Azure CC deployment artifacts: don't provide base URL parameters

e2e/azure-cc-deployment-parameters.json

@@ -0,0 +1,30 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "containerGroupName": {
+      "value": ""
+    },
+    "location": {
+      "value": ""
+    },
+    "identity": {
+      "value": ""
+    },
+    "vaultName": {
+      "value": ""
+    },
+    "operatorKeySecretName": {
+      "value": ""
+    },
+    "deploymentEnvironment": {
+      "value": ""
+    },
+    "coreBaseUrl": {
+      "value": ""
+    },
+    "optoutBaseUrl": {
+      "value": ""
+    }
+  }
+}

e2e/azure-cc-deployment-template.json

@@ -0,0 +1,161 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "containerGroupName": {
+      "type": "string",
+      "metadata": {
+        "description": "Name for the container group"
+      }
+    },
+    "location": {
+      "type": "string",
+      "metadata": {
+        "description": "Location for the container group"
+      }
+    },
+    "identity": {
+      "type": "string",
+      "metadata": {
+        "description": "ManagedIdentity to launch the container"
+      }
+    },
+    "vaultName": {
+      "type": "string",
+      "metadata": {
+        "description": "Vault name"
+      }
+    },
+    "operatorKeySecretName": {
+      "type": "string",
+      "metadata": {
+        "description": "Operator key secret name"
+      }
+    },
+    "deploymentEnvironment": {
+      "type": "string",
+      "metadata": {
+        "description": "Deployment environment"
+      }
+    },
+    "coreBaseUrl": {
+      "type": "string",
+      "defaultValue": "",
+      "metadata": {
+        "description": "UID2 core base url override"
+      }
+    },
+    "optoutBaseUrl": {
+      "type": "string",
+      "defaultValue": "",
+      "metadata": {
+        "description": "UID2 optout base url override"
+      }
+    }
+  },
+  "resources": [
+    {
+      "type": "Microsoft.ContainerInstance/containerGroups",
+      "apiVersion": "2023-05-01",
+      "name": "[parameters('containerGroupName')]",
+      "location": "[parameters('location')]",
+      "identity": {
+        "type": "userAssigned",
+        "userAssignedIdentities": {
+          "[resourceID('Microsoft.ManagedIdentity/userAssignedIdentities/',parameters('identity'))]": {}
+        }
+      },
+      "properties": {
+        "confidentialComputeProperties": {
+          "ccePolicy": ""
+        },
+        "containers": [
+          {
+            "name": "skr",
+            "properties": {
+              "image": "mcr.microsoft.com/aci/skr:2.3",
+              "command": [
+                "/skr.sh"
+              ],
+              "ports": [
+                {
+                  "port": 9000
+                }
+              ],
+              "resources": {
+                "requests": {
+                  "cpu": 1,
+                  "memoryInGB": 1
+                }
+              },
+              "environmentVariables": [
+                {
+                  "name": "Port",
+                  "value": "9000"
+                }
+              ]
+            }
+          },
+          {
+            "name": "uid2-operator",
+            "properties": {
+              "image": "IMAGE_PLACEHOLDER",
+              "ports": [
+                {
+                  "port": 8080,
+                  "protocol": "TCP"
+                }
+              ],
+              "resources": {
+                "requests": {
+                  "cpu": 4,
+                  "memoryInGB": 16
+                }
+              },
+              "environmentVariables": [
+                {
+                  "name": "VAULT_NAME",
+                  "value": "[parameters('vaultName')]"
+                },
+                {
+                  "name": "OPERATOR_KEY_SECRET_NAME",
+                  "value": "[parameters('operatorKeySecretName')]"
+                },
+                {
+                  "name": "DEPLOYMENT_ENVIRONMENT",
+                  "value": "[parameters('deploymentEnvironment')]"
+                },
+                {
+                  "name": "CORE_BASE_URL",
+                  "value": "[parameters('coreBaseUrl')]"
+                },
+                {
+                  "name": "OPTOUT_BASE_URL",
+                  "value": "[parameters('optoutBaseUrl')]"
+                }
+              ]
+            }
+          }
+        ],
+        "sku": "Confidential",
+        "osType": "Linux",
+        "restartPolicy": "Never",
+        "ipAddress": {
+          "type": "Public",
+          "ports": [
+            {
+              "port": "8080",
+              "protocol": "TCP"
+            }
+          ]
+        }
+      }
+    }
+  ],
+  "outputs": {
+    "containerIPv4Address": {
+      "type": "string",
+      "value": "[reference(resourceId('Microsoft.ContainerInstance/containerGroups', parameters('containerGroupName'))).ipAddress.ip]"
+    }
+  }
+}

