microsoft
/
FeatureFlightingManagement
зеркало из https://github.com/microsoft/FeatureFlightingManagement.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Страница: Setup: Configurations
Страницы
API Reference Admin API Reference Architecture Concepts: Always ON feature flag Concepts: Environment Concepts: Flight Context Concepts: Caching Concepts: Filter and Operators Concepts: Graph Integration Concepts: Multi Tenancy Concepts: Rings Concepts: Rules Engine Filter Feature Toggle Settings Scenarios Home Intelligent Alerts Microsoft Internal Resources Setup Setup: Configurations Setup: Pipelines Setup: Tenant Configuration
0 Setup: Configurations
Pratik Bhattacharya редактировал(а) эту страницу 2021-12-19 17:16:52 +05:30
Содержание

Configuration

In this section we will show the different types of configurations needed for running the Feature Flighting System

Azure App Configuration

Most of the configurations are stored in Azure App Configuration and not in the App Service. Here are the configurations

{
    "AllowedHosts": "*",
    "Application": {
        "CorrelationIdHeaderKey": "<<Header for getting the correlation ID. Use Default - x-correlationId>>", 
        "EndToEndTrackingHeaderKey": "<<Header for getting the Transaction ID. Use Default - x-e2e-id>>",
        "Environment": "<<Environment. Values - Production or NonProduction)>>",
        "TenantIdHeaderKey": "<<Header for getting the client tenant idUse . Default - x-application>", 
        "TransactionIdHeaderKey": "<<Header for getting the Transaction ID. Use Default - x-messageid>>"
    },
    "ApplicationInsights": {
        "InstrumentationKey": "__INSTRUMENTATION_KEY_OF_YOUR_APPLICATION_INSIGHTS__",
        "TraceLevel": "0"
    },
    "Authentication": {
        "AdditionalAudiences": "<<Comma-separated AAD Application IDs that will be used as Audience>>",
        "Audience": "<<AAD Application ID that will be the primary audience>>",
        "Authority": "<<AAD authority in ADAL format (for MS tenant - https://login.microsoftonline.com/microsoft.onmicrosoft.com)>>", 
        "AuthorityV2": "<<AAD authority in MSAL format (for MS tenant - https://login.microsoftonline.com/microsoft.onmicrosoft.com/v2.0)>>"
    },
    "Authorization": {
        "AdminClaimType": "<<RBAC Resource name for Exprimentation Admins. Use default - Experimentation>>",
        "AdminClaimValue": "<<RBAC RPermission name for Exprimentation Admins. Use default - All>>",
        "TenantAdminClaimValue": "<<RBAC permission name for tenant admins. Use default - manageexperimentation>>"
    },
    "Env": {
        "Label": "<<Label of all the Feature Flight configuration keys in Azure App Configuration. Values - PROD and PPE.>>",
        "Supported": "<<Supported sub-environments in each environemt. For PROD only 1 env is supported - Prod. For non production you can sub-divide into multiple environments (for e.g. Dev,SIT,UAT)>>"
    },
    "FlightingDefaultContextParams": {
        "ContextParam": "<<Auto filter keys for an Always ON feature flag. Keep default - ENABLED:1,ENABLE:1,ENABLEFLIGHTING:1>>"
    },
    "Graph": {
        "Authority": "https://login.microsoftonline.com/{0}/v2.0",
        "CacheExpiration": "<<Cache duration in minutes>>",
        "CachingEnabled": "<<Enable or disable caching graph>>",
        "ClientId": "<<Client ID to get bearer token to call graph APIs. The Client ID must have permission to read Groups.>>",
        "ClientSecretLocation": "<<Secret key in Key Vault containing the AAD Client Secret of the above Client ID. Default - MS-Graph-Secret>>",
        "Scope": "https://graph.microsoft.com/.default",
        "Tenant": "<<AAD tenant (for MS tenant - microsoft.onmicrosoft.com)>>"
    },
    "Logging": {
        "AutoTrackingEnabled": "<<Enables automatic tracking of all requests. Default - true>>",
        "ClientSideErrorSuppressionEnabled": "<<Doesn't show client side errors (4xx) as Server failures. Default - true>>",
        "LogLevel": {
            "Default": "Debug",
            "Microsoft": "Information",
            "System": "Information"
        },
        "Properties": {
            "CorrelationId": "XCV",
            "Custom": {
                "ClientEnvironment": "x-environment"
            },
            "EndToEnd": "E2E",
            "Tenant": "Tenant",
            "TransactionId": "MessageId",
            "User": "User"
        },
        "RequestTelemetryEnhanced": "<<Enhances the HTTP request logs with additional information. Default - true>>",
        "ResponseCodeTranslationEnabled": "<<Adds the text for response HTTP status code. Default - true>>"
    },
    "Security": {
        "Headers": {
            "NoSniff": "<<Add no-sniff response header. Default - Enabled>>",
            "PoweredBy": "<<Removes the PoweredBy response header. Default -Disabled>>",
            "Server": "<<Removes the Server response header. Default -Disabled>>"
        }
    }
}

Changing following configuration sections can cause issues, so default values should be used. Code changes might be required

Graph Configuration

This section is needed if you need to integrate filters with Graphs (i.e. create conditions based on Groups in AAD). The Client ID refers to the AAD Client which has permissions to read members of a Group from AAD. You will need to need to add any of the below Application type permission

  • GroupMember.Read.All
  • Group.Read.All
  • GroupMember.ReadWrite.All
  • Group.ReadWrite.All
  • Directory.Read.All

See the official documentation from more details.

Based on your tenant settings you may need to get an Admin Consent from your tenant admins (mandatory for internal Microsoft teams).

Environments

Read the Environment concept to understand about main environment and sub-environments.

The Env:Label is the primary environment. We recommend keeping the value as PROD or PPE.

The Env:Supported is a comma-separated list of sub-environments for the main environment. For Production we suggest keeping a single value Prod, for Non Production environments, you can use as many sub-environments as required (for e.g., Dev,SIT,UAT).

Deploying

The above JSON needs to be filled with the appropriate values and then imported to your Azure App Configuration instance. See the official documentation to know more about the steps required to import JSON file.

Use these settings

  • For language: .NET
  • File Type: JSON
  • Separator: :
  • Prefix: Empty
  • Label: Feature-Flight-Management-Config (You can change this label as per your requirement, but ensure changing the label in Environment configurations)

Environment Configuration

App Configuration contains the major configurations required for the application. Some configuration settings are kept as Environment configurations which can be kept as in the App Service or the appsettings.json file.

{
  "AppConfiguration": {
    "ConnectionStringLocation": "<<Secret Key in Key Vault containing the connection string for the Azure App Configuration. Default - AppConfiguration-ConnectionString>>",
    "ConfigurationCommonLabel": "<<Label for your configurations. Default - Feature-Flight-Management-Config>>",
    "ConfigurationEnvLabel": "<<If you are using same App Configuration for multiple main environments, then use this secondary label>>",
    "FeatureFlightsLabel": "<<Label for the feature flags. Should be same as Env:Label. Values - PROD or PPE"
  },
  "FeatureManagement": {
    "*": true
  },
  "Keyvault": {
    "Name": "<<Name of the key vault with your secrets>>",
    "EndpointUrl": "<<URL of the key vault with your secrets>>",
    "PollingIntervalInHours": 1
  }
}

You can add the above settings in your CD pipeline.

Key Vault Secrets

The following secrets are required in the Key Vault

  • AppConfiguration-ConnectionString - Connection String for the Azure App Configuration
  • MS-Graph-Secret - AAD Client Secret for the Client ID used for invoking Graph