Skip to content

Commit

Permalink
feat: avm/res/apim-management/service/identity-provider Add contentLi…
Browse files Browse the repository at this point in the history
…brary property to the Identity Provider apim module (#3067)

## Description


This pull request includes several updates to the API management service
configuration files, focusing on adding a new `clientLibrary` parameter
and simplifying the codebase by using optional chaining and nullish
coalescing operators.

### Additions:

* Added `clientLibrary` parameter to the identity provider configuration
in `README.md`, `main.bicep`, and `main.json` files. This parameter
specifies the client library to be used in the developer portal and is
applicable to AAD and AAD B2C Identity Providers.
[[1]](diffhunk://#diff-9ddb8330ed79263d6e746d65e3b3257b4505f97927a1629181a76f1c5b6a6613R340)
[[2]](diffhunk://#diff-9ddb8330ed79263d6e746d65e3b3257b4505f97927a1629181a76f1c5b6a6613R583)
[[3]](diffhunk://#diff-9ddb8330ed79263d6e746d65e3b3257b4505f97927a1629181a76f1c5b6a6613R898)
[[4]](diffhunk://#diff-9ddb8330ed79263d6e746d65e3b3257b4505f97927a1629181a76f1c5b6a6613R1119)
[[5]](diffhunk://#diff-43eea61a91298ae7bef3d481f3173899f538a8965ed5dd2f3dcc969831f9ac1fR41)
[[6]](diffhunk://#diff-43eea61a91298ae7bef3d481f3173899f538a8965ed5dd2f3dcc969831f9ac1fR95-R110)
[[7]](diffhunk://#diff-a4a02b7176d3a8c138078d850f9eb87c6ff174240e076fad16f2828e81d95984R17-R24)
[[8]](diffhunk://#diff-a4a02b7176d3a8c138078d850f9eb87c6ff174240e076fad16f2828e81d95984R78)
[[9]](diffhunk://#diff-16e9f7f16068d75fc42585c3dff1869a905e7ae9623294ef13e0012ff8e8cfe4R42-R53)
[[10]](diffhunk://#diff-16e9f7f16068d75fc42585c3dff1869a905e7ae9623294ef13e0012ff8e8cfe4R136)

### Code Simplification:

* Replaced `contains` checks with optional chaining and nullish
coalescing operators in `main.bicep` and `main.json` files to simplify
the code and improve readability.
[[1]](diffhunk://#diff-8f2edf3d1f48cf6c680a1183f0e64d26c87c0ceb60ca907ed141beb343d1c762L145-R145)
[[2]](diffhunk://#diff-2ca925a05c195f083f978183605a2057d590ad2b8bfe530789ee04df61e7af40L273-R275)
[[3]](diffhunk://#diff-0f11bdd53cbb4764551480ccb25116f6805372f2ad26f15c7d01f0eb8624fabaL302-R302)
[[4]](diffhunk://#diff-0f11bdd53cbb4764551480ccb25116f6805372f2ad26f15c7d01f0eb8624fabaL314-R327)
[[5]](diffhunk://#diff-0f11bdd53cbb4764551480ccb25116f6805372f2ad26f15c7d01f0eb8624fabaL416-R406)
[[6]](diffhunk://#diff-0f11bdd53cbb4764551480ccb25116f6805372f2ad26f15c7d01f0eb8624fabaL440-R421)
[[7]](diffhunk://#diff-0f11bdd53cbb4764551480ccb25116f6805372f2ad26f15c7d01f0eb8624fabaL458-R439)
[[8]](diffhunk://#diff-0f11bdd53cbb4764551480ccb25116f6805372f2ad26f15c7d01f0eb8624fabaL484-R461)
[[9]](diffhunk://#diff-0f11bdd53cbb4764551480ccb25116f6805372f2ad26f15c7d01f0eb8624fabaL494-R479)
[[10]](diffhunk://#diff-af393a2ffcf4cca471b3ed98bb92055747cf64a3a95f05fd5c7ea5597468a8d8L1059-R1061)
[[11]](diffhunk://#diff-af393a2ffcf4cca471b3ed98bb92055747cf64a3a95f05fd5c7ea5597468a8d8L1435-R1439)

### Metadata Updates:

* Updated `_generator` metadata in various `main.json` files to reflect
the new template hash values.
[[1]](diffhunk://#diff-2ca925a05c195f083f978183605a2057d590ad2b8bfe530789ee04df61e7af40L9-R9)
[[2]](diffhunk://#diff-16e9f7f16068d75fc42585c3dff1869a905e7ae9623294ef13e0012ff8e8cfe4L8-R8)
[[3]](diffhunk://#diff-af393a2ffcf4cca471b3ed98bb92055747cf64a3a95f05fd5c7ea5597468a8d8L9-R9)
[[4]](diffhunk://#diff-af393a2ffcf4cca471b3ed98bb92055747cf64a3a95f05fd5c7ea5597468a8d8L795-R795)

These changes aim to enhance the maintainability and functionality of
the API management service configuration.


## Pipeline Reference

<!-- Insert your Pipeline Status Badge below -->

| Pipeline |
| -------- |
|
[![avm.res.api-management.service](https://github.com/anotherRedbeard/bicep-registry-modules/actions/workflows/avm.res.api-management.service.yml/badge.svg)](https://github.com/anotherRedbeard/bicep-registry-modules/actions/workflows/avm.res.api-management.service.yml)
|

## Type of Change

<!-- Use the checkboxes [x] on the options that are relevant. -->

- [ ] Update to CI Environment or utilities (Non-module affecting
changes)
- [ x] Azure Verified Module updates:
- [ ] Bugfix containing backwards-compatible bug fixes, and I have NOT
bumped the MAJOR or MINOR version in `version.json`:
- [ ] Someone has opened a bug report issue, and I have included "Closes
#{bug_report_issue_number}" in the PR description.
- [ ] The bug was found by the module author, and no one has opened an
issue to report it yet.
- [x ] Feature update backwards compatible feature updates, and I have
bumped the MINOR version in `version.json`.
- [ ] Breaking changes and I have bumped the MAJOR version in
`version.json`.
  - [x ] Update to documentation

## Checklist

- [x ] I'm sure there are no other open Pull Requests for the same
update/change
- [ x] I have run `Set-AVMModule` locally to generate the supporting
module files.
- [x ] My corresponding pipelines / checks run clean and green without
any errors or warnings

<!-- Please keep up to date with the contribution guide at
https://aka.ms/avm/contribute/bicep -->

---------

Co-authored-by: anotherRedbeard <[email protected]>
Co-authored-by: anotherRedbeard <[email protected]>
Co-authored-by: Tony Box <[email protected]>
  • Loading branch information
4 people authored Aug 26, 2024
1 parent eefa332 commit bb574a7
Show file tree
Hide file tree
Showing 11 changed files with 254 additions and 119 deletions.
4 changes: 4 additions & 0 deletions avm/res/api-management/service/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -337,6 +337,7 @@ module service 'br/public:avm/res/api-management/service:<version>' = {
]
authority: '<authority>'
clientId: 'apimClientid'
clientLibrary: 'MSAL-2'
clientSecret: 'apimSlientSecret'
name: 'aad'
signinTenant: 'mytenant.onmicrosoft.com'
Expand Down Expand Up @@ -579,6 +580,7 @@ module service 'br/public:avm/res/api-management/service:<version>' = {
],
"authority": "<authority>",
"clientId": "apimClientid",
"clientLibrary": "MSAL-2",
"clientSecret": "apimSlientSecret",
"name": "aad",
"signinTenant": "mytenant.onmicrosoft.com"
Expand Down Expand Up @@ -893,6 +895,7 @@ module service 'br/public:avm/res/api-management/service:<version>' = {
]
authority: '<authority>'
clientId: 'apimClientid'
clientLibrary: 'MSAL-2'
clientSecret: '<clientSecret>'
name: 'aad'
signinTenant: 'mytenant.onmicrosoft.com'
Expand Down Expand Up @@ -1113,6 +1116,7 @@ module service 'br/public:avm/res/api-management/service:<version>' = {
],
"authority": "<authority>",
"clientId": "apimClientid",
"clientLibrary": "MSAL-2",
"clientSecret": "<clientSecret>",
"name": "aad",
"signinTenant": "mytenant.onmicrosoft.com"
Expand Down
2 changes: 1 addition & 1 deletion avm/res/api-management/service/api/main.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -142,7 +142,7 @@ module policy 'policy/main.bicep' = [
params: {
apiManagementServiceName: apiManagementServiceName
apiName: api.name
format: contains(policy, 'format') ? policy.format : 'xml'
format: policy.?format ?? 'xml'
value: policy.value
}
}
Expand Down
6 changes: 4 additions & 2 deletions avm/res/api-management/service/api/main.json
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
"_generator": {
"name": "bicep",
"version": "0.29.47.4906",
"templateHash": "13121653397859804060"
"templateHash": "17160750790361326516"
},
"name": "API Management Service APIs",
"description": "This module deploys an API Management Service API.",
Expand Down Expand Up @@ -270,7 +270,9 @@
"apiName": {
"value": "[parameters('name')]"
},
"format": "[if(contains(coalesce(parameters('policies'), createArray())[copyIndex()], 'format'), createObject('value', coalesce(parameters('policies'), createArray())[copyIndex()].format), createObject('value', 'xml'))]",
"format": {
"value": "[coalesce(tryGet(coalesce(parameters('policies'), createArray())[copyIndex()], 'format'), 'xml')]"
},
"value": {
"value": "[coalesce(parameters('policies'), createArray())[copyIndex()].value]"
}
Expand Down
15 changes: 15 additions & 0 deletions avm/res/api-management/service/identity-provider/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ This module deploys an API Management Service Identity Provider.
| :-- | :-- | :-- |
| [`allowedTenants`](#parameter-allowedtenants) | array | List of Allowed Tenants when configuring Azure Active Directory login. - string. |
| [`authority`](#parameter-authority) | string | OpenID Connect discovery endpoint hostname for AAD or AAD B2C. |
| [`clientLibrary`](#parameter-clientlibrary) | string | The client library to be used in the developer portal. Only applies to AAD and AAD B2C Identity Provider. |
| [`passwordResetPolicyName`](#parameter-passwordresetpolicyname) | string | Password Reset Policy Name. Only applies to AAD B2C Identity Provider. |
| [`profileEditingPolicyName`](#parameter-profileeditingpolicyname) | string | Profile Editing Policy Name. Only applies to AAD B2C Identity Provider. |
| [`signInPolicyName`](#parameter-signinpolicyname) | string | Signin Policy Name. Only applies to AAD B2C Identity Provider. |
Expand Down Expand Up @@ -91,6 +92,20 @@ OpenID Connect discovery endpoint hostname for AAD or AAD B2C.
- Type: string
- Default: `''`

### Parameter: `clientLibrary`

The client library to be used in the developer portal. Only applies to AAD and AAD B2C Identity Provider.

- Required: No
- Type: string
- Allowed:
```Bicep
[
'ADAL'
'MSAL-2'
]
```

### Parameter: `passwordResetPolicyName`

Password Reset Policy Name. Only applies to AAD B2C Identity Provider.
Expand Down
8 changes: 8 additions & 0 deletions avm/res/api-management/service/identity-provider/main.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,13 @@ param authority string = ''
@description('Conditional. Client ID of the Application in the external Identity Provider. Required if identity provider is used.')
param clientId string = ''

@description('Optional. The client library to be used in the developer portal. Only applies to AAD and AAD B2C Identity Provider.')
@allowed([
'ADAL'
'MSAL-2'
])
param clientLibrary string?

@description('Conditional. Client secret of the Application in external Identity Provider, used to authenticate login request. Required if identity provider is used.')
@secure()
param clientSecret string = ''
Expand Down Expand Up @@ -67,6 +74,7 @@ resource identityProvider 'Microsoft.ApiManagement/service/identityProviders@202
profileEditingPolicyName: isAadB2C ? profileEditingPolicyName : null
passwordResetPolicyName: isAadB2C ? passwordResetPolicyName : null
clientId: clientId
clientLibrary: clientLibrary
clientSecret: clientSecret
}
}
Expand Down
32 changes: 27 additions & 5 deletions avm/res/api-management/service/identity-provider/main.json
Original file line number Diff line number Diff line change
@@ -1,11 +1,12 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"languageVersion": "2.0",
"contentVersion": "1.0.0.0",
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.29.47.4906",
"templateHash": "13129392765749462635"
"templateHash": "12757169124799431378"
},
"name": "API Management Service Identity Providers",
"description": "This module deploys an API Management Service Identity Provider.",
Expand Down Expand Up @@ -39,6 +40,17 @@
"description": "Conditional. Client ID of the Application in the external Identity Provider. Required if identity provider is used."
}
},
"clientLibrary": {
"type": "string",
"nullable": true,
"allowedValues": [
"ADAL",
"MSAL-2"
],
"metadata": {
"description": "Optional. The client library to be used in the developer portal. Only applies to AAD and AAD B2C Identity Provider."
}
},
"clientSecret": {
"type": "securestring",
"defaultValue": "",
Expand Down Expand Up @@ -106,8 +118,14 @@
"variables": {
"isAadB2C": "[equals(parameters('type'), 'aadB2C')]"
},
"resources": [
{
"resources": {
"service": {
"existing": true,
"type": "Microsoft.ApiManagement/service",
"apiVersion": "2023-05-01-preview",
"name": "[parameters('apiManagementServiceName')]"
},
"identityProvider": {
"type": "Microsoft.ApiManagement/service/identityProviders",
"apiVersion": "2022-08-01",
"name": "[format('{0}/{1}', parameters('apiManagementServiceName'), parameters('name'))]",
Expand All @@ -121,10 +139,14 @@
"profileEditingPolicyName": "[if(variables('isAadB2C'), parameters('profileEditingPolicyName'), null())]",
"passwordResetPolicyName": "[if(variables('isAadB2C'), parameters('passwordResetPolicyName'), null())]",
"clientId": "[parameters('clientId')]",
"clientLibrary": "[parameters('clientLibrary')]",
"clientSecret": "[parameters('clientSecret')]"
}
},
"dependsOn": [
"service"
]
}
],
},
"outputs": {
"resourceId": {
"type": "string",
Expand Down
103 changes: 40 additions & 63 deletions avm/res/api-management/service/main.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -299,7 +299,7 @@ module service_apiVersionSets 'api-version-set/main.bicep' = [
params: {
