Merge branch 'main' into users/alsehr/tsc-buddy_feat/sql-zr-update

avm/res/api-management/service/README.md

@@ -337,6 +337,7 @@ module service 'br/public:avm/res/api-management/service:<version>' = {
         ]
         authority: '<authority>'
         clientId: 'apimClientid'
+        clientLibrary: 'MSAL-2'
         clientSecret: 'apimSlientSecret'
         name: 'aad'
         signinTenant: 'mytenant.onmicrosoft.com'
@@ -579,6 +580,7 @@ module service 'br/public:avm/res/api-management/service:<version>' = {
           ],
           "authority": "<authority>",
           "clientId": "apimClientid",
+          "clientLibrary": "MSAL-2",
           "clientSecret": "apimSlientSecret",
           "name": "aad",
           "signinTenant": "mytenant.onmicrosoft.com"
@@ -893,6 +895,7 @@ module service 'br/public:avm/res/api-management/service:<version>' = {
         ]
         authority: '<authority>'
         clientId: 'apimClientid'
+        clientLibrary: 'MSAL-2'
         clientSecret: '<clientSecret>'
         name: 'aad'
         signinTenant: 'mytenant.onmicrosoft.com'
@@ -1113,6 +1116,7 @@ module service 'br/public:avm/res/api-management/service:<version>' = {
           ],
           "authority": "<authority>",
           "clientId": "apimClientid",
+          "clientLibrary": "MSAL-2",
           "clientSecret": "<clientSecret>",
           "name": "aad",
           "signinTenant": "mytenant.onmicrosoft.com"

avm/res/api-management/service/api/main.bicep

@@ -142,7 +142,7 @@ module policy 'policy/main.bicep' = [
     params: {
       apiManagementServiceName: apiManagementServiceName
       apiName: api.name
-      format: contains(policy, 'format') ? policy.format : 'xml'
+      format: policy.?format ?? 'xml'
       value: policy.value
     }
   }

avm/res/api-management/service/api/main.json

@@ -6,7 +6,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.29.47.4906",
-      "templateHash": "13121653397859804060"
+      "templateHash": "17160750790361326516"
     },
     "name": "API Management Service APIs",
     "description": "This module deploys an API Management Service API.",
@@ -270,7 +270,9 @@
           "apiName": {
             "value": "[parameters('name')]"
           },
-          "format": "[if(contains(coalesce(parameters('policies'), createArray())[copyIndex()], 'format'), createObject('value', coalesce(parameters('policies'), createArray())[copyIndex()].format), createObject('value', 'xml'))]",
+          "format": {
+            "value": "[coalesce(tryGet(coalesce(parameters('policies'), createArray())[copyIndex()], 'format'), 'xml')]"
+          },
           "value": {
             "value": "[coalesce(parameters('policies'), createArray())[copyIndex()].value]"
           }

avm/res/api-management/service/identity-provider/README.md

@@ -38,6 +38,7 @@ This module deploys an API Management Service Identity Provider.
 | :-- | :-- | :-- |
 | [`allowedTenants`](#parameter-allowedtenants) | array | List of Allowed Tenants when configuring Azure Active Directory login. - string. |
 | [`authority`](#parameter-authority) | string | OpenID Connect discovery endpoint hostname for AAD or AAD B2C. |
+| [`clientLibrary`](#parameter-clientlibrary) | string | The client library to be used in the developer portal. Only applies to AAD and AAD B2C Identity Provider. |
 | [`passwordResetPolicyName`](#parameter-passwordresetpolicyname) | string | Password Reset Policy Name. Only applies to AAD B2C Identity Provider. |
 | [`profileEditingPolicyName`](#parameter-profileeditingpolicyname) | string | Profile Editing Policy Name. Only applies to AAD B2C Identity Provider. |
 | [`signInPolicyName`](#parameter-signinpolicyname) | string | Signin Policy Name. Only applies to AAD B2C Identity Provider. |
@@ -91,6 +92,20 @@ OpenID Connect discovery endpoint hostname for AAD or AAD B2C.
 - Type: string
 - Default: `''`
 
