Cleanup and Down script to delete entra app

dminkovski · dminkovski · commit ce18a9cafc93 · 2024-02-23T11:34:44.000+01:00
diff --git a/app/indexer/microservice/Dockerfile b/app/indexer/microservice/Dockerfile
@@ -13,7 +13,6 @@ COPY microservice microservice
 RUN chmod +x ./mvnw
 # Convert CRLF to LF
 RUN sed -i 's/\r$//' ./mvnw
-# Added -P dev for testing purposes
 RUN ./mvnw package -DskipTests
 RUN mkdir -p target/dependency && (cd target/dependency; jar -xf ../../microservice/target/*.jar)
 
diff --git a/deploy/aks/azure.yaml b/deploy/aks/azure.yaml
@@ -58,4 +58,10 @@ hooks:
       shell: pwsh
       run: ./scripts/easyauth.ps1
       interactive: true
+      continueOnError: false
+  postdown:
+    windows:
+      shell: pwsh
+      run: ./scripts/easyauth-down.ps1
+      interactive: true
       continueOnError: false
diff --git a/deploy/aks/scripts/easyauth-down.ps1 b/deploy/aks/scripts/easyauth-down.ps1
@@ -0,0 +1,21 @@
+$output = azd env get-values
+
+foreach ($line in $output) {
+  if (!$line.Contains('=')) {
+    continue
+  }
+
+  $name, $value = $line.Split("=")
+  $value = $value -replace '^\"|\"$'
+  [Environment]::SetEnvironmentVariable($name, $value)
+}
+
+if($Env:AZURE_USE_EASY_AUTH -eq "true"){
+  Write-Host "Enabled EasyAuth for the AKS Cluster"
+} else {
+  exit 1;
+}
+
+Write-Host "Deleting Entra App ${Env:adAppName}:${Env:AZURE_AD_APP_ID}"
+
+az ad app delete --id "{$Env:AZURE_AD_APP_ID}"
diff --git a/deploy/aks/scripts/easyauth.ps1 b/deploy/aks/scripts/easyauth.ps1
@@ -83,17 +83,6 @@ $appCreationResult = az ad app create --display-name $adAppName --web-home-page-
 $appId = $appCreationResult | Select-Object -ExpandProperty appId
 Write-Host "Created Azure AD application with appId: $appId"
 
-# Retrieve the object ID of the created application
-$appInfo = az ad app show --id $appId -o json | ConvertFrom-Json
-$objectId = $appInfo | Select-Object -ExpandProperty id
-Write-Host "Retrieved object ID: $objectId"
-
-# Update the application to disable the first OAuth2Permission
-#Write-Host "Disabling the first OAuth2Permission"
-#az ad app update --id $appId --set oauth2Permissions[0].isEnabled=false
-# Clear the OAuth2Permissions array
-#az ad app update --id $appId --set oauth2Permissions=[]
-
 # Reset credentials for the Azure AD application to generate a new password
 Write-Host "Resetting credentials for the Azure AD application"
 $credentialResetResult = az ad app credential reset --id $appId -o json | ConvertFrom-Json
@@ -131,11 +120,9 @@ kubectl get pods -n cert-manager
 # Deploy the issuer config to the cluster
 kubectl apply -f ./easyauth/cluster-issuer.yaml
 
-$clientId = $appId
-
 # ---------------------
 # Deploy Easy Auth Proxy
-helm install --set azureAd.tenantId=$azureTenantId --set azureAd.clientId=$clientId --set secret.name=easyauth-proxy-$adAppName-secret --set secret.azureclientsecret=$clientSecret --set appHostName=$appHostName --set tlsSecretName=$tlsSecretName easyauth-proxy ./easyauth/easyauth-proxy
+helm install --set azureAd.tenantId=$azureTenantId --set azureAd.clientId=$appId --set secret.name=easyauth-proxy-$adAppName-secret --set secret.azureclientsecret=$clientSecret --set appHostName=$appHostName --set tlsSecretName=$tlsSecretName easyauth-proxy ./easyauth/easyauth-proxy
 
 # ---------------------
 # Apply proxy ingress rules
