Who Is Who allows you to index all your IT assets: Azure Resources, Azure Active Directory and elements of other systems. You can leverage the Who Is Who full-text search to find all you need and retrieve the relationships betweeb the different elements.
In order to deploy required resources, some Azure provider must be enabled and a target resource group is required
- Register the required Azure Resource Prooviders and create a Resource Group on Azure:
az provider register --namespace 'Microsoft.Web' az provider register --namespace 'Microsoft.Search' az provider register --namespace 'Microsoft.KeyVault' az group create -l westus -n {ResourceGroupName}
and take note of the resource group name.
-
WhoIsWho Deployment Identity, used by the GitHub action for the deployment:
-
Register the required Azure Resource Proovider and create a Resource Group on Azure:
az provider register --namespace 'Microsoft.Web' az group create -l westus -n {ResourceGroupName} -
Create an Azure AD App Registration/Service Principal with the following "az cli" command:
az ad sp create-for-rbac --name "WhoIsWhoDeploymentIdentity" --role contributor --scopes /subscriptions/{subscriptionID}/resourceGroups/{resourceGroupName} --sdk-authand take note of the output JSON that should look like this:
{ "clientId": "xxxxxxx-d574-47c3-a84b-yyyyyyyyy", "clientSecret": "yourSecret", "subscriptionId": "yourSubscriptionId", "tenantId": "yourAADTenantId", ... "managementEndpointUrl": "[https://management.core.windows.net/](https://management.core.windows.net/)" }
-
-
WhoIsWho Identity Backend, exposes API to the frontend. This principal can be assigned to the Azure Resources (ex.Subscription,Resource Group, AppService, etc.) that you want the solution will index. Execute the following "az cli" command:
az ad sp create-for-rbac --name "WhoIsWhoIdentityBackend" --years {numberOfTheYearOfExpirationForGeneratedPassword} --skip-assignmentand take note of the output JSON that should look like this:
{ "appId": "xxxxxxx-d574-47c3-a84b-yyyyyyyyy", "password": "yourSecret", "displayName": "yourSubscriptionId", "tenant": "yourAADTenantId", }
From now you can assign the Azure AD Service Principal identified by the displayName to every Azure Resource via RBAC with the "Reader" role assignment.
-
WhoIsWho Identity Frontend, represents the front-end and allows the user to authenticate. Execute the following "az cli" command:
az ad sp create-for-rbac --name "WhoIsWhoIdentityFrontend" --years {numberOfTheYearOfExpirationForGeneratedPassword} --skip-assignmentand take note of the output JSON that should look like this:
{ "appId": "xxxxxxx-d574-47c3-a84b-yyyyyyyyy", "password": "yourSecret", "displayName": "yourSubscriptionId", "tenant": "yourAADTenantId", }
Grant the WhoIsWhoIdentityBackend "user_impersonation" permission to the WhoIsWhoIdentityFrontend service principal. Execute the following "az cli" command in Powershell:
$appIdFrontend=az ad app list --display-name "WhoIsWhoIdentityFrontend" --query "[0].appId"
$appBackend= az ad app list --display-name "WhoIsWhoIdentityBackend" --query "{appId:[0].appId,permissionId:[0].oauth2Permissions[?value=='user_impersonation'] | [0].id}" | ConvertFrom-Json
az ad app permission add --id $appIdFrontend --api $appBackend.appId --api-permissions "$(${appBackend}.permissionId)=Scope"
az ad app permission grant --id $appIdFrontend --api $appBackend.appIdCreate the following GitHub secrets:
| SecretName | Content |
|---|---|
| DEPLOYMENT_IDENTITY | Store the App Registration output JSON for the Deployment Identity |
| WHOISWHO_IDENTITY_BE | Store the App Registration output JSON for the WhoIsWho Identity Backend |
| WHOISWHO_IDENTITY_FE | Store the App Registration output JSON for the WhoIsWho Identity Frontend |
Launch the GitHub Action named 'Deploy WhoIsWho' with the following parameters:
| Parameter | Value |
|---|---|
| Resource Group Name | The name of resource group where the WhoIsWho resources will be created |
| Resource Location | The resources location |
| Resources Name Main Identifier | The string that will identify uniquely all the Azure Resources that will be created, ex. if set to the value 'mywhoiswho' deploy, the following resources will be created: app-mywhoiswho, appi-mywhoiswho, func-mywhoiswho-azureloader, func-mywhoiswho-datasync, plan-mywhoiswho, srch-mywhoiswho |