+### Parameter: `clientLibrary`
+
+The client library to be used in the developer portal. Only applies to AAD and AAD B2C Identity Provider.
+
+- Required: No
+- Type: string
+- Allowed:
+  ```Bicep
+  [
+    'ADAL'
+    'MSAL-2'
+  ]
+  ```
+
 ### Parameter: `passwordResetPolicyName`
 
 Password Reset Policy Name. Only applies to AAD B2C Identity Provider.

avm/res/api-management/service/identity-provider/main.bicep

@@ -14,6 +14,13 @@ param authority string = ''
 @description('Conditional. Client ID of the Application in the external Identity Provider. Required if identity provider is used.')
 param clientId string = ''
 
+@description('Optional. The client library to be used in the developer portal. Only applies to AAD and AAD B2C Identity Provider.')
+@allowed([
+  'ADAL'
+  'MSAL-2'
+])
+param clientLibrary string?
+
 @description('Conditional. Client secret of the Application in external Identity Provider, used to authenticate login request. Required if identity provider is used.')
 @secure()
 param clientSecret string = ''
@@ -67,6 +74,7 @@ resource identityProvider 'Microsoft.ApiManagement/service/identityProviders@202
     profileEditingPolicyName: isAadB2C ? profileEditingPolicyName : null
     passwordResetPolicyName: isAadB2C ? passwordResetPolicyName : null
     clientId: clientId
+    clientLibrary: clientLibrary
     clientSecret: clientSecret
   }
 }

avm/res/api-management/service/identity-provider/main.json

@@ -1,11 +1,12 @@
 {
   "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+  "languageVersion": "2.0",
   "contentVersion": "1.0.0.0",
   "metadata": {
     "_generator": {
       "name": "bicep",
       "version": "0.29.47.4906",
-      "templateHash": "13129392765749462635"
+      "templateHash": "12757169124799431378"
     },
     "name": "API Management Service Identity Providers",
     "description": "This module deploys an API Management Service Identity Provider.",
@@ -39,6 +40,17 @@
         "description": "Conditional. Client ID of the Application in the external Identity Provider. Required if identity provider is used."
       }
     },
+    "clientLibrary": {
+      "type": "string",
+      "nullable": true,
+      "allowedValues": [
+        "ADAL",
+        "MSAL-2"
+      ],
+      "metadata": {
+        "description": "Optional. The client library to be used in the developer portal. Only applies to AAD and AAD B2C Identity Provider."
+      }
+    },
     "clientSecret": {
       "type": "securestring",
       "defaultValue": "",
@@ -106,8 +118,14 @@
   "variables": {
     "isAadB2C": "[equals(parameters('type'), 'aadB2C')]"
   },
-  "resources": [
-    {
+  "resources": {
+    "service": {
+      "existing": true,
+      "type": "Microsoft.ApiManagement/service",
+      "apiVersion": "2023-05-01-preview",
+      "name": "[parameters('apiManagementServiceName')]"
+    },
+    "identityProvider": {
       "type": "Microsoft.ApiManagement/service/identityProviders",
       "apiVersion": "2022-08-01",
       "name": "[format('{0}/{1}', parameters('apiManagementServiceName'), parameters('name'))]",
@@ -121,10 +139,14 @@
         "profileEditingPolicyName": "[if(variables('isAadB2C'), parameters('profileEditingPolicyName'), null())]",
         "passwordResetPolicyName": "[if(variables('isAadB2C'), parameters('passwordResetPolicyName'), null())]",
         "clientId": "[parameters('clientId')]",
+        "clientLibrary": "[parameters('clientLibrary')]",
         "clientSecret": "[parameters('clientSecret')]"
-      }
+      },
+      "dependsOn": [
+        "service"
+      ]
     }
-  ],
+  },
   "outputs": {
     "resourceId": {
       "type": "string",

