feat: avm/res/apim-management/service/identity-provider Add contentLi…

…brary property to the Identity Provider apim module (#3067)

## Description


This pull request includes several updates to the API management service
configuration files, focusing on adding a new `clientLibrary` parameter
and simplifying the codebase by using optional chaining and nullish
coalescing operators.

### Additions:

* Added `clientLibrary` parameter to the identity provider configuration
in `README.md`, `main.bicep`, and `main.json` files. This parameter
specifies the client library to be used in the developer portal and is
applicable to AAD and AAD B2C Identity Providers.
[[1]](diffhunk://#diff-9ddb8330ed79263d6e746d65e3b3257b4505f97927a1629181a76f1c5b6a6613R340)
[[2]](diffhunk://#diff-9ddb8330ed79263d6e746d65e3b3257b4505f97927a1629181a76f1c5b6a6613R583)
[[3]](diffhunk://#diff-9ddb8330ed79263d6e746d65e3b3257b4505f97927a1629181a76f1c5b6a6613R898)
[[4]](diffhunk://#diff-9ddb8330ed79263d6e746d65e3b3257b4505f97927a1629181a76f1c5b6a6613R1119)
[[5]](diffhunk://#diff-43eea61a91298ae7bef3d481f3173899f538a8965ed5dd2f3dcc969831f9ac1fR41)
[[6]](diffhunk://#diff-43eea61a91298ae7bef3d481f3173899f538a8965ed5dd2f3dcc969831f9ac1fR95-R110)
[[7]](diffhunk://#diff-a4a02b7176d3a8c138078d850f9eb87c6ff174240e076fad16f2828e81d95984R17-R24)
[[8]](diffhunk://#diff-a4a02b7176d3a8c138078d850f9eb87c6ff174240e076fad16f2828e81d95984R78)
[[9]](diffhunk://#diff-16e9f7f16068d75fc42585c3dff1869a905e7ae9623294ef13e0012ff8e8cfe4R42-R53)
[[10]](diffhunk://#diff-16e9f7f16068d75fc42585c3dff1869a905e7ae9623294ef13e0012ff8e8cfe4R136)

### Code Simplification:

* Replaced `contains` checks with optional chaining and nullish
coalescing operators in `main.bicep` and `main.json` files to simplify
the code and improve readability.
[[1]](diffhunk://#diff-8f2edf3d1f48cf6c680a1183f0e64d26c87c0ceb60ca907ed141beb343d1c762L145-R145)
[[2]](diffhunk://#diff-2ca925a05c195f083f978183605a2057d590ad2b8bfe530789ee04df61e7af40L273-R275)
[[3]](diffhunk://#diff-0f11bdd53cbb4764551480ccb25116f6805372f2ad26f15c7d01f0eb8624fabaL302-R302)
[[4]](diffhunk://#diff-0f11bdd53cbb4764551480ccb25116f6805372f2ad26f15c7d01f0eb8624fabaL314-R327)
[[5]](diffhunk://#diff-0f11bdd53cbb4764551480ccb25116f6805372f2ad26f15c7d01f0eb8624fabaL416-R406)
[[6]](diffhunk://#diff-0f11bdd53cbb4764551480ccb25116f6805372f2ad26f15c7d01f0eb8624fabaL440-R421)
[[7]](diffhunk://#diff-0f11bdd53cbb4764551480ccb25116f6805372f2ad26f15c7d01f0eb8624fabaL458-R439)
[[8]](diffhunk://#diff-0f11bdd53cbb4764551480ccb25116f6805372f2ad26f15c7d01f0eb8624fabaL484-R461)
[[9]](diffhunk://#diff-0f11bdd53cbb4764551480ccb25116f6805372f2ad26f15c7d01f0eb8624fabaL494-R479)
[[10]](diffhunk://#diff-af393a2ffcf4cca471b3ed98bb92055747cf64a3a95f05fd5c7ea5597468a8d8L1059-R1061)
[[11]](diffhunk://#diff-af393a2ffcf4cca471b3ed98bb92055747cf64a3a95f05fd5c7ea5597468a8d8L1435-R1439)

