From 0ed9ef9f9cf3ca6e4ef6e50b9742d2f456bff253 Mon Sep 17 00:00:00 2001 From: Kris Baranek Date: Wed, 13 Dec 2023 21:46:43 +0100 Subject: [PATCH] feat: New Module `avm/res/api-management/service` (#713) ## Description New Module `avm/res/api-management/service`, migrated from CARML. ## Adding a new module - [x] A proposal has been submitted and approved. - [ ] I have included "Closes #{module_proposal_issue_number}" in the PR description. - [ ] I have run `brm validate` locally to verify the module files. - [x] I have run deployment tests locally to ensure the module is deployable. ## Pipeline references | Pipeline | | - | | [![avm.res.api-management.service](https://github.com/krbar/bicep-registry-modules/actions/workflows/avm.res.api-management.service.yml/badge.svg?branch=users%2Fkrbar%2FapiMgmtModule)](https://github.com/krbar/bicep-registry-modules/actions/workflows/avm.res.api-management.service.yml) | --------- Co-authored-by: Alexander Sehr --- .github/CODEOWNERS | 2 +- .../avm.res.api-management.service.yml | 83 + avm/res/api-management/service/ORPHANED.md | 4 + avm/res/api-management/service/README.md | 1510 +++++++++ .../service/api-version-set/README.md | 67 + .../service/api-version-set/main.bicep | 31 + .../service/api-version-set/main.json | 67 + avm/res/api-management/service/api/README.md | 275 ++ avm/res/api-management/service/api/main.bicep | 150 + avm/res/api-management/service/api/main.json | 381 +++ .../service/api/policy/README.md | 97 + .../service/api/policy/main.bicep | 50 + .../service/api/policy/main.json | 88 + .../service/authorization-server/README.md | 208 ++ .../service/authorization-server/main.bicep | 104 + .../service/authorization-server/main.json | 189 ++ .../api-management/service/backend/README.md | 221 ++ .../api-management/service/backend/main.bicep | 70 + .../api-management/service/backend/main.json | 146 + .../api-management/service/cache/README.md | 94 + .../api-management/service/cache/main.bicep | 45 + .../api-management/service/cache/main.json | 100 + .../service/identity-provider/README.md | 163 + .../service/identity-provider/main.bicep | 81 + .../service/identity-provider/main.json | 151 + avm/res/api-management/service/main.bicep | 525 +++ avm/res/api-management/service/main.json | 2867 +++++++++++++++++ .../service/named-value/README.md | 139 + .../service/named-value/main.bicep | 52 + .../service/named-value/main.json | 112 + .../api-management/service/policy/README.md | 89 + .../api-management/service/policy/main.bicep | 43 + .../api-management/service/policy/main.json | 82 + .../service/portalsetting/README.md | 73 + .../service/portalsetting/main.bicep | 36 + .../service/portalsetting/main.json | 70 + .../api-management/service/product/README.md | 138 + .../service/product/api/README.md | 65 + .../service/product/api/main.bicep | 34 + .../service/product/api/main.json | 64 + .../service/product/group/README.md | 65 + .../service/product/group/main.bicep | 34 + .../service/product/group/main.json | 64 + .../api-management/service/product/main.bicep | 84 + .../api-management/service/product/main.json | 323 ++ .../service/subscription/README.md | 112 + .../service/subscription/main.bicep | 54 + .../service/subscription/main.json | 119 + .../tests/e2e/defaults/main.test.bicep | 48 + .../service/tests/e2e/max/dependencies.bicep | 16 + .../service/tests/e2e/max/main.test.bicep | 235 ++ .../tests/e2e/waf-aligned/main.test.bicep | 215 ++ avm/res/api-management/service/version.json | 7 + .../psrule/Set-PSRuleGitHubOutput.ps1 | 2 +- 54 files changed, 10142 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/avm.res.api-management.service.yml create mode 100644 avm/res/api-management/service/ORPHANED.md create mode 100644 avm/res/api-management/service/README.md create mode 100644 avm/res/api-management/service/api-version-set/README.md create mode 100644 avm/res/api-management/service/api-version-set/main.bicep create mode 100644 avm/res/api-management/service/api-version-set/main.json create mode 100644 avm/res/api-management/service/api/README.md create mode 100644 avm/res/api-management/service/api/main.bicep create mode 100644 avm/res/api-management/service/api/main.json create mode 100644 avm/res/api-management/service/api/policy/README.md create mode 100644 avm/res/api-management/service/api/policy/main.bicep create mode 100644 avm/res/api-management/service/api/policy/main.json create mode 100644 avm/res/api-management/service/authorization-server/README.md create mode 100644 avm/res/api-management/service/authorization-server/main.bicep create mode 100644 avm/res/api-management/service/authorization-server/main.json create mode 100644 avm/res/api-management/service/backend/README.md create mode 100644 avm/res/api-management/service/backend/main.bicep create mode 100644 avm/res/api-management/service/backend/main.json create mode 100644 avm/res/api-management/service/cache/README.md create mode 100644 avm/res/api-management/service/cache/main.bicep create mode 100644 avm/res/api-management/service/cache/main.json create mode 100644 avm/res/api-management/service/identity-provider/README.md create mode 100644 avm/res/api-management/service/identity-provider/main.bicep create mode 100644 avm/res/api-management/service/identity-provider/main.json create mode 100644 avm/res/api-management/service/main.bicep create mode 100644 avm/res/api-management/service/main.json create mode 100644 avm/res/api-management/service/named-value/README.md create mode 100644 avm/res/api-management/service/named-value/main.bicep create mode 100644 avm/res/api-management/service/named-value/main.json create mode 100644 avm/res/api-management/service/policy/README.md create mode 100644 avm/res/api-management/service/policy/main.bicep create mode 100644 avm/res/api-management/service/policy/main.json create mode 100644 avm/res/api-management/service/portalsetting/README.md create mode 100644 avm/res/api-management/service/portalsetting/main.bicep create mode 100644 avm/res/api-management/service/portalsetting/main.json create mode 100644 avm/res/api-management/service/product/README.md create mode 100644 avm/res/api-management/service/product/api/README.md create mode 100644 avm/res/api-management/service/product/api/main.bicep create mode 100644 avm/res/api-management/service/product/api/main.json create mode 100644 avm/res/api-management/service/product/group/README.md create mode 100644 avm/res/api-management/service/product/group/main.bicep create mode 100644 avm/res/api-management/service/product/group/main.json create mode 100644 avm/res/api-management/service/product/main.bicep create mode 100644 avm/res/api-management/service/product/main.json create mode 100644 avm/res/api-management/service/subscription/README.md create mode 100644 avm/res/api-management/service/subscription/main.bicep create mode 100644 avm/res/api-management/service/subscription/main.json create mode 100644 avm/res/api-management/service/tests/e2e/defaults/main.test.bicep create mode 100644 avm/res/api-management/service/tests/e2e/max/dependencies.bicep create mode 100644 avm/res/api-management/service/tests/e2e/max/main.test.bicep create mode 100644 avm/res/api-management/service/tests/e2e/waf-aligned/main.test.bicep create mode 100644 avm/res/api-management/service/version.json diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 3b78093a4c..9da2bae407 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -5,7 +5,7 @@ /avm/utilities/ @Azure/avm-core-team-technical-bicep #/avm/res/aad/domain-service/ @Azure/avm-res-aad-domainservice-module-owners-bicep #/avm/res/analysis-services/server/ @Azure/avm-res-analysisservices-server-module-owners-bicep @Azure/avm-core-team-technical-bicep -#/avm/res/api-management/service/ @Azure/avm-res-apimanagement-service-module-owners-bicep @Azure/avm-core-team-technical-bicep +/avm/res/api-management/service/ @Azure/avm-res-apimanagement-service-module-owners-bicep @Azure/avm-core-team-technical-bicep #/avm/res/app/container-app/ @Azure/avm-res-app-containerapp-module-owners-bicep @Azure/avm-core-team-technical-bicep #/avm/res/app/managed-environment/ @Azure/avm-res-app-managedenvironment-module-owners-bicep @Azure/avm-core-team-technical-bicep #/avm/res/app-configuration/configuration-store/ @Azure/avm-res-appconfiguration-configurationstore-module-owners-bicep @Azure/avm-core-team-technical-bicep diff --git a/.github/workflows/avm.res.api-management.service.yml b/.github/workflows/avm.res.api-management.service.yml new file mode 100644 index 0000000000..2e722b9ae4 --- /dev/null +++ b/.github/workflows/avm.res.api-management.service.yml @@ -0,0 +1,83 @@ +name: "avm.res.api-management.service" + +on: + schedule: + - cron: "0 12 1/15 * *" # Bi-Weekly Test (on 1st & 15th of month) + workflow_dispatch: + inputs: + staticValidation: + type: boolean + description: "Execute static validation" + required: false + default: true + deploymentValidation: + type: boolean + description: "Execute deployment validation" + required: false + default: true + removeDeployment: + type: boolean + description: "Remove deployed module" + required: false + default: true + + push: + branches: + - main + paths: + - ".github/actions/templates/avm-**" + - ".github/workflows/avm.template.module.yml" + - ".github/workflows/avm.res.api-management.service.yml" + - "avm/res/api-management/service/**" + - "avm/utilities/pipelines/**" + - "!*/**/README.md" + +env: + modulePath: "avm/res/api-management/service" + workflowPath: ".github/workflows/avm.res.api-management.service.yml" + +concurrency: + group: ${{ github.workflow }} + +jobs: + ########################### + # Initialize pipeline # + ########################### + job_initialize_pipeline: + runs-on: ubuntu-20.04 + name: "Initialize pipeline" + steps: + - name: "Checkout" + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: "Set input parameters to output variables" + id: get-workflow-param + uses: ./.github/actions/templates/avm-getWorkflowInput + with: + workflowPath: "${{ env.workflowPath}}" + - name: "Get module test file paths" + id: get-module-test-file-paths + uses: ./.github/actions/templates/avm-getModuleTestFiles + with: + modulePath: "${{ env.modulePath }}" + outputs: + workflowInput: ${{ steps.get-workflow-param.outputs.workflowInput }} + moduleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.moduleTestFilePaths }} + psRuleModuleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.psRuleModuleTestFilePaths }} + modulePath: "${{ env.modulePath }}" + + ############################## + # Call reusable workflow # + ############################## + call-workflow-passing-data: + name: "Module" + needs: + - job_initialize_pipeline + uses: ./.github/workflows/avm.template.module.yml + with: + workflowInput: "${{ needs.job_initialize_pipeline.outputs.workflowInput }}" + moduleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.moduleTestFilePaths }}" + psRuleModuleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.psRuleModuleTestFilePaths }}" + modulePath: "${{ needs.job_initialize_pipeline.outputs.modulePath}}" + secrets: inherit diff --git a/avm/res/api-management/service/ORPHANED.md b/avm/res/api-management/service/ORPHANED.md new file mode 100644 index 0000000000..ef8fa911d2 --- /dev/null +++ b/avm/res/api-management/service/ORPHANED.md @@ -0,0 +1,4 @@ +⚠️THIS MODULE IS CURRENTLY ORPHANED.⚠️ + +- Only security and bug fixes are being handled by the AVM core team at present. +- If interested in becoming the module owner of this orphaned module (must be Microsoft FTE), please look for the related "orphaned module" GitHub issue [here](https://aka.ms/AVM/OrphanedModules)! \ No newline at end of file diff --git a/avm/res/api-management/service/README.md b/avm/res/api-management/service/README.md new file mode 100644 index 0000000000..dc418492ff --- /dev/null +++ b/avm/res/api-management/service/README.md @@ -0,0 +1,1510 @@ +# API Management Services `[Microsoft.ApiManagement/service]` + +> ⚠️THIS MODULE IS CURRENTLY ORPHANED.⚠️ +> +> - Only security and bug fixes are being handled by the AVM core team at present. +> - If interested in becoming the module owner of this orphaned module (must be Microsoft FTE), please look for the related "orphaned module" GitHub issue [here](https://aka.ms/AVM/OrphanedModules)! + +This module deploys an API Management Service. + +## Navigation + +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Cross-referenced modules](#Cross-referenced-modules) +- [Notes](#Notes) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.ApiManagement/service` | [2021-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service) | +| `Microsoft.ApiManagement/service/apis` | [2021-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/apis) | +| `Microsoft.ApiManagement/service/apis/policies` | [2021-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/apis/policies) | +| `Microsoft.ApiManagement/service/apiVersionSets` | [2021-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/apiVersionSets) | +| `Microsoft.ApiManagement/service/authorizationServers` | [2021-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/authorizationServers) | +| `Microsoft.ApiManagement/service/backends` | [2021-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/backends) | +| `Microsoft.ApiManagement/service/caches` | [2021-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/caches) | +| `Microsoft.ApiManagement/service/identityProviders` | [2021-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/identityProviders) | +| `Microsoft.ApiManagement/service/namedValues` | [2021-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/namedValues) | +| `Microsoft.ApiManagement/service/policies` | [2021-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/policies) | +| `Microsoft.ApiManagement/service/portalsettings` | [2021-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/service) | +| `Microsoft.ApiManagement/service/products` | [2021-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/products) | +| `Microsoft.ApiManagement/service/products/apis` | [2021-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/products/apis) | +| `Microsoft.ApiManagement/service/products/groups` | [2021-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/products/groups) | +| `Microsoft.ApiManagement/service/subscriptions` | [2021-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/subscriptions) | +| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | +| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | + +## Usage examples + +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. + +>**Note**: To reference the module, please use the following syntax `br/public:avm/res/api-management/service:`. + +- [Using only defaults](#example-1-using-only-defaults) +- [Using large parameter set](#example-2-using-large-parameter-set) +- [WAF-aligned](#example-3-waf-aligned) + +### Example 1: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. + + +
+ +via Bicep module + +```bicep +module service 'br/public:avm/res/api-management/service:' = { + name: '${uniqueString(deployment().name, location)}-test-apismin' + params: { + // Required parameters + name: 'apismin001' + publisherEmail: 'apimgmt-noreply@mail.windowsazure.com' + publisherName: 'az-amorg-x-001' + // Non-required parameters + location: '' + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "apismin001" + }, + "publisherEmail": { + "value": "apimgmt-noreply@mail.windowsazure.com" + }, + "publisherName": { + "value": "az-amorg-x-001" + }, + // Non-required parameters + "location": { + "value": "" + } + } +} +``` + +
+

+ +### Example 2: _Using large parameter set_ + +This instance deploys the module with most of its features enabled. + + +

+ +via Bicep module + +```bicep +module service 'br/public:avm/res/api-management/service:' = { + name: '${uniqueString(deployment().name, location)}-test-apismax' + params: { + // Required parameters + name: 'apismax001' + publisherEmail: 'apimgmt-noreply@mail.windowsazure.com' + publisherName: 'az-amorg-x-001' + // Non-required parameters + apis: [ + { + apiVersionSet: { + name: 'echo-version-set' + properties: { + description: 'echo-version-set' + displayName: 'echo-version-set' + versioningScheme: 'Segment' + } + } + displayName: 'Echo API' + name: 'echo-api' + path: 'echo' + serviceUrl: 'http://echoapi.cloudapp.net/api' + } + ] + authorizationServers: { + secureList: [ + { + authorizationEndpoint: '' + clientId: 'apimclientid' + clientRegistrationEndpoint: 'http://localhost' + clientSecret: '' + grantTypes: [ + 'authorizationCode' + ] + name: 'AuthServer1' + tokenEndpoint: '' + } + ] + } + backends: [ + { + name: 'backend' + tls: { + validateCertificateChain: false + validateCertificateName: false + } + url: 'http://echoapi.cloudapp.net/api' + } + ] + caches: [ + { + connectionString: 'connectionstringtest' + name: 'westeurope' + useFromLocation: 'westeurope' + } + ] + diagnosticSettings: [ + { + eventHubAuthorizationRuleResourceId: '' + eventHubName: '' + metricCategories: [ + { + category: 'AllMetrics' + } + ] + name: 'customSetting' + storageAccountResourceId: '' + workspaceResourceId: '' + } + ] + identityProviders: [ + { + allowedTenants: [ + 'mytenant.onmicrosoft.com' + ] + authority: '' + clientId: 'apimClientid' + clientSecret: 'apimSlientSecret' + name: 'aad' + signinTenant: 'mytenant.onmicrosoft.com' + } + ] + location: '' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } + managedIdentities: { + systemAssigned: true + userAssignedResourceIds: [ + '' + ] + } + namedValues: [ + { + displayName: 'apimkey' + name: 'apimkey' + secret: true + } + ] + policies: [ + { + format: 'xml' + value: ' ' + } + ] + portalsettings: [ + { + name: 'signin' + properties: { + enabled: false + } + } + { + name: 'signup' + properties: { + enabled: false + termsOfService: { + consentRequired: false + enabled: false + } + } + } + ] + products: [ + { + apis: [ + { + name: 'echo-api' + } + ] + approvalRequired: false + groups: [ + { + name: 'developers' + } + ] + name: 'Starter' + subscriptionRequired: false + } + ] + roleAssignments: [ + { + principalId: '' + principalType: 'ServicePrincipal' + roleDefinitionIdOrName: 'Owner' + } + { + principalId: '' + principalType: 'ServicePrincipal' + roleDefinitionIdOrName: 'b24988ac-6180-42a0-ab88-20f7382dd24c' + } + { + principalId: '' + principalType: 'ServicePrincipal' + roleDefinitionIdOrName: '' + } + ] + subscriptions: [ + { + name: 'testArmSubscriptionAllApis' + } + ] + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "apismax001" + }, + "publisherEmail": { + "value": "apimgmt-noreply@mail.windowsazure.com" + }, + "publisherName": { + "value": "az-amorg-x-001" + }, + // Non-required parameters + "apis": { + "value": [ + { + "apiVersionSet": { + "name": "echo-version-set", + "properties": { + "description": "echo-version-set", + "displayName": "echo-version-set", + "versioningScheme": "Segment" + } + }, + "displayName": "Echo API", + "name": "echo-api", + "path": "echo", + "serviceUrl": "http://echoapi.cloudapp.net/api" + } + ] + }, + "authorizationServers": { + "value": { + "secureList": [ + { + "authorizationEndpoint": "", + "clientId": "apimclientid", + "clientRegistrationEndpoint": "http://localhost", + "clientSecret": "", + "grantTypes": [ + "authorizationCode" + ], + "name": "AuthServer1", + "tokenEndpoint": "" + } + ] + } + }, + "backends": { + "value": [ + { + "name": "backend", + "tls": { + "validateCertificateChain": false, + "validateCertificateName": false + }, + "url": "http://echoapi.cloudapp.net/api" + } + ] + }, + "caches": { + "value": [ + { + "connectionString": "connectionstringtest", + "name": "westeurope", + "useFromLocation": "westeurope" + } + ] + }, + "diagnosticSettings": { + "value": [ + { + "eventHubAuthorizationRuleResourceId": "", + "eventHubName": "", + "metricCategories": [ + { + "category": "AllMetrics" + } + ], + "name": "customSetting", + "storageAccountResourceId": "", + "workspaceResourceId": "" + } + ] + }, + "identityProviders": { + "value": [ + { + "allowedTenants": [ + "mytenant.onmicrosoft.com" + ], + "authority": "", + "clientId": "apimClientid", + "clientSecret": "apimSlientSecret", + "name": "aad", + "signinTenant": "mytenant.onmicrosoft.com" + } + ] + }, + "location": { + "value": "" + }, + "lock": { + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } + }, + "managedIdentities": { + "value": { + "systemAssigned": true, + "userAssignedResourceIds": [ + "" + ] + } + }, + "namedValues": { + "value": [ + { + "displayName": "apimkey", + "name": "apimkey", + "secret": true + } + ] + }, + "policies": { + "value": [ + { + "format": "xml", + "value": " " + } + ] + }, + "portalsettings": { + "value": [ + { + "name": "signin", + "properties": { + "enabled": false + } + }, + { + "name": "signup", + "properties": { + "enabled": false, + "termsOfService": { + "consentRequired": false, + "enabled": false + } + } + } + ] + }, + "products": { + "value": [ + { + "apis": [ + { + "name": "echo-api" + } + ], + "approvalRequired": false, + "groups": [ + { + "name": "developers" + } + ], + "name": "Starter", + "subscriptionRequired": false + } + ] + }, + "roleAssignments": { + "value": [ + { + "principalId": "", + "principalType": "ServicePrincipal", + "roleDefinitionIdOrName": "Owner" + }, + { + "principalId": "", + "principalType": "ServicePrincipal", + "roleDefinitionIdOrName": "b24988ac-6180-42a0-ab88-20f7382dd24c" + }, + { + "principalId": "", + "principalType": "ServicePrincipal", + "roleDefinitionIdOrName": "" + } + ] + }, + "subscriptions": { + "value": [ + { + "name": "testArmSubscriptionAllApis" + } + ] + }, + "tags": { + "value": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } + } + } +} +``` + +
+

+ +### Example 3: _WAF-aligned_ + +This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework. + + +

+ +via Bicep module + +```bicep +module service 'br/public:avm/res/api-management/service:' = { + name: '${uniqueString(deployment().name, location)}-test-apiswaf' + params: { + // Required parameters + name: 'apiswaf001' + publisherEmail: 'apimgmt-noreply@mail.windowsazure.com' + publisherName: 'az-amorg-x-001' + // Non-required parameters + apis: [ + { + apiVersionSet: { + name: 'echo-version-set' + properties: { + description: 'An echo API version set' + displayName: 'Echo version set' + versioningScheme: 'Segment' + } + } + description: 'An echo API service' + displayName: 'Echo API' + name: 'echo-api' + path: 'echo' + serviceUrl: 'https://echoapi.cloudapp.net/api' + } + ] + authorizationServers: { + secureList: [ + { + authorizationEndpoint: '' + clientId: 'apimClientid' + clientRegistrationEndpoint: 'https://localhost' + clientSecret: '' + grantTypes: [ + 'authorizationCode' + ] + name: 'AuthServer1' + tokenEndpoint: '' + } + ] + } + backends: [ + { + name: 'backend' + tls: { + validateCertificateChain: false + validateCertificateName: false + } + url: 'https://echoapi.cloudapp.net/api' + } + ] + caches: [ + { + connectionString: 'connectionstringtest' + name: 'westeurope' + useFromLocation: 'westeurope' + } + ] + customProperties: { + 'Microsoft.WindowsAzure.ApiManagement.Gateway.Protocols.Server.Http2': 'True' + 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30': 'False' + 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10': 'False' + 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11': 'False' + 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA': 'False' + 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA': 'False' + 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA': 'False' + 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA256': 'False' + 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_GCM_SHA256': 'False' + 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA': 'False' + 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA256': 'False' + 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TripleDes168': 'False' + 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Ssl30': 'False' + 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10': 'False' + 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11': 'False' + } + diagnosticSettings: [ + { + eventHubAuthorizationRuleResourceId: '' + eventHubName: '' + storageAccountResourceId: '' + workspaceResourceId: '' + } + ] + identityProviders: [ + { + allowedTenants: [ + 'mytenant.onmicrosoft.com' + ] + authority: '' + clientId: 'apimClientid' + clientSecret: '' + name: 'aad' + signinTenant: 'mytenant.onmicrosoft.com' + } + ] + location: '' + minApiVersion: '2021-08-01' + namedValues: [ + { + displayName: 'apimkey' + name: 'apimkey' + secret: true + } + ] + policies: [ + { + format: 'xml' + value: ' ' + } + ] + portalsettings: [ + { + name: 'signin' + properties: { + enabled: false + } + } + { + name: 'signup' + properties: { + enabled: false + termsOfService: { + consentRequired: false + enabled: false + } + } + } + ] + products: [ + { + apis: [ + { + name: 'echo-api' + } + ] + approvalRequired: true + description: 'This is an echo API' + displayName: 'Echo API' + groups: [ + { + name: 'developers' + } + ] + name: 'Starter' + subscriptionRequired: true + terms: 'By accessing or using the services provided by Echo API through Azure API Management you agree to be bound by these Terms of Use. These terms may be updated from time to time and your continued use of the services constitutes acceptance of any changes.' + } + ] + subscriptions: [ + { + name: 'testArmSubscriptionAllApis' + } + ] + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "apiswaf001" + }, + "publisherEmail": { + "value": "apimgmt-noreply@mail.windowsazure.com" + }, + "publisherName": { + "value": "az-amorg-x-001" + }, + // Non-required parameters + "apis": { + "value": [ + { + "apiVersionSet": { + "name": "echo-version-set", + "properties": { + "description": "An echo API version set", + "displayName": "Echo version set", + "versioningScheme": "Segment" + } + }, + "description": "An echo API service", + "displayName": "Echo API", + "name": "echo-api", + "path": "echo", + "serviceUrl": "https://echoapi.cloudapp.net/api" + } + ] + }, + "authorizationServers": { + "value": { + "secureList": [ + { + "authorizationEndpoint": "", + "clientId": "apimClientid", + "clientRegistrationEndpoint": "https://localhost", + "clientSecret": "", + "grantTypes": [ + "authorizationCode" + ], + "name": "AuthServer1", + "tokenEndpoint": "" + } + ] + } + }, + "backends": { + "value": [ + { + "name": "backend", + "tls": { + "validateCertificateChain": false, + "validateCertificateName": false + }, + "url": "https://echoapi.cloudapp.net/api" + } + ] + }, + "caches": { + "value": [ + { + "connectionString": "connectionstringtest", + "name": "westeurope", + "useFromLocation": "westeurope" + } + ] + }, + "customProperties": { + "value": { + "Microsoft.WindowsAzure.ApiManagement.Gateway.Protocols.Server.Http2": "True", + "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30": "False", + "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10": "False", + "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11": "False", + "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": "False", + "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": "False", + "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA": "False", + "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA256": "False", + "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_GCM_SHA256": "False", + "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA": "False", + "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA256": "False", + "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TripleDes168": "False", + "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Ssl30": "False", + "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10": "False", + "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11": "False" + } + }, + "diagnosticSettings": { + "value": [ + { + "eventHubAuthorizationRuleResourceId": "", + "eventHubName": "", + "storageAccountResourceId": "", + "workspaceResourceId": "" + } + ] + }, + "identityProviders": { + "value": [ + { + "allowedTenants": [ + "mytenant.onmicrosoft.com" + ], + "authority": "", + "clientId": "apimClientid", + "clientSecret": "", + "name": "aad", + "signinTenant": "mytenant.onmicrosoft.com" + } + ] + }, + "location": { + "value": "" + }, + "minApiVersion": { + "value": "2021-08-01" + }, + "namedValues": { + "value": [ + { + "displayName": "apimkey", + "name": "apimkey", + "secret": true + } + ] + }, + "policies": { + "value": [ + { + "format": "xml", + "value": " " + } + ] + }, + "portalsettings": { + "value": [ + { + "name": "signin", + "properties": { + "enabled": false + } + }, + { + "name": "signup", + "properties": { + "enabled": false, + "termsOfService": { + "consentRequired": false, + "enabled": false + } + } + } + ] + }, + "products": { + "value": [ + { + "apis": [ + { + "name": "echo-api" + } + ], + "approvalRequired": true, + "description": "This is an echo API", + "displayName": "Echo API", + "groups": [ + { + "name": "developers" + } + ], + "name": "Starter", + "subscriptionRequired": true, + "terms": "By accessing or using the services provided by Echo API through Azure API Management, you agree to be bound by these Terms of Use. These terms may be updated from time to time, and your continued use of the services constitutes acceptance of any changes." + } + ] + }, + "subscriptions": { + "value": [ + { + "name": "testArmSubscriptionAllApis" + } + ] + }, + "tags": { + "value": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } + } + } +} +``` + +
+

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the API Management service. | +| [`publisherEmail`](#parameter-publisheremail) | string | The email address of the owner of the service. | +| [`publisherName`](#parameter-publishername) | string | The name of the owner of the service. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`additionalLocations`](#parameter-additionallocations) | array | Additional datacenter locations of the API Management service. | +| [`apis`](#parameter-apis) | array | APIs. | +| [`apiVersionSets`](#parameter-apiversionsets) | array | API Version Sets. | +| [`authorizationServers`](#parameter-authorizationservers) | secureObject | Authorization servers. | +| [`backends`](#parameter-backends) | array | Backends. | +| [`caches`](#parameter-caches) | array | Caches. | +| [`certificates`](#parameter-certificates) | array | List of Certificates that need to be installed in the API Management service. Max supported certificates that can be installed is 10. | +| [`customProperties`](#parameter-customproperties) | object | Custom properties of the API Management service. | +| [`diagnosticSettings`](#parameter-diagnosticsettings) | array | The diagnostic settings of the service. | +| [`disableGateway`](#parameter-disablegateway) | bool | Property only valid for an API Management service deployed in multiple locations. This can be used to disable the gateway in master region. | +| [`enableClientCertificate`](#parameter-enableclientcertificate) | bool | Property only meant to be used for Consumption SKU Service. This enforces a client certificate to be presented on each request to the gateway. This also enables the ability to authenticate the certificate in the policy on the gateway. | +| [`enableTelemetry`](#parameter-enabletelemetry) | bool | Enable/Disable usage telemetry for module. | +| [`hostnameConfigurations`](#parameter-hostnameconfigurations) | array | Custom hostname configuration of the API Management service. | +| [`identityProviders`](#parameter-identityproviders) | array | Identity providers. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | +| [`managedIdentities`](#parameter-managedidentities) | object | The managed identity definition for this resource. | +| [`minApiVersion`](#parameter-minapiversion) | string | Limit control plane API calls to API Management service with version equal to or newer than this value. | +| [`namedValues`](#parameter-namedvalues) | array | Named values. | +| [`newGuidValue`](#parameter-newguidvalue) | string | Necessary to create a new GUID. | +| [`notificationSenderEmail`](#parameter-notificationsenderemail) | string | The notification sender email address for the service. | +| [`policies`](#parameter-policies) | array | Policies. | +| [`portalsettings`](#parameter-portalsettings) | array | Portal settings. | +| [`products`](#parameter-products) | array | Products. | +| [`restore`](#parameter-restore) | bool | Undelete API Management Service if it was previously soft-deleted. If this flag is specified and set to True all other properties will be ignored. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignments to create. | +| [`sku`](#parameter-sku) | string | The pricing tier of this API Management service. | +| [`skuCount`](#parameter-skucount) | int | The instance size of this API Management service. | +| [`subnetResourceId`](#parameter-subnetresourceid) | string | The full resource ID of a subnet in a virtual network to deploy the API Management service in. | +| [`subscriptions`](#parameter-subscriptions) | array | Subscriptions. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`virtualNetworkType`](#parameter-virtualnetworktype) | string | The type of VPN in which API Management service needs to be configured in. None (Default Value) means the API Management service is not part of any Virtual Network, External means the API Management deployment is set up inside a Virtual Network having an internet Facing Endpoint, and Internal means that API Management deployment is setup inside a Virtual Network having an Intranet Facing Endpoint only. | +| [`zones`](#parameter-zones) | array | A list of availability zones denoting where the resource needs to come from. | + +### Parameter: `name` + +The name of the API Management service. + +- Required: Yes +- Type: string + +### Parameter: `publisherEmail` + +The email address of the owner of the service. + +- Required: Yes +- Type: string + +### Parameter: `publisherName` + +The name of the owner of the service. + +- Required: Yes +- Type: string + +### Parameter: `additionalLocations` + +Additional datacenter locations of the API Management service. + +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `apis` + +APIs. + +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `apiVersionSets` + +API Version Sets. + +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `authorizationServers` + +Authorization servers. + +- Required: No +- Type: secureObject +- Default: `{}` + +### Parameter: `backends` + +Backends. + +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `caches` + +Caches. + +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `certificates` + +List of Certificates that need to be installed in the API Management service. Max supported certificates that can be installed is 10. + +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `customProperties` + +Custom properties of the API Management service. + +- Required: No +- Type: object +- Default: `{}` + +### Parameter: `diagnosticSettings` + +The diagnostic settings of the service. + +- Required: No +- Type: array + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | + +### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. + +- Required: No +- Type: string + +### Parameter: `diagnosticSettings.eventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. + +- Required: No +- Type: string + +### Parameter: `diagnosticSettings.logAnalyticsDestinationType` + +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` + +### Parameter: `diagnosticSettings.logCategoriesAndGroups` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. + +- Required: No +- Type: array + +### Parameter: `diagnosticSettings.marketplacePartnerResourceId` + +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. + +- Required: No +- Type: string + +### Parameter: `diagnosticSettings.metricCategories` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. + +- Required: No +- Type: array + +### Parameter: `diagnosticSettings.name` + +The name of diagnostic setting. + +- Required: No +- Type: string + +### Parameter: `diagnosticSettings.storageAccountResourceId` + +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. + +- Required: No +- Type: string + +### Parameter: `diagnosticSettings.workspaceResourceId` + +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. + +- Required: No +- Type: string + +### Parameter: `disableGateway` + +Property only valid for an API Management service deployed in multiple locations. This can be used to disable the gateway in master region. + +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableClientCertificate` + +Property only meant to be used for Consumption SKU Service. This enforces a client certificate to be presented on each request to the gateway. This also enables the ability to authenticate the certificate in the policy on the gateway. + +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableTelemetry` + +Enable/Disable usage telemetry for module. + +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `hostnameConfigurations` + +Custom hostname configuration of the API Management service. + +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `identityProviders` + +Identity providers. + +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all Resources. + +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +The lock settings of the service. + +- Required: No +- Type: object + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | + +### Parameter: `lock.kind` + +Specify the type of lock. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` + +### Parameter: `lock.name` + +Specify the name of lock. + +- Required: No +- Type: string + +### Parameter: `managedIdentities` + +The managed identity definition for this resource. + +- Required: No +- Type: object + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | + +### Parameter: `managedIdentities.systemAssigned` + +Enables system assigned managed identity on the resource. + +- Required: No +- Type: bool + +### Parameter: `managedIdentities.userAssignedResourceIds` + +The resource ID(s) to assign to the resource. + +- Required: No +- Type: array + +### Parameter: `minApiVersion` + +Limit control plane API calls to API Management service with version equal to or newer than this value. + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `namedValues` + +Named values. + +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `newGuidValue` + +Necessary to create a new GUID. + +- Required: No +- Type: string +- Default: `[newGuid()]` + +### Parameter: `notificationSenderEmail` + +The notification sender email address for the service. + +- Required: No +- Type: string +- Default: `'apimgmt-noreply@mail.windowsazure.com'` + +### Parameter: `policies` + +Policies. + +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `portalsettings` + +Portal settings. + +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `products` + +Products. + +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `restore` + +Undelete API Management Service if it was previously soft-deleted. If this flag is specified and set to True all other properties will be ignored. + +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `roleAssignments` + +Array of role assignments to create. + +- Required: No +- Type: array + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container". | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes +- Type: string + +### Parameter: `roleAssignments.roleDefinitionIdOrName` + +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + +- Required: Yes +- Type: string + +### Parameter: `roleAssignments.condition` + +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container". + +- Required: No +- Type: string + +### Parameter: `roleAssignments.conditionVersion` + +Version of the condition. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` + +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` + +The Resource Id of the delegated managed identity resource. + +- Required: No +- Type: string + +### Parameter: `roleAssignments.description` + +The description of the role assignment. + +- Required: No +- Type: string + +### Parameter: `roleAssignments.principalType` + +The principal type of the assigned principal ID. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` + +### Parameter: `sku` + +The pricing tier of this API Management service. + +- Required: No +- Type: string +- Default: `'Developer'` +- Allowed: + ```Bicep + [ + 'Basic' + 'Consumption' + 'Developer' + 'Premium' + 'Standard' + ] + ``` + +### Parameter: `skuCount` + +The instance size of this API Management service. + +- Required: No +- Type: int +- Default: `1` +- Allowed: + ```Bicep + [ + 1 + 2 + ] + ``` + +### Parameter: `subnetResourceId` + +The full resource ID of a subnet in a virtual network to deploy the API Management service in. + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `subscriptions` + +Subscriptions. + +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the resource. + +- Required: No +- Type: object + +### Parameter: `virtualNetworkType` + +The type of VPN in which API Management service needs to be configured in. None (Default Value) means the API Management service is not part of any Virtual Network, External means the API Management deployment is set up inside a Virtual Network having an internet Facing Endpoint, and Internal means that API Management deployment is setup inside a Virtual Network having an Intranet Facing Endpoint only. + +- Required: No +- Type: string +- Default: `'None'` +- Allowed: + ```Bicep + [ + 'External' + 'Internal' + 'None' + ] + ``` + +### Parameter: `zones` + +A list of availability zones denoting where the resource needs to come from. + +- Required: No +- Type: array +- Default: `[]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the API management service. | +| `resourceGroupName` | string | The resource group the API management service was deployed into. | +| `resourceId` | string | The resource ID of the API management service. | +| `systemAssignedMIPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +_None_ + +## Notes + +### Parameter Usage: `apiManagementServicePolicy` + +

+ +Parameter JSON format + +```json +"apiManagementServicePolicy": { + "value": { + "value":" ", + "format":"xml" + } +} +``` + +
+ +
+ +Bicep format + +```bicep +apiManagementServicePolicy: { + value:' ' + format:'xml' +} +``` + +
+

diff --git a/avm/res/api-management/service/api-version-set/README.md b/avm/res/api-management/service/api-version-set/README.md new file mode 100644 index 0000000000..5498f45bc8 --- /dev/null +++ b/avm/res/api-management/service/api-version-set/README.md @@ -0,0 +1,67 @@ +# API Management Service API Version Sets `[Microsoft.ApiManagement/service/apiVersionSets]` + +This module deploys an API Management Service API Version Set. + +## Navigation + +- [Resource Types](#Resource-Types) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Cross-referenced modules](#Cross-referenced-modules) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.ApiManagement/service/apiVersionSets` | [2021-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/apiVersionSets) | + +## Parameters + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | API Version set name. | +| [`properties`](#parameter-properties) | object | API Version set properties. | + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `name` + +API Version set name. + +- Required: No +- Type: string +- Default: `'default'` + +### Parameter: `properties` + +API Version set properties. + +- Required: No +- Type: object +- Default: `{}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the API Version set. | +| `resourceGroupName` | string | The resource group the API Version set was deployed into. | +| `resourceId` | string | The resource ID of the API Version set. | + +## Cross-referenced modules + +_None_ diff --git a/avm/res/api-management/service/api-version-set/main.bicep b/avm/res/api-management/service/api-version-set/main.bicep new file mode 100644 index 0000000000..f88e8d7132 --- /dev/null +++ b/avm/res/api-management/service/api-version-set/main.bicep @@ -0,0 +1,31 @@ +metadata name = 'API Management Service API Version Sets' +metadata description = 'This module deploys an API Management Service API Version Set.' +metadata owner = 'Azure/module-maintainers' + +@description('Conditional. The name of the parent API Management service. Required if the template is used in a standalone deployment.') +param apiManagementServiceName string + +@description('Optional. API Version set name.') +param name string = 'default' + +@description('Optional. API Version set properties.') +param properties object = {} + +resource service 'Microsoft.ApiManagement/service@2021-08-01' existing = { + name: apiManagementServiceName +} + +resource apiVersionSet 'Microsoft.ApiManagement/service/apiVersionSets@2021-08-01' = { + name: name + parent: service + properties: properties +} + +@description('The resource ID of the API Version set.') +output resourceId string = apiVersionSet.id + +@description('The name of the API Version set.') +output name string = apiVersionSet.name + +@description('The resource group the API Version set was deployed into.') +output resourceGroupName string = resourceGroup().name diff --git a/avm/res/api-management/service/api-version-set/main.json b/avm/res/api-management/service/api-version-set/main.json new file mode 100644 index 0000000000..913a365942 --- /dev/null +++ b/avm/res/api-management/service/api-version-set/main.json @@ -0,0 +1,67 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "14468307728701762315" + }, + "name": "API Management Service API Version Sets", + "description": "This module deploys an API Management Service API Version Set.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "apiManagementServiceName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent API Management service. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "defaultValue": "default", + "metadata": { + "description": "Optional. API Version set name." + } + }, + "properties": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. API Version set properties." + } + } + }, + "resources": [ + { + "type": "Microsoft.ApiManagement/service/apiVersionSets", + "apiVersion": "2021-08-01", + "name": "[format('{0}/{1}', parameters('apiManagementServiceName'), parameters('name'))]", + "properties": "[parameters('properties')]" + } + ], + "outputs": { + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the API Version set." + }, + "value": "[resourceId('Microsoft.ApiManagement/service/apiVersionSets', parameters('apiManagementServiceName'), parameters('name'))]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the API Version set." + }, + "value": "[parameters('name')]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the API Version set was deployed into." + }, + "value": "[resourceGroup().name]" + } + } +} \ No newline at end of file diff --git a/avm/res/api-management/service/api/README.md b/avm/res/api-management/service/api/README.md new file mode 100644 index 0000000000..ae92ec319b --- /dev/null +++ b/avm/res/api-management/service/api/README.md @@ -0,0 +1,275 @@ +# API Management Service APIs `[Microsoft.ApiManagement/service/apis]` + +This module deploys an API Management Service API. + +## Navigation + +- [Resource Types](#Resource-Types) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Cross-referenced modules](#Cross-referenced-modules) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.ApiManagement/service/apis` | [2021-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/apis) | +| `Microsoft.ApiManagement/service/apis/policies` | [2021-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/apis/policies) | + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`displayName`](#parameter-displayname) | string | API name. Must be 1 to 300 characters long. | +| [`name`](#parameter-name) | string | API revision identifier. Must be unique in the current API Management service instance. Non-current revision has ;rev=n as a suffix where n is the revision number. | +| [`path`](#parameter-path) | string | Relative URL uniquely identifying this API and all of its resource paths within the API Management service instance. It is appended to the API endpoint base URL specified during the service instance creation to form a public URL for this API. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`apiDescription`](#parameter-apidescription) | string | Description of the API. May include HTML formatting tags. | +| [`apiRevision`](#parameter-apirevision) | string | Describes the Revision of the API. If no value is provided, default revision 1 is created. | +| [`apiRevisionDescription`](#parameter-apirevisiondescription) | string | Description of the API Revision. | +| [`apiType`](#parameter-apitype) | string | Type of API to create. * http creates a REST API * soap creates a SOAP pass-through API * websocket creates websocket API * graphql creates GraphQL API. | +| [`apiVersion`](#parameter-apiversion) | string | Indicates the Version identifier of the API if the API is versioned. | +| [`apiVersionDescription`](#parameter-apiversiondescription) | string | Description of the API Version. | +| [`apiVersionSetId`](#parameter-apiversionsetid) | string | Indicates the Version identifier of the API version set. | +| [`authenticationSettings`](#parameter-authenticationsettings) | object | Collection of authentication settings included into this API. | +| [`format`](#parameter-format) | string | Format of the Content in which the API is getting imported. | +| [`isCurrent`](#parameter-iscurrent) | bool | Indicates if API revision is current API revision. | +| [`policies`](#parameter-policies) | array | Array of Policies to apply to the Service API. | +| [`protocols`](#parameter-protocols) | array | Describes on which protocols the operations in this API can be invoked. - HTTP or HTTPS. | +| [`serviceUrl`](#parameter-serviceurl) | string | Absolute URL of the backend service implementing this API. Cannot be more than 2000 characters long. | +| [`sourceApiId`](#parameter-sourceapiid) | string | API identifier of the source API. | +| [`subscriptionKeyParameterNames`](#parameter-subscriptionkeyparameternames) | object | Protocols over which API is made available. | +| [`subscriptionRequired`](#parameter-subscriptionrequired) | bool | Specifies whether an API or Product subscription is required for accessing the API. | +| [`type`](#parameter-type) | string | Type of API. | +| [`value`](#parameter-value) | string | Content value when Importing an API. | +| [`wsdlSelector`](#parameter-wsdlselector) | object | Criteria to limit import of WSDL to a subset of the document. | + +### Parameter: `displayName` + +API name. Must be 1 to 300 characters long. + +- Required: Yes +- Type: string + +### Parameter: `name` + +API revision identifier. Must be unique in the current API Management service instance. Non-current revision has ;rev=n as a suffix where n is the revision number. + +- Required: Yes +- Type: string + +### Parameter: `path` + +Relative URL uniquely identifying this API and all of its resource paths within the API Management service instance. It is appended to the API endpoint base URL specified during the service instance creation to form a public URL for this API. + +- Required: Yes +- Type: string + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `apiDescription` + +Description of the API. May include HTML formatting tags. + +- Required: No +- Type: string + +### Parameter: `apiRevision` + +Describes the Revision of the API. If no value is provided, default revision 1 is created. + +- Required: No +- Type: string + +### Parameter: `apiRevisionDescription` + +Description of the API Revision. + +- Required: No +- Type: string + +### Parameter: `apiType` + +Type of API to create. * http creates a REST API * soap creates a SOAP pass-through API * websocket creates websocket API * graphql creates GraphQL API. + +- Required: No +- Type: string +- Default: `'http'` +- Allowed: + ```Bicep + [ + 'graphql' + 'http' + 'soap' + 'websocket' + ] + ``` + +### Parameter: `apiVersion` + +Indicates the Version identifier of the API if the API is versioned. + +- Required: No +- Type: string + +### Parameter: `apiVersionDescription` + +Description of the API Version. + +- Required: No +- Type: string + +### Parameter: `apiVersionSetId` + +Indicates the Version identifier of the API version set. + +- Required: No +- Type: string + +### Parameter: `authenticationSettings` + +Collection of authentication settings included into this API. + +- Required: No +- Type: object + +### Parameter: `format` + +Format of the Content in which the API is getting imported. + +- Required: No +- Type: string +- Default: `'openapi'` +- Allowed: + ```Bicep + [ + 'openapi' + 'openapi-link' + 'openapi+json' + 'openapi+json-link' + 'swagger-json' + 'swagger-link-json' + 'wadl-link-json' + 'wadl-xml' + 'wsdl' + 'wsdl-link' + ] + ``` + +### Parameter: `isCurrent` + +Indicates if API revision is current API revision. + +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `policies` + +Array of Policies to apply to the Service API. + +- Required: No +- Type: array + +### Parameter: `protocols` + +Describes on which protocols the operations in this API can be invoked. - HTTP or HTTPS. + +- Required: No +- Type: array +- Default: + ```Bicep + [ + 'https' + ] + ``` + +### Parameter: `serviceUrl` + +Absolute URL of the backend service implementing this API. Cannot be more than 2000 characters long. + +- Required: No +- Type: string + +### Parameter: `sourceApiId` + +API identifier of the source API. + +- Required: No +- Type: string + +### Parameter: `subscriptionKeyParameterNames` + +Protocols over which API is made available. + +- Required: No +- Type: object + +### Parameter: `subscriptionRequired` + +Specifies whether an API or Product subscription is required for accessing the API. + +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `type` + +Type of API. + +- Required: No +- Type: string +- Default: `'http'` +- Allowed: + ```Bicep + [ + 'graphql' + 'http' + 'soap' + 'websocket' + ] + ``` + +### Parameter: `value` + +Content value when Importing an API. + +- Required: No +- Type: string + +### Parameter: `wsdlSelector` + +Criteria to limit import of WSDL to a subset of the document. + +- Required: No +- Type: object + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the API management service API. | +| `resourceGroupName` | string | The resource group the API management service API was deployed to. | +| `resourceId` | string | The resource ID of the API management service API. | + +## Cross-referenced modules + +_None_ diff --git a/avm/res/api-management/service/api/main.bicep b/avm/res/api-management/service/api/main.bicep new file mode 100644 index 0000000000..767444cedd --- /dev/null +++ b/avm/res/api-management/service/api/main.bicep @@ -0,0 +1,150 @@ +metadata name = 'API Management Service APIs' +metadata description = 'This module deploys an API Management Service API.' +metadata owner = 'Azure/module-maintainers' + +@description('Required. API revision identifier. Must be unique in the current API Management service instance. Non-current revision has ;rev=n as a suffix where n is the revision number.') +param name string + +@description('Optional. Array of Policies to apply to the Service API.') +param policies array? + +@description('Conditional. The name of the parent API Management service. Required if the template is used in a standalone deployment.') +param apiManagementServiceName string + +@description('Optional. Describes the Revision of the API. If no value is provided, default revision 1 is created.') +param apiRevision string? + +@description('Optional. Description of the API Revision.') +param apiRevisionDescription string? + +@description('Optional. Type of API to create. * http creates a REST API * soap creates a SOAP pass-through API * websocket creates websocket API * graphql creates GraphQL API.') +@allowed([ + 'graphql' + 'http' + 'soap' + 'websocket' +]) +param apiType string = 'http' + +@description('Optional. Indicates the Version identifier of the API if the API is versioned.') +param apiVersion string? + +@description('Optional. Indicates the Version identifier of the API version set.') +param apiVersionSetId string? + +@description('Optional. Description of the API Version.') +param apiVersionDescription string? + +@description('Optional. Collection of authentication settings included into this API.') +param authenticationSettings object? + +@description('Optional. Description of the API. May include HTML formatting tags.') +param apiDescription string? + +@description('Required. API name. Must be 1 to 300 characters long.') +@maxLength(300) +param displayName string + +@description('Optional. Format of the Content in which the API is getting imported.') +@allowed([ + 'wadl-xml' + 'wadl-link-json' + 'swagger-json' + 'swagger-link-json' + 'wsdl' + 'wsdl-link' + 'openapi' + 'openapi+json' + 'openapi-link' + 'openapi+json-link' +]) +param format string = 'openapi' + +@description('Optional. Indicates if API revision is current API revision.') +param isCurrent bool = true + +@description('Required. Relative URL uniquely identifying this API and all of its resource paths within the API Management service instance. It is appended to the API endpoint base URL specified during the service instance creation to form a public URL for this API.') +param path string + +@description('Optional. Describes on which protocols the operations in this API can be invoked. - HTTP or HTTPS.') +param protocols array = [ + 'https' +] + +@description('Optional. Absolute URL of the backend service implementing this API. Cannot be more than 2000 characters long.') +@maxLength(2000) +param serviceUrl string? + +@description('Optional. API identifier of the source API.') +param sourceApiId string? + +@description('Optional. Protocols over which API is made available.') +param subscriptionKeyParameterNames object? + +@description('Optional. Specifies whether an API or Product subscription is required for accessing the API.') +param subscriptionRequired bool = false + +@description('Optional. Type of API.') +@allowed([ + 'graphql' + 'http' + 'soap' + 'websocket' +]) +param type string = 'http' + +@description('Optional. Content value when Importing an API.') +param value string? + +@description('Optional. Criteria to limit import of WSDL to a subset of the document.') +param wsdlSelector object? + +resource service 'Microsoft.ApiManagement/service@2021-08-01' existing = { + name: apiManagementServiceName +} + +resource api 'Microsoft.ApiManagement/service/apis@2021-08-01' = { + name: name + parent: service + properties: { + apiRevision: apiRevision + apiRevisionDescription: apiRevisionDescription + apiType: apiType + apiVersion: apiVersion + apiVersionDescription: apiVersionDescription + apiVersionSetId: apiVersionSetId + authenticationSettings: authenticationSettings ?? {} + description: apiDescription ?? '' + displayName: displayName + format: !empty(value) ? format : null + isCurrent: isCurrent + path: path + protocols: protocols + serviceUrl: serviceUrl + sourceApiId: sourceApiId + subscriptionKeyParameterNames: subscriptionKeyParameterNames + subscriptionRequired: subscriptionRequired + type: type + value: value + wsdlSelector: wsdlSelector ?? {} + } +} + +module policy 'policy/main.bicep' = [for (policy, index) in policies ?? []: { + name: '${deployment().name}-Policy-${index}' + params: { + apiManagementServiceName: apiManagementServiceName + apiName: api.name + format: contains(policy, 'format') ? policy.format : 'xml' + value: policy.value + } +}] + +@description('The name of the API management service API.') +output name string = api.name + +@description('The resource ID of the API management service API.') +output resourceId string = api.id + +@description('The resource group the API management service API was deployed to.') +output resourceGroupName string = resourceGroup().name diff --git a/avm/res/api-management/service/api/main.json b/avm/res/api-management/service/api/main.json new file mode 100644 index 0000000000..124616b87e --- /dev/null +++ b/avm/res/api-management/service/api/main.json @@ -0,0 +1,381 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "8297194138144491601" + }, + "name": "API Management Service APIs", + "description": "This module deploys an API Management Service API.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. API revision identifier. Must be unique in the current API Management service instance. Non-current revision has ;rev=n as a suffix where n is the revision number." + } + }, + "policies": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. Array of Policies to apply to the Service API." + } + }, + "apiManagementServiceName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent API Management service. Required if the template is used in a standalone deployment." + } + }, + "apiRevision": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Describes the Revision of the API. If no value is provided, default revision 1 is created." + } + }, + "apiRevisionDescription": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Description of the API Revision." + } + }, + "apiType": { + "type": "string", + "defaultValue": "http", + "allowedValues": [ + "graphql", + "http", + "soap", + "websocket" + ], + "metadata": { + "description": "Optional. Type of API to create. * http creates a REST API * soap creates a SOAP pass-through API * websocket creates websocket API * graphql creates GraphQL API." + } + }, + "apiVersion": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Indicates the Version identifier of the API if the API is versioned." + } + }, + "apiVersionSetId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Indicates the Version identifier of the API version set." + } + }, + "apiVersionDescription": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Description of the API Version." + } + }, + "authenticationSettings": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. Collection of authentication settings included into this API." + } + }, + "apiDescription": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Description of the API. May include HTML formatting tags." + } + }, + "displayName": { + "type": "string", + "maxLength": 300, + "metadata": { + "description": "Required. API name. Must be 1 to 300 characters long." + } + }, + "format": { + "type": "string", + "defaultValue": "openapi", + "allowedValues": [ + "wadl-xml", + "wadl-link-json", + "swagger-json", + "swagger-link-json", + "wsdl", + "wsdl-link", + "openapi", + "openapi+json", + "openapi-link", + "openapi+json-link" + ], + "metadata": { + "description": "Optional. Format of the Content in which the API is getting imported." + } + }, + "isCurrent": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Indicates if API revision is current API revision." + } + }, + "path": { + "type": "string", + "metadata": { + "description": "Required. Relative URL uniquely identifying this API and all of its resource paths within the API Management service instance. It is appended to the API endpoint base URL specified during the service instance creation to form a public URL for this API." + } + }, + "protocols": { + "type": "array", + "defaultValue": [ + "https" + ], + "metadata": { + "description": "Optional. Describes on which protocols the operations in this API can be invoked. - HTTP or HTTPS." + } + }, + "serviceUrl": { + "type": "string", + "nullable": true, + "maxLength": 2000, + "metadata": { + "description": "Optional. Absolute URL of the backend service implementing this API. Cannot be more than 2000 characters long." + } + }, + "sourceApiId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. API identifier of the source API." + } + }, + "subscriptionKeyParameterNames": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. Protocols over which API is made available." + } + }, + "subscriptionRequired": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Specifies whether an API or Product subscription is required for accessing the API." + } + }, + "type": { + "type": "string", + "defaultValue": "http", + "allowedValues": [ + "graphql", + "http", + "soap", + "websocket" + ], + "metadata": { + "description": "Optional. Type of API." + } + }, + "value": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Content value when Importing an API." + } + }, + "wsdlSelector": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. Criteria to limit import of WSDL to a subset of the document." + } + } + }, + "resources": { + "service": { + "existing": true, + "type": "Microsoft.ApiManagement/service", + "apiVersion": "2021-08-01", + "name": "[parameters('apiManagementServiceName')]" + }, + "api": { + "type": "Microsoft.ApiManagement/service/apis", + "apiVersion": "2021-08-01", + "name": "[format('{0}/{1}', parameters('apiManagementServiceName'), parameters('name'))]", + "properties": { + "apiRevision": "[parameters('apiRevision')]", + "apiRevisionDescription": "[parameters('apiRevisionDescription')]", + "apiType": "[parameters('apiType')]", + "apiVersion": "[parameters('apiVersion')]", + "apiVersionDescription": "[parameters('apiVersionDescription')]", + "apiVersionSetId": "[parameters('apiVersionSetId')]", + "authenticationSettings": "[coalesce(parameters('authenticationSettings'), createObject())]", + "description": "[coalesce(parameters('apiDescription'), '')]", + "displayName": "[parameters('displayName')]", + "format": "[if(not(empty(parameters('value'))), parameters('format'), null())]", + "isCurrent": "[parameters('isCurrent')]", + "path": "[parameters('path')]", + "protocols": "[parameters('protocols')]", + "serviceUrl": "[parameters('serviceUrl')]", + "sourceApiId": "[parameters('sourceApiId')]", + "subscriptionKeyParameterNames": "[parameters('subscriptionKeyParameterNames')]", + "subscriptionRequired": "[parameters('subscriptionRequired')]", + "type": "[parameters('type')]", + "value": "[parameters('value')]", + "wsdlSelector": "[coalesce(parameters('wsdlSelector'), createObject())]" + }, + "dependsOn": [ + "service" + ] + }, + "policy": { + "copy": { + "name": "policy", + "count": "[length(coalesce(parameters('policies'), createArray()))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-Policy-{1}', deployment().name, copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "apiManagementServiceName": { + "value": "[parameters('apiManagementServiceName')]" + }, + "apiName": { + "value": "[parameters('name')]" + }, + "format": "[if(contains(coalesce(parameters('policies'), createArray())[copyIndex()], 'format'), createObject('value', coalesce(parameters('policies'), createArray())[copyIndex()].format), createObject('value', 'xml'))]", + "value": { + "value": "[coalesce(parameters('policies'), createArray())[copyIndex()].value]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "16094287091554497025" + }, + "name": "API Management Service APIs Policies", + "description": "This module deploys an API Management Service API Policy.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "apiManagementServiceName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent API Management service. Required if the template is used in a standalone deployment." + } + }, + "apiName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent API. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "defaultValue": "policy", + "metadata": { + "description": "Optional. The name of the policy." + } + }, + "format": { + "type": "string", + "defaultValue": "xml", + "allowedValues": [ + "rawxml", + "rawxml-link", + "xml", + "xml-link" + ], + "metadata": { + "description": "Optional. Format of the policyContent." + } + }, + "value": { + "type": "string", + "metadata": { + "description": "Required. Contents of the Policy as defined by the format." + } + } + }, + "resources": [ + { + "type": "Microsoft.ApiManagement/service/apis/policies", + "apiVersion": "2021-08-01", + "name": "[format('{0}/{1}/{2}', parameters('apiManagementServiceName'), parameters('apiName'), parameters('name'))]", + "properties": { + "format": "[parameters('format')]", + "value": "[parameters('value')]" + } + } + ], + "outputs": { + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the API policy." + }, + "value": "[resourceId('Microsoft.ApiManagement/service/apis/policies', parameters('apiManagementServiceName'), parameters('apiName'), parameters('name'))]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the API policy." + }, + "value": "[parameters('name')]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the API policy was deployed into." + }, + "value": "[resourceGroup().name]" + } + } + } + }, + "dependsOn": [ + "api" + ] + } + }, + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the API management service API." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the API management service API." + }, + "value": "[resourceId('Microsoft.ApiManagement/service/apis', parameters('apiManagementServiceName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the API management service API was deployed to." + }, + "value": "[resourceGroup().name]" + } + } +} \ No newline at end of file diff --git a/avm/res/api-management/service/api/policy/README.md b/avm/res/api-management/service/api/policy/README.md new file mode 100644 index 0000000000..09198c81a9 --- /dev/null +++ b/avm/res/api-management/service/api/policy/README.md @@ -0,0 +1,97 @@ +# API Management Service APIs Policies `[Microsoft.ApiManagement/service/apis/policies]` + +This module deploys an API Management Service API Policy. + +## Navigation + +- [Resource Types](#Resource-Types) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Cross-referenced modules](#Cross-referenced-modules) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.ApiManagement/service/apis/policies` | [2021-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/apis/policies) | + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`value`](#parameter-value) | string | Contents of the Policy as defined by the format. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`apiName`](#parameter-apiname) | string | The name of the parent API. Required if the template is used in a standalone deployment. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`format`](#parameter-format) | string | Format of the policyContent. | +| [`name`](#parameter-name) | string | The name of the policy. | + +### Parameter: `value` + +Contents of the Policy as defined by the format. + +- Required: Yes +- Type: string + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `apiName` + +The name of the parent API. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `format` + +Format of the policyContent. + +- Required: No +- Type: string +- Default: `'xml'` +- Allowed: + ```Bicep + [ + 'rawxml' + 'rawxml-link' + 'xml' + 'xml-link' + ] + ``` + +### Parameter: `name` + +The name of the policy. + +- Required: No +- Type: string +- Default: `'policy'` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the API policy. | +| `resourceGroupName` | string | The resource group the API policy was deployed into. | +| `resourceId` | string | The resource ID of the API policy. | + +## Cross-referenced modules + +_None_ diff --git a/avm/res/api-management/service/api/policy/main.bicep b/avm/res/api-management/service/api/policy/main.bicep new file mode 100644 index 0000000000..ea811e222f --- /dev/null +++ b/avm/res/api-management/service/api/policy/main.bicep @@ -0,0 +1,50 @@ +metadata name = 'API Management Service APIs Policies' +metadata description = 'This module deploys an API Management Service API Policy.' +metadata owner = 'Azure/module-maintainers' + +@description('Conditional. The name of the parent API Management service. Required if the template is used in a standalone deployment.') +param apiManagementServiceName string + +@description('Conditional. The name of the parent API. Required if the template is used in a standalone deployment.') +param apiName string + +@description('Optional. The name of the policy.') +param name string = 'policy' + +@description('Optional. Format of the policyContent.') +@allowed([ + 'rawxml' + 'rawxml-link' + 'xml' + 'xml-link' +]) +param format string = 'xml' + +@description('Required. Contents of the Policy as defined by the format.') +param value string + +resource service 'Microsoft.ApiManagement/service@2021-08-01' existing = { + name: apiManagementServiceName + + resource api 'apis@2021-08-01' existing = { + name: apiName + } +} + +resource policy 'Microsoft.ApiManagement/service/apis/policies@2021-08-01' = { + name: name + parent: service::api + properties: { + format: format + value: value + } +} + +@description('The resource ID of the API policy.') +output resourceId string = policy.id + +@description('The name of the API policy.') +output name string = policy.name + +@description('The resource group the API policy was deployed into.') +output resourceGroupName string = resourceGroup().name diff --git a/avm/res/api-management/service/api/policy/main.json b/avm/res/api-management/service/api/policy/main.json new file mode 100644 index 0000000000..291625981d --- /dev/null +++ b/avm/res/api-management/service/api/policy/main.json @@ -0,0 +1,88 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "16094287091554497025" + }, + "name": "API Management Service APIs Policies", + "description": "This module deploys an API Management Service API Policy.