Marc
GitHub
Родитель
5a0297b7d0
Коммит
4d674022ef
|
|
@ -247,6 +247,22 @@ class RaftServiceCLI():
|
|||
' --role "Key Vault Secrets User"'
|
||||
f' --scope "{scope}"')
|
||||
|
||||
def create_keyvault_event_subscription(self):
|
||||
print('Creating Key Vault event subscription')
|
||||
|
||||
kvsubscription = az('eventgrid event-subscription create'
|
||||
f' --name OnSecretChanged'
|
||||
f' --source-resource-id /subscriptions/{self.definitions.subscription}'
|
||||
f'/resourceGroups/{self.definitions.resource_group}'
|
||||
f'/providers/Microsoft.KeyVault'
|
||||
f'/vaults/{self.definitions.key_vault}'
|
||||
f' --endpoint /subscriptions/{self.definitions.subscription}'
|
||||
f'/resourceGroups/{self.definitions.resource_group}'
|
||||
f'/providers/Microsoft.Web/sites/{self.definitions.orchestrator}'
|
||||
f'/functions/OnSecretChanged'
|
||||
f' --endpoint-type azurefunction'
|
||||
f' --included-event-types Microsoft.KeyVault.SecretNewVersionCreated'
|
||||
)
|
||||
def assign_resource_group_roles(self, sp_app_id):
|
||||
print('Assigning Resource Group roles')
|
||||
try:
|
||||
|
|
@ -1057,6 +1073,7 @@ class RaftServiceCLI():
|
|||
[self.assign_resource_group_roles,
|
||||
self.assign_keyvault_roles])
|
||||
|
||||
self.create_keyvault_event_subscription()
|
||||
# add service principal information to the keyvault
|
||||
auth = {
|
||||
'client': service_principal['appId'],
|
||||
|
|
|
|||
|
|
@ -14,6 +14,8 @@ using Microsoft.Azure.Cosmos.Table;
|
|||
using System.Collections.Generic;
|
||||
using Microsoft.Azure.Management.AppService.Fluent.Models;
|
||||
using Microsoft.Azure.Management.Monitor.Fluent.Models;
|
||||
using Microsoft.Azure.WebJobs.Extensions.EventGrid;
|
||||
using Microsoft.Azure.EventGrid.Models;
|
||||
|
||||
namespace OrchestratorFunc
|
||||
{
|
||||
|
|
@ -149,6 +151,21 @@ namespace OrchestratorFunc
|
|||
}
|
||||
}
|
||||
|
||||
[FunctionName("OnSecretChanged")]
|
||||
public static void EventGridKeyVaultEvent([EventGridTrigger] EventGridEvent eventGridEvent, ILogger log)
|
||||
{
|
||||
log.LogInformation("OnSecretChanged: " + eventGridEvent.Data.ToString());
|
||||
|
||||
azure = Authenticate();
|
||||
var allSecrets = OrchestratorLogic.ContainerInstances.initializeSecretsFromKeyvault(azure, agentConfig);
|
||||
allSecrets.Wait();
|
||||
|
||||
secrets = allSecrets.Result.Item1;
|
||||
dockerConfigs = allSecrets.Result.Item2;
|
||||
|
||||
log.LogInformation("OnSecretChanged: Secrets updated from Key Vault");
|
||||
}
|
||||
|
||||
[FunctionName(Raft.Message.ServiceBus.Queue.create)]
|
||||
public static async Task CreateJob([ServiceBusTrigger(Raft.Message.ServiceBus.Queue.create, IsSessionsEnabled = true)] string createJobMessage, ILogger log)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@
|
|||
<PackageReference Include="Microsoft.Azure.Management.ContainerInstance.Fluent" Version="1.34.0" />
|
||||
<PackageReference Include="Microsoft.Azure.ServiceBus" Version="5.0.0" />
|
||||
<PackageReference Include="Microsoft.Azure.Storage.Common" Version="11.2.2" />
|
||||
<PackageReference Include="Microsoft.Azure.WebJobs.Extensions.EventGrid" Version="2.1.0" />
|
||||
<PackageReference Include="Microsoft.Azure.WebJobs.Extensions.ServiceBus" Version="4.2.0" />
|
||||
<PackageReference Include="Microsoft.NET.Sdk.Functions" Version="3.0.9" />
|
||||
</ItemGroup>
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче