From d25ccbc54eef9c409dff6b2025081b9e2edb382e Mon Sep 17 00:00:00 2001 From: Tony Box Date: Wed, 24 Jul 2024 15:36:20 -0400 Subject: [PATCH] fix: APIM SKUs not deploying due to incorrect param logic (#2565) ## Description Closes #2561 - Added tests for different SKUs to ensure no more issues in the future - Disable some APIM PSRule tests that are $$ and not necessary for non-prod deployments - fix logic to ensure various SKUs can be deployed and use availability zones and scale units ## Pipeline Reference | Pipeline | | -------- | | [![avm.res.api-management.service](https://github.com/tony-box/bicep-registry-modules/actions/workflows/avm.res.api-management.service.yml/badge.svg?branch=fix%2F2561)](https://github.com/tony-box/bicep-registry-modules/actions/workflows/avm.res.api-management.service.yml) | ## Type of Change - [ ] Update to CI Environment or utilities (Non-module affecting changes) - [x] Azure Verified Module updates: - [x] Bugfix containing backwards-compatible bug fixes, and I have NOT bumped the MAJOR or MINOR version in `version.json`: - [x] Someone has opened a bug report issue, and I have included "Closes #{bug_report_issue_number}" in the PR description. - [ ] The bug was found by the module author, and no one has opened an issue to report it yet. - [ ] Feature update backwards compatible feature updates, and I have bumped the MINOR version in `version.json`. - [ ] Breaking changes and I have bumped the MAJOR version in `version.json`. - [x] Update to documentation ## Checklist - [x] I'm sure there are no other open Pull Requests for the same update/change - [x] I have run `Set-AVMModule` locally to generate the supporting module files. - [x] My corresponding pipelines / checks run clean and green without any errors or warnings --------- Co-authored-by: Tony Box --- avm/res/api-management/service/README.md | 184 ++++++++++++++---- .../service/api-version-set/main.json | 4 +- .../service/api/diagnostics/main.json | 4 +- avm/res/api-management/service/api/main.json | 12 +- .../service/api/policy/main.json | 4 +- .../service/authorization-server/main.json | 4 +- .../api-management/service/backend/main.json | 4 +- .../api-management/service/cache/main.json | 4 +- .../service/identity-provider/main.json | 4 +- .../api-management/service/loggers/main.json | 4 +- avm/res/api-management/service/main.bicep | 27 ++- avm/res/api-management/service/main.json | 99 +++++----- .../service/named-value/main.json | 4 +- .../api-management/service/policy/main.json | 4 +- .../service/portalsetting/main.json | 4 +- .../service/product/api/main.json | 4 +- .../service/product/group/main.json | 4 +- .../api-management/service/product/main.json | 12 +- .../service/subscription/main.json | 4 +- .../tests/e2e/consumptionSku/main.test.bicep | 51 +++++ .../tests/e2e/defaults/main.test.bicep | 20 +- .../tests/e2e/developerSku/main.test.bicep | 51 +++++ .../e2e/{v2sku => v2Sku}/main.test.bicep | 4 +- .../psrule/.ps-rule/min-suppress.Rule.yaml | 3 + .../staticValidation/psrule/ps-rule.yaml | 1 - 25 files changed, 368 insertions(+), 152 deletions(-) create mode 100644 avm/res/api-management/service/tests/e2e/consumptionSku/main.test.bicep create mode 100644 avm/res/api-management/service/tests/e2e/developerSku/main.test.bicep rename avm/res/api-management/service/tests/e2e/{v2sku => v2Sku}/main.test.bicep (93%) diff --git a/avm/res/api-management/service/README.md b/avm/res/api-management/service/README.md index a9c4633306..930772c840 100644 --- a/avm/res/api-management/service/README.md +++ b/avm/res/api-management/service/README.md @@ -1,6 +1,6 @@ # API Management Services `[Microsoft.ApiManagement/service]` -This module deploys an API Management Service. +This module deploys an API Management Service. The default deployment is set to use a Premium SKU to align with Microsoft WAF-aligned best practices. In most cases, non-prod deployments should use a lower-tier SKU. ## Navigation @@ -16,7 +16,7 @@ This module deploys an API Management Service. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.ApiManagement/service` | [2023-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2023-05-01-preview/service) | +| `Microsoft.ApiManagement/service` | [2023-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/service) | | `Microsoft.ApiManagement/service/apis` | [2022-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2022-08-01/service/apis) | | `Microsoft.ApiManagement/service/apis/diagnostics` | [2022-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2022-08-01/service/apis/diagnostics) | | `Microsoft.ApiManagement/service/apis/policies` | [2022-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2022-08-01/service/apis/policies) | @@ -45,12 +45,74 @@ The following section provides usage examples for the module, which were used to >**Note**: To reference the module, please use the following syntax `br/public:avm/res/api-management/service:`. -- [Using only defaults](#example-1-using-only-defaults) -- [Using large parameter set](#example-2-using-large-parameter-set) -- [Test deploying apim v2 sku](#example-3-test-deploying-apim-v2-sku) -- [WAF-aligned](#example-4-waf-aligned) +- [Deploying a Consumption SKU](#example-1-deploying-a-consumption-sku) +- [Using only defaults](#example-2-using-only-defaults) +- [Deploying a Developer SKU](#example-3-deploying-a-developer-sku) +- [Using large parameter set](#example-4-using-large-parameter-set) +- [Deploying an APIM v2 sku](#example-5-deploying-an-apim-v2-sku) +- [WAF-aligned](#example-6-waf-aligned) -### Example 1: _Using only defaults_ +### Example 1: _Deploying a Consumption SKU_ + +This instance deploys the module using a Consumption SKU. + + +
+ +via Bicep module + +```bicep +module service 'br/public:avm/res/api-management/service:' = { + name: 'serviceDeployment' + params: { + // Required parameters + name: 'apiscon001' + publisherEmail: 'apimgmt-noreply@mail.windowsazure.com' + publisherName: 'az-amorg-x-001' + // Non-required parameters + location: '' + sku: 'Consumption' + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "apiscon001" + }, + "publisherEmail": { + "value": "apimgmt-noreply@mail.windowsazure.com" + }, + "publisherName": { + "value": "az-amorg-x-001" + }, + // Non-required parameters + "location": { + "value": "" + }, + "sku": { + "value": "Consumption" + } + } +} +``` + +
+

+ +### Example 2: _Using only defaults_ This instance deploys the module with the minimum set of required parameters. @@ -106,7 +168,67 @@ module service 'br/public:avm/res/api-management/service:' = {

-### Example 2: _Using large parameter set_ +### Example 3: _Deploying a Developer SKU_ + +This instance deploys the module using a Developer SKU. + + +

+ +via Bicep module + +```bicep +module service 'br/public:avm/res/api-management/service:' = { + name: 'serviceDeployment' + params: { + // Required parameters + name: 'apisdev001' + publisherEmail: 'apimgmt-noreply@mail.windowsazure.com' + publisherName: 'az-amorg-x-001' + // Non-required parameters + location: '' + sku: 'Developer' + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "apisdev001" + }, + "publisherEmail": { + "value": "apimgmt-noreply@mail.windowsazure.com" + }, + "publisherName": { + "value": "az-amorg-x-001" + }, + // Non-required parameters + "location": { + "value": "" + }, + "sku": { + "value": "Developer" + } + } +} +``` + +
+

+ +### Example 4: _Using large parameter set_ This instance deploys the module with most of its features enabled. @@ -598,9 +720,9 @@ module service 'br/public:avm/res/api-management/service:' = {

-### Example 3: _Test deploying apim v2 sku_ +### Example 5: _Deploying an APIM v2 sku_ -This instance deploys the module using a v2 SKU with the minimum set of required parameters. +This instance deploys the module using a v2 SKU.