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "apiManagementServiceName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent API Management service. Required if the template is used in a standalone deployment." + } + }, + "apiName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent API. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "defaultValue": "policy", + "metadata": { + "description": "Optional. The name of the policy." + } + }, + "format": { + "type": "string", + "defaultValue": "xml", + "allowedValues": [ + "rawxml", + "rawxml-link", + "xml", + "xml-link" + ], + "metadata": { + "description": "Optional. Format of the policyContent." + } + }, + "value": { + "type": "string", + "metadata": { + "description": "Required. Contents of the Policy as defined by the format." + } + } + }, + "resources": [ + { + "type": "Microsoft.ApiManagement/service/apis/policies", + "apiVersion": "2021-08-01", + "name": "[format('{0}/{1}/{2}', parameters('apiManagementServiceName'), parameters('apiName'), parameters('name'))]", + "properties": { + "format": "[parameters('format')]", + "value": "[parameters('value')]" + } + } + ], + "outputs": { + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the API policy." + }, + "value": "[resourceId('Microsoft.ApiManagement/service/apis/policies', parameters('apiManagementServiceName'), parameters('apiName'), parameters('name'))]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the API policy." + }, + "value": "[parameters('name')]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the API policy was deployed into." + }, + "value": "[resourceGroup().name]" + } + } +} \ No newline at end of file diff --git a/avm/res/api-management/service/authorization-server/README.md b/avm/res/api-management/service/authorization-server/README.md new file mode 100644 index 0000000000..2394ac0477 --- /dev/null +++ b/avm/res/api-management/service/authorization-server/README.md @@ -0,0 +1,208 @@ +# API Management Service Authorization Servers `[Microsoft.ApiManagement/service/authorizationServers]` + +This module deploys an API Management Service Authorization Server. + +## Navigation + +- [Resource Types](#Resource-Types) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Cross-referenced modules](#Cross-referenced-modules) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.ApiManagement/service/authorizationServers` | [2021-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/authorizationServers) | + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`authorizationEndpoint`](#parameter-authorizationendpoint) | string | OAuth authorization endpoint. See . | +| [`clientId`](#parameter-clientid) | securestring | Client or app ID registered with this authorization server. | +| [`clientSecret`](#parameter-clientsecret) | securestring | Client or app secret registered with this authorization server. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value. | +| [`grantTypes`](#parameter-granttypes) | array | Form of an authorization grant, which the client uses to request the access token. - authorizationCode, implicit, resourceOwnerPassword, clientCredentials. | +| [`name`](#parameter-name) | string | Identifier of the authorization server. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`authorizationMethods`](#parameter-authorizationmethods) | array | HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional. - HEAD, OPTIONS, TRACE, GET, POST, PUT, PATCH, DELETE. | +| [`bearerTokenSendingMethods`](#parameter-bearertokensendingmethods) | array | Specifies the mechanism by which access token is passed to the API. - authorizationHeader or query. | +| [`clientAuthenticationMethod`](#parameter-clientauthenticationmethod) | array | Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format. - Basic or Body. | +| [`clientRegistrationEndpoint`](#parameter-clientregistrationendpoint) | string | Optional reference to a page where client or app registration for this authorization server is performed. Contains absolute URL to entity being referenced. | +| [`defaultScope`](#parameter-defaultscope) | string | Access token scope that is going to be requested by default. Can be overridden at the API level. Should be provided in the form of a string containing space-delimited values. | +| [`resourceOwnerPassword`](#parameter-resourceownerpassword) | string | Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner password. | +| [`resourceOwnerUsername`](#parameter-resourceownerusername) | string | Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner username. | +| [`serverDescription`](#parameter-serverdescription) | string | Description of the authorization server. Can contain HTML formatting tags. | +| [`supportState`](#parameter-supportstate) | bool | If true, authorization server will include state parameter from the authorization request to its response. Client may use state parameter to raise protocol security. | +| [`tokenBodyParameters`](#parameter-tokenbodyparameters) | array | Additional parameters required by the token endpoint of this authorization server represented as an array of JSON objects with name and value string properties, i.e. {"name" : "name value", "value": "a value"}. - TokenBodyParameterContract object. | +| [`tokenEndpoint`](#parameter-tokenendpoint) | string | OAuth token endpoint. Contains absolute URI to entity being referenced. | + +### Parameter: `authorizationEndpoint` + +OAuth authorization endpoint. See . + +- Required: Yes +- Type: string + +### Parameter: `clientId` + +Client or app ID registered with this authorization server. + +- Required: Yes +- Type: securestring + +### Parameter: `clientSecret` + +Client or app secret registered with this authorization server. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value. + +- Required: Yes +- Type: securestring + +### Parameter: `grantTypes` + +Form of an authorization grant, which the client uses to request the access token. - authorizationCode, implicit, resourceOwnerPassword, clientCredentials. + +- Required: Yes +- Type: array + +### Parameter: `name` + +Identifier of the authorization server. + +- Required: Yes +- Type: string + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `authorizationMethods` + +HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional. - HEAD, OPTIONS, TRACE, GET, POST, PUT, PATCH, DELETE. + +- Required: No +- Type: array +- Default: + ```Bicep + [ + 'GET' + ] + ``` + +### Parameter: `bearerTokenSendingMethods` + +Specifies the mechanism by which access token is passed to the API. - authorizationHeader or query. + +- Required: No +- Type: array +- Default: + ```Bicep + [ + 'authorizationHeader' + ] + ``` + +### Parameter: `clientAuthenticationMethod` + +Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format. - Basic or Body. + +- Required: No +- Type: array +- Default: + ```Bicep + [ + 'Basic' + ] + ``` + +### Parameter: `clientRegistrationEndpoint` + +Optional reference to a page where client or app registration for this authorization server is performed. Contains absolute URL to entity being referenced. + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `defaultScope` + +Access token scope that is going to be requested by default. Can be overridden at the API level. Should be provided in the form of a string containing space-delimited values. + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `resourceOwnerPassword` + +Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner password. + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `resourceOwnerUsername` + +Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner username. + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `serverDescription` + +Description of the authorization server. Can contain HTML formatting tags. + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `supportState` + +If true, authorization server will include state parameter from the authorization request to its response. Client may use state parameter to raise protocol security. + +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tokenBodyParameters` + +Additional parameters required by the token endpoint of this authorization server represented as an array of JSON objects with name and value string properties, i.e. {"name" : "name value", "value": "a value"}. - TokenBodyParameterContract object. + +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tokenEndpoint` + +OAuth token endpoint. Contains absolute URI to entity being referenced. + +- Required: No +- Type: string +- Default: `''` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the API management service authorization server. | +| `resourceGroupName` | string | The resource group the API management service authorization server was deployed into. | +| `resourceId` | string | The resource ID of the API management service authorization server. | + +## Cross-referenced modules + +_None_ diff --git a/avm/res/api-management/service/authorization-server/main.bicep b/avm/res/api-management/service/authorization-server/main.bicep new file mode 100644 index 0000000000..dfb9cb0d94 --- /dev/null +++ b/avm/res/api-management/service/authorization-server/main.bicep @@ -0,0 +1,104 @@ +metadata name = 'API Management Service Authorization Servers' +metadata description = 'This module deploys an API Management Service Authorization Server.' +metadata owner = 'Azure/module-maintainers' + +@description('Required. Identifier of the authorization server.') +param name string + +@description('Conditional. The name of the parent API Management service. Required if the template is used in a standalone deployment.') +param apiManagementServiceName string + +@description('Required. OAuth authorization endpoint. See .') +param authorizationEndpoint string + +@description('Optional. HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional. - HEAD, OPTIONS, TRACE, GET, POST, PUT, PATCH, DELETE.') +param authorizationMethods array = [ + 'GET' +] + +@description('Optional. Specifies the mechanism by which access token is passed to the API. - authorizationHeader or query.') +param bearerTokenSendingMethods array = [ + 'authorizationHeader' +] + +@description('Optional. Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format. - Basic or Body.') +param clientAuthenticationMethod array = [ + 'Basic' +] + +@description('Required. Client or app ID registered with this authorization server.') +@secure() +param clientId string + +@description('Optional. Optional reference to a page where client or app registration for this authorization server is performed. Contains absolute URL to entity being referenced.') +param clientRegistrationEndpoint string = '' + +@description('Required. Client or app secret registered with this authorization server. This property will not be filled on \'GET\' operations! Use \'/listSecrets\' POST request to get the value.') +@secure() +param clientSecret string + +@description('Optional. Access token scope that is going to be requested by default. Can be overridden at the API level. Should be provided in the form of a string containing space-delimited values.') +param defaultScope string = '' + +@description('Optional. Description of the authorization server. Can contain HTML formatting tags.') +param serverDescription string = '' + +@description('Required. Form of an authorization grant, which the client uses to request the access token. - authorizationCode, implicit, resourceOwnerPassword, clientCredentials.') +param grantTypes array + +@description('Optional. Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner password.') +#disable-next-line secure-secrets-in-params // Not a secret +param resourceOwnerPassword string = '' + +@description('Optional. Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner username.') +param resourceOwnerUsername string = '' + +@description('Optional. If true, authorization server will include state parameter from the authorization request to its response. Client may use state parameter to raise protocol security.') +param supportState bool = false + +@description('Optional. Additional parameters required by the token endpoint of this authorization server represented as an array of JSON objects with name and value string properties, i.e. {"name" : "name value", "value": "a value"}. - TokenBodyParameterContract object.') +param tokenBodyParameters array = [] + +@description('Optional. OAuth token endpoint. Contains absolute URI to entity being referenced.') +param tokenEndpoint string = '' + +var defaultAuthorizationMethods = [ + 'GET' +] +var setAuthorizationMethods = union(authorizationMethods, defaultAuthorizationMethods) + +resource service 'Microsoft.ApiManagement/service@2021-08-01' existing = { + name: apiManagementServiceName +} + +resource authorizationServer 'Microsoft.ApiManagement/service/authorizationServers@2021-08-01' = { + name: name + parent: service + properties: { + description: serverDescription + authorizationMethods: setAuthorizationMethods + clientAuthenticationMethod: clientAuthenticationMethod + tokenBodyParameters: tokenBodyParameters + tokenEndpoint: tokenEndpoint + supportState: supportState + defaultScope: defaultScope + bearerTokenSendingMethods: bearerTokenSendingMethods + resourceOwnerUsername: resourceOwnerUsername + resourceOwnerPassword: resourceOwnerPassword + displayName: name + clientRegistrationEndpoint: clientRegistrationEndpoint + authorizationEndpoint: authorizationEndpoint + grantTypes: grantTypes + clientId: clientId + clientSecret: clientSecret + } +} + +@description('The name of the API management service authorization server.') +output name string = authorizationServer.name + +@description('The resource ID of the API management service authorization server.') +output resourceId string = authorizationServer.id + +@description('The resource group the API management service authorization server was deployed into.') +output resourceGroupName string = resourceGroup().name diff --git a/avm/res/api-management/service/authorization-server/main.json b/avm/res/api-management/service/authorization-server/main.json new file mode 100644 index 0000000000..bdb750cafb --- /dev/null +++ b/avm/res/api-management/service/authorization-server/main.json @@ -0,0 +1,189 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "16321328968047142432" + }, + "name": "API Management Service Authorization Servers", + "description": "This module deploys an API Management Service Authorization Server.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. Identifier of the authorization server." + } + }, + "apiManagementServiceName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent API Management service. Required if the template is used in a standalone deployment." + } + }, + "authorizationEndpoint": { + "type": "string", + "metadata": { + "description": "Required. OAuth authorization endpoint. See ." + } + }, + "authorizationMethods": { + "type": "array", + "defaultValue": [ + "GET" + ], + "metadata": { + "description": "Optional. HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional. - HEAD, OPTIONS, TRACE, GET, POST, PUT, PATCH, DELETE." + } + }, + "bearerTokenSendingMethods": { + "type": "array", + "defaultValue": [ + "authorizationHeader" + ], + "metadata": { + "description": "Optional. Specifies the mechanism by which access token is passed to the API. - authorizationHeader or query." + } + }, + "clientAuthenticationMethod": { + "type": "array", + "defaultValue": [ + "Basic" + ], + "metadata": { + "description": "Optional. Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format. - Basic or Body." + } + }, + "clientId": { + "type": "securestring", + "metadata": { + "description": "Required. Client or app ID registered with this authorization server." + } + }, + "clientRegistrationEndpoint": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Optional reference to a page where client or app registration for this authorization server is performed. Contains absolute URL to entity being referenced." + } + }, + "clientSecret": { + "type": "securestring", + "metadata": { + "description": "Required. Client or app secret registered with this authorization server. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value." + } + }, + "defaultScope": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Access token scope that is going to be requested by default. Can be overridden at the API level. Should be provided in the form of a string containing space-delimited values." + } + }, + "serverDescription": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Description of the authorization server. Can contain HTML formatting tags." + } + }, + "grantTypes": { + "type": "array", + "metadata": { + "description": "Required. Form of an authorization grant, which the client uses to request the access token. - authorizationCode, implicit, resourceOwnerPassword, clientCredentials." + } + }, + "resourceOwnerPassword": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner password." + } + }, + "resourceOwnerUsername": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner username." + } + }, + "supportState": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. If true, authorization server will include state parameter from the authorization request to its response. Client may use state parameter to raise protocol security." + } + }, + "tokenBodyParameters": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Additional parameters required by the token endpoint of this authorization server represented as an array of JSON objects with name and value string properties, i.e. {\"name\" : \"name value\", \"value\": \"a value\"}. - TokenBodyParameterContract object." + } + }, + "tokenEndpoint": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. OAuth token endpoint. Contains absolute URI to entity being referenced." + } + } + }, + "variables": { + "defaultAuthorizationMethods": [ + "GET" + ], + "setAuthorizationMethods": "[union(parameters('authorizationMethods'), variables('defaultAuthorizationMethods'))]" + }, + "resources": [ + { + "type": "Microsoft.ApiManagement/service/authorizationServers", + "apiVersion": "2021-08-01", + "name": "[format('{0}/{1}', parameters('apiManagementServiceName'), parameters('name'))]", + "properties": { + "description": "[parameters('serverDescription')]", + "authorizationMethods": "[variables('setAuthorizationMethods')]", + "clientAuthenticationMethod": "[parameters('clientAuthenticationMethod')]", + "tokenBodyParameters": "[parameters('tokenBodyParameters')]", + "tokenEndpoint": "[parameters('tokenEndpoint')]", + "supportState": "[parameters('supportState')]", + "defaultScope": "[parameters('defaultScope')]", + "bearerTokenSendingMethods": "[parameters('bearerTokenSendingMethods')]", + "resourceOwnerUsername": "[parameters('resourceOwnerUsername')]", + "resourceOwnerPassword": "[parameters('resourceOwnerPassword')]", + "displayName": "[parameters('name')]", + "clientRegistrationEndpoint": "[parameters('clientRegistrationEndpoint')]", + "authorizationEndpoint": "[parameters('authorizationEndpoint')]", + "grantTypes": "[parameters('grantTypes')]", + "clientId": "[parameters('clientId')]", + "clientSecret": "[parameters('clientSecret')]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the API management service authorization server." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the API management service authorization server." + }, + "value": "[resourceId('Microsoft.ApiManagement/service/authorizationServers', parameters('apiManagementServiceName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the API management service authorization server was deployed into." + }, + "value": "[resourceGroup().name]" + } + } +} \ No newline at end of file diff --git a/avm/res/api-management/service/backend/README.md b/avm/res/api-management/service/backend/README.md new file mode 100644 index 0000000000..a0a8c926cf --- /dev/null +++ b/avm/res/api-management/service/backend/README.md @@ -0,0 +1,221 @@ +# API Management Service Backends `[Microsoft.ApiManagement/service/backends]` + +This module deploys an API Management Service Backend. + +## Navigation + +- [Resource Types](#Resource-Types) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Cross-referenced modules](#Cross-referenced-modules) +- [Notes](#Notes) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.ApiManagement/service/backends` | [2021-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/backends) | + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Backend Name. | +| [`url`](#parameter-url) | string | Runtime URL of the Backend. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`credentials`](#parameter-credentials) | object | Backend Credentials Contract Properties. | +| [`description`](#parameter-description) | string | Backend Description. | +| [`protocol`](#parameter-protocol) | string | Backend communication protocol. - http or soap. | +| [`proxy`](#parameter-proxy) | object | Backend Proxy Contract Properties. | +| [`resourceId`](#parameter-resourceid) | string | Management Uri of the Resource in External System. This URL can be the Arm Resource ID of Logic Apps, Function Apps or API Apps. | +| [`serviceFabricCluster`](#parameter-servicefabriccluster) | object | Backend Service Fabric Cluster Properties. | +| [`title`](#parameter-title) | string | Backend Title. | +| [`tls`](#parameter-tls) | object | Backend TLS Properties. | + +### Parameter: `name` + +Backend Name. + +- Required: Yes +- Type: string + +### Parameter: `url` + +Runtime URL of the Backend. + +- Required: Yes +- Type: string + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `credentials` + +Backend Credentials Contract Properties. + +- Required: No +- Type: object + +### Parameter: `description` + +Backend Description. + +- Required: No +- Type: string + +### Parameter: `protocol` + +Backend communication protocol. - http or soap. + +- Required: No +- Type: string +- Default: `'http'` + +### Parameter: `proxy` + +Backend Proxy Contract Properties. + +- Required: No +- Type: object + +### Parameter: `resourceId` + +Management Uri of the Resource in External System. This URL can be the Arm Resource ID of Logic Apps, Function Apps or API Apps. + +- Required: No +- Type: string + +### Parameter: `serviceFabricCluster` + +Backend Service Fabric Cluster Properties. + +- Required: No +- Type: object + +### Parameter: `title` + +Backend Title. + +- Required: No +- Type: string + +### Parameter: `tls` + +Backend TLS Properties. + +- Required: No +- Type: object +- Default: + ```Bicep + { + validateCertificateChain: false + validateCertificateName: false + } + ``` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the API management service backend. | +| `resourceGroupName` | string | The resource group the API management service backend was deployed into. | +| `resourceId` | string | The resource ID of the API management service backend. | + +## Cross-referenced modules + +_None_ + +## Notes + +### Parameter Usage: `credentials` + +

+ +Parameter JSON format + +```json +"credentials": { + "value":{ + "certificate": [ + "string" + ], + "query": {}, + "header": {}, + "authorization": { + "scheme": "Authentication Scheme name.-string", + "parameter": "Authentication Parameter value. - string" + } + } +} +``` + +
+ +
+ +Bicep format + +```bicep +credentials: { + certificate: [ + 'string' + ] + query: {} + header: {} + authorization: { + scheme: 'Authentication Scheme name.-string' + parameter: 'Authentication Parameter value. - string' + } +} +``` + +
+

+ +### Parameter Usage: `tls` + +

+ +Parameter JSON format + +```json +"tls": { + "value":{ + "validateCertificateChain": "Flag indicating whether SSL certificate chain validation should be done when using self-signed certificates for this backend host. - boolean", + "validateCertificateName": "Flag indicating whether SSL certificate name validation should be done when using self-signed certificates for this backend host. - boolean" + } +} +``` + +
+ +
+ +Bicep format + +```bicep +tls: { + validateCertificateChain: 'Flag indicating whether SSL certificate chain validation should be done when using self-signed certificates for this backend host. - boolean' + validateCertificateName: 'Flag indicating whether SSL certificate name validation should be done when using self-signed certificates for this backend host. - boolean' +} +``` + +
+

diff --git a/avm/res/api-management/service/backend/main.bicep b/avm/res/api-management/service/backend/main.bicep new file mode 100644 index 0000000000..664b33ea45 --- /dev/null +++ b/avm/res/api-management/service/backend/main.bicep @@ -0,0 +1,70 @@ +metadata name = 'API Management Service Backends' +metadata description = 'This module deploys an API Management Service Backend.' +metadata owner = 'Azure/module-maintainers' + +@sys.description('Conditional. The name of the parent API Management service. Required if the template is used in a standalone deployment.') +param apiManagementServiceName string + +@sys.description('Required. Backend Name.') +param name string + +@sys.description('Optional. Backend Credentials Contract Properties.') +param credentials object? + +@sys.description('Optional. Backend Description.') +param description string? + +@sys.description('Optional. Backend communication protocol. - http or soap.') +param protocol string = 'http' + +@sys.description('Optional. Backend Proxy Contract Properties.') +param proxy object? + +@sys.description('Optional. Management Uri of the Resource in External System. This URL can be the Arm Resource ID of Logic Apps, Function Apps or API Apps.') +param resourceId string? + +@sys.description('Optional. Backend Service Fabric Cluster Properties.') +param serviceFabricCluster object? + +@sys.description('Optional. Backend Title.') +param title string? + +@sys.description('Optional. Backend TLS Properties.') +param tls object = { + validateCertificateChain: false + validateCertificateName: false +} + +@sys.description('Required. Runtime URL of the Backend.') +param url string + +resource service 'Microsoft.ApiManagement/service@2021-08-01' existing = { + name: apiManagementServiceName +} + +resource backend 'Microsoft.ApiManagement/service/backends@2021-08-01' = { + name: name + parent: service + properties: { + title: title + description: description + resourceId: resourceId + properties: { + serviceFabricCluster: serviceFabricCluster + } + credentials: credentials + proxy: proxy + tls: tls + url: url + protocol: protocol + } +} + +@sys.description('The resource ID of the API management service backend.') +output resourceId string = backend.id + +@sys.description('The name of the API management service backend.') +output name string = backend.name + +@sys.description('The resource group the API management service backend was deployed into.') +output resourceGroupName string = resourceGroup().name diff --git a/avm/res/api-management/service/backend/main.json b/avm/res/api-management/service/backend/main.json new file mode 100644 index 0000000000..8609f29826 --- /dev/null +++ b/avm/res/api-management/service/backend/main.json @@ -0,0 +1,146 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "17308512999364094689" + }, + "name": "API Management Service Backends", + "description": "This module deploys an API Management Service Backend.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "apiManagementServiceName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent API Management service. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "metadata": { + "description": "Required. Backend Name." + } + }, + "credentials": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. Backend Credentials Contract Properties." + } + }, + "description": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Backend Description." + } + }, + "protocol": { + "type": "string", + "defaultValue": "http", + "metadata": { + "description": "Optional. Backend communication protocol. - http or soap." + } + }, + "proxy": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. Backend Proxy Contract Properties." + } + }, + "resourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Management Uri of the Resource in External System. This URL can be the Arm Resource ID of Logic Apps, Function Apps or API Apps." + } + }, + "serviceFabricCluster": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. Backend Service Fabric Cluster Properties." + } + }, + "title": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Backend Title." + } + }, + "tls": { + "type": "object", + "defaultValue": { + "validateCertificateChain": false, + "validateCertificateName": false + }, + "metadata": { + "description": "Optional. Backend TLS Properties." + } + }, + "url": { + "type": "string", + "metadata": { + "description": "Required. Runtime URL of the Backend." + } + } + }, + "resources": { + "service": { + "existing": true, + "type": "Microsoft.ApiManagement/service", + "apiVersion": "2021-08-01", + "name": "[parameters('apiManagementServiceName')]" + }, + "backend": { + "type": "Microsoft.ApiManagement/service/backends", + "apiVersion": "2021-08-01", + "name": "[format('{0}/{1}', parameters('apiManagementServiceName'), parameters('name'))]", + "properties": { + "title": "[parameters('title')]", + "description": "[parameters('description')]", + "resourceId": "[parameters('resourceId')]", + "properties": { + "serviceFabricCluster": "[parameters('serviceFabricCluster')]" + }, + "credentials": "[parameters('credentials')]", + "proxy": "[parameters('proxy')]", + "tls": "[parameters('tls')]", + "url": "[parameters('url')]", + "protocol": "[parameters('protocol')]" + }, + "dependsOn": [ + "service" + ] + } + }, + "outputs": { + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the API management service backend." + }, + "value": "[resourceId('Microsoft.ApiManagement/service/backends', parameters('apiManagementServiceName'), parameters('name'))]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the API management service backend." + }, + "value": "[parameters('name')]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the API management service backend was deployed into." + }, + "value": "[resourceGroup().name]" + } + } +} \ No newline at end of file diff --git a/avm/res/api-management/service/cache/README.md b/avm/res/api-management/service/cache/README.md new file mode 100644 index 0000000000..54308ae923 --- /dev/null +++ b/avm/res/api-management/service/cache/README.md @@ -0,0 +1,94 @@ +# API Management Service Caches `[Microsoft.ApiManagement/service/caches]` + +This module deploys an API Management Service Cache. + +## Navigation + +- [Resource Types](#Resource-Types) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Cross-referenced modules](#Cross-referenced-modules) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.ApiManagement/service/caches` | [2021-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/caches) | + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`connectionString`](#parameter-connectionstring) | string | Runtime connection string to cache. Can be referenced by a named value like so, {{}}. | +| [`name`](#parameter-name) | string | Identifier of the Cache entity. Cache identifier (should be either 'default' or valid Azure region identifier). | +| [`useFromLocation`](#parameter-usefromlocation) | string | Location identifier to use cache from (should be either 'default' or valid Azure region identifier). | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | Cache description. | +| [`resourceId`](#parameter-resourceid) | string | Original uri of entity in external system cache points to. | + +### Parameter: `connectionString` + +Runtime connection string to cache. Can be referenced by a named value like so, {{}}. + +- Required: Yes +- Type: string + +### Parameter: `name` + +Identifier of the Cache entity. Cache identifier (should be either 'default' or valid Azure region identifier). + +- Required: Yes +- Type: string + +### Parameter: `useFromLocation` + +Location identifier to use cache from (should be either 'default' or valid Azure region identifier). + +- Required: Yes +- Type: string + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `description` + +Cache description. + +- Required: No +- Type: string + +### Parameter: `resourceId` + +Original uri of entity in external system cache points to. + +- Required: No +- Type: string + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the API management service cache. | +| `resourceGroupName` | string | The resource group the API management service cache was deployed into. | +| `resourceId` | string | The resource ID of the API management service cache. | + +## Cross-referenced modules + +_None_ diff --git a/avm/res/api-management/service/cache/main.bicep b/avm/res/api-management/service/cache/main.bicep new file mode 100644 index 0000000000..9cd0f53888 --- /dev/null +++ b/avm/res/api-management/service/cache/main.bicep @@ -0,0 +1,45 @@ +metadata name = 'API Management Service Caches' +metadata description = 'This module deploys an API Management Service Cache.' +metadata owner = 'Azure/module-maintainers' + +@sys.description('Conditional. The name of the parent API Management service. Required if the template is used in a standalone deployment.') +param apiManagementServiceName string + +@sys.description('Required. Identifier of the Cache entity. Cache identifier (should be either \'default\' or valid Azure region identifier).') +param name string + +@sys.description('Required. Runtime connection string to cache. Can be referenced by a named value like so, {{}}.') +param connectionString string + +@sys.description('Optional. Cache description.') +param description string? + +@sys.description('Optional. Original uri of entity in external system cache points to.') +param resourceId string? + +@sys.description('Required. Location identifier to use cache from (should be either \'default\' or valid Azure region identifier).') +param useFromLocation string + +resource service 'Microsoft.ApiManagement/service@2021-08-01' existing = { + name: apiManagementServiceName +} + +resource cache 'Microsoft.ApiManagement/service/caches@2021-08-01' = { + name: name + parent: service + properties: { + description: description + connectionString: connectionString + useFromLocation: useFromLocation + resourceId: resourceId + } +} + +@sys.description('The resource ID of the API management service cache.') +output resourceId string = cache.id + +@sys.description('The name of the API management service cache.') +output name string = cache.name + +@sys.description('The resource group the API management service cache was deployed into.') +output resourceGroupName string = resourceGroup().name diff --git a/avm/res/api-management/service/cache/main.json b/avm/res/api-management/service/cache/main.json new file mode 100644 index 0000000000..a451e0d0a6 --- /dev/null +++ b/avm/res/api-management/service/cache/main.json @@ -0,0 +1,100 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "16122304424283274558" + }, + "name": "API Management Service Caches", + "description": "This module deploys an API Management Service Cache.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "apiManagementServiceName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent API Management service. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "metadata": { + "description": "Required. Identifier of the Cache entity. Cache identifier (should be either 'default' or valid Azure region identifier)." + } + }, + "connectionString": { + "type": "string", + "metadata": { + "description": "Required. Runtime connection string to cache. Can be referenced by a named value like so, {{}}." + } + }, + "description": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Cache description." + } + }, + "resourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Original uri of entity in external system cache points to." + } + }, + "useFromLocation": { + "type": "string", + "metadata": { + "description": "Required. Location identifier to use cache from (should be either 'default' or valid Azure region identifier)." + } + } + }, + "resources": { + "service": { + "existing": true, + "type": "Microsoft.ApiManagement/service", + "apiVersion": "2021-08-01", + "name": "[parameters('apiManagementServiceName')]" + }, + "cache": { + "type": "Microsoft.ApiManagement/service/caches", + "apiVersion": "2021-08-01", + "name": "[format('{0}/{1}', parameters('apiManagementServiceName'), parameters('name'))]", + "properties": { + "description": "[parameters('description')]", + "connectionString": "[parameters('connectionString')]", + "useFromLocation": "[parameters('useFromLocation')]", + "resourceId": "[parameters('resourceId')]" + }, + "dependsOn": [ + "service" + ] + } + }, + "outputs": { + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the API management service cache." + }, + "value": "[resourceId('Microsoft.ApiManagement/service/caches', parameters('apiManagementServiceName'), parameters('name'))]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the API management service cache." + }, + "value": "[parameters('name')]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the API management service cache was deployed into." + }, + "value": "[resourceGroup().name]" + } + } +} \ No newline at end of file diff --git a/avm/res/api-management/service/identity-provider/README.md b/avm/res/api-management/service/identity-provider/README.md new file mode 100644 index 0000000000..8fd7e96911 --- /dev/null +++ b/avm/res/api-management/service/identity-provider/README.md @@ -0,0 +1,163 @@ +# API Management Service Identity Providers `[Microsoft.ApiManagement/service/identityProviders]` + +This module deploys an API Management Service Identity Provider. + +## Navigation + +- [Resource Types](#Resource-Types) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Cross-referenced modules](#Cross-referenced-modules) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.ApiManagement/service/identityProviders` | [2021-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/identityProviders) | + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Identity provider name. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`clientId`](#parameter-clientid) | string | Client ID of the Application in the external Identity Provider. Required if identity provider is used. | +| [`clientSecret`](#parameter-clientsecret) | securestring | Client secret of the Application in external Identity Provider, used to authenticate login request. Required if identity provider is used. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`allowedTenants`](#parameter-allowedtenants) | array | List of Allowed Tenants when configuring Azure Active Directory login. - string. | +| [`authority`](#parameter-authority) | string | OpenID Connect discovery endpoint hostname for AAD or AAD B2C. | +| [`passwordResetPolicyName`](#parameter-passwordresetpolicyname) | string | Password Reset Policy Name. Only applies to AAD B2C Identity Provider. | +| [`profileEditingPolicyName`](#parameter-profileeditingpolicyname) | string | Profile Editing Policy Name. Only applies to AAD B2C Identity Provider. | +| [`signInPolicyName`](#parameter-signinpolicyname) | string | Signin Policy Name. Only applies to AAD B2C Identity Provider. | +| [`signInTenant`](#parameter-signintenant) | string | The TenantId to use instead of Common when logging into Active Directory. | +| [`signUpPolicyName`](#parameter-signuppolicyname) | string | Signup Policy Name. Only applies to AAD B2C Identity Provider. | +| [`type`](#parameter-type) | string | Identity Provider Type identifier. | + +### Parameter: `name` + +Identity provider name. + +- Required: Yes +- Type: string + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `clientId` + +Client ID of the Application in the external Identity Provider. Required if identity provider is used. + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `clientSecret` + +Client secret of the Application in external Identity Provider, used to authenticate login request. Required if identity provider is used. + +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `allowedTenants` + +List of Allowed Tenants when configuring Azure Active Directory login. - string. + +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `authority` + +OpenID Connect discovery endpoint hostname for AAD or AAD B2C. + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `passwordResetPolicyName` + +Password Reset Policy Name. Only applies to AAD B2C Identity Provider. + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `profileEditingPolicyName` + +Profile Editing Policy Name. Only applies to AAD B2C Identity Provider. + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `signInPolicyName` + +Signin Policy Name. Only applies to AAD B2C Identity Provider. + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `signInTenant` + +The TenantId to use instead of Common when logging into Active Directory. + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `signUpPolicyName` + +Signup Policy Name. Only applies to AAD B2C Identity Provider. + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `type` + +Identity Provider Type identifier. + +- Required: No +- Type: string +- Default: `'aad'` +- Allowed: + ```Bicep + [ + 'aad' + 'aadB2C' + 'facebook' + 'google' + 'microsoft' + 'twitter' + ] + ``` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the API management service identity provider. | +| `resourceGroupName` | string | The resource group the API management service identity provider was deployed into. | +| `resourceId` | string | The resource ID of the API management service identity provider. | + +## Cross-referenced modules + +_None_ diff --git a/avm/res/api-management/service/identity-provider/main.bicep b/avm/res/api-management/service/identity-provider/main.bicep new file mode 100644 index 0000000000..bdcbcf58f1 --- /dev/null +++ b/avm/res/api-management/service/identity-provider/main.bicep @@ -0,0 +1,81 @@ +metadata name = 'API Management Service Identity Providers' +metadata description = 'This module deploys an API Management Service Identity Provider.' +metadata owner = 'Azure/module-maintainers' + +@description('Conditional. The name of the parent API Management service. Required if the template is used in a standalone deployment.') +param apiManagementServiceName string + +@description('Optional. List of Allowed Tenants when configuring Azure Active Directory login. - string.') +param allowedTenants array = [] + +@description('Optional. OpenID Connect discovery endpoint hostname for AAD or AAD B2C.') +param authority string = '' + +@description('Conditional. Client ID of the Application in the external Identity Provider. Required if identity provider is used.') +param clientId string = '' + +@description('Conditional. Client secret of the Application in external Identity Provider, used to authenticate login request. Required if identity provider is used.') +@secure() +param clientSecret string = '' + +@description('Optional. Password Reset Policy Name. Only applies to AAD B2C Identity Provider.') +#disable-next-line secure-secrets-in-params // Not a secret +param passwordResetPolicyName string = '' + +@description('Optional. Profile Editing Policy Name. Only applies to AAD B2C Identity Provider.') +param profileEditingPolicyName string = '' + +@description('Optional. Signin Policy Name. Only applies to AAD B2C Identity Provider.') +param signInPolicyName string = '' + +@description('Optional. The TenantId to use instead of Common when logging into Active Directory.') +param signInTenant string = '' + +@description('Optional. Signup Policy Name. Only applies to AAD B2C Identity Provider.') +param signUpPolicyName string = '' + +@description('Optional. Identity Provider Type identifier.') +@allowed([ + 'aad' + 'aadB2C' + 'facebook' + 'google' + 'microsoft' + 'twitter' +]) +param type string = 'aad' + +@description('Required. Identity provider name.') +param name string + +var isAadB2C = (type == 'aadB2C') + +resource service 'Microsoft.ApiManagement/service@2021-08-01' existing = { + name: apiManagementServiceName +} + +resource identityProvider 'Microsoft.ApiManagement/service/identityProviders@2021-08-01' = { + name: name + parent: service + properties: { + type: type + signinTenant: signInTenant + allowedTenants: allowedTenants + authority: authority + signupPolicyName: isAadB2C ? signUpPolicyName : null + signinPolicyName: isAadB2C ? signInPolicyName : null + profileEditingPolicyName: isAadB2C ? profileEditingPolicyName : null + passwordResetPolicyName: isAadB2C ? passwordResetPolicyName : null + clientId: clientId + clientSecret: clientSecret + } +} + +@description('The resource ID of the API management service identity provider.') +output resourceId string = identityProvider.id + +@description('The name of the API management service identity provider.') +output name string = identityProvider.name + +@description('The resource group the API management service identity provider was deployed into.') +output resourceGroupName string = resourceGroup().name diff --git a/avm/res/api-management/service/identity-provider/main.json b/avm/res/api-management/service/identity-provider/main.json new file mode 100644 index 0000000000..9d70a1a492 --- /dev/null +++ b/avm/res/api-management/service/identity-provider/main.json @@ -0,0 +1,151 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "2386575276292873532" + }, + "name": "API Management Service Identity Providers", + "description": "This module deploys an API Management Service Identity Provider.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "apiManagementServiceName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent API Management service. Required if the template is used in a standalone deployment." + } + }, + "allowedTenants": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. List of Allowed Tenants when configuring Azure Active Directory login. - string." + } + }, + "authority": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. OpenID Connect discovery endpoint hostname for AAD or AAD B2C." + } + }, + "clientId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Conditional. Client ID of the Application in the external Identity Provider. Required if identity provider is used." + } + }, + "clientSecret": { + "type": "securestring", + "defaultValue": "", + "metadata": { + "description": "Conditional. Client secret of the Application in external Identity Provider, used to authenticate login request. Required if identity provider is used." + } + }, + "passwordResetPolicyName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Password Reset Policy Name. Only applies to AAD B2C Identity Provider." + } + }, + "profileEditingPolicyName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Profile Editing Policy Name. Only applies to AAD B2C Identity Provider." + } + }, + "signInPolicyName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Signin Policy Name. Only applies to AAD B2C Identity Provider." + } + }, + "signInTenant": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The TenantId to use instead of Common when logging into Active Directory." + } + }, + "signUpPolicyName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Signup Policy Name. Only applies to AAD B2C Identity Provider." + } + }, + "type": { + "type": "string", + "defaultValue": "aad", + "allowedValues": [ + "aad", + "aadB2C", + "facebook", + "google", + "microsoft", + "twitter" + ], + "metadata": { + "description": "Optional. Identity Provider Type identifier." + } + }, + "name": { + "type": "string", + "metadata": { + "description": "Required. Identity provider name." + } + } + }, + "variables": { + "isAadB2C": "[equals(parameters('type'), 'aadB2C')]" + }, + "resources": [ + { + "type": "Microsoft.ApiManagement/service/identityProviders", + "apiVersion": "2021-08-01", + "name": "[format('{0}/{1}', parameters('apiManagementServiceName'), parameters('name'))]", + "properties": { + "type": "[parameters('type')]", + "signinTenant": "[parameters('signInTenant')]", + "allowedTenants": "[parameters('allowedTenants')]", + "authority": "[parameters('authority')]", + "signupPolicyName": "[if(variables('isAadB2C'), parameters('signUpPolicyName'), null())]", + "signinPolicyName": "[if(variables('isAadB2C'), parameters('signInPolicyName'), null())]", + "profileEditingPolicyName": "[if(variables('isAadB2C'), parameters('profileEditingPolicyName'), null())]", + "passwordResetPolicyName": "[if(variables('isAadB2C'), parameters('passwordResetPolicyName'), null())]", + "clientId": "[parameters('clientId')]", + "clientSecret": "[parameters('clientSecret')]" + } + } + ], + "outputs": { + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the API management service identity provider." + }, + "value": "[resourceId('Microsoft.ApiManagement/service/identityProviders', parameters('apiManagementServiceName'), parameters('name'))]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the API management service identity provider." + }, + "value": "[parameters('name')]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the API management service identity provider was deployed into." + }, + "value": "[resourceGroup().name]" + } + } +} \ No newline at end of file diff --git a/avm/res/api-management/service/main.bicep b/avm/res/api-management/service/main.bicep new file mode 100644 index 0000000000..8eb4e3e864 --- /dev/null +++ b/avm/res/api-management/service/main.bicep @@ -0,0 +1,525 @@ +metadata name = 'API Management Services' +metadata description = 'This module deploys an API Management Service.' +metadata owner = 'Azure/module-maintainers' + +@description('Optional. Additional datacenter locations of the API Management service.') +param additionalLocations array = [] + +@description('Required. The name of the API Management service.') +param name string + +@description('Optional. List of Certificates that need to be installed in the API Management service. Max supported certificates that can be installed is 10.') +@maxLength(10) +param certificates array = [] + +@description('Optional. Enable/Disable usage telemetry for module.') +param enableTelemetry bool = true + +@description('Optional. Custom properties of the API Management service.') +param customProperties object = {} + +@description('Optional. Property only valid for an API Management service deployed in multiple locations. This can be used to disable the gateway in master region.') +param disableGateway bool = false + +@description('Optional. Property only meant to be used for Consumption SKU Service. This enforces a client certificate to be presented on each request to the gateway. This also enables the ability to authenticate the certificate in the policy on the gateway.') +param enableClientCertificate bool = false + +@description('Optional. Custom hostname configuration of the API Management service.') +param hostnameConfigurations array = [] + +@description('Optional. The managed identity definition for this resource.') +param managedIdentities managedIdentitiesType + +@description('Optional. Location for all Resources.') +param location string = resourceGroup().location + +@description('Optional. The lock settings of the service.') +param lock lockType + +@description('Optional. Limit control plane API calls to API Management service with version equal to or newer than this value.') +param minApiVersion string = '' + +@description('Optional. The notification sender email address for the service.') +param notificationSenderEmail string = 'apimgmt-noreply@mail.windowsazure.com' + +@description('Required. The email address of the owner of the service.') +param publisherEmail string + +@description('Required. The name of the owner of the service.') +param publisherName string + +@description('Optional. Undelete API Management Service if it was previously soft-deleted. If this flag is specified and set to True all other properties will be ignored.') +param restore bool = false + +@description('Optional. Array of role assignments to create.') +param roleAssignments roleAssignmentType + +@description('Optional. The pricing tier of this API Management service.') +@allowed([ + 'Consumption' + 'Developer' + 'Basic' + 'Standard' + 'Premium' +]) +param sku string = 'Developer' + +@description('Optional. The instance size of this API Management service.') +@allowed([ + 1 + 2 +]) +param skuCount int = 1 + +@description('Optional. The full resource ID of a subnet in a virtual network to deploy the API Management service in.') +param subnetResourceId string = '' + +@description('Optional. Tags of the resource.') +param tags object? + +@description('Optional. The type of VPN in which API Management service needs to be configured in. None (Default Value) means the API Management service is not part of any Virtual Network, External means the API Management deployment is set up inside a Virtual Network having an internet Facing Endpoint, and Internal means that API Management deployment is setup inside a Virtual Network having an Intranet Facing Endpoint only.') +@allowed([ + 'None' + 'External' + 'Internal' +]) +param virtualNetworkType string = 'None' + +@description('Optional. The diagnostic settings of the service.') +param diagnosticSettings diagnosticSettingType + +@description('Optional. A list of availability zones denoting where the resource needs to come from.') +param zones array = [] + +@description('Optional. Necessary to create a new GUID.') +param newGuidValue string = newGuid() + +@description('Optional. APIs.') +param apis array = [] + +@description('Optional. API Version Sets.') +param apiVersionSets array = [] + +@description('Optional. Authorization servers.') +@secure() +param authorizationServers object = {} + +@description('Optional. Backends.') +param backends array = [] + +@description('Optional. Caches.') +param caches array = [] + +@description('Optional. Identity providers.') +param identityProviders array = [] + +@description('Optional. Named values.') +param namedValues array = [] + +@description('Optional. Policies.') +param policies array = [] + +@description('Optional. Portal settings.') +param portalsettings array = [] + +@description('Optional. Products.') +param products array = [] + +@description('Optional. Subscriptions.') +param subscriptions array = [] + +var authorizationServerList = !empty(authorizationServers) ? authorizationServers.secureList : [] + +var formattedUserAssignedIdentities = reduce(map((managedIdentities.?userAssignedResourceIds ?? []), (id) => { '${id}': {} }), {}, (cur, next) => union(cur, next)) // Converts the flat array to an object like { '${id1}': {}, '${id2}': {} } + +var identity = !empty(managedIdentities) ? { + type: (managedIdentities.?systemAssigned ?? false) ? (!empty(managedIdentities.?userAssignedResourceIds ?? {}) ? 'SystemAssigned,UserAssigned' : 'SystemAssigned') : (!empty(managedIdentities.?userAssignedResourceIds ?? {}) ? 'UserAssigned' : null) + userAssignedIdentities: !empty(formattedUserAssignedIdentities) ? formattedUserAssignedIdentities : null +} : null + +var builtInRoleNames = { + 'API Management Developer Portal Content Editor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c031e6a8-4391-4de0-8d69-4706a7ed3729') + 'API Management Service Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '312a565d-c81f-4fd8-895a-4e21e48d571c') + 'API Management Service Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'e022efe7-f5ba-4159-bbe4-b44f577e9b61') + 'API Management Service Reader Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '71522526-b88f-4d52-b57f-d31fc3546d0d') + Contributor: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') + Owner: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') + Reader: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') + 'Role Based Access Control Administrator (Preview)': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168') + 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') +} + +resource avmTelemetry 'Microsoft.Resources/deployments@2023-07-01' = if (enableTelemetry) { + name: '46d3xbcp.res.apimanagement-service.${replace('-..--..-', '.', '-')}.${substring(uniqueString(deployment().name, location), 0, 4)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + outputs: { + telemetry: { + type: 'String' + value: 'For more information, see https://aka.ms/avm/TelemetryInfo' + } + } + } + } +} + +resource service 'Microsoft.ApiManagement/service@2021-08-01' = { + name: name + location: location + tags: tags + sku: { + name: sku + capacity: skuCount + } + zones: zones + identity: identity + properties: { + publisherEmail: publisherEmail + publisherName: publisherName + notificationSenderEmail: notificationSenderEmail + hostnameConfigurations: hostnameConfigurations + additionalLocations: additionalLocations + customProperties: customProperties + certificates: certificates + enableClientCertificate: enableClientCertificate ? true : null + disableGateway: disableGateway + virtualNetworkType: virtualNetworkType + virtualNetworkConfiguration: !empty(subnetResourceId) ? { + subnetResourceId: subnetResourceId + } : null + apiVersionConstraint: !empty(minApiVersion) ? { + minApiVersion: minApiVersion + } : null + restore: restore + } +} + +module service_apis 'api/main.bicep' = [for (api, index) in apis: { + name: '${uniqueString(deployment().name, location)}-Apim-Api-${index}' + params: { + apiManagementServiceName: service.name + displayName: api.displayName + name: api.name + path: api.path + apiDescription: api.?apiDescription + apiRevision: api.?apiRevision + apiRevisionDescription: api.?apiRevisionDescription + apiType: api.?apiType + apiVersion: api.?apiVersion + apiVersionDescription: api.?apiVersionDescription + apiVersionSetId: api.?apiVersionSetId + authenticationSettings: api.?authenticationSettings + format: api.?format ?? 'openapi' + isCurrent: api.?isCurrent + protocols: api.?protocols + policies: api.?policies + serviceUrl: api.?serviceUrl + sourceApiId: api.?sourceApiId + subscriptionKeyParameterNames: api.?subscriptionKeyParameterNames + subscriptionRequired: api.?subscriptionRequired + type: api.?type + value: api.?value + wsdlSelector: api.?wsdlSelector + } + dependsOn: [ + service_apiVersionSets + ] +}] + +module service_apiVersionSets 'api-version-set/main.bicep' = [for (apiVersionSet, index) in apiVersionSets: { + name: '${uniqueString(deployment().name, location)}-Apim-ApiVersionSet-${index}' + params: { + apiManagementServiceName: service.name + name: apiVersionSet.name + properties: contains(apiVersionSet, 'properties') ? apiVersionSet.properties : {} + } +}] + +module service_authorizationServers 'authorization-server/main.bicep' = [for (authorizationServer, index) in authorizationServerList: { + name: '${uniqueString(deployment().name, location)}-Apim-AuthorizationServer-${index}' + params: { + apiManagementServiceName: service.name + name: authorizationServer.name + authorizationEndpoint: authorizationServer.authorizationEndpoint + authorizationMethods: contains(authorizationServer, 'authorizationMethods') ? authorizationServer.authorizationMethods : [ + 'GET' + ] + bearerTokenSendingMethods: contains(authorizationServer, 'bearerTokenSendingMethods') ? authorizationServer.bearerTokenSendingMethods : [ + 'authorizationHeader' + ] + clientAuthenticationMethod: contains(authorizationServer, 'clientAuthenticationMethod') ? authorizationServer.clientAuthenticationMethod : [ + 'Basic' + ] + clientId: authorizationServer.clientId + clientSecret: authorizationServer.clientSecret + clientRegistrationEndpoint: contains(authorizationServer, 'clientRegistrationEndpoint') ? authorizationServer.clientRegistrationEndpoint : '' + defaultScope: contains(authorizationServer, 'defaultScope') ? authorizationServer.defaultScope : '' + grantTypes: authorizationServer.grantTypes + resourceOwnerPassword: contains(authorizationServer, 'resourceOwnerPassword') ? authorizationServer.resourceOwnerPassword : '' + resourceOwnerUsername: contains(authorizationServer, 'resourceOwnerUsername') ? authorizationServer.resourceOwnerUsername : '' + serverDescription: contains(authorizationServer, 'serverDescription') ? authorizationServer.serverDescription : '' + supportState: contains(authorizationServer, 'supportState') ? authorizationServer.supportState : false + tokenBodyParameters: contains(authorizationServer, 'tokenBodyParameters') ? authorizationServer.tokenBodyParameters : [] + tokenEndpoint: contains(authorizationServer, 'tokenEndpoint') ? authorizationServer.tokenEndpoint : '' + } +}] + +module service_backends 'backend/main.bicep' = [for (backend, index) in backends: { + name: '${uniqueString(deployment().name, location)}-Apim-Backend-${index}' + params: { + apiManagementServiceName: service.name + url: backend.url + description: backend.?description + credentials: backend.?credentials + name: backend.name + protocol: backend.?protocol + proxy: backend.?proxy + resourceId: backend.?resourceId + serviceFabricCluster: backend.?serviceFabricCluster + title: backend.?title + tls: backend.?tls + } +}] + +module service_caches 'cache/main.bicep' = [for (cache, index) in caches: { + name: '${uniqueString(deployment().name, location)}-Apim-Cache-${index}' + params: { + apiManagementServiceName: service.name + description: cache.?description + connectionString: cache.connectionString + name: cache.name + resourceId: cache.?resourceId + useFromLocation: cache.useFromLocation + } +}] + +module service_identityProviders 'identity-provider/main.bicep' = [for (identityProvider, index) in identityProviders: { + name: '${uniqueString(deployment().name, location)}-Apim-IdentityProvider-${index}' + params: { + apiManagementServiceName: service.name + name: identityProvider.name + allowedTenants: contains(identityProvider, 'allowedTenants') ? identityProvider.allowedTenants : [] + authority: contains(identityProvider, 'authority') ? identityProvider.authority : '' + clientId: contains(identityProvider, 'clientId') ? identityProvider.clientId : '' + clientSecret: contains(identityProvider, 'clientSecret') ? identityProvider.clientSecret : '' + passwordResetPolicyName: contains(identityProvider, 'passwordResetPolicyName') ? identityProvider.passwordResetPolicyName : '' + profileEditingPolicyName: contains(identityProvider, 'profileEditingPolicyName') ? identityProvider.profileEditingPolicyName : '' + signInPolicyName: contains(identityProvider, 'signInPolicyName') ? identityProvider.signInPolicyName : '' + signInTenant: contains(identityProvider, 'signInTenant') ? identityProvider.signInTenant : '' + signUpPolicyName: contains(identityProvider, 'signUpPolicyName') ? identityProvider.signUpPolicyName : '' + type: contains(identityProvider, 'type') ? identityProvider.type : 'aad' + } +}] + +module service_namedValues 'named-value/main.bicep' = [for (namedValue, index) in namedValues: { + name: '${uniqueString(deployment().name, location)}-Apim-NamedValue-${index}' + params: { + apiManagementServiceName: service.name + displayName: namedValue.displayName + keyVault: contains(namedValue, 'keyVault') ? namedValue.keyVault : {} + name: namedValue.name + tags: namedValue.?tags // Note: these are not resource tags + secret: contains(namedValue, 'secret') ? namedValue.secret : false + value: contains(namedValue, 'value') ? namedValue.value : newGuidValue + } +}] + +module service_portalsettings 'portalsetting/main.bicep' = [for (portalsetting, index) in portalsettings: if (!empty(portalsetting.properties)) { + name: '${uniqueString(deployment().name, location)}-Apim-PortalSetting-${index}' + params: { + apiManagementServiceName: service.name + name: portalsetting.name + properties: portalsetting.properties + } +}] + +module service_policies 'policy/main.bicep' = [for (policy, index) in policies: { + name: '${uniqueString(deployment().name, location)}-Apim-Policy-${index}' + params: { + apiManagementServiceName: service.name + value: policy.value + format: contains(policy, 'format') ? policy.format : 'xml' + } +}] + +module service_products 'product/main.bicep' = [for (product, index) in products: { + name: '${uniqueString(deployment().name, location)}-Apim-Product-${index}' + params: { + apiManagementServiceName: service.name + apis: contains(product, 'apis') ? product.apis : [] + approvalRequired: contains(product, 'approvalRequired') ? product.approvalRequired : false + groups: contains(product, 'groups') ? product.groups : [] + name: product.name + description: contains(product, 'description') ? product.description : '' + state: contains(product, 'state') ? product.state : 'published' + subscriptionRequired: contains(product, 'subscriptionRequired') ? product.subscriptionRequired : false + subscriptionsLimit: contains(product, 'subscriptionsLimit') ? product.subscriptionsLimit : 1 + terms: contains(product, 'terms') ? product.terms : '' + } + dependsOn: [ + service_apis + ] +}] + +module service_subscriptions 'subscription/main.bicep' = [for (subscription, index) in subscriptions: { + name: '${uniqueString(deployment().name, location)}-Apim-Subscription-${index}' + params: { + apiManagementServiceName: service.name + name: subscription.name + allowTracing: subscription.?allowTracing + ownerId: subscription.?ownerId + primaryKey: subscription.?primaryKey + scope: subscription.?scope + secondaryKey: subscription.?secondaryKey + state: subscription.?state + } +}] + +resource service_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' + properties: { + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' + } + scope: service +} + +resource service_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = [for (diagnosticSetting, index) in (diagnosticSettings ?? []): { + name: diagnosticSetting.?name ?? '${name}-diagnosticSettings' + properties: { + storageAccountId: diagnosticSetting.?storageAccountResourceId + workspaceId: diagnosticSetting.?workspaceResourceId + eventHubAuthorizationRuleId: diagnosticSetting.?eventHubAuthorizationRuleResourceId + eventHubName: diagnosticSetting.?eventHubName + metrics: diagnosticSetting.?metricCategories ?? [ + { + category: 'AllMetrics' + timeGrain: null + enabled: true + } + ] + logs: diagnosticSetting.?logCategoriesAndGroups ?? [ + { + categoryGroup: 'AllLogs' + enabled: true + } + ] + marketplacePartnerId: diagnosticSetting.?marketplacePartnerResourceId + logAnalyticsDestinationType: diagnosticSetting.?logAnalyticsDestinationType + } + scope: service +}] + +resource service_roleAssignments 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for (roleAssignment, index) in (roleAssignments ?? []): { + name: guid(service.id, roleAssignment.principalId, roleAssignment.roleDefinitionIdOrName) + properties: { + roleDefinitionId: contains(builtInRoleNames, roleAssignment.roleDefinitionIdOrName) ? builtInRoleNames[roleAssignment.roleDefinitionIdOrName] : contains(roleAssignment.roleDefinitionIdOrName, '/providers/Microsoft.Authorization/roleDefinitions/') ? roleAssignment.roleDefinitionIdOrName : subscriptionResourceId('Microsoft.Authorization/roleDefinitions', roleAssignment.roleDefinitionIdOrName) + principalId: roleAssignment.principalId + description: roleAssignment.?description + principalType: roleAssignment.?principalType + condition: roleAssignment.?condition + conditionVersion: !empty(roleAssignment.?condition) ? (roleAssignment.?conditionVersion ?? '2.0') : null // Must only be set if condtion is set + delegatedManagedIdentityResourceId: roleAssignment.?delegatedManagedIdentityResourceId + } + scope: service +}] + +@description('The name of the API management service.') +output name string = service.name + +@description('The resource ID of the API management service.') +output resourceId string = service.id + +@description('The resource group the API management service was deployed into.') +output resourceGroupName string = resourceGroup().name + +@description('The principal ID of the system assigned identity.') +output systemAssignedMIPrincipalId string = (managedIdentities.?systemAssigned ?? false) && contains(service.identity, 'principalId') ? service.identity.principalId : '' + +@description('The location the resource was deployed into.') +output location string = service.location + +// =============== // +// Definitions // +// =============== // + +type managedIdentitiesType = { + @description('Optional. Enables system assigned managed identity on the resource.') + systemAssigned: bool? + + @description('Optional. The resource ID(s) to assign to the resource.') + userAssignedResourceIds: string[]? +}? + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? + +type roleAssignmentType = { + @description('Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') + roleDefinitionIdOrName: string + + @description('Required. The principal ID of the principal (user/group/identity) to assign the role to.') + principalId: string + + @description('Optional. The principal type of the assigned principal ID.') + principalType: ('ServicePrincipal' | 'Group' | 'User' | 'ForeignGroup' | 'Device')? + + @description('Optional. The description of the role assignment.') + description: string? + + @description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container".') + condition: string? + + @description('Optional. Version of the condition.') + conditionVersion: '2.0'? + + @description('Optional. The Resource Id of the delegated managed identity resource.') + delegatedManagedIdentityResourceId: string? +}[]? + +type diagnosticSettingType = { + @description('Optional. The name of diagnostic setting.') + name: string? + + @description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to \'\' to disable log collection.') + logCategoriesAndGroups: { + @description('Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here.') + category: string? + + @description('Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to \'AllLogs\' to collect all logs.') + categoryGroup: string? + }[]? + + @description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to \'\' to disable log collection.') + metricCategories: { + @description('Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to \'AllMetrics\' to collect all metrics.') + category: string + }[]? + + @description('Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type.') + logAnalyticsDestinationType: ('Dedicated' | 'AzureDiagnostics')? + + @description('Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') + workspaceResourceId: string? + + @description('Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') + storageAccountResourceId: string? + + @description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') + eventHubAuthorizationRuleResourceId: string? + + @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') + eventHubName: string? + + @description('Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs.') + marketplacePartnerResourceId: string? +}[]? diff --git a/avm/res/api-management/service/main.json b/avm/res/api-management/service/main.json new file mode 100644 index 0000000000..492ac85c52 --- /dev/null +++ b/avm/res/api-management/service/main.json @@ -0,0 +1,2867 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "13172227925591684898" + }, + "name": "API Management Services", + "description": "This module deploys an API Management Service.", + "owner": "Azure/module-maintainers" + }, + "definitions": { + "managedIdentitiesType": { + "type": "object", + "properties": { + "systemAssigned": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Enables system assigned managed identity on the resource." + } + }, + "userAssignedResourceIds": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "metadata": { + "description": "Optional. The resource ID(s) to assign to the resource." + } + } + }, + "nullable": true + }, + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + }, + "roleAssignmentType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "roleDefinitionIdOrName": { + "type": "string", + "metadata": { + "description": "Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "principalId": { + "type": "string", + "metadata": { + "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to." + } + }, + "principalType": { + "type": "string", + "allowedValues": [ + "Device", + "ForeignGroup", + "Group", + "ServicePrincipal", + "User" + ], + "nullable": true, + "metadata": { + "description": "Optional. The principal type of the assigned principal ID." + } + }, + "description": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The description of the role assignment." + } + }, + "condition": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + } + }, + "conditionVersion": { + "type": "string", + "allowedValues": [ + "2.0" + ], + "nullable": true, + "metadata": { + "description": "Optional. Version of the condition." + } + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The Resource Id of the delegated managed identity resource." + } + } + } + }, + "nullable": true + }, + "diagnosticSettingType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of diagnostic setting." + } + }, + "logCategoriesAndGroups": { + "type": "array", + "items": { + "type": "object", + "properties": { + "category": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here." + } + }, + "categoryGroup": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs." + } + } + } + }, + "nullable": true, + "metadata": { + "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource. Set to '' to disable log collection." + } + }, + "metricCategories": { + "type": "array", + "items": { + "type": "object", + "properties": { + "category": { + "type": "string", + "metadata": { + "description": "Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics." + } + } + } + }, + "nullable": true, + "metadata": { + "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource. Set to '' to disable log collection." + } + }, + "logAnalyticsDestinationType": { + "type": "string", + "allowedValues": [ + "AzureDiagnostics", + "Dedicated" + ], + "nullable": true, + "metadata": { + "description": "Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type." + } + }, + "workspaceResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub." + } + }, + "storageAccountResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub." + } + }, + "eventHubAuthorizationRuleResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to." + } + }, + "eventHubName": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub." + } + }, + "marketplacePartnerResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs." + } + } + } + }, + "nullable": true + } + }, + "parameters": { + "additionalLocations": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Additional datacenter locations of the API Management service." + } + }, + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the API Management service." + } + }, + "certificates": { + "type": "array", + "defaultValue": [], + "maxLength": 10, + "metadata": { + "description": "Optional. List of Certificates that need to be installed in the API Management service. Max supported certificates that can be installed is 10." + } + }, + "enableTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable/Disable usage telemetry for module." + } + }, + "customProperties": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Custom properties of the API Management service." + } + }, + "disableGateway": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Property only valid for an API Management service deployed in multiple locations. This can be used to disable the gateway in master region." + } + }, + "enableClientCertificate": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Property only meant to be used for Consumption SKU Service. This enforces a client certificate to be presented on each request to the gateway. This also enables the ability to authenticate the certificate in the policy on the gateway." + } + }, + "hostnameConfigurations": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Custom hostname configuration of the API Management service." + } + }, + "managedIdentities": { + "$ref": "#/definitions/managedIdentitiesType", + "metadata": { + "description": "Optional. The managed identity definition for this resource." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all Resources." + } + }, + "lock": { + "$ref": "#/definitions/lockType", + "metadata": { + "description": "Optional. The lock settings of the service." + } + }, + "minApiVersion": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Limit control plane API calls to API Management service with version equal to or newer than this value." + } + }, + "notificationSenderEmail": { + "type": "string", + "defaultValue": "apimgmt-noreply@mail.windowsazure.com", + "metadata": { + "description": "Optional. The notification sender email address for the service." + } + }, + "publisherEmail": { + "type": "string", + "metadata": { + "description": "Required. The email address of the owner of the service." + } + }, + "publisherName": { + "type": "string", + "metadata": { + "description": "Required. The name of the owner of the service." + } + }, + "restore": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Undelete API Management Service if it was previously soft-deleted. If this flag is specified and set to True all other properties will be ignored." + } + }, + "roleAssignments": { + "$ref": "#/definitions/roleAssignmentType", + "metadata": { + "description": "Optional. Array of role assignments to create." + } + }, + "sku": { + "type": "string", + "defaultValue": "Developer", + "allowedValues": [ + "Consumption", + "Developer", + "Basic", + "Standard", + "Premium" + ], + "metadata": { + "description": "Optional. The pricing tier of this API Management service." + } + }, + "skuCount": { + "type": "int", + "defaultValue": 1, + "allowedValues": [ + 1, + 2 + ], + "metadata": { + "description": "Optional. The instance size of this API Management service." + } + }, + "subnetResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The full resource ID of a subnet in a virtual network to deploy the API Management service in." + } + }, + "tags": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. Tags of the resource." + } + }, + "virtualNetworkType": { + "type": "string", + "defaultValue": "None", + "allowedValues": [ + "None", + "External", + "Internal" + ], + "metadata": { + "description": "Optional. The type of VPN in which API Management service needs to be configured in. None (Default Value) means the API Management service is not part of any Virtual Network, External means the API Management deployment is set up inside a Virtual Network having an internet Facing Endpoint, and Internal means that API Management deployment is setup inside a Virtual Network having an Intranet Facing Endpoint only." + } + }, + "diagnosticSettings": { + "$ref": "#/definitions/diagnosticSettingType", + "metadata": { + "description": "Optional. The diagnostic settings of the service." + } + }, + "zones": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. A list of availability zones denoting where the resource needs to come from." + } + }, + "newGuidValue": { + "type": "string", + "defaultValue": "[newGuid()]", + "metadata": { + "description": "Optional. Necessary to create a new GUID." + } + }, + "apis": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. APIs." + } + }, + "apiVersionSets": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. API Version Sets." + } + }, + "authorizationServers": { + "type": "secureObject", + "defaultValue": {}, + "metadata": { + "description": "Optional. Authorization servers." + } + }, + "backends": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Backends." + } + }, + "caches": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Caches." + } + }, + "identityProviders": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Identity providers." + } + }, + "namedValues": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Named values." + } + }, + "policies": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Policies." + } + }, + "portalsettings": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Portal settings." + } + }, + "products": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Products." + } + }, + "subscriptions": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Subscriptions." + } + } + }, + "variables": { + "authorizationServerList": "[if(not(empty(parameters('authorizationServers'))), parameters('authorizationServers').secureList, createArray())]", + "formattedUserAssignedIdentities": "[reduce(map(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createArray()), lambda('id', createObject(format('{0}', lambdaVariables('id')), createObject()))), createObject(), lambda('cur', 'next', union(lambdaVariables('cur'), lambdaVariables('next'))))]", + "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'UserAssigned', null())), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]", + "builtInRoleNames": { + "API Management Developer Portal Content Editor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c031e6a8-4391-4de0-8d69-4706a7ed3729')]", + "API Management Service Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '312a565d-c81f-4fd8-895a-4e21e48d571c')]", + "API Management Service Operator Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'e022efe7-f5ba-4159-bbe4-b44f577e9b61')]", + "API Management Service Reader Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '71522526-b88f-4d52-b57f-d31fc3546d0d')]", + "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", + "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", + "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", + "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", + "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]" + } + }, + "resources": { + "avmTelemetry": { + "condition": "[parameters('enableTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2023-07-01", + "name": "[format('46d3xbcp.res.apimanagement-service.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [], + "outputs": { + "telemetry": { + "type": "String", + "value": "For more information, see https://aka.ms/avm/TelemetryInfo" + } + } + } + } + }, + "service": { + "type": "Microsoft.ApiManagement/service", + "apiVersion": "2021-08-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "sku": { + "name": "[parameters('sku')]", + "capacity": "[parameters('skuCount')]" + }, + "zones": "[parameters('zones')]", + "identity": "[variables('identity')]", + "properties": { + "publisherEmail": "[parameters('publisherEmail')]", + "publisherName": "[parameters('publisherName')]", + "notificationSenderEmail": "[parameters('notificationSenderEmail')]", + "hostnameConfigurations": "[parameters('hostnameConfigurations')]", + "additionalLocations": "[parameters('additionalLocations')]", + "customProperties": "[parameters('customProperties')]", + "certificates": "[parameters('certificates')]", + "enableClientCertificate": "[if(parameters('enableClientCertificate'), true(), null())]", + "disableGateway": "[parameters('disableGateway')]", + "virtualNetworkType": "[parameters('virtualNetworkType')]", + "virtualNetworkConfiguration": "[if(not(empty(parameters('subnetResourceId'))), createObject('subnetResourceId', parameters('subnetResourceId')), null())]", + "apiVersionConstraint": "[if(not(empty(parameters('minApiVersion'))), createObject('minApiVersion', parameters('minApiVersion')), null())]", + "restore": "[parameters('restore')]" + } + }, + "service_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", + "type": "Microsoft.Authorization/locks", + "apiVersion": "2020-05-01", + "scope": "[format('Microsoft.ApiManagement/service/{0}', parameters('name'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", + "properties": { + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" + }, + "dependsOn": [ + "service" + ] + }, + "service_diagnosticSettings": { + "copy": { + "name": "service_diagnosticSettings", + "count": "[length(coalesce(parameters('diagnosticSettings'), createArray()))]" + }, + "type": "Microsoft.Insights/diagnosticSettings", + "apiVersion": "2021-05-01-preview", + "scope": "[format('Microsoft.ApiManagement/service/{0}', parameters('name'))]", + "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', parameters('name')))]", + "properties": { + "storageAccountId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'storageAccountResourceId')]", + "workspaceId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'workspaceResourceId')]", + "eventHubAuthorizationRuleId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'eventHubAuthorizationRuleResourceId')]", + "eventHubName": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'eventHubName')]", + "metrics": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'metricCategories'), createArray(createObject('category', 'AllMetrics', 'timeGrain', null(), 'enabled', true())))]", + "logs": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'logCategoriesAndGroups'), createArray(createObject('categoryGroup', 'AllLogs', 'enabled', true())))]", + "marketplacePartnerId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'marketplacePartnerResourceId')]", + "logAnalyticsDestinationType": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'logAnalyticsDestinationType')]" + }, + "dependsOn": [ + "service" + ] + }, + "service_roleAssignments": { + "copy": { + "name": "service_roleAssignments", + "count": "[length(coalesce(parameters('roleAssignments'), createArray()))]" + }, + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "scope": "[format('Microsoft.ApiManagement/service/{0}', parameters('name'))]", + "name": "[guid(resourceId('Microsoft.ApiManagement/service', parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", + "properties": { + "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], if(contains(coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName, '/providers/Microsoft.Authorization/roleDefinitions/'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)))]", + "principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]", + "description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]", + "principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]", + "condition": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition')]", + "conditionVersion": "[if(not(empty(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition'))), coalesce(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'conditionVersion'), '2.0'), null())]", + "delegatedManagedIdentityResourceId": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'delegatedManagedIdentityResourceId')]" + }, + "dependsOn": [ + "service" + ] + }, + "service_apis": { + "copy": { + "name": "service_apis", + "count": "[length(parameters('apis'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-Apim-Api-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "apiManagementServiceName": { + "value": "[parameters('name')]" + }, + "displayName": { + "value": "[parameters('apis')[copyIndex()].displayName]" + }, + "name": { + "value": "[parameters('apis')[copyIndex()].name]" + }, + "path": { + "value": "[parameters('apis')[copyIndex()].path]" + }, + "apiDescription": { + "value": "[tryGet(parameters('apis')[copyIndex()], 'apiDescription')]" + }, + "apiRevision": { + "value": "[tryGet(parameters('apis')[copyIndex()], 'apiRevision')]" + }, + "apiRevisionDescription": { + "value": "[tryGet(parameters('apis')[copyIndex()], 'apiRevisionDescription')]" + }, + "apiType": { + "value": "[tryGet(parameters('apis')[copyIndex()], 'apiType')]" + }, + "apiVersion": { + "value": "[tryGet(parameters('apis')[copyIndex()], 'apiVersion')]" + }, + "apiVersionDescription": { + "value": "[tryGet(parameters('apis')[copyIndex()], 'apiVersionDescription')]" + }, + "apiVersionSetId": { + "value": "[tryGet(parameters('apis')[copyIndex()], 'apiVersionSetId')]" + }, + "authenticationSettings": { + "value": "[tryGet(parameters('apis')[copyIndex()], 'authenticationSettings')]" + }, + "format": { + "value": "[coalesce(tryGet(parameters('apis')[copyIndex()], 'format'), 'openapi')]" + }, + "isCurrent": { + "value": "[tryGet(parameters('apis')[copyIndex()], 'isCurrent')]" + }, + "protocols": { + "value": "[tryGet(parameters('apis')[copyIndex()], 'protocols')]" + }, + "policies": { + "value": "[tryGet(parameters('apis')[copyIndex()], 'policies')]" + }, + "serviceUrl": { + "value": "[tryGet(parameters('apis')[copyIndex()], 'serviceUrl')]" + }, + "sourceApiId": { + "value": "[tryGet(parameters('apis')[copyIndex()], 'sourceApiId')]" + }, + "subscriptionKeyParameterNames": { + "value": "[tryGet(parameters('apis')[copyIndex()], 'subscriptionKeyParameterNames')]" + }, + "subscriptionRequired": { + "value": "[tryGet(parameters('apis')[copyIndex()], 'subscriptionRequired')]" + }, + "type": { + "value": "[tryGet(parameters('apis')[copyIndex()], 'type')]" + }, + "value": { + "value": "[tryGet(parameters('apis')[copyIndex()], 'value')]" + }, + "wsdlSelector": { + "value": "[tryGet(parameters('apis')[copyIndex()], 'wsdlSelector')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "8297194138144491601" + }, + "name": "API Management Service APIs", + "description": "This module deploys an API Management Service API.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. API revision identifier. Must be unique in the current API Management service instance. Non-current revision has ;rev=n as a suffix where n is the revision number." + } + }, + "policies": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. Array of Policies to apply to the Service API." + } + }, + "apiManagementServiceName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent API Management service. Required if the template is used in a standalone deployment." + } + }, + "apiRevision": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Describes the Revision of the API. If no value is provided, default revision 1 is created." + } + }, + "apiRevisionDescription": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Description of the API Revision." + } + }, + "apiType": { + "type": "string", + "defaultValue": "http", + "allowedValues": [ + "graphql", + "http", + "soap", + "websocket" + ], + "metadata": { + "description": "Optional. Type of API to create. * http creates a REST API * soap creates a SOAP pass-through API * websocket creates websocket API * graphql creates GraphQL API." + } + }, + "apiVersion": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Indicates the Version identifier of the API if the API is versioned." + } + }, + "apiVersionSetId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Indicates the Version identifier of the API version set." + } + }, + "apiVersionDescription": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Description of the API Version." + } + }, + "authenticationSettings": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. Collection of authentication settings included into this API." + } + }, + "apiDescription": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Description of the API. May include HTML formatting tags." + } + }, + "displayName": { + "type": "string", + "maxLength": 300, + "metadata": { + "description": "Required. API name. Must be 1 to 300 characters long." + } + }, + "format": { + "type": "string", + "defaultValue": "openapi", + "allowedValues": [ + "wadl-xml", + "wadl-link-json", + "swagger-json", + "swagger-link-json", + "wsdl", + "wsdl-link", + "openapi", + "openapi+json", + "openapi-link", + "openapi+json-link" + ], + "metadata": { + "description": "Optional. Format of the Content in which the API is getting imported." + } + }, + "isCurrent": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Indicates if API revision is current API revision." + } + }, + "path": { + "type": "string", + "metadata": { + "description": "Required. Relative URL uniquely identifying this API and all of its resource paths within the API Management service instance. It is appended to the API endpoint base URL specified during the service instance creation to form a public URL for this API." + } + }, + "protocols": { + "type": "array", + "defaultValue": [ + "https" + ], + "metadata": { + "description": "Optional. Describes on which protocols the operations in this API can be invoked. - HTTP or HTTPS." + } + }, + "serviceUrl": { + "type": "string", + "nullable": true, + "maxLength": 2000, + "metadata": { + "description": "Optional. Absolute URL of the backend service implementing this API. Cannot be more than 2000 characters long." + } + }, + "sourceApiId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. API identifier of the source API." + } + }, + "subscriptionKeyParameterNames": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. Protocols over which API is made available." + } + }, + "subscriptionRequired": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Specifies whether an API or Product subscription is required for accessing the API." + } + }, + "type": { + "type": "string", + "defaultValue": "http", + "allowedValues": [ + "graphql", + "http", + "soap", + "websocket" + ], + "metadata": { + "description": "Optional. Type of API." + } + }, + "value": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Content value when Importing an API." + } + }, + "wsdlSelector": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. Criteria to limit import of WSDL to a subset of the document." + } + } + }, + "resources": { + "service": { + "existing": true, + "type": "Microsoft.ApiManagement/service", + "apiVersion": "2021-08-01", + "name": "[parameters('apiManagementServiceName')]" + }, + "api": { + "type": "Microsoft.ApiManagement/service/apis", + "apiVersion": "2021-08-01", + "name": "[format('{0}/{1}', parameters('apiManagementServiceName'), parameters('name'))]", + "properties": { + "apiRevision": "[parameters('apiRevision')]", + "apiRevisionDescription": "[parameters('apiRevisionDescription')]", + "apiType": "[parameters('apiType')]", + "apiVersion": "[parameters('apiVersion')]", + "apiVersionDescription": "[parameters('apiVersionDescription')]", + "apiVersionSetId": "[parameters('apiVersionSetId')]", + "authenticationSettings": "[coalesce(parameters('authenticationSettings'), createObject())]", + "description": "[coalesce(parameters('apiDescription'), '')]", + "displayName": "[parameters('displayName')]", + "format": "[if(not(empty(parameters('value'))), parameters('format'), null())]", + "isCurrent": "[parameters('isCurrent')]", + "path": "[parameters('path')]", + "protocols": "[parameters('protocols')]", + "serviceUrl": "[parameters('serviceUrl')]", + "sourceApiId": "[parameters('sourceApiId')]", + "subscriptionKeyParameterNames": "[parameters('subscriptionKeyParameterNames')]", + "subscriptionRequired": "[parameters('subscriptionRequired')]", + "type": "[parameters('type')]", + "value": "[parameters('value')]", + "wsdlSelector": "[coalesce(parameters('wsdlSelector'), createObject())]" + }, + "dependsOn": [ + "service" + ] + }, + "policy": { + "copy": { + "name": "policy", + "count": "[length(coalesce(parameters('policies'), createArray()))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-Policy-{1}', deployment().name, copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "apiManagementServiceName": { + "value": "[parameters('apiManagementServiceName')]" + }, + "apiName": { + "value": "[parameters('name')]" + }, + "format": "[if(contains(coalesce(parameters('policies'), createArray())[copyIndex()], 'format'), createObject('value', coalesce(parameters('policies'), createArray())[copyIndex()].format), createObject('value', 'xml'))]", + "value": { + "value": "[coalesce(parameters('policies'), createArray())[copyIndex()].value]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "16094287091554497025" + }, + "name": "API Management Service APIs Policies", + "description": "This module deploys an API Management Service API Policy.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "apiManagementServiceName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent API Management service. Required if the template is used in a standalone deployment." + } + }, + "apiName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent API. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "defaultValue": "policy", + "metadata": { + "description": "Optional. The name of the policy." + } + }, + "format": { + "type": "string", + "defaultValue": "xml", + "allowedValues": [ + "rawxml", + "rawxml-link", + "xml", + "xml-link" + ], + "metadata": { + "description": "Optional. Format of the policyContent." + } + }, + "value": { + "type": "string", + "metadata": { + "description": "Required. Contents of the Policy as defined by the format." + } + } + }, + "resources": [ + { + "type": "Microsoft.ApiManagement/service/apis/policies", + "apiVersion": "2021-08-01", + "name": "[format('{0}/{1}/{2}', parameters('apiManagementServiceName'), parameters('apiName'), parameters('name'))]", + "properties": { + "format": "[parameters('format')]", + "value": "[parameters('value')]" + } + } + ], + "outputs": { + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the API policy." + }, + "value": "[resourceId('Microsoft.ApiManagement/service/apis/policies', parameters('apiManagementServiceName'), parameters('apiName'), parameters('name'))]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the API policy." + }, + "value": "[parameters('name')]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the API policy was deployed into." + }, + "value": "[resourceGroup().name]" + } + } + } + }, + "dependsOn": [ + "api" + ] + } + }, + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the API management service API." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the API management service API." + }, + "value": "[resourceId('Microsoft.ApiManagement/service/apis', parameters('apiManagementServiceName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the API management service API was deployed to." + }, + "value": "[resourceGroup().name]" + } + } + } + }, + "dependsOn": [ + "service", + "service_apiVersionSets" + ] + }, + "service_apiVersionSets": { + "copy": { + "name": "service_apiVersionSets", + "count": "[length(parameters('apiVersionSets'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-Apim-ApiVersionSet-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "apiManagementServiceName": { + "value": "[parameters('name')]" + }, + "name": { + "value": "[parameters('apiVersionSets')[copyIndex()].name]" + }, + "properties": "[if(contains(parameters('apiVersionSets')[copyIndex()], 'properties'), createObject('value', parameters('apiVersionSets')[copyIndex()].properties), createObject('value', createObject()))]" + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "14468307728701762315" + }, + "name": "API Management Service API Version Sets", + "description": "This module deploys an API Management Service API Version Set.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "apiManagementServiceName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent API Management service. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "defaultValue": "default", + "metadata": { + "description": "Optional. API Version set name." + } + }, + "properties": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. API Version set properties." + } + } + }, + "resources": [ + { + "type": "Microsoft.ApiManagement/service/apiVersionSets", + "apiVersion": "2021-08-01", + "name": "[format('{0}/{1}', parameters('apiManagementServiceName'), parameters('name'))]", + "properties": "[parameters('properties')]" + } + ], + "outputs": { + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the API Version set." + }, + "value": "[resourceId('Microsoft.ApiManagement/service/apiVersionSets', parameters('apiManagementServiceName'), parameters('name'))]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the API Version set." + }, + "value": "[parameters('name')]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the API Version set was deployed into." + }, + "value": "[resourceGroup().name]" + } + } + } + }, + "dependsOn": [ + "service" + ] + }, + "service_authorizationServers": { + "copy": { + "name": "service_authorizationServers", + "count": "[length(variables('authorizationServerList'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-Apim-AuthorizationServer-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "apiManagementServiceName": { + "value": "[parameters('name')]" + }, + "name": { + "value": "[variables('authorizationServerList')[copyIndex()].name]" + }, + "authorizationEndpoint": { + "value": "[variables('authorizationServerList')[copyIndex()].authorizationEndpoint]" + }, + "authorizationMethods": "[if(contains(variables('authorizationServerList')[copyIndex()], 'authorizationMethods'), createObject('value', variables('authorizationServerList')[copyIndex()].authorizationMethods), createObject('value', createArray('GET')))]", + "bearerTokenSendingMethods": "[if(contains(variables('authorizationServerList')[copyIndex()], 'bearerTokenSendingMethods'), createObject('value', variables('authorizationServerList')[copyIndex()].bearerTokenSendingMethods), createObject('value', createArray('authorizationHeader')))]", + "clientAuthenticationMethod": "[if(contains(variables('authorizationServerList')[copyIndex()], 'clientAuthenticationMethod'), createObject('value', variables('authorizationServerList')[copyIndex()].clientAuthenticationMethod), createObject('value', createArray('Basic')))]", + "clientId": { + "value": "[variables('authorizationServerList')[copyIndex()].clientId]" + }, + "clientSecret": { + "value": "[variables('authorizationServerList')[copyIndex()].clientSecret]" + }, + "clientRegistrationEndpoint": "[if(contains(variables('authorizationServerList')[copyIndex()], 'clientRegistrationEndpoint'), createObject('value', variables('authorizationServerList')[copyIndex()].clientRegistrationEndpoint), createObject('value', ''))]", + "defaultScope": "[if(contains(variables('authorizationServerList')[copyIndex()], 'defaultScope'), createObject('value', variables('authorizationServerList')[copyIndex()].defaultScope), createObject('value', ''))]", + "grantTypes": { + "value": "[variables('authorizationServerList')[copyIndex()].grantTypes]" + }, + "resourceOwnerPassword": "[if(contains(variables('authorizationServerList')[copyIndex()], 'resourceOwnerPassword'), createObject('value', variables('authorizationServerList')[copyIndex()].resourceOwnerPassword), createObject('value', ''))]", + "resourceOwnerUsername": "[if(contains(variables('authorizationServerList')[copyIndex()], 'resourceOwnerUsername'), createObject('value', variables('authorizationServerList')[copyIndex()].resourceOwnerUsername), createObject('value', ''))]", + "serverDescription": "[if(contains(variables('authorizationServerList')[copyIndex()], 'serverDescription'), createObject('value', variables('authorizationServerList')[copyIndex()].serverDescription), createObject('value', ''))]", + "supportState": "[if(contains(variables('authorizationServerList')[copyIndex()], 'supportState'), createObject('value', variables('authorizationServerList')[copyIndex()].supportState), createObject('value', false()))]", + "tokenBodyParameters": "[if(contains(variables('authorizationServerList')[copyIndex()], 'tokenBodyParameters'), createObject('value', variables('authorizationServerList')[copyIndex()].tokenBodyParameters), createObject('value', createArray()))]", + "tokenEndpoint": "[if(contains(variables('authorizationServerList')[copyIndex()], 'tokenEndpoint'), createObject('value', variables('authorizationServerList')[copyIndex()].tokenEndpoint), createObject('value', ''))]" + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "16321328968047142432" + }, + "name": "API Management Service Authorization Servers", + "description": "This module deploys an API Management Service Authorization Server.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. Identifier of the authorization server." + } + }, + "apiManagementServiceName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent API Management service. Required if the template is used in a standalone deployment." + } + }, + "authorizationEndpoint": { + "type": "string", + "metadata": { + "description": "Required. OAuth authorization endpoint. See ." + } + }, + "authorizationMethods": { + "type": "array", + "defaultValue": [ + "GET" + ], + "metadata": { + "description": "Optional. HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional. - HEAD, OPTIONS, TRACE, GET, POST, PUT, PATCH, DELETE." + } + }, + "bearerTokenSendingMethods": { + "type": "array", + "defaultValue": [ + "authorizationHeader" + ], + "metadata": { + "description": "Optional. Specifies the mechanism by which access token is passed to the API. - authorizationHeader or query." + } + }, + "clientAuthenticationMethod": { + "type": "array", + "defaultValue": [ + "Basic" + ], + "metadata": { + "description": "Optional. Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format. - Basic or Body." + } + }, + "clientId": { + "type": "securestring", + "metadata": { + "description": "Required. Client or app ID registered with this authorization server." + } + }, + "clientRegistrationEndpoint": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Optional reference to a page where client or app registration for this authorization server is performed. Contains absolute URL to entity being referenced." + } + }, + "clientSecret": { + "type": "securestring", + "metadata": { + "description": "Required. Client or app secret registered with this authorization server. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value." + } + }, + "defaultScope": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Access token scope that is going to be requested by default. Can be overridden at the API level. Should be provided in the form of a string containing space-delimited values." + } + }, + "serverDescription": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Description of the authorization server. Can contain HTML formatting tags." + } + }, + "grantTypes": { + "type": "array", + "metadata": { + "description": "Required. Form of an authorization grant, which the client uses to request the access token. - authorizationCode, implicit, resourceOwnerPassword, clientCredentials." + } + }, + "resourceOwnerPassword": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner password." + } + }, + "resourceOwnerUsername": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner username." + } + }, + "supportState": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. If true, authorization server will include state parameter from the authorization request to its response. Client may use state parameter to raise protocol security." + } + }, + "tokenBodyParameters": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Additional parameters required by the token endpoint of this authorization server represented as an array of JSON objects with name and value string properties, i.e. {\"name\" : \"name value\", \"value\": \"a value\"}. - TokenBodyParameterContract object." + } + }, + "tokenEndpoint": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. OAuth token endpoint. Contains absolute URI to entity being referenced." + } + } + }, + "variables": { + "defaultAuthorizationMethods": [ + "GET" + ], + "setAuthorizationMethods": "[union(parameters('authorizationMethods'), variables('defaultAuthorizationMethods'))]" + }, + "resources": [ + { + "type": "Microsoft.ApiManagement/service/authorizationServers", + "apiVersion": "2021-08-01", + "name": "[format('{0}/{1}', parameters('apiManagementServiceName'), parameters('name'))]", + "properties": { + "description": "[parameters('serverDescription')]", + "authorizationMethods": "[variables('setAuthorizationMethods')]", + "clientAuthenticationMethod": "[parameters('clientAuthenticationMethod')]", + "tokenBodyParameters": "[parameters('tokenBodyParameters')]", + "tokenEndpoint": "[parameters('tokenEndpoint')]", + "supportState": "[parameters('supportState')]", + "defaultScope": "[parameters('defaultScope')]", + "bearerTokenSendingMethods": "[parameters('bearerTokenSendingMethods')]", + "resourceOwnerUsername": "[parameters('resourceOwnerUsername')]", + "resourceOwnerPassword": "[parameters('resourceOwnerPassword')]", + "displayName": "[parameters('name')]", + "clientRegistrationEndpoint": "[parameters('clientRegistrationEndpoint')]", + "authorizationEndpoint": "[parameters('authorizationEndpoint')]", + "grantTypes": "[parameters('grantTypes')]", + "clientId": "[parameters('clientId')]", + "clientSecret": "[parameters('clientSecret')]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the API management service authorization server." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the API management service authorization server." + }, + "value": "[resourceId('Microsoft.ApiManagement/service/authorizationServers', parameters('apiManagementServiceName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the API management service authorization server was deployed into." + }, + "value": "[resourceGroup().name]" + } + } + } + }, + "dependsOn": [ + "service" + ] + }, + "service_backends": { + "copy": { + "name": "service_backends", + "count": "[length(parameters('backends'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-Apim-Backend-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "apiManagementServiceName": { + "value": "[parameters('name')]" + }, + "url": { + "value": "[parameters('backends')[copyIndex()].url]" + }, + "description": { + "value": "[tryGet(parameters('backends')[copyIndex()], 'description')]" + }, + "credentials": { + "value": "[tryGet(parameters('backends')[copyIndex()], 'credentials')]" + }, + "name": { + "value": "[parameters('backends')[copyIndex()].name]" + }, + "protocol": { + "value": "[tryGet(parameters('backends')[copyIndex()], 'protocol')]" + }, + "proxy": { + "value": "[tryGet(parameters('backends')[copyIndex()], 'proxy')]" + }, + "resourceId": { + "value": "[tryGet(parameters('backends')[copyIndex()], 'resourceId')]" + }, + "serviceFabricCluster": { + "value": "[tryGet(parameters('backends')[copyIndex()], 'serviceFabricCluster')]" + }, + "title": { + "value": "[tryGet(parameters('backends')[copyIndex()], 'title')]" + }, + "tls": { + "value": "[tryGet(parameters('backends')[copyIndex()], 'tls')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "17308512999364094689" + }, + "name": "API Management Service Backends", + "description": "This module deploys an API Management Service Backend.