Skip to content

Commit 0556748

Browse files
committed
change managed app quickstart
1 parent 80662a5 commit 0556748

File tree

4 files changed

+116
-103
lines changed

4 files changed

+116
-103
lines changed

.openpublishing.redirection.json

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5493,7 +5493,12 @@
54935493
},
54945494
{
54955495
"source_path": "articles/managed-applications/publish-managed-app-definition-quickstart.md",
5496-
"redirect_url": "/azure/azure-resource-manager/managed-applications/publish-managed-app-definition-quickstart",
5496+
"redirect_url": "/azure/azure-resource-manager/managed-applications/publish-service-catalog-app",
5497+
"redirect_document_id": false
5498+
},
5499+
{
5500+
"source_path": "articles/azure-resource-manager/managed-applications/publish-managed-app-definition-quickstart.md",
5501+
"redirect_url": "/azure/azure-resource-manager/managed-applications/publish-service-catalog-app",
54975502
"redirect_document_id": false
54985503
},
54995504
{

articles/azure-resource-manager/managed-applications/publish-managed-app-definition-quickstart.md

Lines changed: 0 additions & 72 deletions
This file was deleted.

articles/azure-resource-manager/managed-applications/publish-service-catalog-app.md

Lines changed: 109 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -3,31 +3,27 @@ title: Publish service catalog managed app
33
description: Shows how to create an Azure managed application that is intended for members of your organization.
44
author: tfitzmac
55

6-
ms.topic: tutorial
7-
ms.date: 10/04/2018
6+
ms.topic: quickstart
7+
ms.date: 04/13/2020
88
ms.author: tomfitz
99
---
10-
# Tutorial: Create and publish a managed application definition
10+
# Quickstart: Create and publish a managed application definition
1111

12-
[!INCLUDE [updated-for-az](../../../includes/updated-for-az.md)]
12+
This quickstart provides an introduction to working with [Azure Managed Applications](overview.md). You can create and publish a managed application that is intended for members of your organization.
1313

14-
You can create and publish Azure [managed applications](overview.md) that are intended for members of your organization. For example, an IT department can publish managed applications that fulfill organizational standards. These managed applications are available through the service catalog, not the Azure marketplace.
15-
16-
To publish a managed application to your Azure Service Catalog, you must:
14+
To publish a managed application to your service catalog, you must:
1715

1816
* Create a template that defines the resources to deploy with the managed application.
1917
* Define the user interface elements for the portal when deploying the managed application.
2018
* Create a .zip package that contains the required template files.
2119
* Decide which user, group, or application needs access to the resource group in the user's subscription.
2220
* Create the managed application definition that points to the .zip package and requests access for the identity.
2321

24-
For this article, your managed application has only a storage account. It's intended to illustrate the steps of publishing a managed application. For complete examples, see [Sample projects for Azure managed applications](sample-projects.md).
25-
26-
The PowerShell examples in this article require Azure PowerShell 6.2 or later. If needed, [update your version](/powershell/azure/install-Az-ps).
22+
[!INCLUDE [cloud-shell-try-it.md](../../../includes/cloud-shell-try-it.md)]
2723

28-
## Create the resource template
24+
## Create the ARM template
2925

30-
Every managed application definition includes a file named **mainTemplate.json**. In it, you define the Azure resources to deploy. The template is no different than a regular Resource Manager template.
26+
Every managed application definition includes a file named **mainTemplate.json**. In it, you define the Azure resources to deploy. The template is no different than a regular Azure Resource Manager (ARM) template.
3127

