diff --git a/e2e/azure-cc-deployment-parameters.json b/e2e/azure-cc-deployment-parameters.json new file mode 100644 index 000000000..96add5d27 --- /dev/null +++ b/e2e/azure-cc-deployment-parameters.json @@ -0,0 +1,30 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "containerGroupName": { + "value": "" + }, + "location": { + "value": "" + }, + "identity": { + "value": "" + }, + "vaultName": { + "value": "" + }, + "operatorKeySecretName": { + "value": "" + }, + "deploymentEnvironment": { + "value": "" + }, + "coreBaseUrl": { + "value": "" + }, + "optoutBaseUrl": { + "value": "" + } + } +} diff --git a/e2e/azure-cc-deployment-template.json b/e2e/azure-cc-deployment-template.json new file mode 100644 index 000000000..5fd39bfb6 --- /dev/null +++ b/e2e/azure-cc-deployment-template.json @@ -0,0 +1,161 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "containerGroupName": { + "type": "string", + "metadata": { + "description": "Name for the container group" + } + }, + "location": { + "type": "string", + "metadata": { + "description": "Location for the container group" + } + }, + "identity": { + "type": "string", + "metadata": { + "description": "ManagedIdentity to launch the container" + } + }, + "vaultName": { + "type": "string", + "metadata": { + "description": "Vault name" + } + }, + "operatorKeySecretName": { + "type": "string", + "metadata": { + "description": "Operator key secret name" + } + }, + "deploymentEnvironment": { + "type": "string", + "metadata": { + "description": "Deployment environment" + } + }, + "coreBaseUrl": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "UID2 core base url override" + } + }, + "optoutBaseUrl": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "UID2 optout base url override" + } + } + }, + "resources": [ + { + "type": "Microsoft.ContainerInstance/containerGroups", + "apiVersion": "2023-05-01", + "name": "[parameters('containerGroupName')]", + "location": "[parameters('location')]", + "identity": { + "type": "userAssigned", + "userAssignedIdentities": { + "[resourceID('Microsoft.ManagedIdentity/userAssignedIdentities/',parameters('identity'))]": {} + } + }, + "properties": { + "confidentialComputeProperties": { + "ccePolicy": "" + }, + "containers": [ + { + "name": "skr", + "properties": { + "image": "mcr.microsoft.com/aci/skr:2.3", + "command": [ + "/skr.sh" + ], + "ports": [ + { + "port": 9000 + } + ], + "resources": { + "requests": { + "cpu": 1, + "memoryInGB": 1 + } + }, + "environmentVariables": [ + { + "name": "Port", + "value": "9000" + } + ] + } + }, + { + "name": "uid2-operator", + "properties": { + "image": "IMAGE_PLACEHOLDER", + "ports": [ + { + "port": 8080, + "protocol": "TCP" + } + ], + "resources": { + "requests": { + "cpu": 4, + "memoryInGB": 16 + } + }, + "environmentVariables": [ + { + "name": "VAULT_NAME", + "value": "[parameters('vaultName')]" + }, + { + "name": "OPERATOR_KEY_SECRET_NAME", + "value": "[parameters('operatorKeySecretName')]" + }, + { + "name": "DEPLOYMENT_ENVIRONMENT", + "value": "[parameters('deploymentEnvironment')]" + }, + { + "name": "CORE_BASE_URL", + "value": "[parameters('coreBaseUrl')]" + }, + { + "name": "OPTOUT_BASE_URL", + "value": "[parameters('optoutBaseUrl')]" + } + ] + } + } + ], + "sku": "Confidential", + "osType": "Linux", + "restartPolicy": "Never", + "ipAddress": { + "type": "Public", + "ports": [ + { + "port": "8080", + "protocol": "TCP" + } + ] + } + } + } + ], + "outputs": { + "containerIPv4Address": { + "type": "string", + "value": "[reference(resourceId('Microsoft.ContainerInstance/containerGroups', parameters('containerGroupName'))).ipAddress.ip]" + } + } +} diff --git a/e2e/prepare_azure_cc_enclave_metadata.sh b/e2e/prepare_azure_cc_enclave_metadata.sh index 78e16ce21..e7d60ca6a 100644 --- a/e2e/prepare_azure_cc_enclave_metadata.sh +++ b/e2e/prepare_azure_cc_enclave_metadata.sh @@ -12,6 +12,8 @@ if [ -z "$AZURE_CC_POLICY_DIGEST" ]; then fi # generate enclave id +# TODO run `IMAGE={IMAGE} INPUT_TEMPLATE_FILE=azure-cc-deployment-template.json +# INPUT_PARAMETERS_FILE=azure-cc-deployment-parameters.json scripts/azure-cc/generate-deployment-artifacts.sh` to generate artifacts enclave_id=$AZURE_CC_POLICY_DIGEST # fetch operator key diff --git a/scripts/azure-cc/deployment-template.json b/scripts/azure-cc/deployment-template.json index 5fd39bfb6..149b010c2 100644 --- a/scripts/azure-cc/deployment-template.json +++ b/scripts/azure-cc/deployment-template.json @@ -37,20 +37,6 @@ "metadata": { "description": "Deployment environment" } - }, - "coreBaseUrl": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "UID2 core base url override" - } - }, - "optoutBaseUrl": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "UID2 optout base url override" - } } }, "resources": [ @@ -124,14 +110,6 @@ { "name": "DEPLOYMENT_ENVIRONMENT", "value": "[parameters('deploymentEnvironment')]" - }, - { - "name": "CORE_BASE_URL", - "value": "[parameters('coreBaseUrl')]" - }, - { - "name": "OPTOUT_BASE_URL", - "value": "[parameters('optoutBaseUrl')]" } ] } diff --git a/scripts/azure-cc/generate-deployment-artifacts.sh b/scripts/azure-cc/generate-deployment-artifacts.sh index 847947fb1..8f18415ef 100644 --- a/scripts/azure-cc/generate-deployment-artifacts.sh +++ b/scripts/azure-cc/generate-deployment-artifacts.sh @@ -6,6 +6,7 @@ set -x # Following environment variables may be set # - INPUT_TEMPLATE_FILE: deployment template file, default is deployment-template.json in this script's directory +# - INPUT_PARAMETERS_FILE: deployment parameters file, default is deployment-parameters.json in this script's directory # - OUTPUT_TEMPLATE_FILE: generated deployment template file, default is uid2-operator-deployment-template.json # - OUTPUT_PARAMETERS_FILE: generated deployment parameters file, default is uid2-operator-deployment-parameters.json # - OUTPUT_POLICY_DIGEST_FILE: generated policy digest file, default is uid2-operator-deployment-digest.txt @@ -25,6 +26,14 @@ if [[ ! -f ${INPUT_TEMPLATE_FILE} ]]; then exit 1 fi +if [[ -z ${INPUT_PARAMETERS_FILE} ]]; then + INPUT_PARAMETERS_FILE=${SCRIPT_DIR}/deployment-parameters.json +fi +if [[ ! -f ${INPUT_PARAMETERS_FILE} ]]; then + echo "INPUT_PARAMETERS_FILE does not exist" + exit 1 +fi + if [[ -z ${OUTPUT_TEMPLATE_FILE} ]]; then OUTPUT_TEMPLATE_FILE=uid2-operator-deployment-template.json fi @@ -64,4 +73,4 @@ if [[ $? -ne 0 ]]; then exit 1 fi -cp ${SCRIPT_DIR}/deployment-parameters.json ${OUTPUT_PARAMETERS_FILE} +cp ${INPUT_PARAMETERS_FILE} ${OUTPUT_PARAMETERS_FILE}