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "apiManagementServiceName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent API Management service. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "metadata": { + "description": "Required. Backend Name." + } + }, + "credentials": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. Backend Credentials Contract Properties." + } + }, + "description": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Backend Description." + } + }, + "protocol": { + "type": "string", + "defaultValue": "http", + "metadata": { + "description": "Optional. Backend communication protocol. - http or soap." + } + }, + "proxy": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. Backend Proxy Contract Properties." + } + }, + "resourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Management Uri of the Resource in External System. This URL can be the Arm Resource ID of Logic Apps, Function Apps or API Apps." + } + }, + "serviceFabricCluster": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. Backend Service Fabric Cluster Properties." + } + }, + "title": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Backend Title." + } + }, + "tls": { + "type": "object", + "defaultValue": { + "validateCertificateChain": false, + "validateCertificateName": false + }, + "metadata": { + "description": "Optional. Backend TLS Properties." + } + }, + "url": { + "type": "string", + "metadata": { + "description": "Required. Runtime URL of the Backend." + } + } + }, + "resources": { + "service": { + "existing": true, + "type": "Microsoft.ApiManagement/service", + "apiVersion": "2021-08-01", + "name": "[parameters('apiManagementServiceName')]" + }, + "backend": { + "type": "Microsoft.ApiManagement/service/backends", + "apiVersion": "2021-08-01", + "name": "[format('{0}/{1}', parameters('apiManagementServiceName'), parameters('name'))]", + "properties": { + "title": "[parameters('title')]", + "description": "[parameters('description')]", + "resourceId": "[parameters('resourceId')]", + "properties": { + "serviceFabricCluster": "[parameters('serviceFabricCluster')]" + }, + "credentials": "[parameters('credentials')]", + "proxy": "[parameters('proxy')]", + "tls": "[parameters('tls')]", + "url": "[parameters('url')]", + "protocol": "[parameters('protocol')]" + }, + "dependsOn": [ + "service" + ] + } + }, + "outputs": { + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the API management service backend." + }, + "value": "[resourceId('Microsoft.ApiManagement/service/backends', parameters('apiManagementServiceName'), parameters('name'))]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the API management service backend." + }, + "value": "[parameters('name')]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the API management service backend was deployed into." + }, + "value": "[resourceGroup().name]" + } + } + } + }, + "dependsOn": [ + "service" + ] + }, + "service_caches": { + "copy": { + "name": "service_caches", + "count": "[length(parameters('caches'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-Apim-Cache-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "apiManagementServiceName": { + "value": "[parameters('name')]" + }, + "description": { + "value": "[tryGet(parameters('caches')[copyIndex()], 'description')]" + }, + "connectionString": { + "value": "[parameters('caches')[copyIndex()].connectionString]" + }, + "name": { + "value": "[parameters('caches')[copyIndex()].name]" + }, + "resourceId": { + "value": "[tryGet(parameters('caches')[copyIndex()], 'resourceId')]" + }, + "useFromLocation": { + "value": "[parameters('caches')[copyIndex()].useFromLocation]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "16122304424283274558" + }, + "name": "API Management Service Caches", + "description": "This module deploys an API Management Service Cache.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "apiManagementServiceName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent API Management service. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "metadata": { + "description": "Required. Identifier of the Cache entity. Cache identifier (should be either 'default' or valid Azure region identifier)." + } + }, + "connectionString": { + "type": "string", + "metadata": { + "description": "Required. Runtime connection string to cache. Can be referenced by a named value like so, {{}}." + } + }, + "description": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Cache description." + } + }, + "resourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Original uri of entity in external system cache points to." + } + }, + "useFromLocation": { + "type": "string", + "metadata": { + "description": "Required. Location identifier to use cache from (should be either 'default' or valid Azure region identifier)." + } + } + }, + "resources": { + "service": { + "existing": true, + "type": "Microsoft.ApiManagement/service", + "apiVersion": "2021-08-01", + "name": "[parameters('apiManagementServiceName')]" + }, + "cache": { + "type": "Microsoft.ApiManagement/service/caches", + "apiVersion": "2021-08-01", + "name": "[format('{0}/{1}', parameters('apiManagementServiceName'), parameters('name'))]", + "properties": { + "description": "[parameters('description')]", + "connectionString": "[parameters('connectionString')]", + "useFromLocation": "[parameters('useFromLocation')]", + "resourceId": "[parameters('resourceId')]" + }, + "dependsOn": [ + "service" + ] + } + }, + "outputs": { + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the API management service cache." + }, + "value": "[resourceId('Microsoft.ApiManagement/service/caches', parameters('apiManagementServiceName'), parameters('name'))]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the API management service cache." + }, + "value": "[parameters('name')]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the API management service cache was deployed into." + }, + "value": "[resourceGroup().name]" + } + } + } + }, + "dependsOn": [ + "service" + ] + }, + "service_identityProviders": { + "copy": { + "name": "service_identityProviders", + "count": "[length(parameters('identityProviders'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-Apim-IdentityProvider-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "apiManagementServiceName": { + "value": "[parameters('name')]" + }, + "name": { + "value": "[parameters('identityProviders')[copyIndex()].name]" + }, + "allowedTenants": "[if(contains(parameters('identityProviders')[copyIndex()], 'allowedTenants'), createObject('value', parameters('identityProviders')[copyIndex()].allowedTenants), createObject('value', createArray()))]", + "authority": "[if(contains(parameters('identityProviders')[copyIndex()], 'authority'), createObject('value', parameters('identityProviders')[copyIndex()].authority), createObject('value', ''))]", + "clientId": "[if(contains(parameters('identityProviders')[copyIndex()], 'clientId'), createObject('value', parameters('identityProviders')[copyIndex()].clientId), createObject('value', ''))]", + "clientSecret": "[if(contains(parameters('identityProviders')[copyIndex()], 'clientSecret'), createObject('value', parameters('identityProviders')[copyIndex()].clientSecret), createObject('value', ''))]", + "passwordResetPolicyName": "[if(contains(parameters('identityProviders')[copyIndex()], 'passwordResetPolicyName'), createObject('value', parameters('identityProviders')[copyIndex()].passwordResetPolicyName), createObject('value', ''))]", + "profileEditingPolicyName": "[if(contains(parameters('identityProviders')[copyIndex()], 'profileEditingPolicyName'), createObject('value', parameters('identityProviders')[copyIndex()].profileEditingPolicyName), createObject('value', ''))]", + "signInPolicyName": "[if(contains(parameters('identityProviders')[copyIndex()], 'signInPolicyName'), createObject('value', parameters('identityProviders')[copyIndex()].signInPolicyName), createObject('value', ''))]", + "signInTenant": "[if(contains(parameters('identityProviders')[copyIndex()], 'signInTenant'), createObject('value', parameters('identityProviders')[copyIndex()].signInTenant), createObject('value', ''))]", + "signUpPolicyName": "[if(contains(parameters('identityProviders')[copyIndex()], 'signUpPolicyName'), createObject('value', parameters('identityProviders')[copyIndex()].signUpPolicyName), createObject('value', ''))]", + "type": "[if(contains(parameters('identityProviders')[copyIndex()], 'type'), createObject('value', parameters('identityProviders')[copyIndex()].type), createObject('value', 'aad'))]" + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "2386575276292873532" + }, + "name": "API Management Service Identity Providers", + "description": "This module deploys an API Management Service Identity Provider.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "apiManagementServiceName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent API Management service. Required if the template is used in a standalone deployment." + } + }, + "allowedTenants": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. List of Allowed Tenants when configuring Azure Active Directory login. - string." + } + }, + "authority": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. OpenID Connect discovery endpoint hostname for AAD or AAD B2C." + } + }, + "clientId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Conditional. Client ID of the Application in the external Identity Provider. Required if identity provider is used." + } + }, + "clientSecret": { + "type": "securestring", + "defaultValue": "", + "metadata": { + "description": "Conditional. Client secret of the Application in external Identity Provider, used to authenticate login request. Required if identity provider is used." + } + }, + "passwordResetPolicyName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Password Reset Policy Name. Only applies to AAD B2C Identity Provider." + } + }, + "profileEditingPolicyName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Profile Editing Policy Name. Only applies to AAD B2C Identity Provider." + } + }, + "signInPolicyName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Signin Policy Name. Only applies to AAD B2C Identity Provider." + } + }, + "signInTenant": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The TenantId to use instead of Common when logging into Active Directory." + } + }, + "signUpPolicyName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Signup Policy Name. Only applies to AAD B2C Identity Provider." + } + }, + "type": { + "type": "string", + "defaultValue": "aad", + "allowedValues": [ + "aad", + "aadB2C", + "facebook", + "google", + "microsoft", + "twitter" + ], + "metadata": { + "description": "Optional. Identity Provider Type identifier." + } + }, + "name": { + "type": "string", + "metadata": { + "description": "Required. Identity provider name." + } + } + }, + "variables": { + "isAadB2C": "[equals(parameters('type'), 'aadB2C')]" + }, + "resources": [ + { + "type": "Microsoft.ApiManagement/service/identityProviders", + "apiVersion": "2021-08-01", + "name": "[format('{0}/{1}', parameters('apiManagementServiceName'), parameters('name'))]", + "properties": { + "type": "[parameters('type')]", + "signinTenant": "[parameters('signInTenant')]", + "allowedTenants": "[parameters('allowedTenants')]", + "authority": "[parameters('authority')]", + "signupPolicyName": "[if(variables('isAadB2C'), parameters('signUpPolicyName'), null())]", + "signinPolicyName": "[if(variables('isAadB2C'), parameters('signInPolicyName'), null())]", + "profileEditingPolicyName": "[if(variables('isAadB2C'), parameters('profileEditingPolicyName'), null())]", + "passwordResetPolicyName": "[if(variables('isAadB2C'), parameters('passwordResetPolicyName'), null())]", + "clientId": "[parameters('clientId')]", + "clientSecret": "[parameters('clientSecret')]" + } + } + ], + "outputs": { + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the API management service identity provider." + }, + "value": "[resourceId('Microsoft.ApiManagement/service/identityProviders', parameters('apiManagementServiceName'), parameters('name'))]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the API management service identity provider." + }, + "value": "[parameters('name')]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the API management service identity provider was deployed into." + }, + "value": "[resourceGroup().name]" + } + } + } + }, + "dependsOn": [ + "service" + ] + }, + "service_namedValues": { + "copy": { + "name": "service_namedValues", + "count": "[length(parameters('namedValues'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-Apim-NamedValue-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "apiManagementServiceName": { + "value": "[parameters('name')]" + }, + "displayName": { + "value": "[parameters('namedValues')[copyIndex()].displayName]" + }, + "keyVault": "[if(contains(parameters('namedValues')[copyIndex()], 'keyVault'), createObject('value', parameters('namedValues')[copyIndex()].keyVault), createObject('value', createObject()))]", + "name": { + "value": "[parameters('namedValues')[copyIndex()].name]" + }, + "tags": { + "value": "[tryGet(parameters('namedValues')[copyIndex()], 'tags')]" + }, + "secret": "[if(contains(parameters('namedValues')[copyIndex()], 'secret'), createObject('value', parameters('namedValues')[copyIndex()].secret), createObject('value', false()))]", + "value": "[if(contains(parameters('namedValues')[copyIndex()], 'value'), createObject('value', parameters('namedValues')[copyIndex()].value), createObject('value', parameters('newGuidValue')))]" + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "14423803808142765353" + }, + "name": "API Management Service Named Values", + "description": "This module deploys an API Management Service Named Value.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "apiManagementServiceName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent API Management service. Required if the template is used in a standalone deployment." + } + }, + "displayName": { + "type": "string", + "metadata": { + "description": "Required. Unique name of NamedValue. It may contain only letters, digits, period, dash, and underscore characters." + } + }, + "keyVault": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. KeyVault location details of the namedValue." + } + }, + "name": { + "type": "string", + "metadata": { + "description": "Required. Named value Name." + } + }, + "tags": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. Tags that when provided can be used to filter the NamedValue list. - string." + } + }, + "secret": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Determines whether the value is a secret and should be encrypted or not. Default value is false." + } + }, + "value": { + "type": "string", + "defaultValue": "[newGuid()]", + "metadata": { + "description": "Optional. Value of the NamedValue. Can contain policy expressions. It may not be empty or consist only of whitespace. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value." + } + } + }, + "variables": { + "keyVaultEmpty": "[empty(parameters('keyVault'))]" + }, + "resources": { + "service": { + "existing": true, + "type": "Microsoft.ApiManagement/service", + "apiVersion": "2021-08-01", + "name": "[parameters('apiManagementServiceName')]" + }, + "namedValue": { + "type": "Microsoft.ApiManagement/service/namedValues", + "apiVersion": "2021-08-01", + "name": "[format('{0}/{1}', parameters('apiManagementServiceName'), parameters('name'))]", + "properties": { + "tags": "[parameters('tags')]", + "secret": "[parameters('secret')]", + "displayName": "[parameters('displayName')]", + "value": "[if(variables('keyVaultEmpty'), parameters('value'), null())]", + "keyVault": "[if(not(variables('keyVaultEmpty')), parameters('keyVault'), null())]" + }, + "dependsOn": [ + "service" + ] + } + }, + "outputs": { + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the named value." + }, + "value": "[resourceId('Microsoft.ApiManagement/service/namedValues', parameters('apiManagementServiceName'), parameters('name'))]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the named value." + }, + "value": "[parameters('name')]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the named value was deployed into." + }, + "value": "[resourceGroup().name]" + } + } + } + }, + "dependsOn": [ + "service" + ] + }, + "service_portalsettings": { + "copy": { + "name": "service_portalsettings", + "count": "[length(parameters('portalsettings'))]" + }, + "condition": "[not(empty(parameters('portalsettings')[copyIndex()].properties))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-Apim-PortalSetting-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "apiManagementServiceName": { + "value": "[parameters('name')]" + }, + "name": { + "value": "[parameters('portalsettings')[copyIndex()].name]" + }, + "properties": { + "value": "[parameters('portalsettings')[copyIndex()].properties]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "17882646930090717237" + }, + "name": "API Management Service Portal Settings", + "description": "This module deploys an API Management Service Portal Setting.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "apiManagementServiceName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent API Management service. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "allowedValues": [ + "delegation", + "signin", + "signup" + ], + "metadata": { + "description": "Required. Portal setting name." + } + }, + "properties": { + "type": "object", + "metadata": { + "description": "Required. Portal setting properties." + } + } + }, + "resources": [ + { + "type": "Microsoft.ApiManagement/service/portalsettings", + "apiVersion": "2021-08-01", + "name": "[format('{0}/{1}', parameters('apiManagementServiceName'), parameters('name'))]", + "properties": "[parameters('properties')]" + } + ], + "outputs": { + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the API management service portal setting." + }, + "value": "[resourceId('Microsoft.ApiManagement/service/portalsettings', parameters('apiManagementServiceName'), parameters('name'))]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the API management service portal setting." + }, + "value": "[parameters('name')]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the API management service portal setting was deployed into." + }, + "value": "[resourceGroup().name]" + } + } + } + }, + "dependsOn": [ + "service" + ] + }, + "service_policies": { + "copy": { + "name": "service_policies", + "count": "[length(parameters('policies'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-Apim-Policy-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "apiManagementServiceName": { + "value": "[parameters('name')]" + }, + "value": { + "value": "[parameters('policies')[copyIndex()].value]" + }, + "format": "[if(contains(parameters('policies')[copyIndex()], 'format'), createObject('value', parameters('policies')[copyIndex()].format), createObject('value', 'xml'))]" + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "2972278282486423100" + }, + "name": "API Management Service Policies", + "description": "This module deploys an API Management Service Policy.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "apiManagementServiceName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent API Management service. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "defaultValue": "policy", + "metadata": { + "description": "Optional. The name of the policy." + } + }, + "format": { + "type": "string", + "defaultValue": "xml", + "allowedValues": [ + "rawxml", + "rawxml-link", + "xml", + "xml-link" + ], + "metadata": { + "description": "Optional. Format of the policyContent." + } + }, + "value": { + "type": "string", + "metadata": { + "description": "Required. Contents of the Policy as defined by the format." + } + } + }, + "resources": [ + { + "type": "Microsoft.ApiManagement/service/policies", + "apiVersion": "2021-08-01", + "name": "[format('{0}/{1}', parameters('apiManagementServiceName'), parameters('name'))]", + "properties": { + "format": "[parameters('format')]", + "value": "[parameters('value')]" + } + } + ], + "outputs": { + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the API management service policy." + }, + "value": "[resourceId('Microsoft.ApiManagement/service/policies', parameters('apiManagementServiceName'), parameters('name'))]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the API management service policy." + }, + "value": "[parameters('name')]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the API management service policy was deployed into." + }, + "value": "[resourceGroup().name]" + } + } + } + }, + "dependsOn": [ + "service" + ] + }, + "service_products": { + "copy": { + "name": "service_products", + "count": "[length(parameters('products'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-Apim-Product-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "apiManagementServiceName": { + "value": "[parameters('name')]" + }, + "apis": "[if(contains(parameters('products')[copyIndex()], 'apis'), createObject('value', parameters('products')[copyIndex()].apis), createObject('value', createArray()))]", + "approvalRequired": "[if(contains(parameters('products')[copyIndex()], 'approvalRequired'), createObject('value', parameters('products')[copyIndex()].approvalRequired), createObject('value', false()))]", + "groups": "[if(contains(parameters('products')[copyIndex()], 'groups'), createObject('value', parameters('products')[copyIndex()].groups), createObject('value', createArray()))]", + "name": { + "value": "[parameters('products')[copyIndex()].name]" + }, + "description": "[if(contains(parameters('products')[copyIndex()], 'description'), createObject('value', parameters('products')[copyIndex()].description), createObject('value', ''))]", + "state": "[if(contains(parameters('products')[copyIndex()], 'state'), createObject('value', parameters('products')[copyIndex()].state), createObject('value', 'published'))]", + "subscriptionRequired": "[if(contains(parameters('products')[copyIndex()], 'subscriptionRequired'), createObject('value', parameters('products')[copyIndex()].subscriptionRequired), createObject('value', false()))]", + "subscriptionsLimit": "[if(contains(parameters('products')[copyIndex()], 'subscriptionsLimit'), createObject('value', parameters('products')[copyIndex()].subscriptionsLimit), createObject('value', 1))]", + "terms": "[if(contains(parameters('products')[copyIndex()], 'terms'), createObject('value', parameters('products')[copyIndex()].terms), createObject('value', ''))]" + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "13412848310424617232" + }, + "name": "API Management Service Products", + "description": "This module deploys an API Management Service Product.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "apiManagementServiceName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent API Management service. Required if the template is used in a standalone deployment." + } + }, + "approvalRequired": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Whether subscription approval is required. If false, new subscriptions will be approved automatically enabling developers to call the products APIs immediately after subscribing. If true, administrators must manually approve the subscription before the developer can any of the products APIs. Can be present only if subscriptionRequired property is present and has a value of false." + } + }, + "description": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Product description. May include HTML formatting tags." + } + }, + "apis": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Array of Product APIs." + } + }, + "groups": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Array of Product Groups." + } + }, + "name": { + "type": "string", + "metadata": { + "description": "Required. Product Name." + } + }, + "state": { + "type": "string", + "defaultValue": "published", + "metadata": { + "description": "Optional. whether product is published or not. Published products are discoverable by users of developer portal. Non published products are visible only to administrators. Default state of Product is notPublished. - notPublished or published." + } + }, + "subscriptionRequired": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Whether a product subscription is required for accessing APIs included in this product. If true, the product is referred to as \"protected\" and a valid subscription key is required for a request to an API included in the product to succeed. If false, the product is referred to as \"open\" and requests to an API included in the product can be made without a subscription key. If property is omitted when creating a new product it's value is assumed to be true." + } + }, + "subscriptionsLimit": { + "type": "int", + "defaultValue": 1, + "metadata": { + "description": "Optional. Whether the number of subscriptions a user can have to this product at the same time. Set to null or omit to allow unlimited per user subscriptions. Can be present only if subscriptionRequired property is present and has a value of false." + } + }, + "terms": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Product terms of use. Developers trying to subscribe to the product will be presented and required to accept these terms before they can complete the subscription process." + } + } + }, + "resources": [ + { + "type": "Microsoft.ApiManagement/service/products", + "apiVersion": "2021-08-01", + "name": "[format('{0}/{1}', parameters('apiManagementServiceName'), parameters('name'))]", + "properties": { + "description": "[parameters('description')]", + "displayName": "[parameters('name')]", + "terms": "[parameters('terms')]", + "subscriptionRequired": "[parameters('subscriptionRequired')]", + "approvalRequired": "[if(parameters('subscriptionRequired'), parameters('approvalRequired'), null())]", + "subscriptionsLimit": "[if(parameters('subscriptionRequired'), parameters('subscriptionsLimit'), null())]", + "state": "[parameters('state')]" + } + }, + { + "copy": { + "name": "product_apis", + "count": "[length(parameters('apis'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-Api-{1}', deployment().name, copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "apiManagementServiceName": { + "value": "[parameters('apiManagementServiceName')]" + }, + "name": { + "value": "[parameters('apis')[copyIndex()].name]" + }, + "productName": { + "value": "[parameters('name')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "14722621268708488261" + }, + "name": "API Management Service Products APIs", + "description": "This module deploys an API Management Service Product API.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "apiManagementServiceName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent API Management service. Required if the template is used in a standalone deployment." + } + }, + "productName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent Product. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "metadata": { + "description": "Required. Name of the product API." + } + } + }, + "resources": [ + { + "type": "Microsoft.ApiManagement/service/products/apis", + "apiVersion": "2021-08-01", + "name": "[format('{0}/{1}/{2}', parameters('apiManagementServiceName'), parameters('productName'), parameters('name'))]" + } + ], + "outputs": { + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the product API." + }, + "value": "[resourceId('Microsoft.ApiManagement/service/products/apis', parameters('apiManagementServiceName'), parameters('productName'), parameters('name'))]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the product API." + }, + "value": "[parameters('name')]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the product API was deployed into." + }, + "value": "[resourceGroup().name]" + } + } + } + } + }, + { + "copy": { + "name": "product_groups", + "count": "[length(parameters('groups'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-Group-{1}', deployment().name, copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "apiManagementServiceName": { + "value": "[parameters('apiManagementServiceName')]" + }, + "name": { + "value": "[parameters('groups')[copyIndex()].name]" + }, + "productName": { + "value": "[parameters('name')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "15349196511355180524" + }, + "name": "API Management Service Products Groups", + "description": "This module deploys an API Management Service Product Group.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "apiManagementServiceName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent API Management service. Required if the template is used in a standalone deployment." + } + }, + "productName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent Product. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "metadata": { + "description": "Required. Name of the product group." + } + } + }, + "resources": [ + { + "type": "Microsoft.ApiManagement/service/products/groups", + "apiVersion": "2021-08-01", + "name": "[format('{0}/{1}/{2}', parameters('apiManagementServiceName'), parameters('productName'), parameters('name'))]" + } + ], + "outputs": { + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the product group." + }, + "value": "[resourceId('Microsoft.ApiManagement/service/products/groups', parameters('apiManagementServiceName'), parameters('productName'), parameters('name'))]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the product group." + }, + "value": "[parameters('name')]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the product group was deployed into." + }, + "value": "[resourceGroup().name]" + } + } + } + } + } + ], + "outputs": { + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the API management service product." + }, + "value": "[resourceId('Microsoft.ApiManagement/service/products', parameters('apiManagementServiceName'), parameters('name'))]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the API management service product." + }, + "value": "[parameters('name')]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the API management service product was deployed into." + }, + "value": "[resourceGroup().name]" + }, + "apiResourceIds": { + "type": "array", + "metadata": { + "description": "The Resources IDs of the API management service product APIs." + }, + "copy": { + "count": "[length(range(0, length(parameters('apis'))))]", + "input": "[reference(resourceId('Microsoft.Resources/deployments', format('{0}-Api-{1}', deployment().name, range(0, length(parameters('apis')))[copyIndex()])), '2022-09-01').outputs.resourceId.value]" + } + }, + "groupResourceIds": { + "type": "array", + "metadata": { + "description": "The Resources IDs of the API management service product groups." + }, + "copy": { + "count": "[length(range(0, length(parameters('groups'))))]", + "input": "[reference(resourceId('Microsoft.Resources/deployments', format('{0}-Group-{1}', deployment().name, range(0, length(parameters('groups')))[copyIndex()])), '2022-09-01').outputs.resourceId.value]" + } + } + } + } + }, + "dependsOn": [ + "service", + "service_apis" + ] + }, + "service_subscriptions": { + "copy": { + "name": "service_subscriptions", + "count": "[length(parameters('subscriptions'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-Apim-Subscription-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "apiManagementServiceName": { + "value": "[parameters('name')]" + }, + "name": { + "value": "[parameters('subscriptions')[copyIndex()].name]" + }, + "allowTracing": { + "value": "[tryGet(parameters('subscriptions')[copyIndex()], 'allowTracing')]" + }, + "ownerId": { + "value": "[tryGet(parameters('subscriptions')[copyIndex()], 'ownerId')]" + }, + "primaryKey": { + "value": "[tryGet(parameters('subscriptions')[copyIndex()], 'primaryKey')]" + }, + "scope": { + "value": "[tryGet(parameters('subscriptions')[copyIndex()], 'scope')]" + }, + "secondaryKey": { + "value": "[tryGet(parameters('subscriptions')[copyIndex()], 'secondaryKey')]" + }, + "state": { + "value": "[tryGet(parameters('subscriptions')[copyIndex()], 'state')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "17130710293008431926" + }, + "name": "API Management Service Subscriptions", + "description": "This module deploys an API Management Service Subscription.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "allowTracing": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Determines whether tracing can be enabled." + } + }, + "apiManagementServiceName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent API Management service. Required if the template is used in a standalone deployment." + } + }, + "ownerId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. User (user ID path) for whom subscription is being created in form /users/{userId}." + } + }, + "primaryKey": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Primary subscription key. If not specified during request key will be generated automatically." + } + }, + "scope": { + "type": "string", + "defaultValue": "/apis", + "metadata": { + "description": "Optional. Scope type to choose between a product, \"allAPIs\" or a specific API. Scope like \"/products/{productId}\" or \"/apis\" or \"/apis/{apiId}\"." + } + }, + "secondaryKey": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Secondary subscription key. If not specified during request key will be generated automatically." + } + }, + "state": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Initial subscription state. If no value is specified, subscription is created with Submitted state. Possible states are \"*\" active \"?\" the subscription is active, \"*\" suspended \"?\" the subscription is blocked, and the subscriber cannot call any APIs of the product, * submitted ? the subscription request has been made by the developer, but has not yet been approved or rejected, * rejected ? the subscription request has been denied by an administrator, * cancelled ? the subscription has been cancelled by the developer or administrator, * expired ? the subscription reached its expiration date and was deactivated. - suspended, active, expired, submitted, rejected, cancelled." + } + }, + "name": { + "type": "string", + "metadata": { + "description": "Required. Subscription name." + } + } + }, + "resources": { + "service": { + "existing": true, + "type": "Microsoft.ApiManagement/service", + "apiVersion": "2021-08-01", + "name": "[parameters('apiManagementServiceName')]" + }, + "subscription": { + "type": "Microsoft.ApiManagement/service/subscriptions", + "apiVersion": "2021-08-01", + "name": "[format('{0}/{1}', parameters('apiManagementServiceName'), parameters('name'))]", + "properties": { + "scope": "[parameters('scope')]", + "displayName": "[parameters('name')]", + "ownerId": "[parameters('ownerId')]", + "primaryKey": "[parameters('primaryKey')]", + "secondaryKey": "[parameters('secondaryKey')]", + "state": "[parameters('state')]", + "allowTracing": "[parameters('allowTracing')]" + }, + "dependsOn": [ + "service" + ] + } + }, + "outputs": { + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the API management service subscription." + }, + "value": "[resourceId('Microsoft.ApiManagement/service/subscriptions', parameters('apiManagementServiceName'), parameters('name'))]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the API management service subscription." + }, + "value": "[parameters('name')]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the API management service subscription was deployed into." + }, + "value": "[resourceGroup().name]" + } + } + } + }, + "dependsOn": [ + "service" + ] + } + }, + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the API management service." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the API management service." + }, + "value": "[resourceId('Microsoft.ApiManagement/service', parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the API management service was deployed into." + }, + "value": "[resourceGroup().name]" + }, + "systemAssignedMIPrincipalId": { + "type": "string", + "metadata": { + "description": "The principal ID of the system assigned identity." + }, + "value": "[if(and(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), contains(reference('service', '2021-08-01', 'full').identity, 'principalId')), reference('service', '2021-08-01', 'full').identity.principalId, '')]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference('service', '2021-08-01', 'full').location]" + } + } +} \ No newline at end of file diff --git a/avm/res/api-management/service/named-value/README.md b/avm/res/api-management/service/named-value/README.md new file mode 100644 index 0000000000..1648bb1ad0 --- /dev/null +++ b/avm/res/api-management/service/named-value/README.md @@ -0,0 +1,139 @@ +# API Management Service Named Values `[Microsoft.ApiManagement/service/namedValues]` + +This module deploys an API Management Service Named Value. + +## Navigation + +- [Resource Types](#Resource-Types) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Cross-referenced modules](#Cross-referenced-modules) +- [Notes](#Notes) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.ApiManagement/service/namedValues` | [2021-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/namedValues) | + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`displayName`](#parameter-displayname) | string | Unique name of NamedValue. It may contain only letters, digits, period, dash, and underscore characters. | +| [`name`](#parameter-name) | string | Named value Name. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`keyVault`](#parameter-keyvault) | object | KeyVault location details of the namedValue. | +| [`secret`](#parameter-secret) | bool | Determines whether the value is a secret and should be encrypted or not. Default value is false. | +| [`tags`](#parameter-tags) | array | Tags that when provided can be used to filter the NamedValue list. - string. | +| [`value`](#parameter-value) | string | Value of the NamedValue. Can contain policy expressions. It may not be empty or consist only of whitespace. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value. | + +### Parameter: `displayName` + +Unique name of NamedValue. It may contain only letters, digits, period, dash, and underscore characters. + +- Required: Yes +- Type: string + +### Parameter: `name` + +Named value Name. + +- Required: Yes +- Type: string + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `keyVault` + +KeyVault location details of the namedValue. + +- Required: No +- Type: object +- Default: `{}` + +### Parameter: `secret` + +Determines whether the value is a secret and should be encrypted or not. Default value is false. + +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags that when provided can be used to filter the NamedValue list. - string. + +- Required: No +- Type: array + +### Parameter: `value` + +Value of the NamedValue. Can contain policy expressions. It may not be empty or consist only of whitespace. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value. + +- Required: No +- Type: string +- Default: `[newGuid()]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the named value. | +| `resourceGroupName` | string | The resource group the named value was deployed into. | +| `resourceId` | string | The resource ID of the named value. | + +## Cross-referenced modules + +_None_ + +## Notes + +### Parameter Usage: `keyVault` + +