@@ -658,7 +780,7 @@ module service 'br/public:avm/res/api-management/service:' = {

-### Example 4: _WAF-aligned_ +### Example 6: _WAF-aligned_ This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework. @@ -1113,6 +1235,12 @@ module service 'br/public:avm/res/api-management/service:' = { | [`publisherEmail`](#parameter-publisheremail) | string | The email address of the owner of the service. | | [`publisherName`](#parameter-publishername) | string | The name of the owner of the service. | +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`skuCapacity`](#parameter-skucapacity) | int | The scale units for this API Management service. Required if using Basic, Standard, or Premium skus. For range of capacities for each sku, reference https://azure.microsoft.com/en-us/pricing/details/api-management/. | + **Optional parameters** | Parameter | Type | Description | @@ -1125,7 +1253,7 @@ module service 'br/public:avm/res/api-management/service:' = { | [`backends`](#parameter-backends) | array | Backends. | | [`caches`](#parameter-caches) | array | Caches. | | [`certificates`](#parameter-certificates) | array | List of Certificates that need to be installed in the API Management service. Max supported certificates that can be installed is 10. | -| [`customProperties`](#parameter-customproperties) | object | Custom properties of the API Management service. | +| [`customProperties`](#parameter-customproperties) | object | Custom properties of the API Management service. Not supported if SKU is Consumption. | | [`diagnosticSettings`](#parameter-diagnosticsettings) | array | The diagnostic settings of the service. | | [`disableGateway`](#parameter-disablegateway) | bool | Property only valid for an API Management service deployed in multiple locations. This can be used to disable the gateway in master region. | | [`enableClientCertificate`](#parameter-enableclientcertificate) | bool | Property only meant to be used for Consumption SKU Service. This enforces a client certificate to be presented on each request to the gateway. This also enables the ability to authenticate the certificate in the policy on the gateway. | @@ -1147,12 +1275,11 @@ module service 'br/public:avm/res/api-management/service:' = { | [`restore`](#parameter-restore) | bool | Undelete API Management Service if it was previously soft-deleted. If this flag is specified and set to True all other properties will be ignored. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignments to create. | | [`sku`](#parameter-sku) | string | The pricing tier of this API Management service. | -| [`skuCount`](#parameter-skucount) | int | The instance size of this API Management service. Not supported with V2 SKUs. If using Consumption, sku should = 0. | | [`subnetResourceId`](#parameter-subnetresourceid) | string | The full resource ID of a subnet in a virtual network to deploy the API Management service in. | | [`subscriptions`](#parameter-subscriptions) | array | Subscriptions. | | [`tags`](#parameter-tags) | object | Tags of the resource. | | [`virtualNetworkType`](#parameter-virtualnetworktype) | string | The type of VPN in which API Management service needs to be configured in. None (Default Value) means the API Management service is not part of any Virtual Network, External means the API Management deployment is set up inside a Virtual Network having an internet Facing Endpoint, and Internal means that API Management deployment is setup inside a Virtual Network having an Intranet Facing Endpoint only. | -| [`zones`](#parameter-zones) | array | A list of availability zones denoting where the resource needs to come from. Not supported with V2 SKUs. | +| [`zones`](#parameter-zones) | array | A list of availability zones denoting where the resource needs to come from. Only supported by Premium sku. | ### Parameter: `name` @@ -1175,6 +1302,14 @@ The name of the owner of the service. - Required: Yes - Type: string +### Parameter: `skuCapacity` + +The scale units for this API Management service. Required if using Basic, Standard, or Premium skus. For range of capacities for each sku, reference https://azure.microsoft.com/en-us/pricing/details/api-management/. + +- Required: No +- Type: int +- Default: `2` + ### Parameter: `additionalLocations` Additional datacenter locations of the API Management service. Not supported with V2 SKUs. @@ -1241,7 +1376,7 @@ List of Certificates that need to be installed in the API Management service. Ma ### Parameter: `customProperties` -Custom properties of the API Management service. +Custom properties of the API Management service. Not supported