From 6aa62d200adf9e2cd87fa67afd8d607a3c9c923a Mon Sep 17 00:00:00 2001 From: Praveen Kuttappan Date: Tue, 2 Jul 2024 12:25:03 -0400 Subject: [PATCH 1/2] Update contributing guide to add required RBAC roles --- src/dotnet/APIView/APIViewWeb/CONTRIBUTING.md | 21 +++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/src/dotnet/APIView/APIViewWeb/CONTRIBUTING.md b/src/dotnet/APIView/APIViewWeb/CONTRIBUTING.md index 33fdfa8f243..e01542983bf 100644 --- a/src/dotnet/APIView/APIViewWeb/CONTRIBUTING.md +++ b/src/dotnet/APIView/APIViewWeb/CONTRIBUTING.md @@ -99,6 +99,7 @@ Create following Azure resources in your Azure subscription. ### Connect local debugging instance to Azure resource + Following configuration is required to connect local debug instance to Azure resources as well as to setup debugging environment. Below are the steps to follow and required configuration to be added. - Right click on `APIViewWeb` project in `APIView solution` using solution explorer in Visual Studio and select `Manage User Secrets`. @@ -110,12 +111,8 @@ Following configuration is required to connect local debug instance to Azure res "ClientId": "", "ClientSecret": "" }, - "Blob": { - "ConnectionString": "" - }, - "Cosmos": { - "ConnectionString": "" - }, + "StorageAccountUrl": "https://.blob.core.windows.net/", + "CosmosEndpoint": "Cosmos End point URL. For e.g. https://.documents.azure.com:443/", "CosmosDBName": "APIViewV2", "github-access-token": "", "ApiKey": "", @@ -124,6 +121,18 @@ Following configuration is required to connect local debug instance to Azure res "APPCONFIG": "" } +Note: User requires following role based access to storage account and cosmos DB for local debugging and make sure that user is logged in to Azure from Visual studio to access Azure resources. + +- `Storage Blob Contributor` to access storage account +- `DocumentDB Account Contributor` to access Cosmos DB + +### Role based access requierd for deployed instances + +APIView Azure web app instance requires role based access to storage and cosmos DB instances to access using managed identity. Following are the required RBAC roles. + +- `Storage Blob Contributor` to access storage account +- `DocumentDB Account Contributor` to access Cosmos DB + ### Compile TypeScript code APIView web app has some type script code and this needs to be compiled for client side processing. Following are the steps to compile typescript code before starting to debug APIView. From 0700a04cf388887f14fa288dc08a85bf160b4616 Mon Sep 17 00:00:00 2001 From: Praven Kuttappan <55455725+praveenkuttappan@users.noreply.github.com> Date: Mon, 15 Jul 2024 02:24:11 -0400 Subject: [PATCH 2/2] Apply suggestions from code review --- src/dotnet/APIView/APIViewWeb/CONTRIBUTING.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/dotnet/APIView/APIViewWeb/CONTRIBUTING.md b/src/dotnet/APIView/APIViewWeb/CONTRIBUTING.md index e01542983bf..738d451e246 100644 --- a/src/dotnet/APIView/APIViewWeb/CONTRIBUTING.md +++ b/src/dotnet/APIView/APIViewWeb/CONTRIBUTING.md @@ -124,14 +124,14 @@ Following configuration is required to connect local debug instance to Azure res Note: User requires following role based access to storage account and cosmos DB for local debugging and make sure that user is logged in to Azure from Visual studio to access Azure resources. - `Storage Blob Contributor` to access storage account -- `DocumentDB Account Contributor` to access Cosmos DB +- `Cosmos DB Built-in Data Contributor` to access Cosmos DB ### Role based access requierd for deployed instances APIView Azure web app instance requires role based access to storage and cosmos DB instances to access using managed identity. Following are the required RBAC roles. - `Storage Blob Contributor` to access storage account -- `DocumentDB Account Contributor` to access Cosmos DB +- `Cosmos DB Built-in Data Contributor` to access Cosmos DB ### Compile TypeScript code