Skip to main content

Deploy Azure functions for Splunk via Azure DevOps Pipelines

This is a guide for Deploy Azure functions for Splunk via Azure DevOps Pipelines, follow these steps:

  • Login to your azure account and open your portal home page
  • Go to your Subscriptions page
  • Select the subscription you will use for deployment from Azure DevOps, take note of the Subscription name and Subscription ID , here we will name it [[SUBSCRIPTION_NAME]] and [[SUBSCRIPTION_ID]]
  • Create a Service Principal in Azure CLI, execute this command, provide the service principal name, here we will name it : [[ServicePrincipalName]]
az ad sp create-for-rbac -n [[ServicePrincipalName]]
  • The result is a JSON output like this:
{
  "appId": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
  "displayName": "[[ServicePrincipalName]]",
  "password": "this-is-the-service-principal-password",
  "tenant": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee"
}

 

  • Take note of the appId, password and tenant, as they will be used later
  • Grant Contributor permission to this service principal, in the Azure portal: go to Subscriptions and click on the subscription you will use for deployment from Azure DevOps
  • In the left pane, select Access control (IAM), then click on Add role assignment
  • Go to the tab Privileged administrator roles and select the role Contributor, click Next
  • Click Select members, filter the members list with the name of the new Service Principal, click on the Service Principal, click Select, click Next, then click Review + assign
  • Create a resource group for the deployed application, take note of the name of this resource group, here we will name it [[DEPLOYMENT_RESOURCE_GROUP]]

 

  • Create a Key Vault in the new resource group, take note of the name of the Key Vault, here we will name it [[KEY_VAULT_NAME]]
  • Open the new Key Vault, go to group Settings - Access configuration, the check the option Azure Resource Manager for template deployment, then click button Apply
  • Add three secrets with the values for access to the Teams application:
    • TenantID
    • ClientID
    • ClientSecret
  • In order to make this steps more simple, use a GitHub account linked to the same email in your Azure DevOps account
  • Login to https://dev.azure.com, use the login option "Login with GitHub" and use GitHub account we mentioned before, accept to link your Github account with Azure DevOps
  • Select or create a new project
  • You will create a service connection, go to Project settings below the left pane, then go to Service connections, click on New service connection
  • Select Azure Resource Manager, click Next
  • Select Service principal (manual), click Next
  • Fill in the configuration with the collected data in previous steps:
    • Environment = Azure Cloud
    • Scope Level = Subscription
    • Subscription Id = collected [[SUBSCRIPTION_ID]]
    • Subscription Name = collected [[SUBSCRIPTION_NAME]]
    • Service Principal Id = appId from the creation of the new Service Principal
    • Authentication = Service Principal Key
    • Service Principal Key = password from the creation of the new Service Principal
    • Tenant ID = tenant from the creation of the new Service Principal
    • Service connection name = provide the name for the connection, here we will name it [[SERVICE_CONNECTION_NAME]]
  • Click the button Verify and after successful check click Verify and save
  • Create a fork of this repository in your account
  • Clone the forked repository in your local machine
  • Select a name for the deployed functions, here we will name it [[DEPLOYED_FUNCTIONS_SPLUNK_GRAPH]]
  • Add the following file for configuration of parameters, replace all the configuration values collected before:

graph\deploy\parameters.json

{
	"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
	"contentVersion": "1.0.0.0",
	"parameters": {
		"appName": {
			"value": "[[DEPLOYED\_FUNCTIONS\_SPLUNK\_GRAPH]]"
		},
		"TenantID": {
			"reference": {
				"keyVault": {
					"id": "/subscriptions/[[SUBSCRIPTION\_ID]]/resourceGroups/[[DEPLOYMENT\_RESOURCE\_GROUP]]/providers/Microsoft.KeyVault/vaults/[[KEY\_VAULT\_NAME]]"
				},
				"secretName": "TenantID"
			}
		},
		"ClientID": {
			"reference": {
				"keyVault": {
					"id": "/subscriptions/[[SUBSCRIPTION\_ID]]/resourceGroups/[[DEPLOYMENT\_RESOURCE\_GROUP]]/providers/Microsoft.KeyVault/vaults/[[KEY\_VAULT\_NAME]]"
				},
				"secretName": "ClientID"
			}
		},
		"ClientSecret": {
			"reference": {
				"keyVault": {
					"id": "/subscriptions/[[SUBSCRIPTION\_ID]]/resourceGroups/[[DEPLOYMENT\_RESOURCE\_GROUP]]/providers/Microsoft.KeyVault/vaults/[[KEY\_VAULT\_NAME]]"
				},
				"secretName": "ClientSecret"
			}
		}
	}
}