apiManagementServiceName: service.name
name: apiVersionSet.name
properties: contains(apiVersionSet, 'properties') ? apiVersionSet.properties : {}
properties: apiVersionSet.?properties ?? {}
}
}
]
Expand All @@ -311,40 +311,20 @@ module service_authorizationServers 'authorization-server/main.bicep' = [
apiManagementServiceName: service.name
name: authorizationServer.name
authorizationEndpoint: authorizationServer.authorizationEndpoint
authorizationMethods: contains(authorizationServer, 'authorizationMethods')
? authorizationServer.authorizationMethods
: [
'GET'
]
bearerTokenSendingMethods: contains(authorizationServer, 'bearerTokenSendingMethods')
? authorizationServer.bearerTokenSendingMethods
: [
'authorizationHeader'
]
clientAuthenticationMethod: contains(authorizationServer, 'clientAuthenticationMethod')
? authorizationServer.clientAuthenticationMethod
: [
'Basic'
]
authorizationMethods: authorizationServer.?authorizationMethods ?? ['GET']
bearerTokenSendingMethods: authorizationServer.?bearerTokenSendingMethods ?? ['authorizationHeader']
clientAuthenticationMethod: authorizationServer.?clientAuthenticationMethod ?? ['Basic']
clientId: authorizationServer.clientId
clientSecret: authorizationServer.clientSecret
clientRegistrationEndpoint: contains(authorizationServer, 'clientRegistrationEndpoint')
? authorizationServer.clientRegistrationEndpoint
: ''
defaultScope: contains(authorizationServer, 'defaultScope') ? authorizationServer.defaultScope : ''
clientRegistrationEndpoint: authorizationServer.?clientRegistrationEndpoint ?? ''
defaultScope: authorizationServer.?defaultScope ?? ''
grantTypes: authorizationServer.grantTypes
resourceOwnerPassword: contains(authorizationServer, 'resourceOwnerPassword')
? authorizationServer.resourceOwnerPassword
: ''
resourceOwnerUsername: contains(authorizationServer, 'resourceOwnerUsername')
? authorizationServer.resourceOwnerUsername
: ''
serverDescription: contains(authorizationServer, 'serverDescription') ? authorizationServer.serverDescription : ''
supportState: contains(authorizationServer, 'supportState') ? authorizationServer.supportState : false
tokenBodyParameters: contains(authorizationServer, 'tokenBodyParameters')
? authorizationServer.tokenBodyParameters
: []
tokenEndpoint: contains(authorizationServer, 'tokenEndpoint') ? authorizationServer.tokenEndpoint : ''
resourceOwnerPassword: authorizationServer.?resourceOwnerPassword ?? ''
resourceOwnerUsername: authorizationServer.?resourceOwnerUsername ?? ''
serverDescription: authorizationServer.?serverDescription ?? ''
supportState: authorizationServer.?supportState ?? false
tokenBodyParameters: authorizationServer.?tokenBodyParameters ?? []
tokenEndpoint: authorizationServer.?tokenEndpoint ?? ''
}
}
]
Expand Down Expand Up @@ -413,20 +393,17 @@ module service_identityProviders 'identity-provider/main.bicep' = [
params: {
apiManagementServiceName: service.name
name: identityProvider.name
allowedTenants: contains(identityProvider, 'allowedTenants') ? identityProvider.allowedTenants : []
authority: contains(identityProvider, 'authority') ? identityProvider.authority : ''
clientId: contains(identityProvider, 'clientId') ? identityProvider.clientId : ''
clientSecret: contains(identityProvider, 'clientSecret') ? identityProvider.clientSecret : ''
passwordResetPolicyName: contains(identityProvider, 'passwordResetPolicyName')
? identityProvider.passwordResetPolicyName
: ''
profileEditingPolicyName: contains(identityProvider, 'profileEditingPolicyName')
? identityProvider.profileEditingPolicyName
: ''
signInPolicyName: contains(identityProvider, 'signInPolicyName') ? identityProvider.signInPolicyName : ''
signInTenant: contains(identityProvider, 'signInTenant') ? identityProvider.signInTenant : ''
