OIDC secret, spelling fixes

Added support for OIDC secret, required from 2023r2.x onward, available for prior versions.

Azure-ARM/azuredeploy.json

@@ -21,6 +21,10 @@
       "defaultValue": "",
       "type": "String"
     },
+    "ActiveDirectoryClientSecret": {
+      "defaultValue": "",
+      "type": "String"
+    },
     "UsePurview": {
       "defaultValue": "",
       "type": "String"
@@ -185,6 +189,7 @@
 
     "UPDATEAAD":"[parameters('ActiveDirectoryCreateApp')]",
     "CLIENTID":"[parameters('ActiveDirectoryClientId')]",
+    "CLIENTSECRET":"[parameters('ActiveDirectoryClientSecret')]",
     "OIDCURL":"[concat('https://login.microsoftonline.com/',subscription().tenantId)]",
 
     "KubernetesVersion":"[parameters('KubernetesVersion')]",
@@ -724,6 +729,10 @@
                         "name": "CLIENTID",
                         "value": "[variables('CLIENTID')]"
                     },
+                    {
+                        "name": "CLIENTSECRET",
+                        "value": "[variables('CLIENTSECRET')]"
+                    },
                     {
                         "name": "CONFIGUREHTTPS",
                         "value": "[variables('CONFIGUREHTTPS')]"

Azure-ARM/azuredeploy.parameters.json

@@ -20,6 +20,9 @@
         "ActiveDirectoryClientId": {
             "value": ""
         },
+        "ActiveDirectoryClientSecret": {
+            "value": ""
+        },
         "PurviewUrl": {
             "value": ""
         },

Azure-ARM/createUIDefinition.json

@@ -131,13 +131,17 @@
                   "value": "profiseeplatform:2023r1.0"
                 },
                 {
-                  "label": "2023R1.0-131091",
-                  "value": "profiseeplatform:2023r1-131091"
+                  "label": "2023R2.preview",
+                  "value": "profiseeplatform:2023r2.preview"
                 },
-		{
-		  "label": "2023R2.preview-win22",
-		  "value": "profiseeplatform:2023r2.preview-win22"
-		}                
+                {
+                  "label": "2023R2.preview-win19",
+                  "value": "profiseeplatform:2023r2.preview-win19"
+                },
+                {
+                  "label": "2023R2.preview-win22",
+                  "value": "profiseeplatform:2023r2.preview-win22"
+                }
               ]
             },
             "visible": true
@@ -223,7 +227,7 @@
             "visible": true
           },
           {
-            "name": "UserSuppliedClientyId",
+            "name": "UserSuppliedClientId",
             "type": "Microsoft.Common.Section",
             "label": "",
             "elements": [
@@ -243,6 +247,27 @@
             ],
             "visible": "[equals(steps('profisee').ActiveDirectoryCreateApp,'No')]"
           },
+          {
+            "name": "UserSuppliedClientSecret",
+            "type": "Microsoft.Common.Section",
+            "label": "",
+            "elements": [
+              {
+                "name": "ActiveDirectoryClientSecret",
+                "type": "Microsoft.Common.TextBox",
+                "label": "Application Registration Client Secret",
+                "defaultValue": "",
+                "toolTip": "Please provide the client secret of the Azure AD application to be used by Profisee for authentication.",
+                "constraints": {
+                  "required": "[or(equals(steps('profisee').ProfiseeVersion, 'profiseeplatform:2023r2.preview'), equals(steps('profisee').ProfiseeVersion, 'profiseeplatform:2023r2.preview-win19'), equals(steps('profisee').ProfiseeVersion, 'profiseeplatform:2023r2.preview-win22'))]",
+                  "regex": "",
+                  "validationMessage": ""
+                },
+                "visible": true
+              }
+            ],
+            "visible": "[equals(steps('profisee').ActiveDirectoryCreateApp,'No')]"
+          },
           {
             "name": "UsePurview",
             "type": "Microsoft.Common.OptionsGroup",
@@ -262,7 +287,7 @@
               ],
               "required": true
             },
-            "visible": "[or(equals(steps('profisee').ProfiseeVersion, 'profiseeplatform:2021r2.0'), equals(steps('profisee').ProfiseeVersion, 'profiseeplatform:2021r2.1'), equals(steps('profisee').ProfiseeVersion, 'profiseeplatform:2021r3.0'), equals(steps('profisee').ProfiseeVersion, 'profiseeplatform:2022r1.0'), equals(steps('profisee').ProfiseeVersion, 'profiseeplatform:2022r2.0'), equals(steps('profisee').ProfiseeVersion, 'profiseeplatform:2023r1.0'), equals(steps('profisee').ProfiseeVersion, 'profiseeplatform:2023r1-131091'))]"
+            "visible": "[or(equals(steps('profisee').ProfiseeVersion, 'profiseeplatform:2021r2.0'), equals(steps('profisee').ProfiseeVersion, 'profiseeplatform:2021r2.1'), equals(steps('profisee').ProfiseeVersion, 'profiseeplatform:2021r3.0'), equals(steps('profisee').ProfiseeVersion, 'profiseeplatform:2022r1.0'), equals(steps('profisee').ProfiseeVersion, 'profiseeplatform:2022r2.0'), equals(steps('profisee').ProfiseeVersion, 'profiseeplatform:2023r1.0'), equals(steps('profisee').ProfiseeVersion, 'profiseeplatform:2023r2.preview'), equals(steps('profisee').ProfiseeVersion, 'profiseeplatform:2023r2.preview-win19'), equals(steps('profisee').ProfiseeVersion, 'profiseeplatform:2023r2.preview-win22'))]"
           },
           {
             "name": "PurviewAccountName",
@@ -298,7 +323,7 @@
               "regex": "",
               "validationMessage": ""
             },
-            "visible": "[and(equals(steps('profisee').UsePurview,'Yes'), or(equals(steps('profisee').ProfiseeVersion, 'profiseeplatform:2022r2.0'), equals(steps('profisee').ProfiseeVersion, 'profiseeplatform:2023r1.0'), equals(steps('profisee').ProfiseeVersion, 'profiseeplatform:2023r1-131091')))]"
+            "visible": "[and(equals(steps('profisee').UsePurview,'Yes'), or(equals(steps('profisee').ProfiseeVersion, 'profiseeplatform:2022r2.0'), equals(steps('profisee').ProfiseeVersion, 'profiseeplatform:2023r1.0'), equals(steps('profisee').ProfiseeVersion, 'profiseeplatform:2023r2.preview'), equals(steps('profisee').ProfiseeVersion, 'profiseeplatform:2023r2.preview-win19'), equals(steps('profisee').ProfiseeVersion, 'profiseeplatform:2023r2.preview-win22')))]"
           },
           {
             "name": "PurviewClientID",
@@ -394,6 +419,27 @@
             },
             "visible": true
           },
+          {
+            "name": "EnableDefenderProfile",
+            "type": "Microsoft.Common.OptionsGroup",
+            "label": "Enable Defender Profile",
+            "defaultValue": "Local Accounts with Kubernetes RBAC",
+            "toolTip": "Enable Microsoft Defender security profile.",
+            "constraints": {
+              "allowedValues": [
+                {
+                  "label": "No",
+                  "value": "false"
+                },
+                {
+                  "label": "Yes",
+                  "value": "True"
+                }
+              ],
+              "required": true
+            },
+            "visible": true
+          },
           {
             "name": "KubernetesLinuxNodeSizeSection",
             "type": "Microsoft.Common.Section",
@@ -977,7 +1023,8 @@
       "ProfiseeAdminUserAccount": "[steps('profisee').ProfiseeAdminUserAccount]",
       "ProfiseeLicense": "[if(equals(steps('profisee').UseKeyVault, 'Yes'), steps('profisee').ProfiseeLicenseSecret, steps('profisee').ProfiseeLicense)]",
       "ActiveDirectoryCreateApp": "[steps('profisee').ActiveDirectoryCreateApp]",
-      "ActiveDirectoryClientId": "[steps('profisee').UserSuppliedClientyId.ActiveDirectoryClientId]",
+      "ActiveDirectoryClientId": "[steps('profisee').UserSuppliedClientId.ActiveDirectoryClientId]",
+      "ActiveDirectoryClientSecret": "[steps('profisee').UserSuppliedClientId.ActiveDirectoryClientSecret]",
       "KubernetesClusterName": "[steps('kubernetes').KubernetesClusterName]",
       "KubernetesVersion": "[steps('kubernetes').KubernetesVersion]",
       "KubenetesInfrastructureResourceGroupName": "[steps('kubernetes').KubenetesInfrastructureResourceGroupName]",
@@ -1022,4 +1069,4 @@
       "ProfiseeWebAppName": "[steps('profisee').ProfiseeWebAppName]"
     }
   }
-}
+}

