Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
  • Loading branch information
hundredacres committed Aug 27, 2024
2 parents 5636011 + d5fa700 commit 8d4c4a6
Show file tree
Hide file tree
Showing 38 changed files with 3,354 additions and 655 deletions.
4 changes: 4 additions & 0 deletions avm/res/api-management/service/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -337,6 +337,7 @@ module service 'br/public:avm/res/api-management/service:<version>' = {
]
authority: '<authority>'
clientId: 'apimClientid'
clientLibrary: 'MSAL-2'
clientSecret: 'apimSlientSecret'
name: 'aad'
signinTenant: 'mytenant.onmicrosoft.com'
Expand Down Expand Up @@ -579,6 +580,7 @@ module service 'br/public:avm/res/api-management/service:<version>' = {
],
"authority": "<authority>",
"clientId": "apimClientid",
"clientLibrary": "MSAL-2",
"clientSecret": "apimSlientSecret",
"name": "aad",
"signinTenant": "mytenant.onmicrosoft.com"
Expand Down Expand Up @@ -893,6 +895,7 @@ module service 'br/public:avm/res/api-management/service:<version>' = {
]
authority: '<authority>'
clientId: 'apimClientid'
clientLibrary: 'MSAL-2'
clientSecret: '<clientSecret>'
name: 'aad'
signinTenant: 'mytenant.onmicrosoft.com'
Expand Down Expand Up @@ -1113,6 +1116,7 @@ module service 'br/public:avm/res/api-management/service:<version>' = {
],
"authority": "<authority>",
"clientId": "apimClientid",
"clientLibrary": "MSAL-2",
"clientSecret": "<clientSecret>",
"name": "aad",
"signinTenant": "mytenant.onmicrosoft.com"
Expand Down
2 changes: 1 addition & 1 deletion avm/res/api-management/service/api/main.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -142,7 +142,7 @@ module policy 'policy/main.bicep' = [
params: {
apiManagementServiceName: apiManagementServiceName
apiName: api.name
format: contains(policy, 'format') ? policy.format : 'xml'
format: policy.?format ?? 'xml'
value: policy.value
}
}
Expand Down
6 changes: 4 additions & 2 deletions avm/res/api-management/service/api/main.json
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
"_generator": {
"name": "bicep",
"version": "0.29.47.4906",
"templateHash": "13121653397859804060"
"templateHash": "17160750790361326516"
},
"name": "API Management Service APIs",
"description": "This module deploys an API Management Service API.",
Expand Down Expand Up @@ -270,7 +270,9 @@
"apiName": {
"value": "[parameters('name')]"
},
"format": "[if(contains(coalesce(parameters('policies'), createArray())[copyIndex()], 'format'), createObject('value', coalesce(parameters('policies'), createArray())[copyIndex()].format), createObject('value', 'xml'))]",
"format": {
"value": "[coalesce(tryGet(coalesce(parameters('policies'), createArray())[copyIndex()], 'format'), 'xml')]"
},
"value": {
"value": "[coalesce(parameters('policies'), createArray())[copyIndex()].value]"
}
Expand Down
15 changes: 15 additions & 0 deletions avm/res/api-management/service/identity-provider/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ This module deploys an API Management Service Identity Provider.
| :-- | :-- | :-- |
| [`allowedTenants`](#parameter-allowedtenants) | array | List of Allowed Tenants when configuring Azure Active Directory login. - string. |
| [`authority`](#parameter-authority) | string | OpenID Connect discovery endpoint hostname for AAD or AAD B2C. |
| [`clientLibrary`](#parameter-clientlibrary) | string | The client library to be used in the developer portal. Only applies to AAD and AAD B2C Identity Provider. |
| [`passwordResetPolicyName`](#parameter-passwordresetpolicyname) | string | Password Reset Policy Name. Only applies to AAD B2C Identity Provider. |
| [`profileEditingPolicyName`](#parameter-profileeditingpolicyname) | string | Profile Editing Policy Name. Only applies to AAD B2C Identity Provider. |
| [`signInPolicyName`](#parameter-signinpolicyname) | string | Signin Policy Name. Only applies to AAD B2C Identity Provider. |
Expand Down Expand Up @@ -91,6 +92,20 @@ OpenID Connect discovery endpoint hostname for AAD or AAD B2C.
- Type: string
- Default: `''`

### Parameter: `clientLibrary`

The client library to be used in the developer portal. Only applies to AAD and AAD B2C Identity Provider.

