Merge pull request #307 from microsoft/dev

update to microsoft.identity

deploy/bicep/webhook.bicep

@@ -0,0 +1,16 @@
+param name string
+param serviceUrl string
+param repository string
+param registryName string = 'TeamCloud'
+
+resource api_webhook 'Microsoft.ContainerRegistry/registries/webhooks@2021-09-01' = {
+  name: '${registryName}/${name}'
+  location: resourceGroup().location
+  properties: {
+    actions: [
+      'push'
+    ]
+    scope: repository
+    serviceUri: serviceUrl
+  }
+}

deploy/bicep/webhooks.bicep

@@ -0,0 +1,55 @@
+param registryName string = 'TeamCloud'
+param registryResourceGroupName string = 'TeamCloud-Registry'
+param registrySubscriptionId string = 'b6de8d3f-8477-45fe-8d60-f30c6db2cb06'
+
+param apiAppName string = 'teamclouddemo-api'
+param orchestratorAppName string = 'teamclouddemo-orchestrator'
+param webAppName string = 'teamclouddemo'
+
+// param resourceGroupName string = 'TeamCloud'
+// param subscriptionId string = '12223725-70b0-45a6-96c4-a13c344fdc57'
+
+resource api 'Microsoft.Web/sites@2021-02-01' existing = {
+  name: apiAppName
+}
+
+resource orchestrator 'Microsoft.Web/sites@2021-02-01' existing = {
+  name: orchestratorAppName
+}
+
+resource website 'Microsoft.Web/sites@2021-02-01' existing = {
+  name: webAppName
+}
+
+module api_webhook 'webhook.bicep' = {
+  scope: resourceGroup(registrySubscriptionId, registryResourceGroupName)
+  name: 'apiWebhook'
+  params: {
+    name: 'webapi'
+    registryName: registryName
+    repository: 'teamcloud/api'
+    serviceUrl: '${list('${api.id}/config/publishingcredentials', api.apiVersion).properties.scmUri}/docker/hook'
+  }
+}
+
+module orchestrator_webhook 'webhook.bicep' = {
+  scope: resourceGroup(registrySubscriptionId, registryResourceGroupName)
+  name: 'orchestratorWebhook'
+  params: {
+    name: 'orchestrator'
+    registryName: registryName
+    repository: 'teamcloud/orchestrator'
+    serviceUrl: '${list('${orchestrator.id}/config/publishingcredentials', orchestrator.apiVersion).properties.scmUri}/docker/hook'
+  }
+}
+
+module website_webhook 'webhook.bicep' = {
+  scope: resourceGroup(registrySubscriptionId, registryResourceGroupName)
+  name: 'websiteWebhook'
+  params: {
+    name: 'website'
+    registryName: registryName
+    repository: 'teamcloud/website'
+    serviceUrl: '${list('${website.id}/config/publishingcredentials', website.apiVersion).properties.scmUri}/docker/hook'
+  }
+}

src/TeamCloud.API/Controllers/OrganizationAuditController.cs

@@ -37,7 +37,7 @@ public OrganizationAuditController(ICommandAuditReader commandAuditReader)
     [SwaggerResponse(StatusCodes.Status200OK, "Returns audit entries.", typeof(DataResult<List<CommandAuditEntity>>))]
     [SwaggerResponse(StatusCodes.Status400BadRequest, "A validation error occured.", typeof(ErrorResult))]
     [SwaggerResponse(StatusCodes.Status404NotFound, "The Organization was not found.", typeof(ErrorResult))]
-    public async Task<IActionResult> Get([FromQuery] string timeRange = null, [FromQuery] string[]? commands = null)
+    public async Task<IActionResult> Get([FromQuery] string timeRange = null, [FromQuery] string[] commands = default)
     {
         var organizationId = Guid.Parse(OrganizationId);
 