### Metadata Updates:

* Updated `_generator` metadata in various `main.json` files to reflect
the new template hash values.
[[1]](diffhunk://#diff-2ca925a05c195f083f978183605a2057d590ad2b8bfe530789ee04df61e7af40L9-R9)
[[2]](diffhunk://#diff-16e9f7f16068d75fc42585c3dff1869a905e7ae9623294ef13e0012ff8e8cfe4L8-R8)
[[3]](diffhunk://#diff-af393a2ffcf4cca471b3ed98bb92055747cf64a3a95f05fd5c7ea5597468a8d8L9-R9)
[[4]](diffhunk://#diff-af393a2ffcf4cca471b3ed98bb92055747cf64a3a95f05fd5c7ea5597468a8d8L795-R795)

These changes aim to enhance the maintainability and functionality of
the API management service configuration.


## Pipeline Reference

<!-- Insert your Pipeline Status Badge below -->

| Pipeline |
| -------- |
|
[![avm.res.api-management.service](https://github.com/anotherRedbeard/bicep-registry-modules/actions/workflows/avm.res.api-management.service.yml/badge.svg)](https://github.com/anotherRedbeard/bicep-registry-modules/actions/workflows/avm.res.api-management.service.yml)
|

## Type of Change

<!-- Use the checkboxes [x] on the options that are relevant. -->

- [ ] Update to CI Environment or utilities (Non-module affecting
changes)
- [ x] Azure Verified Module updates:
- [ ] Bugfix containing backwards-compatible bug fixes, and I have NOT
bumped the MAJOR or MINOR version in `version.json`:
- [ ] Someone has opened a bug report issue, and I have included "Closes
#{bug_report_issue_number}" in the PR description.
- [ ] The bug was found by the module author, and no one has opened an
issue to report it yet.
- [x ] Feature update backwards compatible feature updates, and I have
bumped the MINOR version in `version.json`.
- [ ] Breaking changes and I have bumped the MAJOR version in
`version.json`.
  - [x ] Update to documentation

## Checklist

- [x ] I'm sure there are no other open Pull Requests for the same
update/change
- [ x] I have run `Set-AVMModule` locally to generate the supporting
module files.
- [x ] My corresponding pipelines / checks run clean and green without
any errors or warnings

<!-- Please keep up to date with the contribution guide at
https://aka.ms/avm/contribute/bicep -->

---------

Co-authored-by: anotherRedbeard <andrewredman@redbeardsmbp3.lan>
Co-authored-by: anotherRedbeard <andrewredman@RedbeardsMBP3.local>
Co-authored-by: Tony Box <tonybox@gmail.com>

avm/res/api-management/service/README.md

@@ -337,6 +337,7 @@ module service 'br/public:avm/res/api-management/service:<version>' = {
  ]
  authority: '<authority>'
  clientId: 'apimClientid'
+ clientLibrary: 'MSAL-2'
  clientSecret: 'apimSlientSecret'
  name: 'aad'
  signinTenant: 'mytenant.onmicrosoft.com'
@@ -579,6 +580,7 @@ module service 'br/public:avm/res/api-management/service:<version>' = {
  ],
  "authority": "<authority>",
  "clientId": "apimClientid",
+ "clientLibrary": "MSAL-2",
  "clientSecret": "apimSlientSecret",
  "name": "aad",
  "signinTenant": "mytenant.onmicrosoft.com"
@@ -893,6 +895,7 @@ module service 'br/public:avm/res/api-management/service:<version>' = {
  ]
  authority: '<authority>'
  clientId: 'apimClientid'
+ clientLibrary: 'MSAL-2'
  clientSecret: '<clientSecret>'
  name: 'aad'
  signinTenant: 'mytenant.onmicrosoft.com'
@@ -1113,6 +1116,7 @@ module service 'br/public:avm/res/api-management/service:<version>' = {
  ],
  "authority": "<authority>",
  "clientId": "apimClientid",
+ "clientLibrary": "MSAL-2",
  "clientSecret": "<clientSecret>",
  "name": "aad",
  "signinTenant": "mytenant.onmicrosoft.com"