avm/res/api-management/service/main.bicep

@@ -299,7 +299,7 @@ module service_apiVersionSets 'api-version-set/main.bicep' = [
     params: {
       apiManagementServiceName: service.name
       name: apiVersionSet.name
-      properties: contains(apiVersionSet, 'properties') ? apiVersionSet.properties : {}
+      properties: apiVersionSet.?properties ?? {}
     }
   }
 ]
@@ -311,40 +311,20 @@ module service_authorizationServers 'authorization-server/main.bicep' = [
       apiManagementServiceName: service.name
       name: authorizationServer.name
       authorizationEndpoint: authorizationServer.authorizationEndpoint
-      authorizationMethods: contains(authorizationServer, 'authorizationMethods')
-        ? authorizationServer.authorizationMethods
-        : [
-            'GET'
-          ]
-      bearerTokenSendingMethods: contains(authorizationServer, 'bearerTokenSendingMethods')
-        ? authorizationServer.bearerTokenSendingMethods
-        : [
-            'authorizationHeader'
-          ]
-      clientAuthenticationMethod: contains(authorizationServer, 'clientAuthenticationMethod')
-        ? authorizationServer.clientAuthenticationMethod
-        : [
-            'Basic'
-          ]
+      authorizationMethods: authorizationServer.?authorizationMethods ?? ['GET']
+      bearerTokenSendingMethods: authorizationServer.?bearerTokenSendingMethods ?? ['authorizationHeader']
+      clientAuthenticationMethod: authorizationServer.?clientAuthenticationMethod ?? ['Basic']
       clientId: authorizationServer.clientId
       clientSecret: authorizationServer.clientSecret
-      clientRegistrationEndpoint: contains(authorizationServer, 'clientRegistrationEndpoint')
-        ? authorizationServer.clientRegistrationEndpoint
-        : ''
-      defaultScope: contains(authorizationServer, 'defaultScope') ? authorizationServer.defaultScope : ''
+      clientRegistrationEndpoint: authorizationServer.?clientRegistrationEndpoint ?? ''
+      defaultScope: authorizationServer.?defaultScope ?? ''
       grantTypes: authorizationServer.grantTypes
-      resourceOwnerPassword: contains(authorizationServer, 'resourceOwnerPassword')
-        ? authorizationServer.resourceOwnerPassword
-        : ''
-      resourceOwnerUsername: contains(authorizationServer, 'resourceOwnerUsername')
-        ? authorizationServer.resourceOwnerUsername
-        : ''
-      serverDescription: contains(authorizationServer, 'serverDescription') ? authorizationServer.serverDescription : ''
-      supportState: contains(authorizationServer, 'supportState') ? authorizationServer.supportState : false
-      tokenBodyParameters: contains(authorizationServer, 'tokenBodyParameters')
-        ? authorizationServer.tokenBodyParameters
-        : []
-      tokenEndpoint: contains(authorizationServer, 'tokenEndpoint') ? authorizationServer.tokenEndpoint : ''
+      resourceOwnerPassword: authorizationServer.?resourceOwnerPassword ?? ''
+      resourceOwnerUsername: authorizationServer.?resourceOwnerUsername ?? ''
+      serverDescription: authorizationServer.?serverDescription ?? ''
+      supportState: authorizationServer.?supportState ?? false
+      tokenBodyParameters: authorizationServer.?tokenBodyParameters ?? []
+      tokenEndpoint: authorizationServer.?tokenEndpoint ?? ''
     }
   }
 ]
@@ -413,20 +393,17 @@ module service_identityProviders 'identity-provider/main.bicep' = [
     params: {
       apiManagementServiceName: service.name
       name: identityProvider.name
-      allowedTenants: contains(identityProvider, 'allowedTenants') ? identityProvider.allowedTenants : []
-      authority: contains(identityProvider, 'authority') ? identityProvider.authority : ''
-      clientId: contains(identityProvider, 'clientId') ? identityProvider.clientId : ''
-      clientSecret: contains(identityProvider, 'clientSecret') ? identityProvider.clientSecret : ''
-      passwordResetPolicyName: contains(identityProvider, 'passwordResetPolicyName')
-        ? identityProvider.passwordResetPolicyName
-        : ''
-      profileEditingPolicyName: contains(identityProvider, 'profileEditingPolicyName')
-        ? identityProvider.profileEditingPolicyName
-        : ''