if SKU is Consumption. - Required: No - Type: object @@ -1704,23 +1839,6 @@ The pricing tier of this API Management service. ] ``` -### Parameter: `skuCount` - -The instance size of this API Management service. Not supported with V2 SKUs. If using Consumption, sku should = 0. - -- Required: No -- Type: int -- Default: `2` -- Allowed: - ```Bicep - [ - 0 - 1 - 2 - 3 - ] - ``` - ### Parameter: `subnetResourceId` The full resource ID of a subnet in a virtual network to deploy the API Management service in. @@ -1761,7 +1879,7 @@ The type of VPN in which API Management service needs to be configured in. None ### Parameter: `zones` -A list of availability zones denoting where the resource needs to come from. Not supported with V2 SKUs. +A list of availability zones denoting where the resource needs to come from. Only supported by Premium sku. - Required: No - Type: array diff --git a/avm/res/api-management/service/api-version-set/main.json b/avm/res/api-management/service/api-version-set/main.json index 128f641d75..85639acf5c 100644 --- a/avm/res/api-management/service/api-version-set/main.json +++ b/avm/res/api-management/service/api-version-set/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "2869637630248924190" + "version": "0.29.47.4906", + "templateHash": "17159723717884761443" }, "name": "API Management Service API Version Sets", "description": "This module deploys an API Management Service API Version Set.", diff --git a/avm/res/api-management/service/api/diagnostics/main.json b/avm/res/api-management/service/api/diagnostics/main.json index 07dc670cb4..83e2b3a003 100644 --- a/avm/res/api-management/service/api/diagnostics/main.json +++ b/avm/res/api-management/service/api/diagnostics/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "15990218139655805007" + "version": "0.29.47.4906", + "templateHash": "15630166564208731013" }, "name": "API Management Service APIs Diagnostics.", "description": "This module deploys an API Management Service API Diagnostics.", diff --git a/avm/res/api-management/service/api/main.json b/avm/res/api-management/service/api/main.json index 151111afb0..e94c21cc8f 100644 --- a/avm/res/api-management/service/api/main.json +++ b/avm/res/api-management/service/api/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "4127687153063244658" + "version": "0.29.47.4906", + "templateHash": "13121653397859804060" }, "name": "API Management Service APIs", "description": "This module deploys an API Management Service API.", @@ -281,8 +281,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "5034167782203178970" + "version": "0.29.47.4906", + "templateHash": "2474188503939052987" }, "name": "API Management Service APIs Policies", "description": "This module deploys an API Management Service API Policy.", @@ -428,8 +428,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "15990218139655805007" + "version": "0.29.47.4906", + "templateHash": "15630166564208731013" }, "name": "API Management Service APIs Diagnostics.", "description": "This module deploys an API Management Service API Diagnostics.", diff --git a/avm/res/api-management/service/api/policy/main.json b/avm/res/api-management/service/api/policy/main.json index 31f20f603c..6defcce4a3 100644 --- a/avm/res/api-management/service/api/policy/main.json +++ b/avm/res/api-management/service/api/policy/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "5034167782203178970" + "version": "0.29.47.4906", + "templateHash": "2474188503939052987" }, "name": "API Management Service APIs Policies", "description": "This module deploys an API Management Service API Policy.", diff --git a/avm/res/api-management/service/authorization-server/main.json b/avm/res/api-management/service/authorization-server/main.json index 01f4479ad5..e966a03d7f 100644 --- a/avm/res/api-management/service/authorization-server/main.json +++ b/avm/res/api-management/service/authorization-server/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "17095671534556603009" + "version": "0.29.47.4906", + "templateHash": "4256977187793378377" }, "name": "API Management Service Authorization Servers", "description": "This module deploys an API Management Service Authorization Server.", diff --git a/avm/res/api-management/service/backend/main.json b/avm/res/api-management/service/backend/main.json index ce7ff8c555..2a5ea70d52 100644 --- a/avm/res/api-management/service/backend/main.json +++ b/avm/res/api-management/service/backend/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "1411324864869146839" + "version": "0.29.47.4906", + "templateHash": "2365531440872951056" }, "name": "API