avm/res/api-management/service/api/main.bicep

@@ -142,7 +142,7 @@ module policy 'policy/main.bicep' = [
  params: {
  apiManagementServiceName: apiManagementServiceName
  apiName: api.name
- format: contains(policy, 'format') ? policy.format : 'xml'
+ format: policy.?format ?? 'xml'
  value: policy.value
  }
  }

avm/res/api-management/service/api/main.json

@@ -6,7 +6,7 @@
  "_generator": {
  "name": "bicep",
  "version": "0.29.47.4906",
- "templateHash": "13121653397859804060"
+ "templateHash": "17160750790361326516"
  },
  "name": "API Management Service APIs",
  "description": "This module deploys an API Management Service API.",
@@ -270,7 +270,9 @@
  "apiName": {
  "value": "[parameters('name')]"
  },
- "format": "[if(contains(coalesce(parameters('policies'), createArray())[copyIndex()], 'format'), createObject('value', coalesce(parameters('policies'), createArray())[copyIndex()].format), createObject('value', 'xml'))]",
+ "format": {
+ "value": "[coalesce(tryGet(coalesce(parameters('policies'), createArray())[copyIndex()], 'format'), 'xml')]"
+ },
  "value": {
  "value": "[coalesce(parameters('policies'), createArray())[copyIndex()].value]"
  }

avm/res/api-management/service/identity-provider/README.md

@@ -38,6 +38,7 @@ This module deploys an API Management Service Identity Provider.
 | :-- | :-- | :-- |
 | [`allowedTenants`](#parameter-allowedtenants) | array | List of Allowed Tenants when configuring Azure Active Directory login. - string. |
 | [`authority`](#parameter-authority) | string | OpenID Connect discovery endpoint hostname for AAD or AAD B2C. |
+| [`clientLibrary`](#parameter-clientlibrary) | string | The client library to be used in the developer portal. Only applies to AAD and AAD B2C Identity Provider. |
 | [`passwordResetPolicyName`](#parameter-passwordresetpolicyname) | string | Password Reset Policy Name. Only applies to AAD B2C Identity Provider. |
 | [`profileEditingPolicyName`](#parameter-profileeditingpolicyname) | string | Profile Editing Policy Name. Only applies to AAD B2C Identity Provider. |
 | [`signInPolicyName`](#parameter-signinpolicyname) | string | Signin Policy Name. Only applies to AAD B2C Identity Provider. |
@@ -91,6 +92,20 @@ OpenID Connect discovery endpoint hostname for AAD or AAD B2C.
 - Type: string
 - Default: `''`
 
+### Parameter: `clientLibrary`
+
+The client library to be used in the developer portal. Only applies to AAD and AAD B2C Identity Provider.
+
+- Required: No
+- Type: string
+- Allowed:
+ ```Bicep
+ [
+ 'ADAL'
+ 'MSAL-2'
+ ]
+ ```
+
 ### Parameter: `passwordResetPolicyName`
 
 Password Reset Policy Name. Only applies to AAD B2C Identity Provider.

avm/res/api-management/service/identity-provider/main.bicep

@@ -14,6 +14,13 @@ param authority string = ''
 @description('Conditional. Client ID of the Application in the external Identity Provider. Required if identity provider is used.')
 param clientId string = ''
 
