fixing PR

solliancenet · Jul 26, 2024 · d0d4156 · d0d4156
1 parent a4a8df8
commit d0d4156
Showing 1 changed file with 55 additions and 83 deletions.
diff --git a/deploy/common/scripts/Create-FllmEntraIdApps.ps1 b/deploy/common/scripts/Create-FllmEntraIdApps.ps1
@@ -1,29 +1,30 @@
 #! /usr/bin/pwsh
+
+Param(
+    [parameter(Mandatory = $false)][string]$authAppName="FoundationaLLM-Authorization-API",
+    [parameter(Mandatory = $false)][string]$coreAppName="FoundationaLLM-Core-API",
+    [parameter(Mandatory = $false)][string]$coreClientAppName="FoundationaLLM-Core-Portal",
+    [parameter(Mandatory = $false)][string]$mgmtAppName="FoundationaLLM-Management-API",
+    [parameter(Mandatory = $false)][string]$mgmtClientAppName="FoundationaLLM-Management-Portal"
+)
+
+Set-StrictMode -Version 3.0
+$ErrorActionPreference = "Stop"
+
 <#
 .SYNOPSIS
-    Generates a set of FLLM EntraID App Registrations and their respective client apps in the Entra ID tenant.
-    See the following link for more information: https://docs.foundationallm.ai/deployment/authentication-authorization/index.html
-    **These app names are mandatory, you can't change the names or the scopes.**
-    
+    Generates a set of FLLM EntraID API apps and their respective client apps in the Azure AD tenant.
+
 .DESCRIPTION
     The script will create the following apps:
-    - FoundationaLLM-Authorization-API
-    - FoundationaLLM-Core-API
-    - FoundationaLLM-Core-Portal
-    - FoundationaLLM-Management-API
-    - FoundationaLLM-Management-Portal
-    
+    - FoundationaLLM
+    - FoundationaLLM-Client
+    - FoundationaLLM-Management
+    - FoundationaLLM-ManagementClient
+    - FoundationaLLM-Authorization
+    - 
     The script will also assign the required permissions to the client apps and the required API permissions to the API apps.
-
-.REQUIREMENTS
-    - The user must be a Global Administrator in the Entra ID tenant or have RBAC rights to create App Registrations and Service Principals.
-    - The Azure CLI must be installed and authenticated to the Entra ID tenant.
-    - Scaffolding JSON files must be present in the same directory as the script.
-        - foundationallm-authorization-api.template.json  
-        - foundationallm-core-api.template.json
-        - foundationallm-core-portal.template.json
-        - foundationallm-management-api.template.json
-        - foundationallm-management-portal.template.json
+    URLs for the client apps are optional and can be set using the appUrl and appUrlLocal parameters.
 
 .PARAMETER appPermissionsId
 The GUID of the permission to assign to the client app.
@@ -35,53 +36,24 @@ The URL of the client app.
 The local URL of the client app.
 
 .PARAMETER createClientApp
-If set to $true, the script will create a client app. If set to $false, the script will not create a client app.
-
-.PARAMETER fllmApi
-The name of the API app.
-
-.PARAMETER fllmApiConfigPath
-The path to the API app configuration file.
-
-.PARAMETER fllmApiUri
-The URI of the API app.
-
-.PARAMETER fllmClient
-The name of the client app.
-
-.PARAMETER fllmClientConfigPath
-The path to the client app configuration file.
-
+Whether to create the client app or not. Default is true. False will only create the API app.
 
 .EXAMPLE
 The following example creates the FoundationaLLM API and client apps.
 
 # Create FoundationaLLM Core App Registrations
 $params = @{
+    fllmApi              = "FoundationaLLM"
+    fllmClient           = "FoundationaLLM-Client"
+    fllmApiConfigPath    = "foundationalllm.json"
+    fllmClientConfigPath = "foundationalllm-client.json"
     appPermissionsId     = "6da07102-bb6a-421d-a71e-dfdb6031d3d8"
     appUrl               = ""
     appUrlLocal          = "http://localhost:3000/signin-oidc"
-    fllmApi              = $coreAppName
-    fllmApiConfigPath    = "foundationallm-core-api.json"
-    fllmApiUri           = "api://FoundationaLLM-Core"
-    fllmClient           = $coreClientAppName
-    fllmClientConfigPath = "foundationallm-core-portal.json"
 }
-$($fllmAppRegs).Core = New-FllmEntraIdApps @params
+New-FllmEntraIdApps @params
     
 #>
-
-Param(
-    [parameter(Mandatory = $false)][string]$authAppName="FoundationaLLM-Authorization-API",
-    [parameter(Mandatory = $false)][string]$coreAppName="FoundationaLLM-Core-API",
-    [parameter(Mandatory = $false)][string]$coreClientAppName="FoundationaLLM-Core-Portal",
-    [parameter(Mandatory = $false)][string]$mgmtAppName="FoundationaLLM-Management-API",
-    [parameter(Mandatory = $false)][string]$mgmtClientAppName="FoundationaLLM-Management-Portal"
-)
-
-Set-StrictMode -Version 3.0
-$ErrorActionPreference = "Stop"
-
 function New-FllmEntraIdApps {
     param (
         [Parameter(Mandatory = $true)][string]$appPermissionsId,
@@ -97,32 +69,32 @@ function New-FllmEntraIdApps {
 
