diff --git a/.github/workflows/docs-build.yml b/.github/workflows/docs-build.yml index 10afa661..ecd85ef9 100644 --- a/.github/workflows/docs-build.yml +++ b/.github/workflows/docs-build.yml @@ -4,6 +4,7 @@ on: push: branches: - main + - users/chixcancode/b2cpowershell paths: - '.github/**' - 'docs/**' @@ -34,7 +35,7 @@ jobs: - name: Deploy uses: peaceiris/actions-gh-pages@v3 - if: ${{ github.ref == 'refs/heads/main' }} + if: ${{ github.ref == 'refs/heads/users/chixcancode/b2cpowershell' }} with: github_token: ${{ secrets.GITHUB_TOKEN }} publish_dir: ./docs/azure-saas-docs/public \ No newline at end of file diff --git a/docs/azure-saas-docs/content/en/quick-start.md b/docs/azure-saas-docs/content/en/quick-start.md index 26ef447c..7347ffb8 100644 --- a/docs/azure-saas-docs/content/en/quick-start.md +++ b/docs/azure-saas-docs/content/en/quick-start.md @@ -14,11 +14,25 @@ On this page, you will find instructions for how to run the dev kit in your loca This project uses [Azure Active Directory B2C](https://docs.microsoft.com/azure/active-directory-b2c/overview) for an IdP (Identity Provider). The first step in setting up this project is to configure a new Azure AD B2C instance to house your local user accounts. You will also need to deploy the [Permissions API](../components/identity/permissions-service), as Azure AD B2C will have a dependency on it. -> **Important!** This section is currently here as a placeholder as we are actively working on creating an automated solution for deploying all components of this project to Azure, including automatically configuring the Identity Provider. Until then, feel free to clone or fork the repository and take a look at the code. Check out the [GitHub Issue](https://github.com/Azure/azure-saas/issues/171) on this work for the latest updates, and be sure to subscribe to notifications on the issue so you can receive a notification when it's ready for use! +To setup the Identity Framework, we have provided an interactive PowerShell script that automates the setup for you. Upon running, it will ask you to sign into your home azure account, ask you a few questions, and then begin the setup process. This PowerShell script will output a parameters file that you'll need to provide when deploying the solution to Azure in step 2.b. - +Requirements: + +- [Docker Desktop](https://www.docker.com/products/docker-desktop/) + +Running our pre-built docker image is the recommended way to set up the identity framework, as the image comes pre-installed with all the dependencies necessary for execution. To start, run the following command: + +```bash +docker run -it -v "$(pwd):/data" --name asdk-b2c-deployment ghcr.io/azure/azure-saas/asdk-identity-setup:latest +``` + +This will automatically pull and run the container image and its entrypoint is the [B2C-Create](https://github.com/Azure/azure-saas/blob/main/src/Saas.Identity/Saas.IdentityProvider/scripts/B2C-Create.ps1) powershell script. + +> Note: The `-v` flag on this command will mount your present working directory to the `/data` directory inside this container. This is the directory that the `main.parameters.json` file will be output to upon the script completion. If you choose to exclude this flag, the container will still execute but you will need to copy this file out of the container afterwards using the [docker cp](https://docs.docker.com/engine/reference/commandline/cp/) command as you will need it in step 2.b. + +After finishing the identity framework setup, you may choose to either run the project locally first or immediately deploy the solution to Azure. ## 2.a. Running the Dev Kit in your local dev environment @@ -34,17 +48,22 @@ After finishing the IDP setup, you may choose to either run the project locally Make sure you check out the [readme files](#more-info) in each project's directory for a description of the app settings & secrets you'll need to set in order to run the respective project. - ## 2.b. Deploying to Azure - Entire Solution Deploying to Azure is easy thanks to our pre-configured ARM (Azure Resource Manager) templates. -This button will take you to the Azure portal and passing it the template. You'll be asked a few questions, and then the solution will be up and running in just a few minutes. You will need your Azure AD B2C configuration values and secrets from step 1. +This button will take you to the Azure portal and will pass it the ARM template. You will need the parameters file output from step 1. -> **Important!** This section is currently here as a placeholder as we are actively working on creating an automated solution for deploying all components of this project to Azure, including automatically configuring the Identity Provider. Until then, feel free to clone or fork the repository and take a look at the code. Check out the [GitHub Issue](https://github.com/Azure/azure-saas/issues/171) on this work for the latest updates, and be sure to subscribe to notifications on the issue so you can receive a notification when it's ready for use! +1. Click here: [![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontentcom%2FAzure%2Fazure-saas%2Fusers%2Fchixcancode%2Fb2cpowershell%2Fsrc%2FSaas.IaC%2Fmain.json). +2. Select "Edit Parameters". +3. Select "Load File" and upload the `parameters.json` file output from the Identity Framework Deployment (step 1 above). Click "Save". +4. From the dropdown, select the subscription and resource group you'd like to deploy the resources to. +5. Click "Review and Create". +6. Review the provided values and click "Create". +7. Wait for the deployment to finish. - +After everything finishes deploying, you can navigate to the frontend applications found in your resource group (`appsignup{providername}` and `appapplication{providername}`). They may take a couple minutes to start up after the deployment is complete. ### How does this work? diff --git a/src/Saas.IaC/main.bicep b/src/Saas.IaC/main.bicep index 61130c94..ffdee0a5 100644 --- a/src/Saas.IaC/main.bicep +++ b/src/Saas.IaC/main.bicep @@ -55,6 +55,7 @@ param permissionsApiHostName string param permissionsApiCertificateSecretValue string @description('The passphrase fopr the certificate to save in the keyvault for securing communication with the permissions API.') +@secure() param permissionsApiCertificatePassphraseSecretValue string @description('The tag of the container image to deploy to the SignupAdmin app service.') diff --git a/src/Saas.IaC/main.json b/src/Saas.IaC/main.json index fd385e96..37fee0bb 100644 --- a/src/Saas.IaC/main.json +++ b/src/Saas.IaC/main.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.6.18.56646", - "templateHash": "2919876876070626919" + "templateHash": "12121463558890131865" } }, "parameters": { @@ -126,7 +126,7 @@ } }, "permissionsApiCertificatePassphraseSecretValue": { - "type": "string", + "type": "secureString", "metadata": { "description": "The passphrase fopr the certificate to save in the keyvault for securing communication with the permissions API." } diff --git a/src/Saas.Identity/Saas.IdentityProvider/scripts/B2C-Create.ps1 b/src/Saas.Identity/Saas.IdentityProvider/scripts/B2C-Create.ps1 index abd9a9f6..7a7a2caa 100644 --- a/src/Saas.Identity/Saas.IdentityProvider/scripts/B2C-Create.ps1 +++ b/src/Saas.Identity/Saas.IdentityProvider/scripts/B2C-Create.ps1 @@ -152,7 +152,7 @@ function Invoke-Login{ $accessTokenResponse = $(az account get-access-token --output json) | ConvertFrom-Json $accessToken = $accessTokenResponse.accessToken - Write-Host "Logging in to Az PowerShell" + Write-Host "Logging in to Az PowerShell. If you have a large amount of subscriptions or tenants, this can take a moment..." Connect-AzAccount -AccountId $accountId -AccessToken $accessToken -Subscription $AzureSubscriptionId