of the template. This simplifies the flow for user * Making template more organized and updated documentaton * Addressing Blair's feedback to change registry image and app variable names * Fix for redirect URI, the callback one stopped working * Removing duplicate deployment text and adding reference to main guide so changes could be done only at single place * Adding parameters to support RBAC and passing them to app settings * Separating CLI and ARM documentation, adding bacpac import for RBAC, more bug fixes and doc change * Adding managed identity to webapp, instructions for Purview data curator role, consolidating bacpac into one * Fixing broken document link * Addressing PR feedback to remove commented code * Fixing broken links * Moving notebook under samples folder, minor updates to prod_reco advance notebook to get it working, and an extra permisison is required in notebook to submit job on Synapse * Adding instructions for steps to verify deployment was successful and run notebook samples * Removing feathr install from forked repo * Updating image * Fixing links, to get pytest check-link work. They would have worked but the absolute URL won't resolve until PR is merged. * Adding UI URL format * Fixing link that is being identified as broken * Adding workflow for docker publish * Update docker-publish.yml * Update docker-publish.yml * Rename FeathrRegistry.Dockerfile to Dockerfile * Update docker-publish.yml * Update docker-publish.yml * updating cron time * updating cron time * updating cron time * updating cron time * adding tag trigger * Updating cron time to check if its working * Adding trigger for release branch * Changing schedule for daily run * Changing schedule for daily run * Changing schedule for nightly run * Renaming the file back * Adding more comments and pointing to dockerfile with different name than default * Removing dockefile * Removing reference to a specific commit number for GH docker actions * Add or update the App Service deployment workflow configuration from Azure Portal. * Update main_rjrijaiwebapp.yml * Adding Managed Identity CLient ID to App Settings of App Service so it can communicate with Azure Purview * Removing workflow files from this branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This change sets the required managed identity client details on the app server so it can communicate with Azure Purview, when Azure-Purview is selected as registry backend
After this change I was able to get past the authentication issues between API server and Purview.
Resolves #556
How was this PR tested?
Did an ARM deployment to make sure this value is getting set and also did a manual validation using a custom script to make sure API server can connect with Purview.
Does this PR introduce any user-facing changes?
No