instance wide configuration (#1010)

TODO: * [x] add setting initial set of admins during deployment
2025-06-18 20:58:06 +00:00 · 2021-06-30 17:13:58 -04:00
parent 1e90ed6092
commit 29dda54b83
16 changed files with 535 additions and 6 deletions
--- a/src/deployment/deploy.py
+++ b/src/deployment/deploy.py
@ -72,6 +72,7 @@ from registration import (
    set_app_audience,
    update_pool_registration,
 )
+from set_admins import update_admins

 # Found by manually assigning the User.Read permission to application
 # registration in the admin portal. The values are in the manifest under
@ -129,6 +130,7 @@ class Client:
        multi_tenant_domain: str,
        upgrade: bool,
        subscription_id: Optional[str],
+        admins: List[UUID]
    ):
        self.subscription_id = subscription_id
        self.resource_group = resource_group
@ -158,6 +160,7 @@ class Client:
        self.migrations = migrations
        self.export_appinsights = export_appinsights
        self.log_service_principal = log_service_principal
+        self.admins = admins

        machine = platform.machine()
        system = platform.system()
@ -552,12 +555,18 @@ class Client:
        )

    def apply_migrations(self) -> None:
-        self.results["deploy"]["func-storage"]["value"]
        name = self.results["deploy"]["func-name"]["value"]
        key = self.results["deploy"]["func-key"]["value"]
        table_service = TableService(account_name=name, account_key=key)
        migrate(table_service, self.migrations)

+    def set_admins(self) -> None:
+        name = self.results["deploy"]["func-name"]["value"]
+        key = self.results["deploy"]["func-key"]["value"]
+        table_service = TableService(account_name=name, account_key=key)
+        if self.admins:
+            update_admins(table_service, self.application_name, self.admins)
+
    def create_queues(self) -> None:
        logger.info("creating eventgrid destination queue")

@ -916,6 +925,7 @@ def main() -> None:

    full_deployment_states = rbac_only_states + [
        ("apply_migrations", Client.apply_migrations),
+        ("set_admins", Client.set_admins),
        ("queues", Client.create_queues),
        ("eventgrid", Client.create_eventgrid),
        ("tools", Client.upload_tools),
@ -1021,6 +1031,12 @@ def main() -> None:
        action="store_true",
        help="execute only the steps required to create the rbac resources",
    )
+    parser.add_argument(
+        "--set_admins",
+        type=UUID,
+        nargs="*",
+        help="set the list of administrators (by OID in AAD)",
+    )

    args = parser.parse_args()

@ -1048,6 +1064,7 @@ def main() -> None:
        multi_tenant_domain=args.multi_tenant_domain,
        upgrade=args.upgrade,
        subscription_id=args.subscription_id,
+        admins=args.set_admins,
    )
    if args.verbose:
        level = logging.DEBUG
--- a/src/deployment/set_admins.py
+++ b/src/deployment/set_admins.py
@ -0,0 +1,60 @@
+#!/usr/bin/env python
+#
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+
+import argparse
+import json
+from typing import List, Optional
+from uuid import UUID
+
+from azure.common.client_factory import get_client_from_cli_profile
+from azure.cosmosdb.table.tableservice import TableService
+from azure.mgmt.storage import StorageManagementClient
+
+TABLE_NAME = "InstanceConfig"
+
+
+def create_if_missing(table_service: TableService) -> None:
+    if not table_service.exists(TABLE_NAME):
+        table_service.create_table(TABLE_NAME)
+
+
+def update_admins(
+    table_service: TableService, resource_group: str, admins: List[UUID]
+) -> None:
+    create_if_missing(table_service)
+    admins_as_str: Optional[List[str]] = None
+    if admins:
+        admins_as_str = [str(x) for x in admins]
+
+    table_service.insert_or_merge_entity(
+        TABLE_NAME,
+        {
+            "PartitionKey": resource_group,
+            "RowKey": resource_group,
+            "admins": json.dumps(admins_as_str),
+        },
+    )
+
+
+def main() -> None:
+    formatter = argparse.ArgumentDefaultsHelpFormatter
+    parser = argparse.ArgumentParser(formatter_class=formatter)
+    parser.add_argument("resource_group")
+    parser.add_argument("storage_account")
+    parser.add_argument("admins", type=UUID, nargs="*")
+    args = parser.parse_args()
+
+    client = get_client_from_cli_profile(StorageManagementClient)
+    storage_keys = client.storage_accounts.list_keys(
+        args.resource_group, args.storage_account
+    )
+    table_service = TableService(
+        account_name=args.storage_account, account_key=storage_keys.keys[0].value
+    )
+    update_admins(table_service, args.resource_group, args.admins)
+
+
+if __name__ == "__main__":
+    main()