+ +Parameter JSON format + +```json +"keyVault": { + "value":{ + "secretIdentifier":"Key vault secret identifier for fetching secret.", + "identityClientId":"SystemAssignedIdentity or UserAssignedIdentity Client ID which will be used to access key vault secret." + } +} +``` + +
+ +
+ +Bicep format + +```bicep +keyVault: { + secretIdentifier:'Key vault secret identifier for fetching secret.' + identityClientId:'SystemAssignedIdentity or UserAssignedIdentity Client ID which will be used to access key vault secret.' +} +``` + +
+

diff --git a/avm/res/api-management/service/named-value/main.bicep b/avm/res/api-management/service/named-value/main.bicep new file mode 100644 index 0000000000..dc99e61c1a --- /dev/null +++ b/avm/res/api-management/service/named-value/main.bicep @@ -0,0 +1,52 @@ +metadata name = 'API Management Service Named Values' +metadata description = 'This module deploys an API Management Service Named Value.' +metadata owner = 'Azure/module-maintainers' + +@description('Conditional. The name of the parent API Management service. Required if the template is used in a standalone deployment.') +param apiManagementServiceName string + +@description('Required. Unique name of NamedValue. It may contain only letters, digits, period, dash, and underscore characters.') +param displayName string + +@description('Optional. KeyVault location details of the namedValue.') +param keyVault object = {} + +@description('Required. Named value Name.') +param name string + +@description('Optional. Tags that when provided can be used to filter the NamedValue list. - string.') +param tags array? + +@description('Optional. Determines whether the value is a secret and should be encrypted or not. Default value is false.') +#disable-next-line secure-secrets-in-params // Not a secret +param secret bool = false + +@description('Optional. Value of the NamedValue. Can contain policy expressions. It may not be empty or consist only of whitespace. This property will not be filled on \'GET\' operations! Use \'/listSecrets\' POST request to get the value.') +param value string = newGuid() + +var keyVaultEmpty = empty(keyVault) + +resource service 'Microsoft.ApiManagement/service@2021-08-01' existing = { + name: apiManagementServiceName +} + +resource namedValue 'Microsoft.ApiManagement/service/namedValues@2021-08-01' = { + name: name + parent: service + properties: { + tags: tags + secret: secret + displayName: displayName + value: keyVaultEmpty ? value : null + keyVault: !keyVaultEmpty ? keyVault : null + } +} + +@description('The resource ID of the named value.') +output resourceId string = namedValue.id + +@description('The name of the named value.') +output name string = namedValue.name + +@description('The resource group the named value was deployed into.') +output resourceGroupName string = resourceGroup().name diff --git a/avm/res/api-management/service/named-value/main.json b/avm/res/api-management/service/named-value/main.json new file mode 100644 index 0000000000..563054acec --- /dev/null +++ b/avm/res/api-management/service/named-value/main.json @@ -0,0 +1,112 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "14423803808142765353" + }, + "name": "API Management Service Named Values", + "description": "This module deploys an API Management Service Named Value.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "apiManagementServiceName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent API Management service. Required if the template is used in a standalone deployment." + } + }, + "displayName": { + "type": "string", + "metadata": { + "description": "Required. Unique name of NamedValue. It may contain only letters, digits, period, dash, and underscore characters." + } + }, + "keyVault": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. KeyVault location details of the namedValue." + } + }, + "name": { + "type": "string", + "metadata": { + "description": "Required. Named value Name." + } + }, + "tags": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. Tags that when provided can be used to filter the NamedValue list. - string." + } + }, + "secret": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Determines whether the value is a secret and should be encrypted or not. Default value is false." + } + }, + "value": { + "type": "string", + "defaultValue": "[newGuid()]", + "metadata": { + "description": "Optional. Value of the NamedValue. Can contain policy expressions. It may not be empty or consist only of whitespace. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value." + } + } + }, + "variables": { + "keyVaultEmpty": "[empty(parameters('keyVault'))]" + }, + "resources": { + "service": { + "existing": true, + "type": "Microsoft.ApiManagement/service", + "apiVersion": "2021-08-01", + "name": "[parameters('apiManagementServiceName')]" + }, + "namedValue": { + "type": "Microsoft.ApiManagement/service/namedValues", + "apiVersion": "2021-08-01", + "name": "[format('{0}/{1}', parameters('apiManagementServiceName'), parameters('name'))]", + "properties": { + "tags": "[parameters('tags')]", + "secret": "[parameters('secret')]", + "displayName": "[parameters('displayName')]", + "value": "[if(variables('keyVaultEmpty'), parameters('value'), null())]", + "keyVault": "[if(not(variables('keyVaultEmpty')), parameters('keyVault'), null())]" + }, + "dependsOn": [ + "service" + ] + } + }, + "outputs": { + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the named value." + }, + "value": "[resourceId('Microsoft.ApiManagement/service/namedValues', parameters('apiManagementServiceName'), parameters('name'))]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the named value." + }, + "value": "[parameters('name')]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the named value was deployed into." + }, + "value": "[resourceGroup().name]" + } + } +} \ No newline at end of file diff --git a/avm/res/api-management/service/policy/README.md b/avm/res/api-management/service/policy/README.md new file mode 100644 index 0000000000..d8ee739eb4 --- /dev/null +++ b/avm/res/api-management/service/policy/README.md @@ -0,0 +1,89 @@ +# API Management Service Policies `[Microsoft.ApiManagement/service/policies]` + +This module deploys an API Management Service Policy. + +## Navigation + +- [Resource Types](#Resource-Types) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Cross-referenced modules](#Cross-referenced-modules) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.ApiManagement/service/policies` | [2021-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/policies) | + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`value`](#parameter-value) | string | Contents of the Policy as defined by the format. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`format`](#parameter-format) | string | Format of the policyContent. | +| [`name`](#parameter-name) | string | The name of the policy. | + +### Parameter: `value` + +Contents of the Policy as defined by the format. + +- Required: Yes +- Type: string + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `format` + +Format of the policyContent. + +- Required: No +- Type: string +- Default: `'xml'` +- Allowed: + ```Bicep + [ + 'rawxml' + 'rawxml-link' + 'xml' + 'xml-link' + ] + ``` + +### Parameter: `name` + +The name of the policy. + +- Required: No +- Type: string +- Default: `'policy'` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the API management service policy. | +| `resourceGroupName` | string | The resource group the API management service policy was deployed into. | +| `resourceId` | string | The resource ID of the API management service policy. | + +## Cross-referenced modules + +_None_ diff --git a/avm/res/api-management/service/policy/main.bicep b/avm/res/api-management/service/policy/main.bicep new file mode 100644 index 0000000000..ac3dfc758a --- /dev/null +++ b/avm/res/api-management/service/policy/main.bicep @@ -0,0 +1,43 @@ +metadata name = 'API Management Service Policies' +metadata description = 'This module deploys an API Management Service Policy.' +metadata owner = 'Azure/module-maintainers' + +@description('Conditional. The name of the parent API Management service. Required if the template is used in a standalone deployment.') +param apiManagementServiceName string + +@description('Optional. The name of the policy.') +param name string = 'policy' + +@description('Optional. Format of the policyContent.') +@allowed([ + 'rawxml' + 'rawxml-link' + 'xml' + 'xml-link' +]) +param format string = 'xml' + +@description('Required. Contents of the Policy as defined by the format.') +param value string + +resource service 'Microsoft.ApiManagement/service@2021-08-01' existing = { + name: apiManagementServiceName +} + +resource policy 'Microsoft.ApiManagement/service/policies@2021-08-01' = { + name: name + parent: service + properties: { + format: format + value: value + } +} + +@description('The resource ID of the API management service policy.') +output resourceId string = policy.id + +@description('The name of the API management service policy.') +output name string = policy.name + +@description('The resource group the API management service policy was deployed into.') +output resourceGroupName string = resourceGroup().name diff --git a/avm/res/api-management/service/policy/main.json b/avm/res/api-management/service/policy/main.json new file mode 100644 index 0000000000..3ff2f62057 --- /dev/null +++ b/avm/res/api-management/service/policy/main.json @@ -0,0 +1,82 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "2972278282486423100" + }, + "name": "API Management Service Policies", + "description": "This module deploys an API Management Service Policy.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "apiManagementServiceName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent API Management service. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "defaultValue": "policy", + "metadata": { + "description": "Optional. The name of the policy." + } + }, + "format": { + "type": "string", + "defaultValue": "xml", + "allowedValues": [ + "rawxml", + "rawxml-link", + "xml", + "xml-link" + ], + "metadata": { + "description": "Optional. Format of the policyContent." + } + }, + "value": { + "type": "string", + "metadata": { + "description": "Required. Contents of the Policy as defined by the format." + } + } + }, + "resources": [ + { + "type": "Microsoft.ApiManagement/service/policies", + "apiVersion": "2021-08-01", + "name": "[format('{0}/{1}', parameters('apiManagementServiceName'), parameters('name'))]", + "properties": { + "format": "[parameters('format')]", + "value": "[parameters('value')]" + } + } + ], + "outputs": { + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the API management service policy." + }, + "value": "[resourceId('Microsoft.ApiManagement/service/policies', parameters('apiManagementServiceName'), parameters('name'))]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the API management service policy." + }, + "value": "[parameters('name')]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the API management service policy was deployed into." + }, + "value": "[resourceGroup().name]" + } + } +} \ No newline at end of file diff --git a/avm/res/api-management/service/portalsetting/README.md b/avm/res/api-management/service/portalsetting/README.md new file mode 100644 index 0000000000..e7d6e71da7 --- /dev/null +++ b/avm/res/api-management/service/portalsetting/README.md @@ -0,0 +1,73 @@ +# API Management Service Portal Settings `[Microsoft.ApiManagement/service/portalsettings]` + +This module deploys an API Management Service Portal Setting. + +## Navigation + +- [Resource Types](#Resource-Types) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Cross-referenced modules](#Cross-referenced-modules) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.ApiManagement/service/portalsettings` | [2021-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/service) | + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Portal setting name. | +| [`properties`](#parameter-properties) | object | Portal setting properties. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | + +### Parameter: `name` + +Portal setting name. + +- Required: Yes +- Type: string +- Allowed: + ```Bicep + [ + 'delegation' + 'signin' + 'signup' + ] + ``` + +### Parameter: `properties` + +Portal setting properties. + +- Required: Yes +- Type: object + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the API management service portal setting. | +| `resourceGroupName` | string | The resource group the API management service portal setting was deployed into. | +| `resourceId` | string | The resource ID of the API management service portal setting. | + +## Cross-referenced modules + +_None_ diff --git a/avm/res/api-management/service/portalsetting/main.bicep b/avm/res/api-management/service/portalsetting/main.bicep new file mode 100644 index 0000000000..1d4ba53c89 --- /dev/null +++ b/avm/res/api-management/service/portalsetting/main.bicep @@ -0,0 +1,36 @@ +metadata name = 'API Management Service Portal Settings' +metadata description = 'This module deploys an API Management Service Portal Setting.' +metadata owner = 'Azure/module-maintainers' + +@description('Conditional. The name of the parent API Management service. Required if the template is used in a standalone deployment.') +param apiManagementServiceName string + +@description('Required. Portal setting name.') +@allowed([ + 'delegation' + 'signin' + 'signup' +]) +param name string + +@description('Required. Portal setting properties.') +param properties object + +resource service 'Microsoft.ApiManagement/service@2021-08-01' existing = { + name: apiManagementServiceName +} + +resource portalSetting 'Microsoft.ApiManagement/service/portalsettings@2021-08-01' = { + name: any(name) + parent: service + properties: properties +} + +@description('The resource ID of the API management service portal setting.') +output resourceId string = portalSetting.id + +@description('The name of the API management service portal setting.') +output name string = portalSetting.name + +@description('The resource group the API management service portal setting was deployed into.') +output resourceGroupName string = resourceGroup().name diff --git a/avm/res/api-management/service/portalsetting/main.json b/avm/res/api-management/service/portalsetting/main.json new file mode 100644 index 0000000000..ff45251a90 --- /dev/null +++ b/avm/res/api-management/service/portalsetting/main.json @@ -0,0 +1,70 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "17882646930090717237" + }, + "name": "API Management Service Portal Settings", + "description": "This module deploys an API Management Service Portal Setting.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "apiManagementServiceName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent API Management service. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "allowedValues": [ + "delegation", + "signin", + "signup" + ], + "metadata": { + "description": "Required. Portal setting name." + } + }, + "properties": { + "type": "object", + "metadata": { + "description": "Required. Portal setting properties." + } + } + }, + "resources": [ + { + "type": "Microsoft.ApiManagement/service/portalsettings", + "apiVersion": "2021-08-01", + "name": "[format('{0}/{1}', parameters('apiManagementServiceName'), parameters('name'))]", + "properties": "[parameters('properties')]" + } + ], + "outputs": { + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the API management service portal setting." + }, + "value": "[resourceId('Microsoft.ApiManagement/service/portalsettings', parameters('apiManagementServiceName'), parameters('name'))]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the API management service portal setting." + }, + "value": "[parameters('name')]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the API management service portal setting was deployed into." + }, + "value": "[resourceGroup().name]" + } + } +} \ No newline at end of file diff --git a/avm/res/api-management/service/product/README.md b/avm/res/api-management/service/product/README.md new file mode 100644 index 0000000000..5e0d6e6005 --- /dev/null +++ b/avm/res/api-management/service/product/README.md @@ -0,0 +1,138 @@ +# API Management Service Products `[Microsoft.ApiManagement/service/products]` + +This module deploys an API Management Service Product. + +## Navigation + +- [Resource Types](#Resource-Types) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Cross-referenced modules](#Cross-referenced-modules) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.ApiManagement/service/products` | [2021-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/products) | +| `Microsoft.ApiManagement/service/products/apis` | [2021-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/products/apis) | +| `Microsoft.ApiManagement/service/products/groups` | [2021-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/products/groups) | + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Product Name. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`apis`](#parameter-apis) | array | Array of Product APIs. | +| [`approvalRequired`](#parameter-approvalrequired) | bool | Whether subscription approval is required. If false, new subscriptions will be approved automatically enabling developers to call the products APIs immediately after subscribing. If true, administrators must manually approve the subscription before the developer can any of the products APIs. Can be present only if subscriptionRequired property is present and has a value of false. | +| [`description`](#parameter-description) | string | Product description. May include HTML formatting tags. | +| [`groups`](#parameter-groups) | array | Array of Product Groups. | +| [`state`](#parameter-state) | string | whether product is published or not. Published products are discoverable by users of developer portal. Non published products are visible only to administrators. Default state of Product is notPublished. - notPublished or published. | +| [`subscriptionRequired`](#parameter-subscriptionrequired) | bool | Whether a product subscription is required for accessing APIs included in this product. If true, the product is referred to as "protected" and a valid subscription key is required for a request to an API included in the product to succeed. If false, the product is referred to as "open" and requests to an API included in the product can be made without a subscription key. If property is omitted when creating a new product it's value is assumed to be true. | +| [`subscriptionsLimit`](#parameter-subscriptionslimit) | int | Whether the number of subscriptions a user can have to this product at the same time. Set to null or omit to allow unlimited per user subscriptions. Can be present only if subscriptionRequired property is present and has a value of false. | +| [`terms`](#parameter-terms) | string | Product terms of use. Developers trying to subscribe to the product will be presented and required to accept these terms before they can complete the subscription process. | + +### Parameter: `name` + +Product Name. + +- Required: Yes +- Type: string + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `apis` + +Array of Product APIs. + +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `approvalRequired` + +Whether subscription approval is required. If false, new subscriptions will be approved automatically enabling developers to call the products APIs immediately after subscribing. If true, administrators must manually approve the subscription before the developer can any of the products APIs. Can be present only if subscriptionRequired property is present and has a value of false. + +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `description` + +Product description. May include HTML formatting tags. + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `groups` + +Array of Product Groups. + +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `state` + +whether product is published or not. Published products are discoverable by users of developer portal. Non published products are visible only to administrators. Default state of Product is notPublished. - notPublished or published. + +- Required: No +- Type: string +- Default: `'published'` + +### Parameter: `subscriptionRequired` + +Whether a product subscription is required for accessing APIs included in this product. If true, the product is referred to as "protected" and a valid subscription key is required for a request to an API included in the product to succeed. If false, the product is referred to as "open" and requests to an API included in the product can be made without a subscription key. If property is omitted when creating a new product it's value is assumed to be true. + +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `subscriptionsLimit` + +Whether the number of subscriptions a user can have to this product at the same time. Set to null or omit to allow unlimited per user subscriptions. Can be present only if subscriptionRequired property is present and has a value of false. + +- Required: No +- Type: int +- Default: `1` + +### Parameter: `terms` + +Product terms of use. Developers trying to subscribe to the product will be presented and required to accept these terms before they can complete the subscription process. + +- Required: No +- Type: string +- Default: `''` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `apiResourceIds` | array | The Resources IDs of the API management service product APIs. | +| `groupResourceIds` | array | The Resources IDs of the API management service product groups. | +| `name` | string | The name of the API management service product. | +| `resourceGroupName` | string | The resource group the API management service product was deployed into. | +| `resourceId` | string | The resource ID of the API management service product. | + +## Cross-referenced modules + +_None_ diff --git a/avm/res/api-management/service/product/api/README.md b/avm/res/api-management/service/product/api/README.md new file mode 100644 index 0000000000..d54fb310e5 --- /dev/null +++ b/avm/res/api-management/service/product/api/README.md @@ -0,0 +1,65 @@ +# API Management Service Products APIs `[Microsoft.ApiManagement/service/products/apis]` + +This module deploys an API Management Service Product API. + +## Navigation + +- [Resource Types](#Resource-Types) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Cross-referenced modules](#Cross-referenced-modules) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.ApiManagement/service/products/apis` | [2021-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/products/apis) | + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the product API. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`productName`](#parameter-productname) | string | The name of the parent Product. Required if the template is used in a standalone deployment. | + +### Parameter: `name` + +Name of the product API. + +- Required: Yes +- Type: string + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `productName` + +The name of the parent Product. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the product API. | +| `resourceGroupName` | string | The resource group the product API was deployed into. | +| `resourceId` | string | The resource ID of the product API. | + +## Cross-referenced modules + +_None_ diff --git a/avm/res/api-management/service/product/api/main.bicep b/avm/res/api-management/service/product/api/main.bicep new file mode 100644 index 0000000000..6ccd3a2c9c --- /dev/null +++ b/avm/res/api-management/service/product/api/main.bicep @@ -0,0 +1,34 @@ +metadata name = 'API Management Service Products APIs' +metadata description = 'This module deploys an API Management Service Product API.' +metadata owner = 'Azure/module-maintainers' + +@description('Conditional. The name of the parent API Management service. Required if the template is used in a standalone deployment.') +param apiManagementServiceName string + +@description('Conditional. The name of the parent Product. Required if the template is used in a standalone deployment.') +param productName string + +@description('Required. Name of the product API.') +param name string + +resource service 'Microsoft.ApiManagement/service@2021-08-01' existing = { + name: apiManagementServiceName + + resource product 'products@2021-04-01-preview' existing = { + name: productName + } +} + +resource api 'Microsoft.ApiManagement/service/products/apis@2021-08-01' = { + name: name + parent: service::product +} + +@description('The resource ID of the product API.') +output resourceId string = api.id + +@description('The name of the product API.') +output name string = api.name + +@description('The resource group the product API was deployed into.') +output resourceGroupName string = resourceGroup().name diff --git a/avm/res/api-management/service/product/api/main.json b/avm/res/api-management/service/product/api/main.json new file mode 100644 index 0000000000..caff648c8e --- /dev/null +++ b/avm/res/api-management/service/product/api/main.json @@ -0,0 +1,64 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "14722621268708488261" + }, + "name": "API Management Service Products APIs", + "description": "This module deploys an API Management Service Product API.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "apiManagementServiceName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent API Management service. Required if the template is used in a standalone deployment." + } + }, + "productName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent Product. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "metadata": { + "description": "Required. Name of the product API." + } + } + }, + "resources": [ + { + "type": "Microsoft.ApiManagement/service/products/apis", + "apiVersion": "2021-08-01", + "name": "[format('{0}/{1}/{2}', parameters('apiManagementServiceName'), parameters('productName'), parameters('name'))]" + } + ], + "outputs": { + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the product API." + }, + "value": "[resourceId('Microsoft.ApiManagement/service/products/apis', parameters('apiManagementServiceName'), parameters('productName'), parameters('name'))]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the product API." + }, + "value": "[parameters('name')]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the product API was deployed into." + }, + "value": "[resourceGroup().name]" + } + } +} \ No newline at end of file diff --git a/avm/res/api-management/service/product/group/README.md b/avm/res/api-management/service/product/group/README.md new file mode 100644 index 0000000000..1642d11d4a --- /dev/null +++ b/avm/res/api-management/service/product/group/README.md @@ -0,0 +1,65 @@ +# API Management Service Products Groups `[Microsoft.ApiManagement/service/products/groups]` + +This module deploys an API Management Service Product Group. + +## Navigation + +- [Resource Types](#Resource-Types) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Cross-referenced modules](#Cross-referenced-modules) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.ApiManagement/service/products/groups` | [2021-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/products/groups) | + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the product group. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`productName`](#parameter-productname) | string | The name of the parent Product. Required if the template is used in a standalone deployment. | + +### Parameter: `name` + +Name of the product group. + +- Required: Yes +- Type: string + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `productName` + +The name of the parent Product. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the product group. | +| `resourceGroupName` | string | The resource group the product group was deployed into. | +| `resourceId` | string | The resource ID of the product group. | + +## Cross-referenced modules + +_None_ diff --git a/avm/res/api-management/service/product/group/main.bicep b/avm/res/api-management/service/product/group/main.bicep new file mode 100644 index 0000000000..c50d0cb6bc --- /dev/null +++ b/avm/res/api-management/service/product/group/main.bicep @@ -0,0 +1,34 @@ +metadata name = 'API Management Service Products Groups' +metadata description = 'This module deploys an API Management Service Product Group.' +metadata owner = 'Azure/module-maintainers' + +@description('Conditional. The name of the parent API Management service. Required if the template is used in a standalone deployment.') +param apiManagementServiceName string + +@description('Conditional. The name of the parent Product. Required if the template is used in a standalone deployment.') +param productName string + +@description('Required. Name of the product group.') +param name string + +resource service 'Microsoft.ApiManagement/service@2021-08-01' existing = { + name: apiManagementServiceName + + resource product 'products@2021-04-01-preview' existing = { + name: productName + } +} + +resource group 'Microsoft.ApiManagement/service/products/groups@2021-08-01' = { + name: name + parent: service::product +} + +@description('The resource ID of the product group.') +output resourceId string = group.id + +@description('The name of the product group.') +output name string = group.name + +@description('The resource group the product group was deployed into.') +output resourceGroupName string = resourceGroup().name diff --git a/avm/res/api-management/service/product/group/main.json b/avm/res/api-management/service/product/group/main.json new file mode 100644 index 0000000000..c0000a1611 --- /dev/null +++ b/avm/res/api-management/service/product/group/main.json @@ -0,0 +1,64 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "15349196511355180524" + }, + "name": "API Management Service Products Groups", + "description": "This module deploys an API Management Service Product Group.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "apiManagementServiceName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent API Management service. Required if the template is used in a standalone deployment." + } + }, + "productName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent Product. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "metadata": { + "description": "Required. Name of the product group." + } + } + }, + "resources": [ + { + "type": "Microsoft.ApiManagement/service/products/groups", + "apiVersion": "2021-08-01", + "name": "[format('{0}/{1}/{2}', parameters('apiManagementServiceName'), parameters('productName'), parameters('name'))]" + } + ], + "outputs": { + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the product group." + }, + "value": "[resourceId('Microsoft.ApiManagement/service/products/groups', parameters('apiManagementServiceName'), parameters('productName'), parameters('name'))]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the product group." + }, + "value": "[parameters('name')]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the product group was deployed into." + }, + "value": "[resourceGroup().name]" + } + } +} \ No newline at end of file diff --git a/avm/res/api-management/service/product/main.bicep b/avm/res/api-management/service/product/main.bicep new file mode 100644 index 0000000000..0d7edf625e --- /dev/null +++ b/avm/res/api-management/service/product/main.bicep @@ -0,0 +1,84 @@ +metadata name = 'API Management Service Products' +metadata description = 'This module deploys an API Management Service Product.' +metadata owner = 'Azure/module-maintainers' + +@sys.description('Conditional. The name of the parent API Management service. Required if the template is used in a standalone deployment.') +param apiManagementServiceName string + +@sys.description('Optional. Whether subscription approval is required. If false, new subscriptions will be approved automatically enabling developers to call the products APIs immediately after subscribing. If true, administrators must manually approve the subscription before the developer can any of the products APIs. Can be present only if subscriptionRequired property is present and has a value of false.') +param approvalRequired bool = false + +@sys.description('Optional. Product description. May include HTML formatting tags.') +param description string = '' + +@sys.description('Optional. Array of Product APIs.') +param apis array = [] + +@sys.description('Optional. Array of Product Groups.') +param groups array = [] + +@sys.description('Required. Product Name.') +param name string + +@sys.description('Optional. whether product is published or not. Published products are discoverable by users of developer portal. Non published products are visible only to administrators. Default state of Product is notPublished. - notPublished or published.') +param state string = 'published' + +@sys.description('Optional. Whether a product subscription is required for accessing APIs included in this product. If true, the product is referred to as "protected" and a valid subscription key is required for a request to an API included in the product to succeed. If false, the product is referred to as "open" and requests to an API included in the product can be made without a subscription key. If property is omitted when creating a new product it\'s value is assumed to be true.') +param subscriptionRequired bool = false + +@sys.description('Optional. Whether the number of subscriptions a user can have to this product at the same time. Set to null or omit to allow unlimited per user subscriptions. Can be present only if subscriptionRequired property is present and has a value of false.') +param subscriptionsLimit int = 1 + +@sys.description('Optional. Product terms of use. Developers trying to subscribe to the product will be presented and required to accept these terms before they can complete the subscription process.') +param terms string = '' + +resource service 'Microsoft.ApiManagement/service@2021-08-01' existing = { + name: apiManagementServiceName +} + +resource product 'Microsoft.ApiManagement/service/products@2021-08-01' = { + name: name + parent: service + properties: { + description: description + displayName: name + terms: terms + subscriptionRequired: subscriptionRequired + approvalRequired: subscriptionRequired ? approvalRequired : null + subscriptionsLimit: subscriptionRequired ? subscriptionsLimit : null + state: state + } +} + +module product_apis 'api/main.bicep' = [for (api, index) in apis: { + name: '${deployment().name}-Api-${index}' + params: { + apiManagementServiceName: apiManagementServiceName + name: api.name + productName: name + } +}] + +module product_groups 'group/main.bicep' = [for (group, index) in groups: { + name: '${deployment().name}-Group-${index}' + params: { + apiManagementServiceName: apiManagementServiceName + name: group.name + productName: name + } +}] + +@sys.description('The resource ID of the API management service product.') +output resourceId string = product.id + +@sys.description('The name of the API management service product.') +output name string = product.name + +@sys.description('The resource group the API management service product was deployed into.') +output resourceGroupName string = resourceGroup().name + +@sys.description('The Resources IDs of the API management service product APIs.') +output apiResourceIds array = [for index in range(0, length(apis)): product_apis[index].outputs.resourceId] + +@sys.description('The Resources IDs of the API management service product groups.') +output groupResourceIds array = [for index in range(0, length(groups)): product_groups[index].outputs.resourceId] diff --git a/avm/res/api-management/service/product/main.json b/avm/res/api-management/service/product/main.json new file mode 100644 index 0000000000..689e188873 --- /dev/null +++ b/avm/res/api-management/service/product/main.json @@ -0,0 +1,323 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "13412848310424617232" + }, + "name": "API Management Service Products", + "description": "This module deploys an API Management Service Product.