     $fllmAppRegMetaData = @{}
     try {
-        # Create the FLLM API App Registration
+        # Create the FLLM APIApp Registration
         $($fllmAppRegMetaData).Api = @{ 
             Name = $fllmApi
             Uri = $fllmApiUri
         }
-        Write-Host -ForegroundColor Yellow "Creating EntraID Application Registration named $($fllmAppRegMetaData.Api.Name)"
+        Write-Host "Creating EntraID Application Registration named $($fllmAppRegMetaData.Api.Name)"
         $($fllmAppRegMetaData.Api).AppId = $(az ad app create --display-name $($fllmAppRegMetaData.Api.Name) --query appId --output tsv)
         $($fllmAppRegMetaData.Api).ObjectId = $(az ad app show --id $($fllmAppRegMetaData.Api.AppId) --query id --output tsv)
         az ad sp create --id $($fllmAppRegMetaData.Api.AppId) 
 
         # Create the FLLM ClientApp Registration
         if ($createClientApp) {
             $($fllmAppRegMetaData).Client = @{ Name = $fllmClient }
-            Write-Host -ForegroundColor Yellow "Creating EntraID Application Registration named $($fllmAppRegMetaData.Client.Name)"    
+            Write-Host "Creating EntraID Application Registration named $($fllmAppRegMetaData.Client.Name)"    
             $($fllmAppRegMetaData.Client).AppId = $(az ad app create --display-name $($fllmAppRegMetaData.Client.Name) --query appId --output tsv)
             $($fllmAppRegMetaData.Client).ObjectId = $(az ad app show --id $($fllmAppRegMetaData.Client.AppId) --query id --output tsv)
             az ad sp create --id $($fllmAppRegMetaData.Client.AppId)
         }
 
-        # Update the API App Registration
-        Write-Host -ForegroundColor Yellow "Laying down scaffolding for the API App Registration $($fllmAppRegMetaData.Api.Name)"
+        # Update the APIApp Registration
+        Write-Host "Lays down scaffolding for the API App Registration $($fllmAppRegMetaData.Api.Name)"
         az rest --method PATCH --url "https://graph.microsoft.com/v1.0/applications/$($fllmAppRegMetaData.Api.ObjectId)" --header "Content-Type=application/json" --body "@$fllmApiConfigPath"
-        Write-host -ForegroundColor Yellow "Sleeping for 10 seconds to allow the API App Registration to be created before updating it..."
+        Write-host "Sleeping for 10 seconds to allow the API App Registration to be created before updating it."
         Start-Sleep -Seconds 10
         ## Updates the API App Registration
-        Write-Host -ForegroundColor Yellow "Preparing updates for the API App Registration $($fllmAppRegMetaData.Api.Name)"
+        Write-Host "Preparing updates for the API App Registration $($fllmAppRegMetaData.Api.Name)"
         $appConfig = Get-content $fllmApiConfigPath | ConvertFrom-Json -Depth 20
         if ($createClientApp) {
             $preAuthorizedApp = @(
@@ -139,25 +111,25 @@ function New-FllmEntraIdApps {
         }
         $appConfig.identifierUris = @($($fllmAppRegMetaData.Api.Uri))
         $appConfigUpdate = $appConfig | ConvertTo-Json -Depth 20
-        Write-Host -ForegroundColor Yellow "Final Update to API App Registration $($fllmAppRegMetaData.Api.Name)"
+        Write-Host "Final Update to API App Registration $($fllmAppRegMetaData.Api.Name)"
         Set-Content -Path "$($fllmAppRegMetaData.Api.Name)`.json" $appConfigUpdate
         az rest --method PATCH --url "https://graph.microsoft.com/v1.0/applications/$($fllmAppRegMetaData.Api.ObjectId)" --header "Content-Type=application/json" --body "@$($fllmAppRegMetaData.Api.Name)`.json"
 