e2e/prepare_azure_cc_enclave_metadata.sh

@@ -12,6 +12,8 @@ if [ -z "$AZURE_CC_POLICY_DIGEST" ]; then
 fi
 
 # generate enclave id
+# TODO run `IMAGE={IMAGE} INPUT_TEMPLATE_FILE=azure-cc-deployment-template.json
+# INPUT_PARAMETERS_FILE=azure-cc-deployment-parameters.json scripts/azure-cc/generate-deployment-artifacts.sh` to generate artifacts
 enclave_id=$AZURE_CC_POLICY_DIGEST
 
 # fetch operator key

scripts/azure-cc/deployment-template.json

@@ -37,20 +37,6 @@
       "metadata": {
         "description": "Deployment environment"
       }
-    },
-    "coreBaseUrl": {
-      "type": "string",
-      "defaultValue": "",
-      "metadata": {
-        "description": "UID2 core base url override"
-      }
-    },
-    "optoutBaseUrl": {
-      "type": "string",
-      "defaultValue": "",
-      "metadata": {
-        "description": "UID2 optout base url override"
-      }
     }
   },
   "resources": [
@@ -124,14 +110,6 @@
                 {
                   "name": "DEPLOYMENT_ENVIRONMENT",
                   "value": "[parameters('deploymentEnvironment')]"
-                },
-                {
-                  "name": "CORE_BASE_URL",
-                  "value": "[parameters('coreBaseUrl')]"
-                },
-                {
-                  "name": "OPTOUT_BASE_URL",
-                  "value": "[parameters('optoutBaseUrl')]"
                 }
               ]
             }

scripts/azure-cc/generate-deployment-artifacts.sh

@@ -6,6 +6,7 @@ set -x
 
 # Following environment variables may be set
 # - INPUT_TEMPLATE_FILE: deployment template file, default is deployment-template.json in this script's directory
+# - INPUT_PARAMETERS_FILE: deployment parameters file, default is deployment-parameters.json in this script's directory
 # - OUTPUT_TEMPLATE_FILE: generated deployment template file, default is uid2-operator-deployment-template.json
 # - OUTPUT_PARAMETERS_FILE: generated deployment parameters file, default is uid2-operator-deployment-parameters.json
 # - OUTPUT_POLICY_DIGEST_FILE: generated policy digest file, default is uid2-operator-deployment-digest.txt
@@ -25,6 +26,14 @@ if [[ ! -f ${INPUT_TEMPLATE_FILE} ]]; then
   exit 1
 fi
 
+if [[ -z ${INPUT_PARAMETERS_FILE} ]]; then
+  INPUT_PARAMETERS_FILE=${SCRIPT_DIR}/deployment-parameters.json
+fi
+if [[ ! -f ${INPUT_PARAMETERS_FILE} ]]; then
+  echo "INPUT_PARAMETERS_FILE does not exist"
+  exit 1
+fi
+
 if [[ -z ${OUTPUT_TEMPLATE_FILE} ]]; then
   OUTPUT_TEMPLATE_FILE=uid2-operator-deployment-template.json
 fi
@@ -64,4 +73,4 @@ if [[ $? -ne 0 ]]; then
   exit 1
 fi
 
-cp ${SCRIPT_DIR}/deployment-parameters.json ${OUTPUT_PARAMETERS_FILE}
+cp ${INPUT_PARAMETERS_FILE} ${OUTPUT_PARAMETERS_FILE}