This article contains full instructions for setting up a Marketplace offering creating WebApp and an optional App Service Plan. The wizard guides the requesting user through a series of business near questions that will decide what properties and permissions the created WebApp will have.
Watch this recording for a 6-minute quick walktrough of the template
Requirements
Except for having EvOps installed and an EvOps account configured, the following prerequisites need to be fulfilled before proceeding with the setup.
App Services
Since the template is using Functions for populating and validating wizard data and the offering creates a Web App and optionally Service Plan, App Services need to be installed in the target Azure Stack stamp. For more information about installing App Services on Azure Stack: App Service on Azure Stack Overview
Plans & Offer
It is of course crucial that tenants' subscriptions have Web Services offering to be able to provision Web Apps and App Service Plans.
Preparation
Creating Function App
The Function App should be created in a Subscription that is managed by the team that manages and operates EvOps.
- Log in Azure Stack Portal (Tenant)
- Click + Create a resource
- Browse to Web + Mobile category and click Function App in Featured list
- Provide an App name
- Select a Subscription
- Select an existing or create a new Resource Group
- Select App Service Plan as Hosting Plan
- Select an existing Service Plan or create a new
Note: Shared pricing tiers can be used for basic scenarios, but for production and certification authentication support dedicated tier should be used - Select .NET as Runtime Stack
- Leave default settings for Storage Account
- Click Create
- Verify that Function App has been created successfully before proceeding to next section
AD/AAD Groups for RBAC Roles
This request template showcases how to set RBAC permission on created resources. Prepare information about at least one group (Name and object ID) that you will be using in this sample.
EvOps Account Service Principal Permissions
EvOps Workflow runs in the context of the EvOps account service principal. Since the ARM template in this sample sets permissions on created WebApp, the service principal needs Owner role on the subscription.
EvOps account service principal name is created with a script as a prerequisite before you create your account. It is following the naming standard Azure Stack - EvOps - "Name of your EvOps account". When searching for the user, you need to type the entire name.
Important
If you do not set Owner permission, created requests will fail when running ARM deployment activity with the following error message: "Failed starting activity Failed to call endpoint, status code 'BadRequest' and message '{"Code":"Unknown error","Message":"{\"error\":{\"code\":\"InvalidTemplateDeployment\",\"message\":\"The template deployment failed with error: 'Authorization failed for template resource...."
Remote Source & Validation Functions
In this section, Functions will be created and configured in App Services hosted in Azure Stack, but there are no limitations to create and configure these in Azure App Services as long as EvOps RP has network connectivity to Azure.
Note
The sample functions only contain logic inside the function itself. It does not reach out and validate Web App Names etc. We have taken the decision that it is more important getting started easily, than adding this to the sample since it increases the complexity importing the template.
Add Remote Source For Generating WebApp Name
Create getWebAppName function
- Browse to Function Apps
- Expand function app created earlier
- Click + symbol to create new Function
- Click create your own custom function
- Enable Experimental Language Support to enable PowerShell
- Choose PowerShell in HTTP trigger area
- Select PowerShell as Language, getWebAppName as Name and Function as Authorization level. Then click Create
- Open just created function and replace all content of Run.ps1 with below code
#getWebAppName $rawContent = Get-Content $req -Raw $requestBody = $rawContent | ConvertFrom-Json $purpose = $requestBody.userInput.purpose.value $random = Get-Random -Minimum 1000 -Maximum 9999 $AppName = '' if ($purpose.length -gt 1) { $AppName = "app-" + $purpose.Substring(0,3).toLower() + $random } $result = New-Object -TypeName psobject -Property @{ items = @( New-Object -TypeName psobject -Property @{ displayName = $AppName; value = $AppName; isDefault = $false; } ); isReadonly = $false; } $result = $result | ConvertTo-Json Out-File -Encoding Ascii -FilePath $res -inputObject $result
- Click Save
- Click </> Get function URL
- Copy Function URL to clipboard to be used when adding Service Endpoint
Add getWebAppName Service Endpoint
- Browse to your EvOps account
- Go to Extensions
- If Service Endpoints extension has not been activated, click +Add, select Service Endpoint from list and click Create
- Click Service Endpoints
- Click Manage endpoints
- Click +Add to add new endpoint
- Select Azure Function as Type
- Type getWebAppName as Display name
- Paste the function URL copied to clipboard in previous section into URL
- Select Remote source as Purpose
- Click OK to create Service endpoint
Add remote source to generate resource group name
Create getWebAppRG Function