Management Service Backends", "description": "This module deploys an API Management Service Backend.", diff --git a/avm/res/api-management/service/cache/main.json b/avm/res/api-management/service/cache/main.json index cccb18e258..b66a377833 100644 --- a/avm/res/api-management/service/cache/main.json +++ b/avm/res/api-management/service/cache/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "8223409608484938303" + "version": "0.29.47.4906", + "templateHash": "3234729148013684780" }, "name": "API Management Service Caches", "description": "This module deploys an API Management Service Cache.", diff --git a/avm/res/api-management/service/identity-provider/main.json b/avm/res/api-management/service/identity-provider/main.json index eedd448e18..a6563d4a31 100644 --- a/avm/res/api-management/service/identity-provider/main.json +++ b/avm/res/api-management/service/identity-provider/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "834622836195899034" + "version": "0.29.47.4906", + "templateHash": "13129392765749462635" }, "name": "API Management Service Identity Providers", "description": "This module deploys an API Management Service Identity Provider.", diff --git a/avm/res/api-management/service/loggers/main.json b/avm/res/api-management/service/loggers/main.json index 34d7e48e02..9a6b6378bd 100644 --- a/avm/res/api-management/service/loggers/main.json +++ b/avm/res/api-management/service/loggers/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "11123719171758533120" + "version": "0.29.47.4906", + "templateHash": "12986610229102962453" }, "name": "API Management Service Loggers", "description": "This module deploys an API Management Service Logger.", diff --git a/avm/res/api-management/service/main.bicep b/avm/res/api-management/service/main.bicep index e6ecb97e55..46854e9628 100644 --- a/avm/res/api-management/service/main.bicep +++ b/avm/res/api-management/service/main.bicep @@ -1,5 +1,5 @@ metadata name = 'API Management Services' -metadata description = 'This module deploys an API Management Service.' +metadata description = 'This module deploys an API Management Service. The default deployment is set to use a Premium SKU to align with Microsoft WAF-aligned best practices. In most cases, non-prod deployments should use a lower-tier SKU.' metadata owner = 'Azure/module-maintainers' @description('Optional. Additional datacenter locations of the API Management service. Not supported with V2 SKUs.') @@ -15,7 +15,7 @@ param certificates array = [] @description('Optional. Enable/Disable usage telemetry for module.') param enableTelemetry bool = true -@description('Optional. Custom properties of the API Management service.') +@description('Optional. Custom properties of the API Management service. Not supported if SKU is Consumption.') param customProperties object = { 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TripleDes168': 'False' 'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA': 'False' @@ -75,14 +75,8 @@ param roleAssignments roleAssignmentType ]) param sku string = 'Premium' -@description('Optional. The instance size of this API Management service. Not supported with V2 SKUs. If using Consumption, sku should = 0.') -@allowed([ - 0 - 1 - 2 - 3 -]) -param skuCount int = 2 +@description('Conditional. The scale units for this API Management service. Required if using Basic, Standard, or Premium skus. For range of capacities for each sku, reference https://azure.microsoft.com/en-us/pricing/details/api-management/.') +param skuCapacity int = 2 @description('Optional. The full resource ID of a subnet in a virtual network to deploy the API Management service in.') param subnetResourceId string? @@ -101,7 +95,7 @@ param virtualNetworkType string = 'None' @description('Optional. The diagnostic settings of the service.') param diagnosticSettings diagnosticSettingType -@description('Optional. A list of availability zones denoting where the resource needs to come from. Not supported with V2 SKUs.') +@description('Optional. A list of availability zones denoting where the resource needs to come from. Only supported by Premium sku.') param zones array = [1, 2] @description('Optional. Necessary to create a new GUID.') @@ -222,17 +216,17 @@ resource service 'Microsoft.ApiManagement/service@2023-05-01-preview' = { tags: tags sku: { name: sku - capacity: contains(sku, 'V2') ? 1 : contains(sku, 'Consumption') ? 0 : skuCount + capacity: contains(sku, 'Consumption') ? 0 : contains(sku, 'Developer') ? 