-      signInPolicyName: contains(identityProvider, 'signInPolicyName') ? identityProvider.signInPolicyName : ''
-      signInTenant: contains(identityProvider, 'signInTenant') ? identityProvider.signInTenant : ''
-      signUpPolicyName: contains(identityProvider, 'signUpPolicyName') ? identityProvider.signUpPolicyName : ''
-      type: contains(identityProvider, 'type') ? identityProvider.type : 'aad'
+      allowedTenants: identityProvider.?allowedTenants ?? []
+      authority: identityProvider.?authority ?? ''
+      clientId: identityProvider.?clientId ?? ''
+      clientLibrary: identityProvider.?clientLibrary ?? ''
+      clientSecret: identityProvider.?clientSecret ?? ''
+      passwordResetPolicyName: identityProvider.?passwordResetPolicyName ?? ''
+      profileEditingPolicyName: identityProvider.?profileEditingPolicyName ?? ''
+      signInPolicyName: identityProvider.?signInPolicyName ?? ''
+      signInTenant: identityProvider.?signInTenant ?? ''
+      signUpPolicyName: identityProvider.?signUpPolicyName ?? ''
+      type: identityProvider.?type ?? 'aad'
     }
   }
 ]
@@ -437,11 +414,11 @@ module service_loggers 'loggers/main.bicep' = [
     params: {
       name: logger.name
       apiManagementServiceName: service.name
-      credentials: contains(logger, 'credentials') ? logger.credentials : {}
-      isBuffered: contains(logger, 'isBuffered') ? logger.isBuffered : true
-      loggerDescription: contains(logger, 'loggerDescription') ? logger.loggerDescription : ''
-      loggerType: contains(logger, 'loggerType') ? logger.loggerType : 'azureMonitor'
-      targetResourceId: contains(logger, 'targetResourceId') ? logger.targetResourceId : ''
+      credentials: logger.?credentials ?? {}
+      isBuffered: logger.?isBuffered ?? true
+      loggerDescription: logger.?loggerDescription ?? ''
+      loggerType: logger.?loggerType ?? 'azureMonitor'
+      targetResourceId: logger.?targetResourceId ?? ''
     }
     dependsOn: [
       service_namedValues
@@ -455,11 +432,11 @@ module service_namedValues 'named-value/main.bicep' = [
     params: {
       apiManagementServiceName: service.name
       displayName: namedValue.displayName
-      keyVault: contains(namedValue, 'keyVault') ? namedValue.keyVault : {}
+      keyVault: namedValue.?keyVault ?? {}
       name: namedValue.name
       tags: namedValue.?tags // Note: these are not resource tags
-      secret: contains(namedValue, 'secret') ? namedValue.secret : false
-      value: contains(namedValue, 'value') ? namedValue.value : newGuidValue
+      secret: namedValue.?secret ?? false
+      value: namedValue.?value ?? newGuidValue
     }
   }
 ]
@@ -481,7 +458,7 @@ module service_policies 'policy/main.bicep' = [
     params: {
       apiManagementServiceName: service.name
       value: policy.value
-      format: contains(policy, 'format') ? policy.format : 'xml'
+      format: policy.?format ?? 'xml'
     }
   }
 ]
@@ -491,15 +468,15 @@ module service_products 'product/main.bicep' = [
     name: '${uniqueString(deployment().name, location)}-Apim-Product-${index}'
     params: {
       apiManagementServiceName: service.name
-      apis: contains(product, 'apis') ? product.apis : []
-      approvalRequired: contains(product, 'approvalRequired') ? product.approvalRequired : false
-      groups: contains(product, 'groups') ? product.groups : []
+      apis: product.?apis ?? []
+      approvalRequired: product.?approvalRequired ?? false
+      groups: product.?groups ?? []
       name: product.name
-      description: contains(product, 'description') ? product.description : ''
-      state: contains(product, 'state') ? product.state : 'published'
-      subscriptionRequired: contains(product, 'subscriptionRequired') ? product.subscriptionRequired : false
-      subscriptionsLimit: contains(product, 'subscriptionsLimit') ? product.subscriptionsLimit : 1
-      terms: contains(product, 'terms') ? product.terms : ''
+      description: product.?description ?? ''
+      state: product.?state ?? 'published'
+      subscriptionRequired: product.?subscriptionRequired ?? false
+      subscriptionsLimit: product.?subscriptionsLimit ?? 1
+      terms: product.?terms ?? ''
     }
     dependsOn: [
       service_apis