1.0.0 • Published 3 years ago

maitsa-service v1.0.0

Weekly downloads
-
License
ISC
Repository
-
Last release
3 years ago

Service Template

Architecture

Business logic in src/service

Controllers (src/api/controller) are triggered by either service bus (src/api/service-bus) or express routers (src/api/routes)

Development & Deployment

Install Dependencies

npm i

Start Service

npm start

Testing Framework

We use Mocha and Chai with Chai-Http. This combination allows us to first start the server (load key vault values, start Express, ...) and then programmatically simulate requests.

Tests are coded in ./tests and allow for TypeScript.

npm test

Tests will automatically be processed with every Docker build (see Dockerfile)

Environmental Variables

NODE_ENV=development
PORT=3005

AZURE_KEYVAULT_URI=https://backend-key-vault.vault.azure.net/
AZURE_CLIENT_ID=<CLIENT ID>
AZURE_CLIENT_SECRET=<SECRET>
AZURE_TENANT_ID=bf2e212e-cf03-4606-beaf-7715d6f28009

Docker Deployment

sudo docker build . -t digicust/<service-name>
sudo docker run --env-file ./.env -d digicust/<service-name>

CI/CD on Azure

1. Dockerhub

Create docker repository via https://hub.docker.com/repository/create

Choose "Private Repository" and add a build rule for branch "Master" and choose "Dockerfile".

2. Azure App Service

Create new Azure App Service. Choose option Publish=Docker Container, OS=Linux, Region=Germany West Central. In the next config page choose Options=Single Container, Image Source=Private Registry (we faced issues with using directly Dockerhub). For Server URL choose "https://index.docker.io/", for user "1445442" and our password.Field "Image and Tag" is in the format: "1445442/digicust-:latest". Leave "startup command" empty. In the Tags-Tab choose use=backend, service=

In the app service, navigate to "Deployment Center"/"Settings" and copy the Webhook URL and add it to Dockerhub.

3. Create Active Directory Identity

Navigate to Azure/Active Directory/App Registrations/New Registration. Choose "Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)". Click "Register". Navigate to Token Configuration and add group claims.. Navigate to "Expose an API" and "add a scope". Create new scope with name "CustomersDelegated". Add this scope as API permission to all relevant applications (e.g. "neo-frontend" and "test-customer-application") and add admin consent.Navigate to Certificates and Secrets and create a new client secret.

4. Add Environmental Config

Navigate to App Service/Configuration and add the following env variables:

NODE_ENV=production
PORT=80
AZURE_KEYVAULT_URI=https://backend-key-vault.vault.azure.net/
AZURE_CLIENT_ID=<AD CLIENT ID>
AZURE_CLIENT_SECRET=<AD CLIENT SECRET>
AZURE_TENANT_ID=bf2e212e-cf03-4606-beaf-7715d6f28009

4. Add to Key Vault

Navigate to backend key vault and add role assignment "Key Vault Secrets User" to the service identity via Access Control.

5. Add to Application Gateway

Navigate to the Azure Application Gateway. Create backend-pool with the app service as target. Next, create health probe with host of format ".azurewebsites.net" and path "/". Next, create a HTTP setting with port 80, "Pick host name from backend target" and custom probe. Now, navigate to "Rules"/microservices/Backend Targets and add new target with the route "/*" and the previously defined target pool and http setting. Service should be online, check for backend health.

Should get online within minutes on https://api.digicust.com/

@azure/identity@azure/keyvault-keys@azure/keyvault-secrets@azure/service-busasync-retryaxiosbody-parsercorsdigicust_helpersdigicust_typesdotenvexpressmorganpassport
1.0.0

3 years ago