Add Azure config values for dev deployment.

ministryofjustice · Apr 10, 2024 · db6aa48 · db6aa48
1 parent c4f9137
commit db6aa48
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 9 deletions.
diff --git a/.github/README.md b/.github/README.md
@@ -271,6 +271,7 @@ To verify that S3 & CloudFront are working correctly.
 
 - [Ministry of Justice | Overview](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/Overview)
 - App [MOJ-Local-Intranet-v2](https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/~/Overview/appId/73ed65a5-e879-4027-beab-f5e64de803b7/isMSAApp~/false)
+- App [MOJ-Dev-Intranet-V2](https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/~/Overview/quickStartType~/null/sourceType/Microsoft_AAD_IAM/appId/1dac3cbf-91d2-4c0e-9c80-0bf3f8fabd75)
 
 ### Register an application
 
@@ -281,27 +282,27 @@ To verify that S3 & CloudFront are working correctly.
 5. Fill in the form (adjust to the environment):
    - Name: `MOJ-Local-Intranet-v2`
    - Supported account types: `Accounts in this organizational directory only`
-   - Redirect URI: `Web` and `http://localhost/oauth2?action=callback`
+   - Redirect URI: `Web` and `http://localhost/oauth2?action=callback`  
+     or `https://dev-intranet.apps.live.cloud-platform.service.justice.gov.uk/oauth2?action=callback` etc.
 6. Copy the `Application (client) ID` and `Directory (tenant) ID` values,
-  make them available as environment variables `ENTRA_CLIENT_ID`, `ENTRA_TENNANT_ID`.
+  make them available as environment variables `OAUTH_CLIENT_ID`, `OAUTH_TENNANT_ID`.
 7. Click on `Certificates & secrets` > `New client secret`.
 8. Fill in the form:
    - Description: `Local-Intranet-v2`
    - Expires: `6 months`
 9. Set a reminder to update the client secret before it expires.
-10. Copy the `Value` value, make it available as environment variable `ENTRA_CLIENT_SECRET`.
-11. Click on `API permissions` > `Add a permission`.
-12. Click on `Expose an API` > `Add a scope`.
-13. Use the default Application ID URI, which is `api://<client_id>`.
-14. Fill in the form:
+10. Copy the `Value` value, make it available as environment variable `OAUTH_CLIENT_SECRET`.
+11. Click on `Expose an API` > `Add a scope`.
+12. Use the default Application ID URI, which is `api://<client_id>`.
+13. Fill in the form:
     - Scope name: `user_impersonation`
     - Who can consent: `Admins and users`
     - Admin consent display name: `Access Intranet`
     - Admin consent description: `Access Intranet on behalf of the signed-in user`
     - User consent display name: `Access Intranet`
     - User consent description: `Access Intranet on your behalf`
-15. Click on `Add a client application`.
-16. Enter the Client ID of the application you created.
+14. Click on `Add a client application`.
+15. Enter the Client ID of the application you created.
 16. Check the box next to the application you created.
 17. Click on `Add application`.
 

diff --git a/deploy/development/config.yml b/deploy/development/config.yml
@@ -7,6 +7,9 @@ data:
   WP_ENV: "development"
   WP_HOME: 'https://dev-intranet.apps.live.cloud-platform.service.justice.gov.uk'
   WP_SITEURL: 'https://dev-intranet.apps.live.cloud-platform.service.justice.gov.uk/wp'
+  # See Azure Setup for more information on how to get these values.
+  OAUTH_CLIENT_ID: 1dac3cbf-91d2-4c0e-9c80-0bf3f8fabd75
+  OAUTH_TENNANT_ID: c6874728-71e6-41fe-a9e1-2e8c36776ad8
   # IP addresses, with optional CIDR notation. Separated by newlines and using # for comments.
   ALLOWED_IPS: |
     # Global Protect

diff --git a/deploy/development/secret.tpl b/deploy/development/secret.tpl
@@ -17,3 +17,4 @@ stringData:
   JWT_SECRET: "${JWT_SECRET}"
   CLOUDFRONT_PUBLIC_KEY: "${CLOUDFRONT_PUBLIC_KEY}"
   CLOUDFRONT_PRIVATE_KEY: "${CLOUDFRONT_PRIVATE_KEY}"
+  OAUTH_CLIENT_SECRET: "${OAUTH_CLIENT_SECRET}"