def create_app(appDefinition: AppDefinition) -> AppRegistration:
name_prefix = f"{appDefinition.name}.api" if appDefinition.is_api else appDefinition.name
end_points = _api_end_points if appDefinition.is_api else _web_end_points
appUrls = [f"http://{name_prefix}.{appDefinition.business}.{_environments[env]}{appDefinition.domain}" for env in _environments]
appUrls.append(appDefinition.local_url)
replyUrls = [f"{url}/{ep}" for url in appUrls for ep in end_points]
app = Application(appDefinition.title,
available_to_other_tenants=False,
homepage=appUrls[2],
name=appDefinition.title,
oauth2_allow_implicit_flow=True,
identifier_uris=[appUrls[2]],
reply_urls=replyUrls,
oauth2_permissions=[
{
"adminConsentDescription": f"Allow the application to access {appDefinition.title} on behalf of the signed-in user.",
"adminConsentDisplayName": f"Access {appDefinition.title}",
"isEnabled": True,
"type": "User",
"userConsentDescription": f"Allow the application to access {appDefinition.title} on your behalf.",
"userConsentDisplayName": f"Access {appDefinition.title}",
"value": "user_impersonation",
}
],
required_resource_accesses=appDefinition.required_permissions
)
sp = ServicePrincipal(f"{appDefinition.title} - ServicePrincipal",
application_id=app.application_id,
app_role_assignment_required=False)
return AppRegistration(app=app, sp=sp)
def _create_app(self, app_definition: AppDefinition, context: Context) -> AppRegistration:
name_prefix = f"{app_definition.name}.api" if app_definition.app_type == AppType.API else app_definition.name
end_points = self._api_end_points if app_definition.app_type == AppType.API else self._web_end_points
env = self._environments.get(context.execution_context.stack)
app_urls = []
if env is None:
env = context.execution_context.stack + "."
app_urls.append(app_definition.local_url)
identifier_url = f"https://{name_prefix}.{app_definition.business}.{env}{app_definition.domain}"
app_urls.append(identifier_url)
reply_urls = [f"{url}/{ep}" for url in app_urls for ep in end_points]
app = Application(f"{app_definition.title}-{context.execution_context.stack}",
available_to_other_tenants=False,
group_membership_claims="SecurityGroup",
homepage=identifier_url,
name=f"{app_definition.title}-{context.execution_context.stack}",
oauth2_allow_implicit_flow=True,
identifier_uris=[identifier_url],
reply_urls=reply_urls,
oauth2_permissions=[
{
"adminConsentDescription": f"Allow the application to access {app_definition.title} on behalf of the signed-in user.",
"adminConsentDisplayName": f"Access {app_definition.title}",
"isEnabled": True,
"type": "User",
"userConsentDescription": f"Allow the application to access {app_definition.title} on your behalf.",
"userConsentDisplayName": f"Access {app_definition.title}",
"value": "user_impersonation",
}
],
required_resource_accesses=app_definition.required_permissions,
optional_claims=app_definition.optional_claims
)
sp = ServicePrincipal(f"{app_definition.title}-{context.execution_context.stack} - ServicePrincipal",
application_id=app.application_id,
app_role_assignment_required=False)
return AppRegistration(app=app, sp=sp)
from pulumi_azure.containerservice import KubernetesCluster
from pulumi_azuread import Application, ServicePrincipal, ServicePrincipalPassword
# read and set config values
config = pulumi.Config("azure-py-aks")
PREFIX = config.require("prefix")
PASSWORD = config.require_secret("password")
SSHKEY = config.require("sshkey")
LOCATION = config.get("location") or "east us"
# create a Resource Group and Network for all resources
resource_group = ResourceGroup("rg", name=PREFIX + "rg", location=LOCATION)
# create Azure AD Application for AKS
app = Application("aks-app", name=PREFIX + "aks-app")
# create service principal for the application so AKS can act on behalf of the application
sp = ServicePrincipal(
"aks-app-sp",
application_id=app.application_id,
)
# create service principal password
sppwd = ServicePrincipalPassword(
"aks-app-sp-pwd",
service_principal_id=sp.id,
end_date="2099-01-01T00:00:00Z",
value=PASSWORD,
)
from pulumi_azure.storage import Account
from pulumi_azuread import Application, ServicePrincipal, ServicePrincipalPassword
from pulumi_azure.authorization import Assignment
from pulumi_azure.containerservice import KubernetesCluster, Registry
from pulumi_azure.network import VirtualNetwork, Subnet
from pulumi_kubernetes import Provider
from pulumi_kubernetes.apps.v1 import Deployment
from pulumi_kubernetes.core.v1 import Service, Namespace
config = pulumi.Config()
PASSWORD = config.require('password')
SSHKEY = config.require('sshPublicKey')
LOCATION = config.get('location') or 'east us'
SA_PASSWORD = config.require('sa_password')
app = Application('kzhou-app', name='kzhou-app')
sp = ServicePrincipal('kzhou-aks-sp', application_id=app.application_id)
sppwd = ServicePrincipalPassword('kzhou-aks-sp-pwd',
service_principal_id=sp.id,
end_date='2025-01-01T01:02:03Z',
value=PASSWORD)
rg = ResourceGroup('rg', name='kzhou-rg', location=LOCATION)
# Create an Azure resource (Storage Account)
account = Account(
'storage',
# The location for the storage account will be derived automatically from the resource group.
resource_group_name=rg.name,
from pulumi_kubernetes.core.v1 import Service
from pulumi_azure.core import ResourceGroup
from pulumi_azure.containerservice import KubernetesCluster
from pulumi_azuread import Application, ServicePrincipal, ServicePrincipalPassword
# read and set config values
config = pulumi.Config("azure-py-aks")
PASSWORD = config.require_secret("password")
SSHKEY = config.require("sshkey")
# create a Resource Group and Network for all resources
resource_group = ResourceGroup("aks-rg")
# create Azure AD Application for AKS
app = Application("aks-app")
# create service principal for the application so AKS can act on behalf of the application
sp = ServicePrincipal(
"aks-app-sp",
application_id=app.application_id,
)
# create service principal password
sppwd = ServicePrincipalPassword(
"aks-app-sp-pwd",
service_principal_id=sp.id,
end_date="2099-01-01T00:00:00Z",
value=PASSWORD,
)
from pulumi import ResourceOptions
from pulumi_azure.core import ResourceGroup
from pulumi_azure.containerservice import KubernetesCluster
from pulumi_azuread import Application, ServicePrincipal, ServicePrincipalPassword
# read and set config values
config = pulumi.Config()
PASSWORD = config.require_secret("password")
SSHKEY = config.require("sshkey")
# create a Resource Group and Network for all resources
resource_group = ResourceGroup("miw-aks-rg")
# create Azure AD Application for AKS
app = Application("miw-aks-app")
# create service principal for the application so AKS can act on behalf of the application
sp = ServicePrincipal(
"miw-aks-app-sp",
application_id=app.application_id,
)
# create service principal password
sppwd = ServicePrincipalPassword(
"miw-aks-app-sp-pwd",
service_principal_id=sp.id,
end_date="2099-01-01T00:00:00Z",
value=PASSWORD,
)