+@description('Optional. The client library to be used in the developer portal. Only applies to AAD and AAD B2C Identity Provider.')
+@allowed([
+ 'ADAL'
+ 'MSAL-2'
+])
+param clientLibrary string?
+
 @description('Conditional. Client secret of the Application in external Identity Provider, used to authenticate login request. Required if identity provider is used.')
 @secure()
 param clientSecret string = ''
@@ -67,6 +74,7 @@ resource identityProvider 'Microsoft.ApiManagement/service/identityProviders@202
  profileEditingPolicyName: isAadB2C ? profileEditingPolicyName : null
  passwordResetPolicyName: isAadB2C ? passwordResetPolicyName : null
  clientId: clientId
+ clientLibrary: clientLibrary
  clientSecret: clientSecret
  }
 }

avm/res/api-management/service/identity-provider/main.json

@@ -1,11 +1,12 @@
 {
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "languageVersion": "2.0",
  "contentVersion": "1.0.0.0",
  "metadata": {
  "_generator": {
  "name": "bicep",
  "version": "0.29.47.4906",
- "templateHash": "13129392765749462635"
+ "templateHash": "12757169124799431378"
  },
  "name": "API Management Service Identity Providers",
  "description": "This module deploys an API Management Service Identity Provider.",
@@ -39,6 +40,17 @@
  "description": "Conditional. Client ID of the Application in the external Identity Provider. Required if identity provider is used."
  }
  },
+ "clientLibrary": {
+ "type": "string",
+ "nullable": true,
+ "allowedValues": [
+ "ADAL",
+ "MSAL-2"
+ ],
+ "metadata": {
+ "description": "Optional. The client library to be used in the developer portal. Only applies to AAD and AAD B2C Identity Provider."
+ }
+ },
  "clientSecret": {
  "type": "securestring",
  "defaultValue": "",
@@ -106,8 +118,14 @@
  "variables": {
  "isAadB2C": "[equals(parameters('type'), 'aadB2C')]"
  },
- "resources": [
- {
+ "resources": {
+ "service": {
+ "existing": true,
+ "type": "Microsoft.ApiManagement/service",
+ "apiVersion": "2023-05-01-preview",
+ "name": "[parameters('apiManagementServiceName')]"
+ },
+ "identityProvider": {
  "type": "Microsoft.ApiManagement/service/identityProviders",
  "apiVersion": "2022-08-01",
  "name": "[format('{0}/{1}', parameters('apiManagementServiceName'), parameters('name'))]",
@@ -121,10 +139,14 @@
  "profileEditingPolicyName": "[if(variables('isAadB2C'), parameters('profileEditingPolicyName'), null())]",
  "passwordResetPolicyName": "[if(variables('isAadB2C'), parameters('passwordResetPolicyName'), null())]",
  "clientId": "[parameters('clientId')]",
+ "clientLibrary": "[parameters('clientLibrary')]",
  "clientSecret": "[parameters('clientSecret')]"
- }
+ },
+ "dependsOn": [
+ "service"
+ ]
  }
- ],
+ },
  "outputs": {
  "resourceId": {
  "type": "string",