signUpPolicyName: contains(identityProvider, 'signUpPolicyName') ? identityProvider.signUpPolicyName : ''
type: contains(identityProvider, 'type') ? identityProvider.type : 'aad'
allowedTenants: identityProvider.?allowedTenants ?? []
authority: identityProvider.?authority ?? ''
clientId: identityProvider.?clientId ?? ''
clientLibrary: identityProvider.?clientLibrary ?? ''
clientSecret: identityProvider.?clientSecret ?? ''
passwordResetPolicyName: identityProvider.?passwordResetPolicyName ?? ''
profileEditingPolicyName: identityProvider.?profileEditingPolicyName ?? ''
signInPolicyName: identityProvider.?signInPolicyName ?? ''
signInTenant: identityProvider.?signInTenant ?? ''
signUpPolicyName: identityProvider.?signUpPolicyName ?? ''
type: identityProvider.?type ?? 'aad'
}
}
]
Expand All @@ -437,11 +414,11 @@ module service_loggers 'loggers/main.bicep' = [
params: {
name: logger.name
apiManagementServiceName: service.name
credentials: contains(logger, 'credentials') ? logger.credentials : {}
isBuffered: contains(logger, 'isBuffered') ? logger.isBuffered : true
loggerDescription: contains(logger, 'loggerDescription') ? logger.loggerDescription : ''
loggerType: contains(logger, 'loggerType') ? logger.loggerType : 'azureMonitor'
targetResourceId: contains(logger, 'targetResourceId') ? logger.targetResourceId : ''
credentials: logger.?credentials ?? {}
isBuffered: logger.?isBuffered ?? true
loggerDescription: logger.?loggerDescription ?? ''
loggerType: logger.?loggerType ?? 'azureMonitor'
targetResourceId: logger.?targetResourceId ?? ''
}
dependsOn: [
service_namedValues
Expand All @@ -455,11 +432,11 @@ module service_namedValues 'named-value/main.bicep' = [
params: {
apiManagementServiceName: service.name
displayName: namedValue.displayName
keyVault: contains(namedValue, 'keyVault') ? namedValue.keyVault : {}
keyVault: namedValue.?keyVault ?? {}
name: namedValue.name
tags: namedValue.?tags // Note: these are not resource tags
secret: contains(namedValue, 'secret') ? namedValue.secret : false
value: contains(namedValue, 'value') ? namedValue.value : newGuidValue
secret: namedValue.?secret ?? false
value: namedValue.?value ?? newGuidValue
}
}
]
Expand All @@ -481,7 +458,7 @@ module service_policies 'policy/main.bicep' = [
params: {
apiManagementServiceName: service.name
value: policy.value
format: contains(policy, 'format') ? policy.format : 'xml'
format: policy.?format ?? 'xml'
}
}
]
Expand All @@ -491,15 +468,15 @@ module service_products 'product/main.bicep' = [
name: '${uniqueString(deployment().name, location)}-Apim-Product-${index}'
params: {
apiManagementServiceName: service.name
apis: contains(product, 'apis') ? product.apis : []
approvalRequired: contains(product, 'approvalRequired') ? product.approvalRequired : false
groups: contains(product, 'groups') ? product.groups : []
apis: product.?apis ?? []
approvalRequired: product.?approvalRequired ?? false
groups: product.?groups ?? []
name: product.name
description: contains(product, 'description') ? product.description : ''
state: contains(product, 'state') ? product.state : 'published'
subscriptionRequired: contains(product, 'subscriptionRequired') ? product.subscriptionRequired : false
subscriptionsLimit: contains(product, 'subscriptionsLimit') ? product.subscriptionsLimit : 1
terms: contains(product, 'terms') ? product.terms : ''
description: product.?description ?? ''
state: product.?state ?? 'published'
subscriptionRequired: product.?subscriptionRequired ?? false
subscriptionsLimit: product.?subscriptionsLimit ?? 1
terms: product.?terms ?? ''
}
dependsOn: [
service_apis
Expand Down
Loading

0 comments on commit bb574a7

Please sign in to comment.