-
Notifications
You must be signed in to change notification settings - Fork 17
Setup: Configurations
Pratik Bhattacharya edited this page Dec 19, 2021
·
4 revisions
In this section we will show the different types of configurations needed for running the Feature Flighting System
Most of the configurations are stored in Azure App Configuration and not in the App Service. Here are the configurations
{
"AllowedHosts": "*",
"Application": {
"CorrelationIdHeaderKey": "<<Header for getting the correlation ID. Use Default - x-correlationId>>",
"EndToEndTrackingHeaderKey": "<<Header for getting the Transaction ID. Use Default - x-e2e-id>>",
"Environment": "<<Environment. Values - Production or NonProduction)>>",
"TenantIdHeaderKey": "<<Header for getting the client tenant idUse . Default - x-application>",
"TransactionIdHeaderKey": "<<Header for getting the Transaction ID. Use Default - x-messageid>>"
},
"ApplicationInsights": {
"InstrumentationKey": "__INSTRUMENTATION_KEY_OF_YOUR_APPLICATION_INSIGHTS__",
"TraceLevel": "0"
},
"Authentication": {
"AdditionalAudiences": "<<Comma-separated AAD Application IDs that will be used as Audience>>",
"Audience": "<<AAD Application ID that will be the primary audience>>",
"Authority": "<<AAD authority in ADAL format (for MS tenant - https://login.microsoftonline.com/microsoft.onmicrosoft.com)>>",
"AuthorityV2": "<<AAD authority in MSAL format (for MS tenant - https://login.microsoftonline.com/microsoft.onmicrosoft.com/v2.0)>>"
},
"Authorization": {
"AdminClaimType": "<<RBAC Resource name for Exprimentation Admins. Use default - Experimentation>>",
"AdminClaimValue": "<<RBAC RPermission name for Exprimentation Admins. Use default - All>>",
"TenantAdminClaimValue": "<<RBAC permission name for tenant admins. Use default - manageexperimentation>>"
},
"Env": {
"Label": "<<Label of all the Feature Flight configuration keys in Azure App Configuration. Values - PROD and PPE.>>",
"Supported": "<<Supported sub-environments in each environemt. For PROD only 1 env is supported - Prod. For non production you can sub-divide into multiple environments (for e.g. Dev,SIT,UAT)>>"
},
"FlightingDefaultContextParams": {
"ContextParam": "<<Auto filter keys for an Always ON feature flag. Keep default - ENABLED:1,ENABLE:1,ENABLEFLIGHTING:1>>"
},
"Graph": {
"Authority": "https://login.microsoftonline.com/{0}/v2.0",
"CacheExpiration": "<<Cache duration in minutes>>",
"CachingEnabled": "<<Enable or disable caching graph>>",
"ClientId": "<<Client ID to get bearer token to call graph APIs. The Client ID must have permission to read Groups.>>",
"ClientSecretLocation": "<<Secret key in Key Vault containing the AAD Client Secret of the above Client ID. Default - MS-Graph-Secret>>",
"Scope": "https://graph.microsoft.com/.default",
"Tenant": "<<AAD tenant (for MS tenant - microsoft.onmicrosoft.com)>>"
},
"Logging": {
"AutoTrackingEnabled": "<<Enables automatic tracking of all requests. Default - true>>",
"ClientSideErrorSuppressionEnabled": "<<Doesn't show client side errors (4xx) as Server failures. Default - true>>",
"LogLevel": {
"Default": "Debug",
"Microsoft": "Information",
"System": "Information"
},
"Properties": {
"CorrelationId": "XCV",
"Custom": {
"ClientEnvironment": "x-environment"
},
"EndToEnd": "E2E",
"Tenant": "Tenant",
"TransactionId": "MessageId",
"User": "User"
},
"RequestTelemetryEnhanced": "<<Enhances the HTTP request logs with additional information. Default - true>>",
"ResponseCodeTranslationEnabled": "<<Adds the text for response HTTP status code. Default - true>>"
},
"Security": {
"Headers": {
"NoSniff": "<<Add no-sniff response header. Default - Enabled>>",
"PoweredBy": "<<Removes the PoweredBy response header. Default -Disabled>>",
"Server": "<<Removes the Server response header. Default -Disabled>>"
}
}
}
Changing following configuration sections can cause issues, so default values should be used. Code changes might be required
- Application
- Authorization
This section is needed if you need to integrate filters with Graphs (i.e. create conditions based on Groups in AAD). The Client ID refers to the AAD Client which has permissions to read members of a Group from AAD. You will need to need to add any of the below Application type permission
- GroupMember.Read.All
- Group.Read.All
- GroupMember.ReadWrite.All
- Group.ReadWrite.All
- Directory.Read.All
See the official documentation from more details