Section 12 - Deploy the Function Apps

SPARK utilizes function apps to return data from the database for the user logged in. The authentication token is used to ensure only data returned is for the specified user.

Requirements

The Azure Administrator will be required for this step. The user must have:

  • Owner role1 for the subscription
  • Access to the Azure Portal

Security

The function app will utilize a public endpoint, but requires authentication from the SPARK application registration. The SPFx solution will request a token from the application registration which is used as the authentication to call the function app. The function app’s CORS configuration will also allow incoming requests from the SharePoint environment.

Step 1: Create Function App

  1. Browse and log into Azure Portal

Use the correct URL for your environment:

Worldwide (Commercial) & GCC https://portal.azure.com
GCC-High and DoD https://portal.azure.us
  1. Enter function app in the top search navigation
  2. Click on Function App
View Function App
  1. Click on Create
Create Function App
  1. Select the App Service option for hosting
  2. Click on Select
Select Plan
  1. Set the following properties and click on Next
Name Value
Resource Group The resource group created in step 4
Function App name A unique name for the function app service
(Example: sub-spark-fa)
Operating System Windows
Runtime stack PowerShell Core
Version 7.4
Region Select the same region we have been doing
Pricing Plan Basic B1
Create Function App Service
  1. Select the storage account created in step 9, and click on Next
Create Function App Storage
  1. Review the network settings and configure as appropriate for your organization, and click on Next
Create Function App Networking
  1. Review the monitoring settings and configure as appropriate for your organization
  2. Click on Next until you are at the Authentication tab

Enabling application insights may incur additional costs.

Create Function App Monitoring
  1. Set the Authentication type to Managed Identity
  2. Select uami-spark-spoactions from the Managed Identity dropdown
  3. Click on Next until you are at Review + create
  4. Click on Create to create the function app
Create Function App Authentication

Step 2: Configure App Files

  1. Select App files under the Functions section in the left navigation
  2. From the file dropdown, select profile.ps1
  3. Reference the profile.ps1 file, copy the contents and save the changes
  4. Update the profile.ps1 script and set the default $AzureEnvironment value to the appropriate cloud environment. This should be found around line 35.
  5. From the file dropdown, select requirements.psd1
  6. Reference the requirements.psd1 file, copy the contents and save the changes
App Files

Step 3: Configure CORS

  1. Select CORS under the API section in the left navigation
  2. Add the v_spoRootUrl value from the variables spreadsheet to the CORS configuration
  3. Click on Save

This will allow api requests from the SharePoint environment.

CORS

Step 4: Configure Environment Variables

  1. Select Environment variables under the Settings section in the left navigation
  2. Add the following variables shown in the table below
  3. Click on Save
  4. Click on Apply at the bottom after all variables have been saved
Name Value
AzureEnvironment The Azure environment for this tenant. Allowed values:
Commercial
USGovernment
USGovernmentHigh
USGovernmentDoD
ClientId The v_clientId value from the variables spreadsheet
The client id value of the UAMI
SubscriptionId The v_subscriptionId value from the variables spreadsheet
SqlConnectionString The v_sqlConnectionString value from the variables spreadsheet
Environment Variables

Step 5: Configure Identity

  1. Select Identity under the Settings section in the left navigation
  2. Click on the User assigned tab and validate that the uami-spark-spoactions identity is added
  3. If no identity is shown, click on Add and select the uami-spark-spoactions from the dropdown
  4. Click on Add
Identity

Step 6: Get appreg-spark-spoactions Information

  1. Refer to the appreg-spark-spoactions application registration
  2. From the Overview section, annotate the Client Id and Application ID URI values for the next step
App Reg Info

Step 7: Configure Authentication

  1. Select Authentication under the Settings section in the left navigation
  2. Click Add identity provider
Identity Provider
  1. Select Microsoft from the Identity provider dropdown
  2. Fill in the following properties
  3. Click on Add
Name Value
App Registration Type Pick an existing app registration in this directory
Name or app ID appreg-spark-spoactions
Client secret expiration Configure based on your organization rules
Client Application Requirements Allow requests from specific client applications
Allowed Client Applications appreg-spark-spoactions Client Id
SharePoint Online Web Client Extensibility Id:
08e18876-6177-487e-b8b5-cf950c1e598c
Paste each guid as the value in the textbox
Identity Requirement Allow requests from any identity
Tenant Requirement Allow requests only from the issuer tenant
  1. After the identity is added, click on Edit
  2. Set the Client secret setting name to –Remove value
  3. Set the Allowed Token Audiences value to the appreg-spark-spoactions application id uri
  4. Click on Save
Edit Identity Provider

Step 8: Create Functions

  1. Select Overview from the left navigation
  2. Reference the table below and repeat steps 3-5 for each file
  3. Click on Create under the Functions tab
  4. Copy and paste the content from the script file
  5. Click on Save
Function Name Authorization Level File Reference
fx-spark-getallsites Anonymous fx-spark-getallsites
fx-spark-getsitecounts Anonymous fx-spark-getsitecounts
fx-spark-getsitesbyaction Anonymous fx-spark-getsitesbyaction
fx-spark-getsitesbykeyword Anonymous fx-spark-getsitesbykeyword
fx-spark-getsparksites Anonymous fx-spark-getsparksites
fx-spark-updatesparksites Anonymous fx-spark-updatesparksites
Create Function

Continue to creating the SharePoint Pages

References

  1. Reference Link