1 : skuCapacity } - zones: contains(sku, 'V2') ? null : zones + zones: contains(sku, 'Premium') ? zones : null identity: identity properties: { publisherEmail: publisherEmail publisherName: publisherName notificationSenderEmail: notificationSenderEmail hostnameConfigurations: hostnameConfigurations - additionalLocations: contains(sku, 'V2') ? null : additionalLocations - customProperties: customProperties + additionalLocations: contains(sku, 'Premium') ? additionalLocations : null + customProperties: contains(sku, 'Consumption') ? null : customProperties certificates: certificates enableClientCertificate: enableClientCertificate ? true : null disableGateway: disableGateway @@ -438,6 +432,9 @@ module service_loggers 'loggers/main.bicep' = [ loggerType: contains(logger, 'loggerType') ? logger.loggerType : 'azureMonitor' targetResourceId: contains(logger, 'targetResourceId') ? logger.targetResourceId : '' } + dependsOn: [ + service_namedValues + ] } ] diff --git a/avm/res/api-management/service/main.json b/avm/res/api-management/service/main.json index 23216df2d3..8e33e7db27 100644 --- a/avm/res/api-management/service/main.json +++ b/avm/res/api-management/service/main.json @@ -5,11 +5,11 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "11498940478310122046" + "version": "0.29.47.4906", + "templateHash": "6395782495647847617" }, "name": "API Management Services", - "description": "This module deploys an API Management Service.", + "description": "This module deploys an API Management Service. The default deployment is set to use a Premium SKU to align with Microsoft WAF-aligned best practices. In most cases, non-prod deployments should use a lower-tier SKU.", "owner": "Azure/module-maintainers" }, "definitions": { @@ -290,7 +290,7 @@ "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_GCM_SHA256": "False" }, "metadata": { - "description": "Optional. Custom properties of the API Management service." + "description": "Optional. Custom properties of the API Management service. Not supported if SKU is Consumption." } }, "disableGateway": { @@ -388,17 +388,11 @@ "description": "Optional. The pricing tier of this API Management service." } }, - "skuCount": { + "skuCapacity": { "type": "int", "defaultValue": 2, - "allowedValues": [ - 0, - 1, - 2, - 3 - ], "metadata": { - "description": "Optional. The instance size of this API Management service. Not supported with V2 SKUs. If using Consumption, sku should = 0." + "description": "Conditional. The scale units for this API Management service. Required if using Basic, Standard, or Premium skus. For range of capacities for each sku, reference https://azure.microsoft.com/en-us/pricing/details/api-management/." } }, "subnetResourceId": { @@ -440,7 +434,7 @@ 2 ], "metadata": { - "description": "Optional. A list of availability zones denoting where the resource needs to come from. Not supported with V2 SKUs." + "description": "Optional. A list of availability zones denoting where the resource needs to come from. Only supported by Premium sku." } }, "newGuidValue": { @@ -594,17 +588,17 @@ "tags": "[parameters('tags')]", "sku": { "name": "[parameters('sku')]", - "capacity": "[if(contains(parameters('sku'), 'V2'), 1, if(contains(parameters('sku'), 'Consumption'), 0, parameters('skuCount')))]" + "capacity": "[if(contains(parameters('sku'), 'Consumption'), 0, if(contains(parameters('sku'), 'Developer'), 1, parameters('skuCapacity')))]" }, - "zones": "[if(contains(parameters('sku'), 'V2'), null(), parameters('zones'))]", + "zones": "[if(contains(parameters('sku'), 'Premium'), parameters('zones'), null())]", "identity": "[variables('identity')]", "properties": { "publisherEmail": "[parameters('publisherEmail')]", "publisherName": "[parameters('publisherName')]", "notificationSenderEmail": "[parameters('notificationSenderEmail')]", "hostnameConfigurations": "[parameters('hostnameConfigurations')]", - "additionalLocations": "[if(contains(parameters('sku'), 'V2'), null(), parameters('additionalLocations'))]", - "customProperties": "[parameters('customProperties')]", + "additionalLocations": "[if(contains(parameters('sku'), 'Premium'), parameters('additionalLocations'), null())]", + "customProperties": "[if(contains(parameters('sku'), 'Consumption'), null(), parameters('customProperties'))]", "certificates": "[parameters('certificates')]", "enableClientCertificate": "[if(parameters('enableClientCertificate'), true(), null())]", "disableGateway": "[parameters('disableGateway')]", @@ -783,8 +777,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "4127687153063244658" + "version": "0.29.47.4906", + "templateHash": "13121653397859804060" }, "name": "API Management Service APIs", "description": "This module deploys an API