- Required: No
- Type: string
- Allowed:
```Bicep
[
'ADAL'
'MSAL-2'
]
```

### Parameter: `passwordResetPolicyName`

Password Reset Policy Name. Only applies to AAD B2C Identity Provider.
Expand Down
8 changes: 8 additions & 0 deletions avm/res/api-management/service/identity-provider/main.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,13 @@ param authority string = ''
@description('Conditional. Client ID of the Application in the external Identity Provider. Required if identity provider is used.')
param clientId string = ''

@description('Optional. The client library to be used in the developer portal. Only applies to AAD and AAD B2C Identity Provider.')
@allowed([
'ADAL'
'MSAL-2'
])
param clientLibrary string?

@description('Conditional. Client secret of the Application in external Identity Provider, used to authenticate login request. Required if identity provider is used.')
@secure()
param clientSecret string = ''
Expand Down Expand Up @@ -67,6 +74,7 @@ resource identityProvider 'Microsoft.ApiManagement/service/identityProviders@202
profileEditingPolicyName: isAadB2C ? profileEditingPolicyName : null
passwordResetPolicyName: isAadB2C ? passwordResetPolicyName : null
clientId: clientId
clientLibrary: clientLibrary
clientSecret: clientSecret
}
}
Expand Down
32 changes: 27 additions & 5 deletions avm/res/api-management/service/identity-provider/main.json
Original file line number Diff line number Diff line change
@@ -1,11 +1,12 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"languageVersion": "2.0",
"contentVersion": "1.0.0.0",
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.29.47.4906",
"templateHash": "13129392765749462635"
"templateHash": "12757169124799431378"
},
"name": "API Management Service Identity Providers",
"description": "This module deploys an API Management Service Identity Provider.",
Expand Down Expand Up @@ -39,6 +40,17 @@
"description": "Conditional. Client ID of the Application in the external Identity Provider. Required if identity provider is used."
}
},
"clientLibrary": {
"type": "string",
"nullable": true,
"allowedValues": [
"ADAL",
"MSAL-2"
],
"metadata": {
"description": "Optional. The client library to be used in the developer portal. Only applies to AAD and AAD B2C Identity Provider."
}
},
"clientSecret": {
"type": "securestring",
"defaultValue": "",
Expand Down Expand Up @@ -106,8 +118,14 @@
"variables": {
"isAadB2C": "[equals(parameters('type'), 'aadB2C')]"
},
"resources": [
{
"resources": {
"service": {
"existing": true,
"type": "Microsoft.ApiManagement/service",
"apiVersion": "2023-05-01-preview",
"name": "[parameters('apiManagementServiceName')]"
},
"identityProvider": {
"type": "Microsoft.ApiManagement/service/identityProviders",
"apiVersion": "2022-08-01",
"name": "[format('{0}/{1}', parameters('apiManagementServiceName'), parameters('name'))]",
Expand All @@ -121,10 +139,14 @@
"profileEditingPolicyName": "[if(variables('isAadB2C'), parameters('profileEditingPolicyName'), null())]",
"passwordResetPolicyName": "[if(variables('isAadB2C'), parameters('passwordResetPolicyName'), null())]",
"clientId": "[parameters('clientId')]",
"clientLibrary": "[parameters('clientLibrary')]",
"clientSecret": "[parameters('clientSecret')]"
}
},
"dependsOn": [
"service"
]
}
],
},
"outputs": {
"resourceId": {
"type": "string",
Expand Down
103 changes: 40 additions & 63 deletions avm/res/api-management/service/main.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -299,7 +299,7 @@ module service_apiVersionSets 'api-version-set/main.bicep' = [
params: {
apiManagementServiceName: service.name
name: apiVersionSet.name
properties: contains(apiVersionSet, 'properties') ? apiVersionSet.properties : {}