avm/res/api-management/service/main.bicep

@@ -299,7 +299,7 @@ module service_apiVersionSets 'api-version-set/main.bicep' = [
  params: {
  apiManagementServiceName: service.name
  name: apiVersionSet.name
- properties: contains(apiVersionSet, 'properties') ? apiVersionSet.properties : {}
+ properties: apiVersionSet.?properties ?? {}
  }
  }
 ]
@@ -311,40 +311,20 @@ module service_authorizationServers 'authorization-server/main.bicep' = [
  apiManagementServiceName: service.name
  name: authorizationServer.name
  authorizationEndpoint: authorizationServer.authorizationEndpoint
- authorizationMethods: contains(authorizationServer, 'authorizationMethods')
- ? authorizationServer.authorizationMethods
- : [
- 'GET'
- ]
- bearerTokenSendingMethods: contains(authorizationServer, 'bearerTokenSendingMethods')
- ? authorizationServer.bearerTokenSendingMethods
- : [
- 'authorizationHeader'
- ]
- clientAuthenticationMethod: contains(authorizationServer, 'clientAuthenticationMethod')
- ? authorizationServer.clientAuthenticationMethod
- : [
- 'Basic'
- ]
+ authorizationMethods: authorizationServer.?authorizationMethods ?? ['GET']
+ bearerTokenSendingMethods: authorizationServer.?bearerTokenSendingMethods ?? ['authorizationHeader']
+ clientAuthenticationMethod: authorizationServer.?clientAuthenticationMethod ?? ['Basic']
  clientId: authorizationServer.clientId
  clientSecret: authorizationServer.clientSecret
- clientRegistrationEndpoint: contains(authorizationServer, 'clientRegistrationEndpoint')
- ? authorizationServer.clientRegistrationEndpoint
- : ''
- defaultScope: contains(authorizationServer, 'defaultScope') ? authorizationServer.defaultScope : ''
+ clientRegistrationEndpoint: authorizationServer.?clientRegistrationEndpoint ?? ''
+ defaultScope: authorizationServer.?defaultScope ?? ''
  grantTypes: authorizationServer.grantTypes
- resourceOwnerPassword: contains(authorizationServer, 'resourceOwnerPassword')
- ? authorizationServer.resourceOwnerPassword
- : ''
- resourceOwnerUsername: contains(authorizationServer, 'resourceOwnerUsername')
- ? authorizationServer.resourceOwnerUsername
- : ''
- serverDescription: contains(authorizationServer, 'serverDescription') ? authorizationServer.serverDescription : ''
- supportState: contains(authorizationServer, 'supportState') ? authorizationServer.supportState : false
- tokenBodyParameters: contains(authorizationServer, 'tokenBodyParameters')
- ? authorizationServer.tokenBodyParameters
- : []
- tokenEndpoint: contains(authorizationServer, 'tokenEndpoint') ? authorizationServer.tokenEndpoint : ''
+ resourceOwnerPassword: authorizationServer.?resourceOwnerPassword ?? ''
+ resourceOwnerUsername: authorizationServer.?resourceOwnerUsername ?? ''
+ serverDescription: authorizationServer.?serverDescription ?? ''
+ supportState: authorizationServer.?supportState ?? false
+ tokenBodyParameters: authorizationServer.?tokenBodyParameters ?? []
+ tokenEndpoint: authorizationServer.?tokenEndpoint ?? ''
  }
  }
 ]
@@ -413,20 +393,17 @@ module service_identityProviders 'identity-provider/main.bicep' = [
  params: {
  apiManagementServiceName: service.name
  name: identityProvider.name
- allowedTenants: contains(identityProvider, 'allowedTenants') ? identityProvider.allowedTenants : []
- authority: contains(identityProvider, 'authority') ? identityProvider.authority : ''
- clientId: contains(identityProvider, 'clientId') ? identityProvider.clientId : ''
- clientSecret: contains(identityProvider, 'clientSecret') ? identityProvider.clientSecret : ''
- passwordResetPolicyName: contains(identityProvider, 'passwordResetPolicyName')
- ? identityProvider.passwordResetPolicyName
- : ''
- profileEditingPolicyName: contains(identityProvider, 'profileEditingPolicyName')
- ? identityProvider.profileEditingPolicyName
- : ''
