feat: api-management.service new v0.2 #2453
Conversation
|
@Azure/avm-core-team-technical-bicep sorry for the large PR but I thought it was the best way to get everything submitted in a timely manner. I promise I won't make this a habit... just trying to get a bunch of these open bugs resolved. |
matebarabas
added
Class: Resource Module 📦
## Description <!-- >Thank you for your contribution ! > Please include a summary of the change and which issue is fixed. > Please also include the context. > List any dependencies that are required for this change. Fixes Azure#123 Fixes Azure#456 Closes Azure#123 Closes Azure#456 --> Closes Azure#2075 Closes Azure#1929 Closes Azure#1124 Closes Azure#1104 Closes Azure#2362 Closes Azure#2444 Big update v0.2 release: - update all APIM apis to newer versions - new feat: Add PublicIP - new feat: add API Loggers - new feat: add API Diagnostics - new feat: add v2sku options - add test case for v2sku - updates to many default params to better align with PSRule suggestions for better reliability and security ## Pipeline Reference <!-- Insert your Pipeline Status Badge below --> | Pipeline | | -------- | | [](https://github.com/tony-box/bicep-registry-modules/actions/workflows/avm.res.api-management.service.yml) | ## Type of Change <!-- Use the checkboxes [x] on the options that are relevant. --> - [x] Update to CI Environment or utilities (Non-module affecting changes) - [x] Azure Verified Module updates: - [ ] Bugfix containing backwards-compatible bug fixes, and I have NOT bumped the MAJOR or MINOR version in `version.json`: - [x] Someone has opened a bug report issue, and I have included "Closes #{bug_report_issue_number}" in the PR description. - [ ] The bug was found by the module author, and no one has opened an issue to report it yet. - [x] Feature update backwards compatible feature updates, and I have bumped the MINOR version in `version.json`. - [ ] Breaking changes and I have bumped the MAJOR version in `version.json`. - [x] Update to documentation ## Checklist - [x] I'm sure there are no other open Pull Requests for the same update/change - [x] I have run `Set-AVMModule` locally to generate the supporting module files. - [x] My corresponding pipelines / checks run clean and green without any errors or warnings <!-- Please keep up to date with the contribution guide at https://aka.ms/avm/contribute/bicep --> --------- Co-authored-by: Tony Box <[email protected]>
| @@ -81,3 +81,4 @@ rule: | |||
| - Azure.VM.UseHybridUseBenefit | |||
| - Azure.Storage.UseReplication | |||
| - Azure.AppConfig.PurgeProtect | |||
| - Azure.APIM.MultiRegion | |||
There was a problem hiding this comment.
What was ther reson for this? We should probably start attaching comments with the reason to every suppression
There was a problem hiding this comment.
we agreed in Teams to disable this one. It's untenable for most deployments to use multiregion deployment for APIM in every case ($$$), despite it being recommended.
There was a problem hiding this comment.
Hey Tony, the reason is absolutely fine. If possible please add it as a comment at the end of the line. Something we should really start doing for later reference 🙂
| } | ||
|
|
||
| resource diagnostic 'Microsoft.ApiManagement/service/apis/diagnostics@2022-08-01' = { | ||
| name: diagnosticName |
There was a problem hiding this comment.
Should not be called diagnosticName but name as per spec Inputs - Parameter/Variable Naming
| resource api 'Microsoft.ApiManagement/service/apis@2021-08-01' = { | ||
| name: name | ||
| resource api 'Microsoft.ApiManagement/service/apis@2022-08-01' = { | ||
| name: apiName |
There was a problem hiding this comment.
Should be name as per spec Inputs - Parameter/Variable Naming
| @description('Required. Relative URL uniquely identifying this API and all of its resource paths within the API Management service instance. It is appended to the API endpoint base URL specified during the service instance creation to form a public URL for this API.') | ||
| param path string | ||
| param apiPath string |
There was a problem hiding this comment.
Should be api as per spec Inputs - Parameter/Variable Naming
Background: As it's the path parameter of the api resource type it should be intuitive that it's the api's path. Following this logic it would be redundant to call it apiPath
| for (diagnostic, index) in diagnostics ?? []: { | ||
| name: '${deployment().name}-diagnostics-${index}' | ||
| params: { | ||
| diagnosticName: !empty(diagnostic.diagnosticName) ? diagnostic.diagnosticName : '${api.name}-diagnostics-${index}' |
There was a problem hiding this comment.
