instance wide configuration (#1010)

TODO: * [x] add setting initial set of admins during deployment
2025-06-14 11:08:06 +00:00 · 2021-06-30 17:13:58 -04:00
parent 1e90ed6092
commit 29dda54b83
16 changed files with 535 additions and 6 deletions
--- a/src/deployment/deploy.py
+++ b/src/deployment/deploy.py
@ -72,6 +72,7 @@ from registration import (
    set_app_audience,
    update_pool_registration,
 )
+from set_admins import update_admins

 # Found by manually assigning the User.Read permission to application
 # registration in the admin portal. The values are in the manifest under
@ -129,6 +130,7 @@ class Client:
        multi_tenant_domain: str,
        upgrade: bool,
        subscription_id: Optional[str],
+        admins: List[UUID]
    ):
        self.subscription_id = subscription_id
        self.resource_group = resource_group
@ -158,6 +160,7 @@ class Client:
        self.migrations = migrations
        self.export_appinsights = export_appinsights
        self.log_service_principal = log_service_principal
+        self.admins = admins

        machine = platform.machine()
        system = platform.system()
@ -552,12 +555,18 @@ class Client:
        )

    def apply_migrations(self) -> None:
-        self.results["deploy"]["func-storage"]["value"]
        name = self.results["deploy"]["func-name"]["value"]
        key = self.results["deploy"]["func-key"]["value"]
        table_service = TableService(account_name=name, account_key=key)
        migrate(table_service, self.migrations)

+    def set_admins(self) -> None:
+        name = self.results["deploy"]["func-name"]["value"]
+        key = self.results["deploy"]["func-key"]["value"]
+        table_service = TableService(account_name=name, account_key=key)
+        if self.admins:
+            update_admins(table_service, self.application_name, self.admins)
+
    def create_queues(self) -> None:
        logger.info("creating eventgrid destination queue")

@ -916,6 +925,7 @@ def main() -> None:

    full_deployment_states = rbac_only_states + [
        ("apply_migrations", Client.apply_migrations),
+        ("set_admins", Client.set_admins),
        ("queues", Client.create_queues),
        ("eventgrid", Client.create_eventgrid),
        ("tools", Client.upload_tools),
@ -1021,6 +1031,12 @@ def main() -> None:
        action="store_true",
        help="execute only the steps required to create the rbac resources",
    )
+    parser.add_argument(
+        "--set_admins",
+        type=UUID,
+        nargs="*",
+        help="set the list of administrators (by OID in AAD)",
+    )

    args = parser.parse_args()

@ -1048,6 +1064,7 @@ def main() -> None:
        multi_tenant_domain=args.multi_tenant_domain,
        upgrade=args.upgrade,
        subscription_id=args.subscription_id,
+        admins=args.set_admins,
    )
    if args.verbose:
        level = logging.DEBUG