- signInPolicyName: contains(identityProvider, 'signInPolicyName') ? identityProvider.signInPolicyName : ''
- signInTenant: contains(identityProvider, 'signInTenant') ? identityProvider.signInTenant : ''
- signUpPolicyName: contains(identityProvider, 'signUpPolicyName') ? identityProvider.signUpPolicyName : ''
- type: contains(identityProvider, 'type') ? identityProvider.type : 'aad'
+ allowedTenants: identityProvider.?allowedTenants ?? []
+ authority: identityProvider.?authority ?? ''
+ clientId: identityProvider.?clientId ?? ''
+ clientLibrary: identityProvider.?clientLibrary ?? ''
+ clientSecret: identityProvider.?clientSecret ?? ''
+ passwordResetPolicyName: identityProvider.?passwordResetPolicyName ?? ''
+ profileEditingPolicyName: identityProvider.?profileEditingPolicyName ?? ''
+ signInPolicyName: identityProvider.?signInPolicyName ?? ''
+ signInTenant: identityProvider.?signInTenant ?? ''
+ signUpPolicyName: identityProvider.?signUpPolicyName ?? ''
+ type: identityProvider.?type ?? 'aad'
  }
  }
 ]
@@ -437,11 +414,11 @@ module service_loggers 'loggers/main.bicep' = [
  params: {
  name: logger.name
  apiManagementServiceName: service.name
- credentials: contains(logger, 'credentials') ? logger.credentials : {}
- isBuffered: contains(logger, 'isBuffered') ? logger.isBuffered : true
- loggerDescription: contains(logger, 'loggerDescription') ? logger.loggerDescription : ''
- loggerType: contains(logger, 'loggerType') ? logger.loggerType : 'azureMonitor'
- targetResourceId: contains(logger, 'targetResourceId') ? logger.targetResourceId : ''
+ credentials: logger.?credentials ?? {}
+ isBuffered: logger.?isBuffered ?? true
+ loggerDescription: logger.?loggerDescription ?? ''
+ loggerType: logger.?loggerType ?? 'azureMonitor'
+ targetResourceId: logger.?targetResourceId ?? ''
  }
  dependsOn: [
  service_namedValues
@@ -455,11 +432,11 @@ module service_namedValues 'named-value/main.bicep' = [
  params: {
  apiManagementServiceName: service.name
  displayName: namedValue.displayName
- keyVault: contains(namedValue, 'keyVault') ? namedValue.keyVault : {}
+ keyVault: namedValue.?keyVault ?? {}
  name: namedValue.name
  tags: namedValue.?tags // Note: these are not resource tags
- secret: contains(namedValue, 'secret') ? namedValue.secret : false
- value: contains(namedValue, 'value') ? namedValue.value : newGuidValue
+ secret: namedValue.?secret ?? false
+ value: namedValue.?value ?? newGuidValue
  }
  }
 ]
@@ -481,7 +458,7 @@ module service_policies 'policy/main.bicep' = [
  params: {
  apiManagementServiceName: service.name
  value: policy.value
- format: contains(policy, 'format') ? policy.format : 'xml'
+ format: policy.?format ?? 'xml'
  }
  }
 ]
@@ -491,15 +468,15 @@ module service_products 'product/main.bicep' = [
  name: '${uniqueString(deployment().name, location)}-Apim-Product-${index}'
  params: {
  apiManagementServiceName: service.name
- apis: contains(product, 'apis') ? product.apis : []
- approvalRequired: contains(product, 'approvalRequired') ? product.approvalRequired : false
- groups: contains(product, 'groups') ? product.groups : []
+ apis: product.?apis ?? []
+ approvalRequired: product.?approvalRequired ?? false
+ groups: product.?groups ?? []
  name: product.name
- description: contains(product, 'description') ? product.description : ''
- state: contains(product, 'state') ? product.state : 'published'
- subscriptionRequired: contains(product, 'subscriptionRequired') ? product.subscriptionRequired : false
- subscriptionsLimit: contains(product, 'subscriptionsLimit') ? product.subscriptionsLimit : 1
- terms: contains(product, 'terms') ? product.terms : ''
+ description: product.?description ?? ''
+ state: product.?state ?? 'published'
+ subscriptionRequired: product.?subscriptionRequired ?? false
+ subscriptionsLimit: product.?subscriptionsLimit ?? 1
+ terms: product.?terms ?? ''
  }
  dependsOn: [
  service_apis