Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Provide script to upload a certificate in the APIM CA Certificate store #134

Closed
mbraekman opened this issue Feb 19, 2021 · 3 comments · Fixed by #206
Closed

Provide script to upload a certificate in the APIM CA Certificate store #134

mbraekman opened this issue Feb 19, 2021 · 3 comments · Fixed by #206
Assignees
Labels
area:api-management All issues related to Azure API Management feature All issues related to new features
Milestone

Comments

@mbraekman
Copy link
Contributor

mbraekman commented Feb 19, 2021

Is your feature request related to a problem? Please describe.
Provide script to upload a certificate in the APIM CA Certificate store.
This allows you to upload public certificates of partners/clients to allow client certificate validation in the APIM policy using the following snippet:

<!-- Validate the client certificate in the inbound request -->
        <choose>
            <!-- Below condition verifies if the request contains a client certificate + if the certificate can be validated against 1 of the available certificates in the CA Certificates-store. -->
            <when condition="@(context.Request.Certificate == null || !context.Request.Certificate.Verify())">
                <return-response>
                    <set-status code="403" reason="Invalid client certificate" />
                </return-response>
            </when>
        </choose>

Describe the solution you'd like
In order to upload a certificate, you need to perform these steps:

  • Load the certificate and create a new AzApiManagementSystemCertificate
  • Get APIM Context
  • Add the newly created systemCertificate to the APIM Context
  • Update the APIM Context

Would be useful to have this as a function to which you only need to provide the following parameters:

  • ResourceGroupName (resource group containing the APIM instance)
  • ServiceName (name of the APIM instance)
  • CertificateFilePath (full path to the location of the public certificate)

See example: https://github.com/mbraekman/Powershell/blob/master/Azure/APIM-UploadCACertificate.ps1

This does take quite a long time to upload, if it would be possible to state whether to wait for the result or to immediately return, would be a nice addition, otherwise, a release pipeline might be waiting up to 20minutes for this script to finish.
Or if there is a better solution, which doesn't take as long, that would be even better.

Target-module:

  • Arcus.Scripting.ApiManagement

Describe alternatives you've considered
Manually uploading the certificate.

@mbraekman mbraekman added feature All issues related to new features area:api-management All issues related to Azure API Management labels Feb 19, 2021
@mbraekman mbraekman added this to the v0.4.0 milestone Feb 19, 2021
@stijnmoreels
Copy link
Member

We could include the uploading functionality in a Start-Job based on a -PassThru argument or so; so it immediately returns or not?

@mbraekman
Copy link
Contributor Author

We could include the uploading functionality in a Start-Job based on a -PassThru argument or so; so it immediately returns or not?

Aha yes, that should work indeed.
Perhaps use the switch -WaitForCompletion instead of -PassThru as it perhaps better indicates what it does? But depending on what's being used in other Arcus-related artifacts of course, in regards to aligning the approach/naming conventions.

@mbraekman mbraekman modified the milestones: v0.4.0, v0.5.0 Feb 19, 2021
@stijnmoreels stijnmoreels self-assigned this Jul 30, 2021
@stijnmoreels
Copy link
Member

Aha, seems like the Set-AzApiManagement already has a -AsJob parameter 😉 . Let's use that one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area:api-management All issues related to Azure API Management feature All issues related to new features
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants