Introduces testauthenvironment.json for defining roles, users, apps, …

…and role assignments. (#90)
microsoft · Oct 12, 2018 · 664361e · 664361e
1 parent 9ee4357
commit 664361e
Show file tree

Hide file tree

Showing 22 changed files with 406 additions and 126 deletions.
diff --git a/.gitignore b/.gitignore
@@ -13,10 +13,6 @@
 *.userprefs
 
 # Build results
-[Dd]ebug/
-[Dd]ebugPublic/
-[Rr]elease/
-[Rr]eleases/
 x64/
 x86/
 bld/
@@ -290,4 +286,4 @@ __pycache__/
 *.xsd.cs
 
 # IdentityServer workspace
-tempkey.rsa
+tempkey.rsa
diff --git a/Microsoft.Health.Fhir.sln b/Microsoft.Health.Fhir.sln
@@ -37,6 +37,11 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "tools", "tools", "{B70945F4
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.Health.Extensions.BuildTimeCodeGenerator", "tools\Microsoft.Health.Extensions.BuildTimeCodeGenerator\Microsoft.Health.Extensions.BuildTimeCodeGenerator.csproj", "{CA276939-8071-4734-9FE4-ADC825B72116}"
 EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{404C6C33-DB00-4182-BD90-F10A8B17C321}"
+	ProjectSection(SolutionItems) = preProject
+		testauthenvironment.json = testauthenvironment.json
+	EndProjectSection
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU

diff --git a/build/package.yml b/build/package.yml
@@ -52,6 +52,20 @@ steps:
       artifactName: 'deploy'
       artifactType: 'container'
 
+  - task: PublishBuildArtifacts@1
+    displayName: 'publish testauthenvironment.json'
+    inputs:
+      pathToPublish: './testauthenvironment.json'
+      artifactName: 'deploy'
+      artifactType: 'container'
+
+  - task: PublishBuildArtifacts@1
+    displayName: 'publish release directory'
+    inputs:
+      pathToPublish: './release/'
+      artifactName: 'deploy'
+      artifactType: 'container'
+
   - task: PublishBuildArtifacts@1
     displayName: 'publish nuget artifacts'
     inputs:

diff --git a/release/ConvertTo-FlattenedConfigurationHashtable.ps1 b/release/ConvertTo-FlattenedConfigurationHashtable.ps1
@@ -0,0 +1,48 @@
+<#
+.SYNOPSIS
+Turns an object read from an ASP.NET core JSON config file into a hashtable where each leaf value (string/int/bool) of the input object is added as a value in the hash table with the path to the value as the key.
+.EXAMPLE
+ConvertTo-FlattenedConfigurationHashtable.ps1 -InputObject (ConvertFrom-Json '{ "pets" : [ { "name": "Garfield" }, { "name": "Odie" } ] }') -PathPrefix "resource"
+
+Returns:
+
+Name                           Value
+----                           -----
+resource:pets:0:name           Garfield
+resource:pets:1:name           Odie
+
+.PARAMETER InputObject
+The the deserialized JSON configuration object.
+.PARAMETER PathPrefix
+A path prefix to include in all paths
+#>
+param(
+    [Parameter(Mandatory = $true)]
+    $InputObject,
+
+    [Parameter(Mandatory = $false)]
+    $PathPrefix = ""
+)
+
+function Flatten ($Prefix, $Object) {
+
+    if ($Object -is [System.Management.Automation.PSCustomObject]) {
+        $Object.psobject.properties | ForEach-Object {
+            Flatten -Prefix "$Prefix$(if ($Prefix) { ":" })$($_.Name)" -Object $_.Value
+        }
+
+        return
+    }
+
+    if ($Object -is [object[]]) {
+        for ($i = 0; $i -lt $Object.Length; $i++) {
+            Flatten -Prefix "$Prefix$(if ($Prefix) { ":" })$i" -Object $Object[$i]
+        }
+
+        return
+    }
+
+    @{$Prefix = $Object}
+}
+
+@(Flatten -Prefix $PathPrefix -Object $InputObject) | ForEach-Object { $hash = @{} } { $hash += $_ } { $hash }
diff --git a/samples/scripts/PowerShell/FhirServer/Public/Remove-FhirServerApplicationRegistration.ps1 b/samples/scripts/PowerShell/FhirServer/Public/Remove-FhirServerApplicationRegistration.ps1
@@ -22,7 +22,6 @@ function Remove-FhirServerApplicationRegistration {
     } 
     catch {
         throw "Please log in to Azure AD with Connect-AzureAD cmdlet before proceeding"
-        Break
     }
 
     $appReg = $null
@@ -31,14 +30,14 @@ function Remove-FhirServerApplicationRegistration {
         $appReg = Get-AzureADApplication -Filter "AppId eq '${AppId}'"
         if (!$appReg) {
             Write-Host "Application with AppId = ${AppId} was not found."
-            Break
+            return
         }
     }
     else {
         $appReg = Get-AzureADApplication -Filter "identifierUris/any(uri:uri eq '${IdentifierUri}')"
         if (!$appReg) {
             Write-Host "Application with IdentifierUri = ${IdentifierUri} was not found."
-            Break
+            return
         }
     }
 

diff --git a/samples/templates/default-azuredeploy.json b/samples/templates/default-azuredeploy.json
@@ -95,6 +95,13 @@
                 "southcentralus",
                 "westus2"
             ]
+        },
+        "additionalFhirServerConfigProperties": {
+            "type": "object",
+            "defaultValue": {},
+            "metadata": {
+                "description": "Additional configuration properties for the FHIR server. In the form {\"path1\":\"value1\",\"path2\":\"value2\"}"
+            }
         }
     },
     "variables": {
@@ -107,7 +114,18 @@
         "deploySourceCode": "[and(not(empty(parameters('repositoryUrl'))),not(empty(parameters('repositoryBranch'))))]",
         "isMAG": "[or(contains(resourceGroup().location,'usgov'),contains(resourceGroup().location,'usdod'))]",
         "deployAppInsights": "[and(parameters('deployApplicationInsights'),not(variables('isMAG')))]",
-        "appInsightsName": "[concat('AppInsights-', variables('serviceName'))]"
+        "appInsightsName": "[concat('AppInsights-', variables('serviceName'))]",
+        "staticFhirServerConfigProperties": {
+            "APPINSIGHTS_PORTALINFO": "ASP.NETCORE",
+            "APPINSIGHTS_PROFILERFEATURE_VERSION": "1.0.0",
+            "APPINSIGHTS_SNAPSHOTFEATURE_VERSION": "1.0.0",
+            "WEBSITE_NODE_DEFAULT_VERSION": "6.9.4",
+            "KeyVault:Endpoint": "[variables('keyvaultEndpoint')]",
+            "FhirServer:Security:Enabled": "[variables('securityAuthenticationEnabled')]",
+            "FhirServer:Security:Authentication:Authority": "[parameters('securityAuthenticationAuthority')]",
+            "FhirServer:Security:Authentication:Audience": "[parameters('securityAuthenticationAudience')]"
+        },
+        "combinedFhirServerConfigProperties": "[union(variables('staticFhirServerConfigProperties'), parameters('additionalFhirServerConfigProperties'))]"
     },
     "resources": [
         {
@@ -163,18 +181,8 @@
                         "[concat('Microsoft.Web/Sites/', variables('serviceName'))]",
                         "[if(variables('deployAppInsights'),concat('Microsoft.Insights/components/', variables('appInsightsName')),resourceId('Microsoft.KeyVault/vaults', variables('serviceName')))]"
                     ],
-                    "properties": {
-                        "APPINSIGHTS_INSTRUMENTATIONKEY": "[if(variables('deployAppInsights'), reference(concat('Microsoft.Insights/components/', variables('appInsightsName'))).InstrumentationKey, 'not set')]",
-                        "APPINSIGHTS_PORTALINFO": "ASP.NETCORE",
-                        "APPINSIGHTS_PROFILERFEATURE_VERSION": "1.0.0",
-                        "APPINSIGHTS_SNAPSHOTFEATURE_VERSION": "1.0.0",
-                        "WEBSITE_NODE_DEFAULT_VERSION": "6.9.4",
-                        "KeyVault:Endpoint": "[variables('keyvaultEndpoint')]",
-                        "FhirServer:Security:Enabled": "[variables('securityAuthenticationEnabled')]",
-                        "FhirServer:Security:Authentication:Authority": "[parameters('securityAuthenticationAuthority')]",
-                        "FhirServer:Security:Authentication:Audience": "[parameters('securityAuthenticationAudience')]"
-                      }                  
-                },        
+                    "properties" : "[if(variables('deployAppInsights'), union(variables('combinedFhirServerConfigProperties'), json(concat('{\"APPINSIGHTS_INSTRUMENTATIONKEY\": \"', reference(concat('Microsoft.Insights/components/', variables('appInsightsName'))).InstrumentationKey, '\"}'))), variables('combinedFhirServerConfigProperties'))]"
+                },
                 {
                     "apiVersion": "2015-08-01",
                     "name": "web",
@@ -189,18 +197,18 @@
                         "branch": "[parameters('repositoryBranch')]",
                         "IsManualIntegration": true
                     }
-                },  
+                },
                 {
                     "apiVersion": "2015-08-01",
                     "name": "Microsoft.ApplicationInsights.AzureWebSites",
                     "type": "siteextensions",
                     "condition": "[variables('deployAppInsights')]",
                     "dependsOn": [
-                      "[resourceId('Microsoft.Web/Sites', variables('serviceName'))]",
-                      "[resourceId('Microsoft.Web/Sites/config', variables('serviceName'), 'appsettings')]",
-                      "[resourceId('Microsoft.Web/sites/sourcecontrols', variables('serviceName'), 'web')]"
+                        "[resourceId('Microsoft.Web/Sites', variables('serviceName'))]",
+                        "[resourceId('Microsoft.Web/Sites/config', variables('serviceName'), 'appsettings')]",
+                        "[resourceId('Microsoft.Web/sites/sourcecontrols', variables('serviceName'), 'web')]"
                     ],
-                    "properties": { }
+                    "properties": {}
                 }
             ]
         },
@@ -212,14 +220,14 @@
             "condition": "[variables('deployAppInsights')]",
             "kind": "web",
             "tags": {
-              "[concat('hidden-link:', resourceId('Microsoft.Web/sites', variables('serviceName')))]": "Resource",
-              "displayName": "AppInsightsComponent"
+                "[concat('hidden-link:', resourceId('Microsoft.Web/sites', variables('serviceName')))]": "Resource",
+                "displayName": "AppInsightsComponent"
             },
             "properties": {
-              "Application_Type": "web",
-              "ApplicationId": "[variables('serviceName')]"
+                "Application_Type": "web",
+                "ApplicationId": "[variables('serviceName')]"
             }
-        },      
+        },
         {
             "apiVersion": "2015-04-08",
             "type": "Microsoft.DocumentDb/databaseAccounts",

diff --git a/src/Microsoft.Health.Fhir.Tests.Common/EnvironmentVariables.cs b/src/Microsoft.Health.Fhir.Tests.Common/EnvironmentVariables.cs
@@ -0,0 +1,19 @@
+// -------------------------------------------------------------------------------------------------
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License (MIT). See LICENSE in the repo root for license information.
+// -------------------------------------------------------------------------------------------------
+
+using System;
+
+namespace Microsoft.Health.Fhir.Tests.Common
+{
+    public static class EnvironmentVariables
+    {
+        public static string GetEnvironmentVariableWithDefault(string environmentVariableName, string defaultValue)
+        {
+            var environmentVariable = Environment.GetEnvironmentVariable(environmentVariableName);
+
+            return string.IsNullOrWhiteSpace(environmentVariable) ? defaultValue : environmentVariable;
+        }
+    }
+}
diff --git a/src/Microsoft.Health.Fhir.Web/DevelopmentIdentityProviderApplicationConfiguration.cs b/src/Microsoft.Health.Fhir.Web/DevelopmentIdentityProviderApplicationConfiguration.cs
@@ -0,0 +1,16 @@
+// -------------------------------------------------------------------------------------------------
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License (MIT). See LICENSE in the repo root for license information.
+// -------------------------------------------------------------------------------------------------
+
+using System.Collections.Generic;
+
+namespace Microsoft.Health.Fhir.Web
+{
+    public class DevelopmentIdentityProviderApplicationConfiguration
+    {
+        public string Id { get; set; }
+
+        public IList<string> Roles { get; set; } = new List<string>();
+    }
+}
diff --git a/src/Microsoft.Health.Fhir.Web/DevelopmentIdentityProviderConfiguration.cs b/src/Microsoft.Health.Fhir.Web/DevelopmentIdentityProviderConfiguration.cs
@@ -3,14 +3,18 @@
 // Licensed under the MIT License (MIT). See LICENSE in the repo root for license information.
 // -------------------------------------------------------------------------------------------------
 
+using System.Collections.Generic;
+
 namespace Microsoft.Health.Fhir.Web
 {
     public class DevelopmentIdentityProviderConfiguration
     {
-        public string Audience { get; set; }
+        public const string Audience = "fhir-api";
+
+        public bool Enabled { get; set; }
 
-        public string ClientId { get; set; }
+        public IList<DevelopmentIdentityProviderApplicationConfiguration> ClientApplications { get; } = new List<DevelopmentIdentityProviderApplicationConfiguration>();
 
-        public string ClientSecret { get; set; }
+        public IList<DevelopmentIdentityProviderUserConfiguration> Users { get; } = new List<DevelopmentIdentityProviderUserConfiguration>();
     }
 }