properties: apiVersionSet.?properties ?? {}
}
}
]
Expand All @@ -311,40 +311,20 @@ module service_authorizationServers 'authorization-server/main.bicep' = [
apiManagementServiceName: service.name
name: authorizationServer.name
authorizationEndpoint: authorizationServer.authorizationEndpoint
authorizationMethods: contains(authorizationServer, 'authorizationMethods')
? authorizationServer.authorizationMethods
: [
'GET'
]
bearerTokenSendingMethods: contains(authorizationServer, 'bearerTokenSendingMethods')
? authorizationServer.bearerTokenSendingMethods
: [
'authorizationHeader'
]
clientAuthenticationMethod: contains(authorizationServer, 'clientAuthenticationMethod')
? authorizationServer.clientAuthenticationMethod
: [
'Basic'
]
authorizationMethods: authorizationServer.?authorizationMethods ?? ['GET']
bearerTokenSendingMethods: authorizationServer.?bearerTokenSendingMethods ?? ['authorizationHeader']
clientAuthenticationMethod: authorizationServer.?clientAuthenticationMethod ?? ['Basic']
clientId: authorizationServer.clientId
clientSecret: authorizationServer.clientSecret
clientRegistrationEndpoint: contains(authorizationServer, 'clientRegistrationEndpoint')
? authorizationServer.clientRegistrationEndpoint
: ''
defaultScope: contains(authorizationServer, 'defaultScope') ? authorizationServer.defaultScope : ''
clientRegistrationEndpoint: authorizationServer.?clientRegistrationEndpoint ?? ''
defaultScope: authorizationServer.?defaultScope ?? ''
grantTypes: authorizationServer.grantTypes
resourceOwnerPassword: contains(authorizationServer, 'resourceOwnerPassword')
? authorizationServer.resourceOwnerPassword
: ''
resourceOwnerUsername: contains(authorizationServer, 'resourceOwnerUsername')
? authorizationServer.resourceOwnerUsername
: ''
serverDescription: contains(authorizationServer, 'serverDescription') ? authorizationServer.serverDescription : ''
supportState: contains(authorizationServer, 'supportState') ? authorizationServer.supportState : false
tokenBodyParameters: contains(authorizationServer, 'tokenBodyParameters')
? authorizationServer.tokenBodyParameters
: []
tokenEndpoint: contains(authorizationServer, 'tokenEndpoint') ? authorizationServer.tokenEndpoint : ''
resourceOwnerPassword: authorizationServer.?resourceOwnerPassword ?? ''
resourceOwnerUsername: authorizationServer.?resourceOwnerUsername ?? ''
serverDescription: authorizationServer.?serverDescription ?? ''
supportState: authorizationServer.?supportState ?? false
tokenBodyParameters: authorizationServer.?tokenBodyParameters ?? []
tokenEndpoint: authorizationServer.?tokenEndpoint ?? ''
}
}
]
Expand Down Expand Up @@ -413,20 +393,17 @@ module service_identityProviders 'identity-provider/main.bicep' = [
params: {
apiManagementServiceName: service.name
name: identityProvider.name
allowedTenants: contains(identityProvider, 'allowedTenants') ? identityProvider.allowedTenants : []
authority: contains(identityProvider, 'authority') ? identityProvider.authority : ''
clientId: contains(identityProvider, 'clientId') ? identityProvider.clientId : ''
clientSecret: contains(identityProvider, 'clientSecret') ? identityProvider.clientSecret : ''
passwordResetPolicyName: contains(identityProvider, 'passwordResetPolicyName')
? identityProvider.passwordResetPolicyName
: ''
profileEditingPolicyName: contains(identityProvider, 'profileEditingPolicyName')
? identityProvider.profileEditingPolicyName
: ''
signInPolicyName: contains(identityProvider, 'signInPolicyName') ? identityProvider.signInPolicyName : ''
signInTenant: contains(identityProvider, 'signInTenant') ? identityProvider.signInTenant : ''