  • Go to the forked repository in Github, navigate to the file graph/deploy/azureDeploy.json,
    click on the button "Raw"
  • copy the URL you just opened
  • The URL will be similar to this:
https://raw.githubusercontent.com/[[GITHUB\_ACCOUNT\_ID]]/[[FORKED\_REPOSITORY]]/master/graph/deploy/azureDeploy.json
  • In this URL you must replace your [[GITHUB_ACCOUNT_ID]] and your [[FORKED_REPOSITORY]]
  • Based on this URL you will add one more similar URL for the file parameters.json:
https://raw.githubusercontent.com/[[GITHUB\_ACCOUNT\_ID]]/[[FORKED\_REPOSITORY]]/master/graph/deploy/parameters.json
  • Select a name for the deployment, here we will name it [[DEPLOY_AZURE_FUNCTIONS_SPLUNK_APP]]
  • Select a name for the deployed application, here we will name it [[DEPLOYED_FUNCTIONS_SPLUNK_GRAPH]]
  • Add file for CI/CD, replace all the configuration values collected before, note that the file "parameters.json" doesn't exist yet but it will be committed soon:

azure-pipelines.yml

# Starter pipeline
# Start with a minimal pipeline that you can customize to build and deploy your code.
# Add steps that build, run tests, deploy, and more:
# https://aka.ms/yaml

trigger:
- master

pool:
  vmImage: ubuntu-latest

steps:
- task: AzureResourceManagerTemplateDeployment@3
  inputs:
    deploymentScope: 'Resource Group'
    azureResourceManagerConnection: '[[SERVICE\_CONNECTION\_NAME]]'
    subscriptionId: '[[SUBSCRIPTION\_ID]]'
    action: 'Create Or Update Resource Group'
    resourceGroupName: '[[DEPLOYMENT\_RESOURCE\_GROUP]]'
    location: 'North Europe'
    templateLocation: 'URL of the file'
    csmFileLink: 'https://raw.githubusercontent.com/[[GITHUB\_ACCOUNT\_ID]]/[[FORKED\_REPOSITORY]]/master/graph/deploy/azureDeploy.json'
    csmParametersFileLink: 'https://raw.githubusercontent.com/[[GITHUB\_ACCOUNT\_ID]]/[[FORKED\_REPOSITORY]]/master/graph/deploy/parameters.json'
    overrideParameters: '-appName [[DEPLOYED\_FUNCTIONS\_SPLUNK\_GRAPH]]'
    deploymentMode: 'Incremental'
    deploymentName: '[[DEPLOY\_AZURE\_FUNCTIONS\_SPLUNK\_APP]]'

  • Commit these files and push to your forked repository
  • Go to https://dev.azure.com open your project, go to Pipelines, click on New pipeline, in tab Connect select GitHub
  • In tab Select select your forked repository, you may be prompted Approve & Install Azure Pipelines, approve this and any other prompt
  • Next select Existing Azure Pipelines YAML file and then select the branch and the file azure-pipelines.yml (maybe this step is done automatically)
  • In the last step click Run

  • On the first execution you need to grant permissions on the service connection, click on the button View
  • The click on the button Permit
  • When the pipeline is done executing, review your azure resources, the new functions should be added to the selected resource group
  • After this, any commit to the forked repository will trigger a pipeline, the pipelines can be triggered manually as well