Mona 2.0 is live! #140
Replies: 5 comments 3 replies
-
[celebrate] Josh Marvel reacted to your message:
…________________________________
From: Casey Watson ☁️ ***@***.***>
Sent: Thursday, October 10, 2024 6:02:07 PM
To: microsoft/mona-saas ***@***.***>
Cc: Subscribed ***@***.***>
Subject: [microsoft/mona-saas] Mona 2.0 is live! (Discussion #140)
Mona 2.0 is live!
I'm delighted to announce today that Mona 2.0 is live and available on the main branch!
It took a little longer than we were expecting to ship this latest update. This was partially due to competing priorities and also due to some feedback that we took into account during the preview phase. Specifically, we rolled the /admin and /setup pages into a single page available at the root of the Mona admin web app (e.g., https://mona-admin-yourmonadeployment.azurewebsites.net/) based on this excellent feedback from @reuben-onduty<https://github.com/reuben-onduty>:
Having a couple more links between the various services could be really helpful. Even just linking back the /setup url from the /admin one. Possibly simplifying this page, where /admin includes the setup URL details and if they're not defined takes you there first, removing the /setup URL altogether.
I call out this feedback to remind you that we are listening and truly value your feedback. Will we implement every feature request we receive? Of course not. But we do commit to reviewing and trying our best to respond to every piece of feedback.
Requesting your feedback
On that note, I'd like to ask your opinion on our guidance for activating a customer's subscription<https://github.com/microsoft/mona-saas?tab=readme-ov-file#notify-the-marketplace-when-a-subscription-has-been-activated>. Basically, there is no automated path for activating a customer's subscription. You'll need to use Mona's managed identity within your own Azure environment to activate the customer's subscription.
So, why did we design it this way?
* Simplicity. One of our overarching goals with Mona 2.0 was to simplify as much as we possibly could. This included simplifying the codebase, customer flows (with passthrough mode now being the norm), and the admin center.
* Security. The previous version of Mona securely stored "client secrets" needed to authenticate to the Marketplace. With Mona 2.0 and our embracing of the Secure Future Initiative (SFI), we have moved to a completely secretless model driven by Azure managed identities. Further extending our commitment to security, Mona uses two different identities: one to authenticate to internal Mona resources like storage accounts and Logic Apps and another dedicated to authenticating to the Marketplace API.
* Cost. To control costs, we deploy consumption multitenant Logic Apps by default. With these Logic Apps, you're paying by the individual run. Each Logic App is assigned the internal managed identity to subscribe to Mona's event grid topic. Unfortunately, consumption multitenant Logic Apps only support one managed identity. This means that, from the Logic App, we can't call back to the Marketplace API to activate subscriptions since the Logic App in question doesn't have the external managed identity.
What are the options we considered?
* Calling back to an API that Mona owns. The idea here is that you'd call back to a Mona API endpoint deployed in your own environment. The problem is, you'll still need to authenticate to this endpoint somehow and, if we adhere to the SFI, you'll need to authenticate to it using a very similar experience to how you authenticate to the Marketplace API. After some consideration, we realized that we weren't really adding any customer value here. You're still going to have to call into an API with the only difference being that you're not necessarily using the external managed identity. Using a managed identity is the most secure option so, really, we'd be making things potentially less secure by allowing you to call the API in a potentially less secure manner.
* Publishing a SubscriptionActivated event to Mona's custom event grid topic. The idea here is that you would publish a special event to the event grid topic when you activate the subscription which would be consumed by Mona. Mona would then call the activation endpoint on your behalf. This approach is promising and, frankly, one that we're still considering. But, at the end of the day, you still have to authenticate to the event grid topic which means obtaining a token on behalf of Mona's internal managed identity. Again, we're not really making anything simpler. Instead, we're adding an extra hop.
So, here's my ask: considering all of the above, how can we make subscription activation simpler?
Thank you
We've heard from internal and external users all over the world that they love Mona. We love Mona too. Your feedback makes Mona better. Never hesitate to reach out with questions, feature requests, or bug reports. We're here and we're listening.
—
Reply to this email directly, view it on GitHub<#140>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/A2S54Z3ZFSKZHG636NWCBCTZ226J7AVCNFSM6AAAAABPXKPG2GVHI2DSMVQWIX3LMV43ERDJONRXK43TNFXW4OZXGMYDCOBUG4>.
You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
Thanks Casey! |
Beta Was this translation helpful? Give feedback.
-
We are struggling to follow the instructions on the "notify marketplace" section. Is there any documentation with details specific to mona 2.0? |
Beta Was this translation helpful? Give feedback.
-
Hi Casey, Mona 2.0 deployment and activation was so much simpler than 1, well done! Here's somehting I'm struggling with though. Possibily because I'm not very capable as an Azure architect. As a consultant, I help ISVs adopt Marketplace as commercial channel. They often provision their solution in a big project with their customer, so no automated activation is used. I help them by provisioning and managing Mona on my own Azure environment for them. To give them transparency in the costs, I want to provision Mona in a seperate subscription for each customer. I tried to accomplish that, by launching the cloud shell from a newly created subscription. However, the resources still get deployed into the subscription that hosts my first Mona deployment (for another customer). I tried to move the resource group, but that was not allowed. I removed the deployment and re-installed, same result. Do you have suggestions? Thanks for the work, MONA is awesome! |
Beta Was this translation helpful? Give feedback.
-
Howdy, @markwiertsema , and thanks for reaching out!
When running the `basic-deploy.sh` script, there are a few flags that you can use to control subscription and resource group:
* `-s`: set subscription ID
* `-g`: set resource group name (will create if not exists)
Hopefully this helps, Mark. Let me know if you have any further questions.
|
Beta Was this translation helpful? Give feedback.
-
Mona 2.0 is live! 🎉🎉🎉
I'm delighted to announce today that Mona 2.0 is live and available on the
main
branch!It took a little longer than we were expecting to ship this latest update. This was partially due to competing priorities and also due to some feedback that we took into account during the preview phase. Specifically, we rolled the
/admin
and/setup
pages into a single page available at the root of the Mona admin web app (e.g.,https://mona-admin-yourmonadeployment.azurewebsites.net/
) based on this excellent feedback from @reuben-onduty:I call out this feedback to remind you that we are listening and truly value your feedback. Will we implement every feature request we receive? Of course not. But we do commit to reviewing and trying our best to respond to every piece of feedback.
Requesting your feedback
On that note, I'd like to ask your opinion on our guidance for activating a customer's subscription. Basically, there is no automated path for activating a customer's subscription. You'll need to use Mona's managed identity within your own Azure environment to activate the customer's subscription.
So, why did we design it this way?
What are the options we considered?
SubscriptionActivated
event to Mona's custom event grid topic. The idea here is that you would publish a special event to the event grid topic when you activate the subscription which would be consumed by Mona. Mona would then call the activation endpoint on your behalf. This approach is promising and, frankly, one that we're still considering. But, at the end of the day, you still have to authenticate to the event grid topic which means obtaining a token on behalf of Mona's internal managed identity. Again, we're not really making anything simpler. Instead, we're adding an extra hop.So, here's my ask: considering all of the above, how can we make subscription activation simpler?
Thank you
We've heard from internal and external users all over the world that they love Mona. We love Mona too. Your feedback makes Mona better. Never hesitate to reach out with questions, feature requests, or bug reports. We're here and we're listening.
Beta Was this translation helpful? Give feedback.
All reactions