@@ -84,7 +84,7 @@ public Task<IActionResult> GetAuditCommandTypes()
         var commands = AppDomain.CurrentDomain.GetAssemblies()
             .Where(asm => !asm.IsDynamic)
             .SelectMany(asm => asm.GetExportedTypes().Where(t => t.IsClass && !t.IsAbstract && typeof(ICommand).IsAssignableFrom(t)))
-            .Select(t => t.IsGenericType ? $"{t.Name.Substring(0, t.Name.IndexOf("`", StringComparison.OrdinalIgnoreCase))}<>" : t.Name)
+            .Select(t => t.IsGenericType ? $"{t.Name[..t.Name.IndexOf("`", StringComparison.OrdinalIgnoreCase)]}<>" : t.Name)
             .OrderBy(n => n, StringComparer.OrdinalIgnoreCase)
             .ToList();
 

src/TeamCloud.API/Startup.cs

@@ -9,8 +9,6 @@
 using System.Reflection;
 using System.Security.Claims;
 using FluentValidation;
-using Microsoft.AspNetCore.Authentication;
-using Microsoft.AspNetCore.Authentication.AzureAD.UI;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.DataProtection;
@@ -19,13 +17,13 @@
 using Microsoft.AspNetCore.Mvc.Authorization;
 using Microsoft.AspNetCore.Mvc.Infrastructure;
 using Microsoft.Azure.Cosmos.Fluent;
-using Microsoft.Azure.Management.ResourceManager.Fluent;
 using Microsoft.Azure.Storage;
 using Microsoft.Azure.Storage.Blob;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
 using Microsoft.Extensions.ObjectPool;
+using Microsoft.Identity.Web;
 using Microsoft.IO;
 using Microsoft.OpenApi.Models;
 using TeamCloud.Adapters;
@@ -297,7 +295,7 @@ private static void ConfigureSwagger(IServiceCollection services, AzureResourceM
                             AuthorizationUrl = new Uri($"https://login.microsoftonline.com/{azureResourceManagerOptions.TenantId}/oauth2/v2.0/authorize"),
                             Scopes = new Dictionary<string, string> {
                                     { "openid", "Sign you in" },
-                                    { "http://TeamCloud.aztcclitestsix/user_impersonation", "Access the TeamCloud API" }
+                                    { "http://TeamCloud.DEMO.Web/user_impersonation", "Access the TeamCloud API" }
                             }
                         }
                     }
@@ -310,7 +308,7 @@ private static void ConfigureSwagger(IServiceCollection services, AzureResourceM
                             {
                                 Reference = new OpenApiReference { Type = ReferenceType.SecurityScheme, Id = "oauth2" },
                             },
-                            new [] { "openid", "http://TeamCloud.aztcclitestsix/user_impersonation" }
+                            new [] { "openid", "http://TeamCloud.DEMO.Web/user_impersonation" }
                         }
                 });
 
@@ -321,33 +319,16 @@ private static void ConfigureSwagger(IServiceCollection services, AzureResourceM
 
     private static void ConfigureAuthentication(IServiceCollection services, AzureResourceManagerOptions azureResourceManagerOptions)
     {
-        services
-            .AddAuthentication(AzureADDefaults.JwtBearerAuthenticationScheme)
-            .AddAzureADBearer(options =>
-            {
-                options.Instance = AzureEnvironment.AzureGlobalCloud.AuthenticationEndpoint;
-                options.TenantId = azureResourceManagerOptions.TenantId;
-            })
-            .AddAdapterAuthentication();
-
         services
             .AddHttpContextAccessor()
-            .Configure<JwtBearerOptions>(AzureADDefaults.JwtBearerAuthenticationScheme, options =>
+            .AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
+            .AddAdapterAuthentication()
+            .AddMicrosoftIdentityWebApi(jwtOptions =>
             {
-                // This is an Microsoft identity platform Web API
-                options.Authority += "/v2.0";
-
                 // Disable audience validation
-                options.TokenValidationParameters.ValidateAudience = false;
+                jwtOptions.TokenValidationParameters.ValidateAudience = false;
 