signUpPolicyName: contains(identityProvider, 'signUpPolicyName') ? identityProvider.signUpPolicyName : ''
type: contains(identityProvider, 'type') ? identityProvider.type : 'aad'
allowedTenants: identityProvider.?allowedTenants ?? []
authority: identityProvider.?authority ?? ''
clientId: identityProvider.?clientId ?? ''
clientLibrary: identityProvider.?clientLibrary ?? ''
clientSecret: identityProvider.?clientSecret ?? ''
passwordResetPolicyName: identityProvider.?passwordResetPolicyName ?? ''
profileEditingPolicyName: identityProvider.?profileEditingPolicyName ?? ''
signInPolicyName: identityProvider.?signInPolicyName ?? ''
signInTenant: identityProvider.?signInTenant ?? ''
signUpPolicyName: identityProvider.?signUpPolicyName ?? ''
type: identityProvider.?type ?? 'aad'
}
}
]
Expand All @@ -437,11 +414,11 @@ module service_loggers 'loggers/main.bicep' = [
params: {
name: logger.name
apiManagementServiceName: service.name
credentials: contains(logger, 'credentials') ? logger.credentials : {}
isBuffered: contains(logger, 'isBuffered') ? logger.isBuffered : true
loggerDescription: contains(logger, 'loggerDescription') ? logger.loggerDescription : ''
loggerType: contains(logger, 'loggerType') ? logger.loggerType : 'azureMonitor'
targetResourceId: contains(logger, 'targetResourceId') ? logger.targetResourceId : ''
credentials: logger.?credentials ?? {}
isBuffered: logger.?isBuffered ?? true
loggerDescription: logger.?loggerDescription ?? ''
loggerType: logger.?loggerType ?? 'azureMonitor'
targetResourceId: logger.?targetResourceId ?? ''
}
dependsOn: [
service_namedValues
Expand All @@ -455,11 +432,11 @@ module service_namedValues 'named-value/main.bicep' = [
params: {
apiManagementServiceName: service.name
displayName: namedValue.displayName
keyVault: contains(namedValue, 'keyVault') ? namedValue.keyVault : {}
keyVault: namedValue.?keyVault ?? {}
name: namedValue.name
tags: namedValue.?tags // Note: these are not resource tags
secret: contains(namedValue, 'secret') ? namedValue.secret : false
value: contains(namedValue, 'value') ? namedValue.value : newGuidValue
secret: namedValue.?secret ?? false
value: namedValue.?value ?? newGuidValue
}
}
]
Expand All @@ -481,7 +458,7 @@ module service_policies 'policy/main.bicep' = [
params: {
apiManagementServiceName: service.name
value: policy.value
format: contains(policy, 'format') ? policy.format : 'xml'
format: policy.?format ?? 'xml'
}
}
]
Expand All @@ -491,15 +468,15 @@ module service_products 'product/main.bicep' = [
name: '${uniqueString(deployment().name, location)}-Apim-Product-${index}'
params: {
apiManagementServiceName: service.name
apis: contains(product, 'apis') ? product.apis : []
approvalRequired: contains(product, 'approvalRequired') ? product.approvalRequired : false
groups: contains(product, 'groups') ? product.groups : []
apis: product.?apis ?? []
approvalRequired: product.?approvalRequired ?? false
groups: product.?groups ?? []
name: product.name
description: contains(product, 'description') ? product.description : ''
state: contains(product, 'state') ? product.state : 'published'
subscriptionRequired: contains(product, 'subscriptionRequired') ? product.subscriptionRequired : false
subscriptionsLimit: contains(product, 'subscriptionsLimit') ? product.subscriptionsLimit : 1
terms: contains(product, 'terms') ? product.terms : ''
description: product.?description ?? ''
state: product.?state ?? 'published'
subscriptionRequired: product.?subscriptionRequired ?? false
subscriptionsLimit: product.?subscriptionsLimit ?? 1
terms: product.?terms ?? ''
}
dependsOn: [
service_apis
Expand Down
Loading

0 comments on commit 8d4c4a6

Please sign in to comment.