3228
Create a file named **mainTemplate.json**. The name is case-sensitive.
3329

@@ -55,30 +51,30 @@ Add the following JSON to your file. It defines the parameters for creating a st
5551
"resources": [
5652
{
5753
"type": "Microsoft.Storage/storageAccounts",
54+
"apiVersion": "2019-06-01",
5855
"name": "[variables('storageAccountName')]",
59-
"apiVersion": "2016-01-01",
6056
"location": "[parameters('location')]",
6157
"sku": {
6258
"name": "[parameters('storageAccountType')]"
6359
},
64-
"kind": "Storage",
60+
"kind": "StorageV2",
6561
"properties": {}
6662
}
6763
],
6864
"outputs": {
6965
"storageEndpoint": {
7066
"type": "string",
71-
"value": "[reference(resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName')), '2016-01-01').primaryEndpoints.blob]"
67+
"value": "[reference(resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName')), '2019-06-01').primaryEndpoints.blob]"
7268
}
7369
}
7470
}
7571
```
7672

7773
Save the mainTemplate.json file.
7874

79-
## Defining your create experience using CreateUiDefinition.json
75+
## Define your create experience
8076

81-
As a publisher, you define your create experience using the **createUiDefinition.json** file which generates the interface for users creating managed applications. You define how users provide input for each parameter using [control elements](create-uidefinition-elements.md) including drop-downs, text boxes, and password boxes.
77+
As a publisher, you define the portal experience for creating the managed application. The **createUiDefinition.json** file generates the portal interface. You define how users provide input for each parameter using [control elements](create-uidefinition-elements.md) including drop-downs, text boxes, and password boxes.
8278

8379
Create a file named **createUiDefinition.json** (This name is case-sensitive)
8480

@@ -137,58 +133,116 @@ To learn more, see [Get started with CreateUiDefinition](create-uidefinition-ove
137133

138134
## Package the files
139135

140-
Add the two files to a .zip file named app.zip. The two files must be at the root level of the .zip file. If you put them in a folder, you receive an error when creating the managed application definition that states the required files aren't present.
136+
Add the two files to a .zip file named app.zip. The two files must be at the root level of the .zip file. If you put them in a folder, you receive an error when creating the managed application definition that states the required files aren't present.
141137

142-
Upload the package to an accessible location from where it can be consumed.
138+
Upload the package to an accessible location from where it can be consumed. You'll need to provide a unique name for the storage account.
143139

144-
```powershell
140+
# [PowerShell](#tab/azure-powershell)
141+
142+
```azurepowershell-interactive
145143
New-AzResourceGroup -Name storageGroup -Location eastus
146-
$storageAccount = New-AzStorageAccount -ResourceGroupName storageGroup `
144+
145+
$storageAccount = New-AzStorageAccount `
146+
-ResourceGroupName storageGroup `
147147
-Name "mystorageaccount" `
148148
-Location eastus `
149149
-SkuName Standard_LRS `
150-
-Kind Storage
150+
-Kind StorageV2
151151
152152
$ctx = $storageAccount.Context
153153
154154
New-AzStorageContainer -Name appcontainer -Context $ctx -Permission blob
155155
156-
Set-AzStorageBlobContent -File "D:\myapplications\app.zip" `
156+
Set-AzStorageBlobContent `
157+
-File "D:\myapplications\app.zip" `
157158
-Container appcontainer `
158159
-Blob "app.zip" `
159160
-Context $ctx
160161
```
161162

163+
# [Azure CLI](#tab/azure-cli)
164+
165+
```azurecli-interactive
166+
az group create --name storageGroup --location eastus
167+
168+
az storage account create \
169+
--name mystorageaccount \
170+
--resource-group storageGroup \
171+
--location eastus \
172+
--sku Standard_LRS \
173+
--kind StorageV2
174+
175+
az storage container create \
176+
--account-name mystorageaccount \
177+
--name appcontainer \
178+
--public-access blob
179+
180+
az storage blob upload \
181+
--account-name mystorageaccount \
182+
--container-name appcontainer \
183+
--name "app.zip" \
184+
--file "D:\myapplications\app.zip"
185+
186+
```
187+
188+
---
189+
162190
## Create the managed application definition
163191

164192
### Create an Azure Active Directory user group or application
165193

166-
The next step is to select a user group or application for managing the resources on behalf of the customer. This user group or application has permissions on the managed resource group according to the role that is assigned. The role can be any built-in Role-Based Access Control (RBAC) role like Owner or Contributor. You also can give an individual user permission to manage the resources, but typically you assign this permission to a user group. To create a new Active Directory user group, see [Create a group and add members in Azure Active Directory](../../active-directory/fundamentals/active-directory-groups-create-azure-portal.md).
194+
The next step is to select a user group, user, or application for managing the resources on behalf of the customer. This identity has permissions on the managed resource group according to the role that is assigned. The role can be any built-in Role-Based Access Control (RBAC) role like Owner or Contributor. To create a new Active Directory user group, see [Create a group and add members in Azure Active Directory](../../active-directory/fundamentals/active-directory-groups-create-azure-portal.md).
167195

168196
You need the object ID of the user group to use for managing the resources.
169197

198+
# [PowerShell](#tab/azure-powershell)
199+
170200
```powershell
171201
$groupID=(Get-AzADGroup -DisplayName mygroup).Id
172202
```
173203

204+
# [Azure CLI](#tab/azure-cli)
205+
206+
```azurecli-interactive
207+
groupid=$(az ad group show --group mygroup --query objectId --output tsv)
208+
```
209+
174210
### Get the role definition ID
175211

176212
Next, you need the role definition ID of the RBAC built-in role you want to grant access to the user, user group, or application. Typically, you use the Owner or Contributor or Reader role. The following command shows how to get the role definition ID for the Owner role:
177213

214+
# [PowerShell](#tab/azure-powershell)
215+
178216
```powershell
179217
$ownerID=(Get-AzRoleDefinition -Name Owner).Id
180218
```
181219

220+
# [Azure CLI](#tab/azure-cli)
221+
222+
```azurecli-interactive
223+
ownerid=$(az role definition list --name Owner --query [].name --output tsv)
224+
```
225+
182226
### Create the managed application definition
183227

184228
If you don't already have a resource group for storing your managed application definition, create one now:
185229

230+
# [PowerShell](#tab/azure-powershell)
231+
186232
```powershell
187233
New-AzResourceGroup -Name appDefinitionGroup -Location westcentralus
188234
```
189235

