Skip to content

This project is a demo on how to use Azure Functions with HTTP Triggers, Cosmosdb, and a VUE SPA application protected by Azure AD

License

Notifications You must be signed in to change notification settings

briandenicola/password-vault

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Introduction

This project is a demo on how to use Azure Functions with HTTP Triggers, Cosmosdb, and a VUE SPA application all protected by Azure AD It can be deployed using Azure Dev Ops. It was built locally using Azure Functions Core Tools and Azure Cosmosdb Development Container

Folders

  • Infrastructure - Script using Azure CLI to create resources in Azure - Azure Functions, Key Vault, Cosmos DB.
  • Scripts - A place for various automations
  • Tests - Various PowerShell scripts to start up the local environment and to test the Functions API
  • Source\cli - A C# command line interface for the Vault
  • Source\maintenance - Python Functions to backup Cosmos and keep alive the Azure Function
  • Source\functionapp - C# Code for Azure Functions
  • Source\passwordapp.ui - VUE Code for UI

Prerequistes

Infrastucture Setup

  • ./Infrastructure/create_infrastructure.sh --region southcentralus
    • Script will output the generated AppName and Azure AD ClientID for the API and UI Service Principals
  • ./Infrastructure/create_backup_infrastructure.sh --region southcentralus --name ${AppName} (Optional)

Azure AD Configurations

  • Password Vault API
    • Name - ${AppName}-api
    • Owners
      • Add yourself as owner
    • Authentication
    • Certificates & Secrets
      • Ensure that no Client Secrets is defined. It is not needed.
    • App Roles
      • Name - Default Access
      • Allow Member Types - Both (Users + applications)
      • Value - Default.Access
    • Expose an API
    • Edit Manifest
      • Update accessTokenAcceptedVersion from null to 2
    • Enterprise Application Settings
      • Visible To Users: false
  • Password Vault UI
    • Name - ${AppName}-ui
    • Owners
      • Add yourself as owner
    • Authentication
    • Certificates & Secrets
      • Ensure that no Client Secrets is defined. It is not needed.
    • API Permissions
      • Grant access ${AppName}-api's 'Password.All' Scope as a delegated role under API
    • Edit Manifest
      • Update accessTokenAcceptedVersion from null to 2
    • Enterprise Application Settings
      • Visible To Users: false
  • Password Vault Maintenance (Optional)
    • Name - ${AppName}-maintenance
    • Owners
      • Add yourself as owner
    • Create a client secret but not Authenication Plaform.
    • Add ${AppName}-api's 'Default Access' permission as an application role under API Permissions
    • Enterprise Application Settings
      • Visible To Users: false
  • Password Vault Cli (Optional)
    • Name - ${AppName}-cli
    • Add Mobile and Desktop Application Platform under Authentication
    • Select https://login.microsoftonline.com/common/oauth2/nativeclient for Redirect URL
    • Enable Public Client Flow
    • No Client Secrets is required because we're using Public Client flow.
    • Grant ${AppName}-api's 'PasswordHistory.Read' Scope as a delegated role under API Permissions
    • Enterprise Application Settings
      • Visible To Users: false

Code Deploy

API Function App

  • cd ./Source/functionapp/
  • func azure functionapp publish func-${appName}

Front End UI

Maintenance Function App

  • cd ./Source/maintenance/
  • func azure functionapp publish ${appName}-maintenance --python

About

This project is a demo on how to use Azure Functions with HTTP Triggers, Cosmosdb, and a VUE SPA application protected by Azure AD

Topics

Resources

License

Stars

Watchers

Forks