-                // The valid issuers can be based on Azure identity V1 or V2
-                options.TokenValidationParameters.ValidIssuers = new string[]
-            {
-                        $"https://login.microsoftonline.com/{azureResourceManagerOptions.TenantId}/v2.0",
-                        $"https://sts.windows.net/{azureResourceManagerOptions.TenantId}/"
-            };
-
-                options.Events = new JwtBearerEvents()
+                jwtOptions.Events = new JwtBearerEvents()
                 {
                     OnTokenValidated = async (TokenValidatedContext context) =>
                     {
@@ -358,7 +339,13 @@ private static void ConfigureAuthentication(IServiceCollection services, AzureRe
                         if (userClaims.Any()) context.Principal.AddIdentity(new ClaimsIdentity(userClaims));
                     }
                 };
-            });
+            }, identityOptions =>
+            {
+                identityOptions.ClientId = azureResourceManagerOptions.ClientId;
+                identityOptions.ClientSecret = azureResourceManagerOptions.ClientSecret;
+                identityOptions.TenantId = azureResourceManagerOptions.TenantId;
+                identityOptions.Instance = "https://login.microsoftonline.com/";
+            }, JwtBearerDefaults.AuthenticationScheme);
     }
 
     private static void ConfigureAuthorization(IServiceCollection services)

src/TeamCloud.API/TeamCloud.API.csproj

@@ -23,7 +23,6 @@
     <PackageReference Include="Microsoft.AspNetCore.Mvc.WebApiCompatShim" Version="2.2.0" />
     <PackageReference Include="Newtonsoft.Json.Schema" Version="3.0.14" />
     <PackageReference Include="Microsoft.ApplicationInsights.AspNetCore" Version="2.20.0" />
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.AzureAD.UI" Version="6.0.1" />
     <PackageReference Include="Microsoft.AspNetCore.Mvc.Core" Version="2.2.5" />
     <PackageReference Include="Microsoft.AspNetCore.Mvc.NewtonsoftJson" Version="6.0.1" />
     <PackageReference Include="Microsoft.Azure.AppConfiguration.AspNetCore" Version="4.5.1" />

src/TeamCloud.Audit/CommandAuditReader.cs

@@ -86,7 +86,7 @@ async Task<string> ReadBlobAsync(string auditPath)
         }
     }
 
-    public async IAsyncEnumerable<CommandAuditEntity> ListAsync(Guid organizationId, Guid? projectId = null, TimeSpan? timeRange = null, string[]? commands = null)
+    public async IAsyncEnumerable<CommandAuditEntity> ListAsync(Guid organizationId, Guid? projectId = null, TimeSpan? timeRange = null, string[] commands = default)
     {
         var auditTable = await auditTableInstance
             .EnsureTableAsync()

src/TeamCloud.Audit/ICommandAuditReader.cs

@@ -15,5 +15,5 @@ public interface ICommandAuditReader
 {
     Task<CommandAuditEntity> GetAsync(Guid organizationId, Guid commandId, bool includeJsonDumps = false);
 
-    IAsyncEnumerable<CommandAuditEntity> ListAsync(Guid organizationId, Guid? projectId = null, TimeSpan? timeRange = null, [FromQuery] string[]? commands = null);
+    IAsyncEnumerable<CommandAuditEntity> ListAsync(Guid organizationId, Guid? projectId = null, TimeSpan? timeRange = null, [FromQuery] string[] commands = default);
 }

src/TeamCloud.Azure.Resources/TeamCloud.Azure.Resources.csproj

@@ -9,7 +9,6 @@
 
   <ItemGroup>
     <PackageReference Include="Azure.Storage.Files.Shares" Version="12.8.0" />
-    <PackageReference Include="Microsoft.Azure.Management.DevTestLabs" Version="3.0.0" />
     <PackageReference Include="System.Linq.Async" Version="5.1.0" />
     <ProjectReference Include="..\TeamCloud.Azure\TeamCloud.Azure.csproj" />
     <ProjectReference Include="..\TeamCloud.Serialization\TeamCloud.Serialization.csproj" />