236+
# [Azure CLI](#tab/azure-cli)
237+
238+
```azurecli-interactive
239+
az group create --name appDefinitionGroup --location westcentralus
240+
```
241+
190242
Now, create the managed application definition resource.
191243

244+
# [PowerShell](#tab/azure-powershell)
245+
192246
```powershell
193247
$blob = Get-AzStorageBlob -Container appcontainer -Blob app.zip -Context $ctx
194248
@@ -203,18 +257,44 @@ New-AzManagedApplicationDefinition `
203257
-PackageFileUri $blob.ICloudBlob.StorageUri.PrimaryUri.AbsoluteUri
204258
```
205259

260+
# [Azure CLI](#tab/azure-cli)
261+
262+
```azurecli-interactive
263+
az managedapp definition create \
264+
--name "ManagedStorage" \
265+
--location "westcentralus" \
266+
--resource-group appDefinitionGroup \
267+
--lock-level ReadOnly \
268+
--display-name "Managed Storage Account" \
269+
--description "Managed Azure Storage Account" \
270+
--authorizations "$groupid:$ownerid" \
271+
--package-file-uri "https://github.com/Azure/azure-managedapp-samples/raw/master/Managed%20Application%20Sample%20Packages/201-managed-storage-account/managedstorage.zip"
272+
```
273+
274+
When the command completes, you have a managed application definition in your resource group.
275+
276+
Some of the parameters used in the preceding example are:
277+
278+
* **resource group**: The name of the resource group where the managed application definition is created.
279+
* **lock level**: The type of lock placed on the managed resource group. It prevents the customer from performing undesirable operations on this resource group. Currently, ReadOnly is the only supported lock level. When ReadOnly is specified, the customer can only read the resources present in the managed resource group. The publisher identities that are granted access to the managed resource group are exempt from the lock.
280+
* **authorizations**: Describes the principal ID and the role definition ID that are used to grant permission to the managed resource group. It's specified in the format of `<principalId>:<roleDefinitionId>`. If more than one value is needed, specify them in the form `<principalId1>:<roleDefinitionId1> <principalId2>:<roleDefinitionId2>`. The values are separated by a space.
281+
* **package file URI**: The location of a .zip package that contains the required files.
282+
206283
## Bring your own storage for the managed application definition
284+
207285
You can choose to store your managed application definition within a storage account provided by you during creation so that it's location and access can be fully managed by you for your regulatory needs.
208286

209287
> [!NOTE]
210288
> Bring your own storage is only supported with ARM Template or REST API deployments of the managed application definition.
211289
212290
### Select your storage account
291+
213292
You must [create a storage account](../../storage/common/storage-account-create.md) to contain your managed application definition for use with Service Catalog.
214293

215294
Copy the storage account's resource ID. It will be used later when deploying the definition.
216295

217296
### Set the role assignment for "Appliance Resource Provider" in your storage account
297+
218298
Before your managed application definition can be deployed to your storage account, you must give contributor permissions to the **Appliance Resource Provider** role so that it can write the definition files to your storage account's container.
219299

220300
1. In the [Azure portal](https://portal.azure.com), navigate to your storage account.
@@ -305,11 +385,13 @@ You can verify that the application definition files are saved in your provided
305385
> [!NOTE]
306386
> For added security, you can create a managed applications definition store it in an [Azure storage account blob where encryption is enabled](../../storage/common/storage-service-encryption.md). The definition contents are encrypted through the storage account's encryption options. Only users with permissions to the file can see the definition in Service Catalog.
307387
308-
### Make sure users can see your definition
388+
## Make sure users can see your definition
309389

310390
You have access to the managed application definition, but you want to make sure other users in your organization can access it. Grant them at least the Reader role on the definition. They may have inherited this level of access from the subscription or resource group. To check who has access to the definition and add users or groups, see [Use Role-Based Access Control to manage access to your Azure subscription resources](../../role-based-access-control/role-assignments-portal.md).
311391

312392
## Next steps
313393

314-
* To publish your managed application to the Azure Marketplace, see [Azure managed applications in the Marketplace](publish-marketplace-app.md).
315-
* To deploy a managed application instance, see [Deploy service catalog app through Azure portal](deploy-service-catalog-quickstart.md).
394+
You've published the managed application definition. Now, learn how to deploy an instance of that definition.
395+
396+
> [!div class="nextstepaction"]
397+
> [Quickstart: Deploy service catalog app](deploy-service-catalog-quickstart.md)

articles/azure-resource-manager/managed-applications/toc.yml

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -8,13 +8,11 @@
88
expanded: true
99
items:
1010
- name: Publish application definition
11-
href: publish-managed-app-definition-quickstart.md
11+
href: publish-service-catalog-app.md
1212
- name: Deploy service catalog app
1313
href: deploy-service-catalog-quickstart.md
1414
- name: Tutorials
1515
items:
16-
- name: Create definition files
17-
href: publish-service-catalog-app.md
1816
- name: Publish marketplace application
1917
href: publish-marketplace-app.md
2018
- name: Create managed application with custom provider

0 commit comments

Comments
 (0)