Why does have a different default than in the child?
There the diagnosticName parameter's default is 'local'. It's very different and it may have been better to use '${apiName}-diagnostics' in the child
There was a problem hiding this comment.
Also, just to suggest an improvement to simplify the code, you could write diagnosticName: diagnostic.?diagnosticName ?? '${api.name}-diagnostics-${index}'
| param targetResourceId string | ||
|
|
||
| @description('Conditional. Required if loggerType = applicationInsights or azureEventHub. The name and SendRule connection string of the event hub for azureEventHub logger. Instrumentation key for applicationInsights logger.') | ||
| param credentials object |
There was a problem hiding this comment.
Should this not maybe have the annotation @secure() or are there no secrets in this object?
| @@ -54,7 +63,7 @@ param restore bool = false | |||
| @description('Optional. Array of role assignments to create.') | |||
| param roleAssignments roleAssignmentType | |||
|
|
|||
| @description('Optional. The pricing tier of this API Management service.') | |||
| @description('Optional. The pricing tier of this API Management service. Default is Premium.') | |||
There was a problem hiding this comment.
This is representative of all parameters - the default should not be part of the name because
- in the readme.md it's automatically added from the default
- in Bicep linter (when using the module) it's automatically suggested
- It adds another location (per parameter) where you'd need to maintain the value - so it could run stale
| @description('Optional. The pricing tier of this API Management service. Default is Premium.') | |
| @description('Optional. The pricing tier of this API Management service.') |
There was a problem hiding this comment.
This would be the same comment across all modules, btw :) I'll refrain from commenting every instance though
| } | ||
|
|
||
| resource diagnostic 'Microsoft.ApiManagement/service/apis/diagnostics@2022-08-01' = { | ||
| name: diagnosticName |
There was a problem hiding this comment.
Same comment as per the product api - should not contain the resource type's name as per Inputs - Parameter/Variable Naming
| managedIdentities: { | ||
| systemAssigned: true | ||
| userAssignedResourceIds: [ | ||
| nestedDependencies.outputs.managedIdentityResourceId | ||
| ] | ||
| } |
There was a problem hiding this comment.
Required for WAF alignment?
There was a problem hiding this comment.
yup, required for Azure.APIM.ManagedIdentity
|
@tony-box The changes related to this PR seem to have not been published successfully, please confirm. |
](https://github.com/tony-box/bicep-registry-modules/actions/workflows/avm.res.api-management.service.yml){kind=link}
## Description <!-- >Thank you for your contribution ! > Please include a summary of the change and which issue is fixed. > Please also include the context. > List any dependencies that are required for this change. Fixes #123 Fixes #456 Closes #123 Closes #456 --> Fixes issues from the previous PR: #2453 ## Pipeline Reference <!-- Insert your Pipeline Status Badge below --> | Pipeline | | -------- | | [](https://github.com/tony-box/bicep-registry-modules/actions/workflows/avm.res.api-management.service.yml) | ## Type of Change <!-- Use the checkboxes [x] on the options that are relevant. --> - [X] Update to CI Environment or utilities (Non-module affecting changes) - [X] Azure Verified Module updates: - [X] Bugfix containing backwards-compatible bug fixes, and I have NOT bumped the MAJOR or MINOR version in `version.json`: - [ ] Someone has opened a bug report issue, and I have included "Closes #{bug_report_issue_number}" in the PR description. - [X] The bug was found by the module author, and no one has opened an issue to report it yet. - [ ] Feature update backwards compatible feature updates, and I have bumped the MINOR version in `version.json`. - [ ] Breaking changes and I have bumped the MAJOR version in `version.json`. - [X] Update to documentation ## Checklist - [X] I'm sure there are no other open Pull Requests for the same update/change - [X] I have run `Set-AVMModule` locally to generate the supporting module files. - [X] My corresponding pipelines / checks run clean and green without any errors or warnings <!-- Please keep up to date with the contribution guide at https://aka.ms/avm/contribute/bicep --> --------- Co-authored-by: Tony Box <[email protected]>
](https://github.com/tony-box/bicep-registry-modules/actions/workflows/avm.res.api-management.service.yml){kind=link}
Description
Closes #2075
Closes #1929
Closes #1124
Closes #1104
Closes #2362
Closes #2444
Fixes #2361
Closes #1473
Big update v0.2 release:
Pipeline Reference
Type of Change
version.json:version.json.version.json.Checklist
Set-AVMModulelocally to generate the supporting module files.