- Browse to Function App created earlier
- Expand Function App
- Click + symbol to create new Function
- Click create your own custom function
- Enable Experimental Language Support to enable PowerShell
- Choose PowerShell in HTTP trigger area
- Select PowerShell as Language, getWebAppRG as Name and Function as Authorization level, then click Create
- Open recently created function and replace all content of Run.ps1 with below code
#getWebAppRG $rawContent = Get-Content $req -Raw $requestBody = $rawContent | ConvertFrom-Json $purpose = $requestBody.userInput.purpose.value $rg = "" if ($purpose -eq "tst") { $rg = "webapp-test-rg" } if ($purpose -eq "dev") { $rg = "webapp-dev-rg" } if ($purpose -eq "prd") { $rg = "webapp-prod-rg" } $result = New-Object -TypeName psobject -Property @{ items = @( New-Object -TypeName psobject -Property @{ displayName = $rg; value = $rg; isDefault = $false; } ); isReadonly = $false; } $result = $result | ConvertTo-Json Out-File -Encoding Ascii -FilePath $res -inputObject $result
- Click Save
- Click </> Get function URL
- Copy Function URL to clipboard to be used when adding Service Endpoint
Add getWebAppRG Service Endpoint
- Browse to your EvOps account
- Go to Extensions
- If Service Endpoints extension has not been activated, click +Add, select Service Endpoint from list and click Create
- Click Service Endpoints
- Click Manage endpoints
- Click +Add to add new endpoint
- Select Azure Function as Type
- Type getWebAppRG as Display name
- Paste the function URL copied to clipboard in previous section into URL
- Select Remote source as Purpose
- Click OK to created Service endpoint
Add validation of Web App name
Create checkWebAppName Function
- Browse to Function App created earlier
- Expand Function App
- Click + symbol to create new Function
- Click create your own custom function
- Enable Experimental Language Support to enable PowerShell
- Choose PowerShell in HTTP trigger area
- Select PowerShell as Language, checkWebAppName as Name and Function as Authorization level then click Create
- Open recently created function and replace all content of Run.ps1 with below code
#checkWebAppName $rawContent = Get-Content $req -Raw $requestBody = $rawContent | ConvertFrom-Json $value = $requestBody.valueToValidate $result = New-Object -TypeName psobject -Property @{ valid = $true; message = "Ok" } if ($value -notmatch "[a-z][a-z][a-z]-[a-z][a-z][a-z]\d\d\d\d") { $result.valid = $false; $result.message = "WebApp name $value must be in format xxx-xxxnnn" } $result = $result | ConvertTo-Json Out-File -Encoding Ascii -FilePath $res -inputObject $result
- Click Save
- Click </> Get function URL
- Copy Function URL to clipboard to be used when adding Service Endpoint
Add checkWebAppName Service Endpoint
- Browse to your EvOps account
- Go to Extensions
- If Service Endpoints extension has not been activated, click +Add, select Service Endpoint from list and click Create
- Click Service Endpoints
- Click Manage endpoints
- Click +Add to add new endpoint
- Select Azure Function as Type
- Type checkWebAppName as Display name
- Paste the function URL copied to clipboard in previous section into URL
- Select Remote Validation as Purpose
- Click OK to create Service endpoint
Import Request Template
Follow these steps to import the Custom WebApp Sample request template.
- Download Custom WebApp Sample.evpkg from this article locally
- Browse to your EvOps account
- Go to Request Template
- Click Import
- Click browse icon, browse, and select file Custom WebApp Sample.evpkg downloaded earlier, then click Open
- Accept the default values for Display name and Name and click OK to import request template
Modify Request Template to Environment
The section will guide you through the steps to connect the created functions to your template, as well let you change the group that is used to set RBAC permission to fit your environment.
- Open Custom WebApp Sample Request Template
- Click Wizard in the left-side Template menu
- Click gear icon in the top-right corner of the Web App Name prompt to expand settings menu
- Click Source tab
- Select getWebAppName from list as Endpoint, leave other values as-is
- Click Validation tab
- Click Remote validation
- Select checkWebAppName from list, then click OK
- Click gear icon the top-right corner again to collapse Web App Name prompt settings menu
- Click gear icon in the top-right corner of the Resource group prompt to expand settings menu
- Click Source tab
- Select getWebAppRG from list as Endpoint, leave other values as-is
- Click gear icon the top-right corner again to collapse Resource group prompt settings menu
- Click Organization tab (Wizard Tab)
- Click gear icon the top-right corner again to collapse Team prompt settings menu
- Click Source tab
- Modify existing row and add the name and object ID of the group information gathered as specified in article prerequisites
- Click gear icon the top-right corner again to collapse Team prompt settings menu
- Click Save in top-menu to commit all changes
- Click Overview in the left-side menu
- Click Publish in top-menu to publish to Marketplace
- After a few minutes Custom WebApp Sample will be visible in Marketplace
Note: You may have to refresh your browser to see the new Marketplace item.
Comments
0 comments
Article is closed for comments.