Dev Flow for creating AAD assets (#1600)

* Initial Commit * Added SP to owners to can use OwnedBy * Moved Redirect script for the moment for reference * Delete from guacamole * Removing debug * remove /status + fix test (#1629) Co-authored-by: Anat Balzam <[email protected]> * Initial Commit * Added SP to owners to can use OwnedBy * Moved Redirect script for the moment for reference * Delete from guacamole * Removing debug * linting * More linting! * Yet more shellcheck! * More shellcheck * Shellcheeeeck Co-authored-by: Anat Balzam <[email protected]> Co-authored-by: Anat Balzam <[email protected]>
microsoft · Mar 30, 2022 · 42f155b · 42f155b
1 parent 0741ad6
commit 42f155b
Show file tree

Hide file tree

Showing 8 changed files with 404 additions and 197 deletions.
diff --git a/Makefile b/Makefile
@@ -325,13 +325,13 @@ setup-local-debugging:
 	&& . ./devops/scripts/load_env.sh ./templates/core/private.env \
 	&& . ./scripts/setup_local_debugging.sh
 
-register-aad-workspace:
-	$(call target_title,"Registering AAD Workspace") \
+auth:
+	$(call target_title,"Setting up Azure Active Directory") \
 	&& . ./devops/scripts/check_dependencies.sh nodocker \
 	&& . ./devops/scripts/load_env.sh ./templates/core/.env \
 	&& pushd ./templates/core/terraform/ > /dev/null && . ./outputs.sh && popd > /dev/null \
 	&& . ./devops/scripts/load_env.sh ./templates/core/private.env \
-	&& . ./devops/scripts/register-aad-workspace.sh
+	&& . ./scripts/create_aad_assets.sh
 
 show-core-output:
 	$(call target_title,"Display TRE core output") \

diff --git a/devops/scripts/register-aad-workspace.sh b/devops/scripts/register-aad-workspace.sh
diff --git a/docs/tre-admins/auth.md b/docs/tre-admins/auth.md
@@ -4,6 +4,20 @@
 
 AAD holds the identities of all the TRE/workspace users, including administrators, and connects the identities with applications which define the permissions for each user role.
 
+## Pre-requisites
+The following values are needed to be in place to run the script. (`/templates/core/.env`)
+| Key | Description |
+| ----------- | ----------- |
+|TRE_ID|This is needed to build up the redirect URI for the Swagger App|
+|AAD_TENANT_ID|The tenant id of where your AAD identities will be placed. This can be different to the tenant where your Azure resources are created.
+
+## Create Authentication assets
+You can build all of the Identity assets by running the following at the command line
+```bash
+make auth
+```
+Follow the instructions and prompts in the script. It will ask you to confirm at various stages, so don't go and make a coffee! This will create the 4 parts of authentication outlined below, and if succesful you will not need to do anything apart from copy some values into `/templates/core/.env`. The details below are for your understanding.
+
 ## App registrations
 
 App registrations (represented by service principals) define the various access permissions to the TRE system. There are a total of four main Applications of interest.