-        # Update the Client App Registration
+        # Update the ClientApp Registration
         if ($createClientApp) {     
-            Write-Host -ForegroundColor Yellow "Lay down scaffolding for the Client App Registration $($fllmAppRegMetaData.Client.Name)"
+            Write-Host "Lay down scaffolding for the ClientApp Registration $($fllmAppRegMetaData.Client.Name)"
             az rest --method PATCH --url "https://graph.microsoft.com/v1.0/applications/$($fllmAppRegMetaData.Client.ObjectId)" --header "Content-Type=application/json" --body "@$fllmClientConfigPath"
             Start-Sleep -Seconds 10
-            Write-host -ForegroundColor Yellow "Sleeping for 10 seconds to allow the API App Registration to be created before updating it..."
-            ## Updates the Client App Registration
-            Write-Host -ForegroundColor Yellow "Preparing updates for the Client App Registration $($fllmAppRegMetaData.Client.Name)"
+            Write-host "Sleeping for 10 seconds to allow the API App Registration to be created before updating it."
+            ## Updates the ClientApp Registration
+            Write-Host "Preparing updates for the API App Registration $($fllmAppRegMetaData.Client.Name)"
             $($fllmAppRegMetaData.Client).Uri = @("api://$($fllmAppRegMetaData.Client.Name)")
             $apiPermissions = @(@{"resourceAppId" = $($fllmAppRegMetaData.Client.AppId); "resourceAccess" = @(@{"id" = "$($appPermissionsId)"; "type" = "Scope" }) }, @{"resourceAppId" = "00000003-0000-0000-c000-000000000000"; "resourceAccess" = @(@{"id" = "e1fe6dd8-ba31-4d61-89e7-88639da4683d"; "type" = "Scope" }) })
             $appConfig = Get-content $fllmClientConfigPath | ConvertFrom-Json -Depth 20
             $appConfig.identifierUris = @($($fllmAppRegMetaData.Client.Uri))
             $appConfig.requiredResourceAccess = $apiPermissions
             $appConfigUpdate = $appConfig | ConvertTo-Json -Depth 20
-            Write-Host -ForegroundColor Yellow "Final Update to Client App Registration $($fllmAppRegMetaData.Client.Name)"
+            Write-Host "Final Update to ClientApp Registration $($fllmAppRegMetaData.Client.Name)"
             Set-Content -Path "$($fllmAppRegMetaData.Client.Name)`.json" $appConfigUpdate
             az rest --method PATCH --url "https://graph.microsoft.com/v1.0/applications/$($fllmAppRegMetaData.Client.ObjectId)" --header "Content-Type=application/json" --body "@$($fllmAppRegMetaData.Client.Name)`.json"
         }
@@ -172,38 +144,38 @@ function New-FllmEntraIdApps {
 $fllmAppRegs = @{}
 # Create FoundationaLLM Core App Registrations
 $params = @{
+    fllmApi              = $coreAppName
+    fllmClient           = $coreClientAppName
+    fllmApiConfigPath    = "foundationalllm.json"
+    fllmApiUri           = "api://FoundationaLLM-Core"
+    fllmClientConfigPath = "foundationalllm-client.json"
     appPermissionsId     = "6da07102-bb6a-421d-a71e-dfdb6031d3d8"
     appUrl               = ""
     appUrlLocal          = "http://localhost:3000/signin-oidc"
-    fllmApi              = $coreAppName
-    fllmApiConfigPath    = "foundationallm-core-api.template.json"
-    fllmApiUri           = "api://FoundationaLLM-Core"
-    fllmClient           = $coreClientAppName
-    fllmClientConfigPath = "foundationallm-core-portal.template.json"
 }
 $($fllmAppRegs).Core = New-FllmEntraIdApps @params
 
 # Create FoundationaLLM Management App Registrations
 $params = @{
+    fllmApi              = $mgmtAppName
+    fllmClient           = $mgmtClientAppName
+    fllmApiConfigPath    = "foundationalllm-management.json"
+    fllmApiUri           = "api://FoundationaLLM-Management"
+    fllmClientConfigPath = "foundationalllm-managementclient.json"
     appPermissionsId     = "c57f4633-0e58-455a-8ede-5de815fe6c9c"
     appUrl               = ""
     appUrlLocal          = "http://localhost:3001/signin-oidc"
-    fllmApi              = $mgmtAppName
-    fllmApiConfigPath    = "foundationallm-management-api.template.json"
-    fllmApiUri           = "api://FoundationaLLM-Management"
-    fllmClient           = $mgmtClientAppName
-    fllmClientConfigPath = "foundationallm-management-portal.template.json"
 }
 $($fllmAppRegs).Management = New-FllmEntraIdApps @params
 
 # Create FoundationaLLM Authorization App Registration
 $params = @{
-    appPermissionsId  = "9e313dd4-51e4-4989-84d0-c713e38e467d"
-    createClientApp   = $false
     fllmApi           = $authAppName
-    fllmApiConfigPath = "foundationallm-authorization-api.template.json"
+    fllmApiConfigPath = "foundationalllm-authorization.json"
     fllmApiUri        = "api://FoundationaLLM-Authorization"
+    appPermissionsId  = "9e313dd4-51e4-4989-84d0-c713e38e467d"
+    createClientApp   = $false
 }
-$($fllmAppRegs).Authorization = New-FllmEntraIdApps @params
+$($fllmAppRegs).Authorization = New-FllmEntraIdApps  @params
 
 Write-Host $($fllmAppRegs | ConvertTo-Json)