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "apiManagementServiceName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent API Management service. Required if the template is used in a standalone deployment." + } + }, + "approvalRequired": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Whether subscription approval is required. If false, new subscriptions will be approved automatically enabling developers to call the products APIs immediately after subscribing. If true, administrators must manually approve the subscription before the developer can any of the products APIs. Can be present only if subscriptionRequired property is present and has a value of false." + } + }, + "description": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Product description. May include HTML formatting tags." + } + }, + "apis": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Array of Product APIs." + } + }, + "groups": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Array of Product Groups." + } + }, + "name": { + "type": "string", + "metadata": { + "description": "Required. Product Name." + } + }, + "state": { + "type": "string", + "defaultValue": "published", + "metadata": { + "description": "Optional. whether product is published or not. Published products are discoverable by users of developer portal. Non published products are visible only to administrators. Default state of Product is notPublished. - notPublished or published." + } + }, + "subscriptionRequired": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Whether a product subscription is required for accessing APIs included in this product. If true, the product is referred to as \"protected\" and a valid subscription key is required for a request to an API included in the product to succeed. If false, the product is referred to as \"open\" and requests to an API included in the product can be made without a subscription key. If property is omitted when creating a new product it's value is assumed to be true." + } + }, + "subscriptionsLimit": { + "type": "int", + "defaultValue": 1, + "metadata": { + "description": "Optional. Whether the number of subscriptions a user can have to this product at the same time. Set to null or omit to allow unlimited per user subscriptions. Can be present only if subscriptionRequired property is present and has a value of false." + } + }, + "terms": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Product terms of use. Developers trying to subscribe to the product will be presented and required to accept these terms before they can complete the subscription process." + } + } + }, + "resources": [ + { + "type": "Microsoft.ApiManagement/service/products", + "apiVersion": "2021-08-01", + "name": "[format('{0}/{1}', parameters('apiManagementServiceName'), parameters('name'))]", + "properties": { + "description": "[parameters('description')]", + "displayName": "[parameters('name')]", + "terms": "[parameters('terms')]", + "subscriptionRequired": "[parameters('subscriptionRequired')]", + "approvalRequired": "[if(parameters('subscriptionRequired'), parameters('approvalRequired'), null())]", + "subscriptionsLimit": "[if(parameters('subscriptionRequired'), parameters('subscriptionsLimit'), null())]", + "state": "[parameters('state')]" + } + }, + { + "copy": { + "name": "product_apis", + "count": "[length(parameters('apis'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-Api-{1}', deployment().name, copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "apiManagementServiceName": { + "value": "[parameters('apiManagementServiceName')]" + }, + "name": { + "value": "[parameters('apis')[copyIndex()].name]" + }, + "productName": { + "value": "[parameters('name')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "14722621268708488261" + }, + "name": "API Management Service Products APIs", + "description": "This module deploys an API Management Service Product API.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "apiManagementServiceName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent API Management service. Required if the template is used in a standalone deployment." + } + }, + "productName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent Product. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "metadata": { + "description": "Required. Name of the product API." + } + } + }, + "resources": [ + { + "type": "Microsoft.ApiManagement/service/products/apis", + "apiVersion": "2021-08-01", + "name": "[format('{0}/{1}/{2}', parameters('apiManagementServiceName'), parameters('productName'), parameters('name'))]" + } + ], + "outputs": { + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the product API." + }, + "value": "[resourceId('Microsoft.ApiManagement/service/products/apis', parameters('apiManagementServiceName'), parameters('productName'), parameters('name'))]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the product API." + }, + "value": "[parameters('name')]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the product API was deployed into." + }, + "value": "[resourceGroup().name]" + } + } + } + } + }, + { + "copy": { + "name": "product_groups", + "count": "[length(parameters('groups'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-Group-{1}', deployment().name, copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "apiManagementServiceName": { + "value": "[parameters('apiManagementServiceName')]" + }, + "name": { + "value": "[parameters('groups')[copyIndex()].name]" + }, + "productName": { + "value": "[parameters('name')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "15349196511355180524" + }, + "name": "API Management Service Products Groups", + "description": "This module deploys an API Management Service Product Group.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "apiManagementServiceName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent API Management service. Required if the template is used in a standalone deployment." + } + }, + "productName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent Product. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "metadata": { + "description": "Required. Name of the product group." + } + } + }, + "resources": [ + { + "type": "Microsoft.ApiManagement/service/products/groups", + "apiVersion": "2021-08-01", + "name": "[format('{0}/{1}/{2}', parameters('apiManagementServiceName'), parameters('productName'), parameters('name'))]" + } + ], + "outputs": { + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the product group." + }, + "value": "[resourceId('Microsoft.ApiManagement/service/products/groups', parameters('apiManagementServiceName'), parameters('productName'), parameters('name'))]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the product group." + }, + "value": "[parameters('name')]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the product group was deployed into." + }, + "value": "[resourceGroup().name]" + } + } + } + } + } + ], + "outputs": { + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the API management service product." + }, + "value": "[resourceId('Microsoft.ApiManagement/service/products', parameters('apiManagementServiceName'), parameters('name'))]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the API management service product." + }, + "value": "[parameters('name')]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the API management service product was deployed into." + }, + "value": "[resourceGroup().name]" + }, + "apiResourceIds": { + "type": "array", + "metadata": { + "description": "The Resources IDs of the API management service product APIs." + }, + "copy": { + "count": "[length(range(0, length(parameters('apis'))))]", + "input": "[reference(resourceId('Microsoft.Resources/deployments', format('{0}-Api-{1}', deployment().name, range(0, length(parameters('apis')))[copyIndex()])), '2022-09-01').outputs.resourceId.value]" + } + }, + "groupResourceIds": { + "type": "array", + "metadata": { + "description": "The Resources IDs of the API management service product groups." + }, + "copy": { + "count": "[length(range(0, length(parameters('groups'))))]", + "input": "[reference(resourceId('Microsoft.Resources/deployments', format('{0}-Group-{1}', deployment().name, range(0, length(parameters('groups')))[copyIndex()])), '2022-09-01').outputs.resourceId.value]" + } + } + } +} \ No newline at end of file diff --git a/avm/res/api-management/service/subscription/README.md b/avm/res/api-management/service/subscription/README.md new file mode 100644 index 0000000000..7215160f88 --- /dev/null +++ b/avm/res/api-management/service/subscription/README.md @@ -0,0 +1,112 @@ +# API Management Service Subscriptions `[Microsoft.ApiManagement/service/subscriptions]` + +This module deploys an API Management Service Subscription. + +## Navigation + +- [Resource Types](#Resource-Types) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Cross-referenced modules](#Cross-referenced-modules) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.ApiManagement/service/subscriptions` | [2021-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/subscriptions) | + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Subscription name. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`allowTracing`](#parameter-allowtracing) | bool | Determines whether tracing can be enabled. | +| [`ownerId`](#parameter-ownerid) | string | User (user ID path) for whom subscription is being created in form /users/{userId}. | +| [`primaryKey`](#parameter-primarykey) | string | Primary subscription key. If not specified during request key will be generated automatically. | +| [`scope`](#parameter-scope) | string | Scope type to choose between a product, "allAPIs" or a specific API. Scope like "/products/{productId}" or "/apis" or "/apis/{apiId}". | +| [`secondaryKey`](#parameter-secondarykey) | string | Secondary subscription key. If not specified during request key will be generated automatically. | +| [`state`](#parameter-state) | string | Initial subscription state. If no value is specified, subscription is created with Submitted state. Possible states are "*" active "?" the subscription is active, "*" suspended "?" the subscription is blocked, and the subscriber cannot call any APIs of the product, * submitted ? the subscription request has been made by the developer, but has not yet been approved or rejected, * rejected ? the subscription request has been denied by an administrator, * cancelled ? the subscription has been cancelled by the developer or administrator, * expired ? the subscription reached its expiration date and was deactivated. - suspended, active, expired, submitted, rejected, cancelled. | + +### Parameter: `name` + +Subscription name. + +- Required: Yes +- Type: string + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `allowTracing` + +Determines whether tracing can be enabled. + +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `ownerId` + +User (user ID path) for whom subscription is being created in form /users/{userId}. + +- Required: No +- Type: string + +### Parameter: `primaryKey` + +Primary subscription key. If not specified during request key will be generated automatically. + +- Required: No +- Type: string + +### Parameter: `scope` + +Scope type to choose between a product, "allAPIs" or a specific API. Scope like "/products/{productId}" or "/apis" or "/apis/{apiId}". + +- Required: No +- Type: string +- Default: `'/apis'` + +### Parameter: `secondaryKey` + +Secondary subscription key. If not specified during request key will be generated automatically. + +- Required: No +- Type: string + +### Parameter: `state` + +Initial subscription state. If no value is specified, subscription is created with Submitted state. Possible states are "*" active "?" the subscription is active, "*" suspended "?" the subscription is blocked, and the subscriber cannot call any APIs of the product, * submitted ? the subscription request has been made by the developer, but has not yet been approved or rejected, * rejected ? the subscription request has been denied by an administrator, * cancelled ? the subscription has been cancelled by the developer or administrator, * expired ? the subscription reached its expiration date and was deactivated. - suspended, active, expired, submitted, rejected, cancelled. + +- Required: No +- Type: string + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the API management service subscription. | +| `resourceGroupName` | string | The resource group the API management service subscription was deployed into. | +| `resourceId` | string | The resource ID of the API management service subscription. | + +## Cross-referenced modules + +_None_ diff --git a/avm/res/api-management/service/subscription/main.bicep b/avm/res/api-management/service/subscription/main.bicep new file mode 100644 index 0000000000..5d6f3ad135 --- /dev/null +++ b/avm/res/api-management/service/subscription/main.bicep @@ -0,0 +1,54 @@ +metadata name = 'API Management Service Subscriptions' +metadata description = 'This module deploys an API Management Service Subscription.' +metadata owner = 'Azure/module-maintainers' + +@description('Optional. Determines whether tracing can be enabled.') +param allowTracing bool = true + +@description('Conditional. The name of the parent API Management service. Required if the template is used in a standalone deployment.') +param apiManagementServiceName string + +@description('Optional. User (user ID path) for whom subscription is being created in form /users/{userId}.') +param ownerId string? + +@description('Optional. Primary subscription key. If not specified during request key will be generated automatically.') +param primaryKey string? + +@description('Optional. Scope type to choose between a product, "allAPIs" or a specific API. Scope like "/products/{productId}" or "/apis" or "/apis/{apiId}".') +param scope string = '/apis' + +@description('Optional. Secondary subscription key. If not specified during request key will be generated automatically.') +param secondaryKey string? + +@description('Optional. Initial subscription state. If no value is specified, subscription is created with Submitted state. Possible states are "*" active "?" the subscription is active, "*" suspended "?" the subscription is blocked, and the subscriber cannot call any APIs of the product, * submitted ? the subscription request has been made by the developer, but has not yet been approved or rejected, * rejected ? the subscription request has been denied by an administrator, * cancelled ? the subscription has been cancelled by the developer or administrator, * expired ? the subscription reached its expiration date and was deactivated. - suspended, active, expired, submitted, rejected, cancelled.') +param state string? + +@description('Required. Subscription name.') +param name string + +resource service 'Microsoft.ApiManagement/service@2021-08-01' existing = { + name: apiManagementServiceName +} + +resource subscription 'Microsoft.ApiManagement/service/subscriptions@2021-08-01' = { + name: name + parent: service + properties: { + scope: scope + displayName: name + ownerId: ownerId + primaryKey: primaryKey + secondaryKey: secondaryKey + state: state + allowTracing: allowTracing + } +} + +@description('The resource ID of the API management service subscription.') +output resourceId string = subscription.id + +@description('The name of the API management service subscription.') +output name string = subscription.name + +@description('The resource group the API management service subscription was deployed into.') +output resourceGroupName string = resourceGroup().name diff --git a/avm/res/api-management/service/subscription/main.json b/avm/res/api-management/service/subscription/main.json new file mode 100644 index 0000000000..45beeaf342 --- /dev/null +++ b/avm/res/api-management/service/subscription/main.json @@ -0,0 +1,119 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "17130710293008431926" + }, + "name": "API Management Service Subscriptions", + "description": "This module deploys an API Management Service Subscription.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "allowTracing": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Determines whether tracing can be enabled." + } + }, + "apiManagementServiceName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent API Management service. Required if the template is used in a standalone deployment." + } + }, + "ownerId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. User (user ID path) for whom subscription is being created in form /users/{userId}." + } + }, + "primaryKey": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Primary subscription key. If not specified during request key will be generated automatically." + } + }, + "scope": { + "type": "string", + "defaultValue": "/apis", + "metadata": { + "description": "Optional. Scope type to choose between a product, \"allAPIs\" or a specific API. Scope like \"/products/{productId}\" or \"/apis\" or \"/apis/{apiId}\"." + } + }, + "secondaryKey": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Secondary subscription key. If not specified during request key will be generated automatically." + } + }, + "state": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Initial subscription state. If no value is specified, subscription is created with Submitted state. Possible states are \"*\" active \"?\" the subscription is active, \"*\" suspended \"?\" the subscription is blocked, and the subscriber cannot call any APIs of the product, * submitted ? the subscription request has been made by the developer, but has not yet been approved or rejected, * rejected ? the subscription request has been denied by an administrator, * cancelled ? the subscription has been cancelled by the developer or administrator, * expired ? the subscription reached its expiration date and was deactivated. - suspended, active, expired, submitted, rejected, cancelled." + } + }, + "name": { + "type": "string", + "metadata": { + "description": "Required. Subscription name." + } + } + }, + "resources": { + "service": { + "existing": true, + "type": "Microsoft.ApiManagement/service", + "apiVersion": "2021-08-01", + "name": "[parameters('apiManagementServiceName')]" + }, + "subscription": { + "type": "Microsoft.ApiManagement/service/subscriptions", + "apiVersion": "2021-08-01", + "name": "[format('{0}/{1}', parameters('apiManagementServiceName'), parameters('name'))]", + "properties": { + "scope": "[parameters('scope')]", + "displayName": "[parameters('name')]", + "ownerId": "[parameters('ownerId')]", + "primaryKey": "[parameters('primaryKey')]", + "secondaryKey": "[parameters('secondaryKey')]", + "state": "[parameters('state')]", + "allowTracing": "[parameters('allowTracing')]" + }, + "dependsOn": [ + "service" + ] + } + }, + "outputs": { + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the API management service subscription." + }, + "value": "[resourceId('Microsoft.ApiManagement/service/subscriptions', parameters('apiManagementServiceName'), parameters('name'))]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the API management service subscription." + }, + "value": "[parameters('name')]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the API management service subscription was deployed into." + }, + "value": "[resourceGroup().name]" + } + } +} \ No newline at end of file diff --git a/avm/res/api-management/service/tests/e2e/defaults/main.test.bicep b/avm/res/api-management/service/tests/e2e/defaults/main.test.bicep new file mode 100644 index 0000000000..b394e9dde9 --- /dev/null +++ b/avm/res/api-management/service/tests/e2e/defaults/main.test.bicep @@ -0,0 +1,48 @@ +targetScope = 'subscription' + +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + +// ========== // +// Parameters // +// ========== // + +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'dep-${namePrefix}-apimanagement.service-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'apismin' + +@description('Optional. A token to inject into the name of each resource.') +param namePrefix string = '#_namePrefix_#' + +// ============ // +// Dependencies // +// ============ // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +// ============== // +// Test Execution // +// ============== // + +@batchSize(1) +module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' ]: { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-test-${serviceShort}-${iteration}' + params: { + name: '${namePrefix}${serviceShort}001' + location: location + publisherEmail: 'apimgmt-noreply@mail.windowsazure.com' + publisherName: '${namePrefix}-az-amorg-x-001' + } +}] diff --git a/avm/res/api-management/service/tests/e2e/max/dependencies.bicep b/avm/res/api-management/service/tests/e2e/max/dependencies.bicep new file mode 100644 index 0000000000..bd63a95634 --- /dev/null +++ b/avm/res/api-management/service/tests/e2e/max/dependencies.bicep @@ -0,0 +1,16 @@ +@description('Required. The name of the managed identity to create.') +param managedIdentityName string + +@description('Optional. The location to deploy resources to.') +param location string = resourceGroup().location + +resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { + name: managedIdentityName + location: location +} + +@description('The principal ID of the created managed identity.') +output managedIdentityPrincipalId string = managedIdentity.properties.principalId + +@description('The resource ID of the created Managed Identity.') +output managedIdentityResourceId string = managedIdentity.id diff --git a/avm/res/api-management/service/tests/e2e/max/main.test.bicep b/avm/res/api-management/service/tests/e2e/max/main.test.bicep new file mode 100644 index 0000000000..57ec18764e --- /dev/null +++ b/avm/res/api-management/service/tests/e2e/max/main.test.bicep @@ -0,0 +1,235 @@ +targetScope = 'subscription' + +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + +// ========== // +// Parameters // +// ========== // + +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'dep-${namePrefix}-apimanagement.service-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'apismax' + +@description('Optional. A token to inject into the name of each resource.') +param namePrefix string = '#_namePrefix_#' + +@description('Optional. The secret to leverage for authorization server authentication.') +@secure() +param customSecret string = newGuid() + +// ============ // +// Dependencies // +// ============ // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +module nestedDependencies 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-nestedDependencies' + params: { + managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}' + location: location + } +} + +// Diagnostics +// =========== +module diagnosticDependencies '../../../../../../utilities/e2e-template-assets/templates/diagnostic.dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' + params: { + storageAccountName: 'dep${namePrefix}azsa${serviceShort}01' + logAnalyticsWorkspaceName: 'dep-${namePrefix}-law-${serviceShort}' + eventHubNamespaceEventHubName: 'dep-${namePrefix}-evh-${serviceShort}' + eventHubNamespaceName: 'dep-${namePrefix}-evhns-${serviceShort}' + location: location + } +} + +// ============== // +// Test Execution // +// ============== // + +@batchSize(1) +module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' ]: { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-test-${serviceShort}-${iteration}' + params: { + name: '${namePrefix}${serviceShort}001' + location: location + publisherEmail: 'apimgmt-noreply@mail.windowsazure.com' + publisherName: '${namePrefix}-az-amorg-x-001' + apis: [ + { + apiVersionSet: { + name: 'echo-version-set' + properties: { + description: 'echo-version-set' + displayName: 'echo-version-set' + versioningScheme: 'Segment' + } + } + displayName: 'Echo API' + name: 'echo-api' + path: 'echo' + serviceUrl: 'http://echoapi.cloudapp.net/api' + } + ] + authorizationServers: { + secureList: [ + { + authorizationEndpoint: '${environment().authentication.loginEndpoint}651b43ce-ccb8-4301-b551-b04dd872d401/oauth2/v2.0/authorize' + clientId: 'apimclientid' + clientSecret: customSecret + clientRegistrationEndpoint: 'http://localhost' + grantTypes: [ + 'authorizationCode' + ] + name: 'AuthServer1' + tokenEndpoint: '${environment().authentication.loginEndpoint}651b43ce-ccb8-4301-b551-b04dd872d401/oauth2/v2.0/token' + } + ] + } + backends: [ + { + name: 'backend' + tls: { + validateCertificateChain: false + validateCertificateName: false + } + url: 'http://echoapi.cloudapp.net/api' + } + ] + caches: [ + { + connectionString: 'connectionstringtest' + name: 'westeurope' + useFromLocation: 'westeurope' + } + ] + diagnosticSettings: [ + { + name: 'customSetting' + metricCategories: [ + { + category: 'AllMetrics' + } + ] + eventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName + eventHubAuthorizationRuleResourceId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId + storageAccountResourceId: diagnosticDependencies.outputs.storageAccountResourceId + workspaceResourceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId + } + ] + identityProviders: [ + { + name: 'aad' + clientId: 'apimClientid' + clientSecret: 'apimSlientSecret' + authority: split(environment().authentication.loginEndpoint, '/')[2] + signinTenant: 'mytenant.onmicrosoft.com' + allowedTenants: [ + 'mytenant.onmicrosoft.com' + ] + } + ] + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } + namedValues: [ + { + displayName: 'apimkey' + name: 'apimkey' + secret: true + } + ] + policies: [ + { + format: 'xml' + value: ' ' + } + ] + portalsettings: [ + { + name: 'signin' + properties: { + enabled: false + } + } + { + name: 'signup' + properties: { + enabled: false + termsOfService: { + consentRequired: false + enabled: false + } + } + } + ] + products: [ + { + apis: [ + { + name: 'echo-api' + } + ] + approvalRequired: false + groups: [ + { + name: 'developers' + } + ] + name: 'Starter' + subscriptionRequired: false + } + ] + roleAssignments: [ + { + roleDefinitionIdOrName: 'Owner' + principalId: nestedDependencies.outputs.managedIdentityPrincipalId + principalType: 'ServicePrincipal' + } + { + roleDefinitionIdOrName: 'b24988ac-6180-42a0-ab88-20f7382dd24c' + principalId: nestedDependencies.outputs.managedIdentityPrincipalId + principalType: 'ServicePrincipal' + } + { + roleDefinitionIdOrName: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') + principalId: nestedDependencies.outputs.managedIdentityPrincipalId + principalType: 'ServicePrincipal' + } + ] + subscriptions: [ + { + name: 'testArmSubscriptionAllApis' + scope: '/apis' + } + ] + managedIdentities: { + systemAssigned: true + userAssignedResourceIds: [ + nestedDependencies.outputs.managedIdentityResourceId + ] + } + tags: { + 'hidden-title': 'This is visible in the resource name' + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } + } +}] diff --git a/avm/res/api-management/service/tests/e2e/waf-aligned/main.test.bicep b/avm/res/api-management/service/tests/e2e/waf-aligned/main.test.bicep new file mode 100644 index 0000000000..6ee7e13fdd --- /dev/null +++ b/avm/res/api-management/service/tests/e2e/waf-aligned/main.test.bicep @@ -0,0 +1,215 @@ +targetScope = 'subscription' + +metadata name = 'WAF-aligned' +metadata description = 'This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework.' + +// ========== // +// Parameters // +// ========== // + +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'dep-${namePrefix}-apimanagement.service-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'apiswaf' + +@description('Optional. A token to inject into the name of each resource.') +param namePrefix string = '#_namePrefix_#' + +@description('Optional. The secret to leverage for authorization server authentication.') +@secure() +param customSecret string = newGuid() + +// ============ // +// Dependencies // +// ============ // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +// Diagnostics +// =========== +module diagnosticDependencies '../../../../../../utilities/e2e-template-assets/templates/diagnostic.dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' + params: { + storageAccountName: 'dep${namePrefix}azsa${serviceShort}01' + logAnalyticsWorkspaceName: 'dep-${namePrefix}-law-${serviceShort}' + eventHubNamespaceEventHubName: 'dep-${namePrefix}-evh-${serviceShort}' + eventHubNamespaceName: 'dep-${namePrefix}-evhns-${serviceShort}' + location: location + } +} + +// ============== // +// Test Execution // +// ============== // + +@batchSize(1) +module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' ]: { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-test-${serviceShort}-${iteration}' + params: { + name: '${namePrefix}${serviceShort}001' + location: location + publisherEmail: 'apimgmt-noreply@mail.windowsazure.com' + publisherName: '${namePrefix}-az-amorg-x-001' + customProperties: { + 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10': 'False' + 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11': 'False' + 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Ssl30': 'False' + 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10': 'False' + 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11': 'False' + 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30': 'False' + 'Microsoft.WindowsAzure.ApiManagement.Gateway.Protocols.Server.Http2': 'True' + 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TripleDes168': 'False' + 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA': 'False' + 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA': 'False' + 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA256': 'False' + 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA': 'False' + 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA256': 'False' + 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA': 'False' + 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_GCM_SHA256': 'False' + } + minApiVersion: '2021-08-01' + apis: [ + { + apiVersionSet: { + name: 'echo-version-set' + properties: { + description: 'An echo API version set' + displayName: 'Echo version set' + versioningScheme: 'Segment' + } + } + displayName: 'Echo API' + description: 'An echo API service' + name: 'echo-api' + path: 'echo' + serviceUrl: 'https://echoapi.cloudapp.net/api' + } + ] + authorizationServers: { + secureList: [ + { + authorizationEndpoint: '${environment().authentication.loginEndpoint}651b43ce-ccb8-4301-b551-b04dd872d401/oauth2/v2.0/authorize' + clientId: 'apimClientid' + clientSecret: customSecret + clientRegistrationEndpoint: 'https://localhost' + grantTypes: [ + 'authorizationCode' + ] + name: 'AuthServer1' + tokenEndpoint: '${environment().authentication.loginEndpoint}651b43ce-ccb8-4301-b551-b04dd872d401/oauth2/v2.0/token' + } + ] + } + backends: [ + { + name: 'backend' + tls: { + validateCertificateChain: false + validateCertificateName: false + } + url: 'https://echoapi.cloudapp.net/api' + } + ] + caches: [ + { + connectionString: 'connectionstringtest' + name: 'westeurope' + useFromLocation: 'westeurope' + } + ] + diagnosticSettings: [ + { + eventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName + eventHubAuthorizationRuleResourceId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId + storageAccountResourceId: diagnosticDependencies.outputs.storageAccountResourceId + workspaceResourceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId + } + ] + identityProviders: [ + { + name: 'aad' + clientId: 'apimClientid' + clientSecret: customSecret + authority: split(environment().authentication.loginEndpoint, '/')[2] + signinTenant: 'mytenant.onmicrosoft.com' + allowedTenants: [ + 'mytenant.onmicrosoft.com' + ] + } + ] + namedValues: [ + { + displayName: 'apimkey' + name: 'apimkey' + secret: true + } + ] + policies: [ + { + format: 'xml' + value: ' ' + } + ] + portalsettings: [ + { + name: 'signin' + properties: { + enabled: false + } + } + { + name: 'signup' + properties: { + enabled: false + termsOfService: { + consentRequired: false + enabled: false + } + } + } + ] + products: [ + { + apis: [ + { + name: 'echo-api' + } + ] + approvalRequired: true + groups: [ + { + name: 'developers' + } + ] + name: 'Starter' + subscriptionRequired: true + displayName: 'Echo API' + description: 'This is an echo API' + terms: 'By accessing or using the services provided by Echo API through Azure API Management, you agree to be bound by these Terms of Use. These terms may be updated from time to time, and your continued use of the services constitutes acceptance of any changes.' + } + ] + subscriptions: [ + { + name: 'testArmSubscriptionAllApis' + scope: '/apis' + } + ] + tags: { + 'hidden-title': 'This is visible in the resource name' + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } + } +}] diff --git a/avm/res/api-management/service/version.json b/avm/res/api-management/service/version.json new file mode 100644 index 0000000000..83083db694 --- /dev/null +++ b/avm/res/api-management/service/version.json @@ -0,0 +1,7 @@ +{ + "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", + "version": "0.1", + "pathFilters": [ + "./main.json" + ] +} \ No newline at end of file diff --git a/avm/utilities/pipelines/staticValidation/psrule/Set-PSRuleGitHubOutput.ps1 b/avm/utilities/pipelines/staticValidation/psrule/Set-PSRuleGitHubOutput.ps1 index 9b585baeda..72e8b796e1 100644 --- a/avm/utilities/pipelines/staticValidation/psrule/Set-PSRuleGitHubOutput.ps1 +++ b/avm/utilities/pipelines/staticValidation/psrule/Set-PSRuleGitHubOutput.ps1 @@ -141,7 +141,7 @@ function Set-PSRuleGitHubOutput { $null = Invoke-WebRequest -Uri $PSRuleReferenceUrl $resourceLink = '[{0}]({1})' -f $content.RuleName, $PSRuleReferenceUrl } catch { - Write-Warning 'Unable to build url for rule [{0}]' -f $content.RuleName + Write-Warning ('Unable to build url for rule [{0}]' -f $content.RuleName) $resourceLink = $content.RuleName } $passContent += ('| {0} | `{1}` | {2} | ' -f $resourceLink, $content.TargetName, $content.Synopsis)