Azure-ARM/deployprofisee.sh

@@ -386,6 +386,22 @@ if [ "$UPDATEAAD" = "Yes" ]; then
 		echo $"saml2Token claim is now '$appregsaml2tokengroupsclaimpresent'"
 	    echo "Update of the application registration's token configuration finished."
 	fi
+	#Create application Registration secret to be used for Authentication.
+	echo $"Let's check to see if an application registration secret has been created for Profisee, we'll recreate it if it is present as it can only be acquired during creation."
+    appregsecretpresent=$(az ad app list --app-id $CLIENTID --query "[].passwordCredentials[].displayName" -o tsv)
+	if [ "$appregsecretpresent" = "Profisee env in cluster $CLUSTERNAME" ]; then
+	    echo $"Application registration secret for 'Profisee in cluster $CLUSTERNAME' is already present, but need to recreate it. Acquiring secret ID so it can be deleted."
+		appregsecretid=$(az ad app list --app-id $CLIENTID --query "[].passwordCredentials[?displayName=='Profisee env in cluster $CLUSTERNAME'].keyId | [0]" -o tsv)
+		echo $"Application registration secret ID is $appregsecretid, deleting it."
+		az ad app credential delete --id $CLIENTID --key-id $appregsecretid
+		echo $"Application registration secret ID $appregsecretid has been deleted."
+		echo "Creating new application registration secret now."
+		OIDCCLIENTSECRET=$(az ad app credential reset --id $CLIENTID --append --display-name "Profisee env in cluster $CLUSTERNAME" --years 2 --query "password" -o tsv)
+	else
+	    echo "Secret for cluster $CLUSTERNAME does not exist, creating it."
+	    echo "Creating new application registration secret now."
+		OIDCCLIENTSECRET=$(az ad app credential reset --id $CLIENTID --append --display-name "Profisee env in cluster $CLUSTERNAME" --years 2 --query "password" -o tsv)
+	fi
 fi
 
 #If not supplied, acquire storage account credentials.