Management Service API.", @@ -1059,8 +1053,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "5034167782203178970" + "version": "0.29.47.4906", + "templateHash": "2474188503939052987" }, "name": "API Management Service APIs Policies", "description": "This module deploys an API Management Service API Policy.", @@ -1206,8 +1200,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "15990218139655805007" + "version": "0.29.47.4906", + "templateHash": "15630166564208731013" }, "name": "API Management Service APIs Diagnostics.", "description": "This module deploys an API Management Service API Diagnostics.", @@ -1432,8 +1426,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "2869637630248924190" + "version": "0.29.47.4906", + "templateHash": "17159723717884761443" }, "name": "API Management Service API Version Sets", "description": "This module deploys an API Management Service API Version Set.", @@ -1548,8 +1542,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "17095671534556603009" + "version": "0.29.47.4906", + "templateHash": "4256977187793378377" }, "name": "API Management Service Authorization Servers", "description": "This module deploys an API Management Service Authorization Server.", @@ -1791,8 +1785,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "1411324864869146839" + "version": "0.29.47.4906", + "templateHash": "2365531440872951056" }, "name": "API Management Service Backends", "description": "This module deploys an API Management Service Backend.", @@ -1975,8 +1969,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "8223409608484938303" + "version": "0.29.47.4906", + "templateHash": "3234729148013684780" }, "name": "API Management Service Caches", "description": "This module deploys an API Management Service Cache.", @@ -2133,8 +2127,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "15990218139655805007" + "version": "0.29.47.4906", + "templateHash": "15630166564208731013" }, "name": "API Management Service APIs Diagnostics.", "description": "This module deploys an API Management Service API Diagnostics.", @@ -2339,8 +2333,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "834622836195899034" + "version": "0.29.47.4906", + "templateHash": "13129392765749462635" }, "name": "API Management Service Identity Providers", "description": "This module deploys an API Management Service Identity Provider.", @@ -2521,8 +2515,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "11123719171758533120" + "version": "0.29.47.4906", + "templateHash": "12986610229102962453" }, "name": "API Management Service Loggers", "description": "This module deploys an API Management Service Logger.", @@ -2618,7 +2612,8 @@ } }, "dependsOn": [ - "service" + "service", + "service_namedValues" ] }, "service_namedValues": { @@ -2658,8 +2653,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "14618669791216532904" + "version": "0.29.47.4906", + "templateHash": "3479776319506170502" }, "name": "API Management Service Named Values", "description": "This module deploys an API Management Service Named Value.", @@ -2799,8 +2794,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "535385624688793699" + "version": "0.29.47.4906", + "templateHash": "10271256088614129674" }, "name": "API Management Service Portal Settings", "description": "This module deploys an API Management Service Portal Setting.", @@ -2896,8 +2891,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "5324506884411715219" + "version": "0.29.47.4906", + "templateHash": "11443463088593763324" }, "name": "API Management Service Policies", "description": "This module deploys an API Management Service Policy.", @@ -3012,8 +3007,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "13125454306061578309" + "version": "0.29.47.4906", + "templateHash": "6230115773857876317" }, "name": "API Management Service Products", "description": "This module deploys an API Management Service Product.", @@ -3134,8 +3129,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "4018261656720912671" + "version": "0.29.47.4906", + "templateHash": "1052981479169082206" }, "name": "API Management Service Products APIs", "description": "This module deploys an API Management Service Product API.", @@ -3224,8 +3219,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "6078964374640716249" + "version": "0.29.47.4906", + "templateHash": "5748451278124986706" }, "name": "API Management Service Products Groups", "description": "This module deploys an API Management Service Product Group.", @@ -3381,8 +3376,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "4461001441551159036" + "version": "0.29.47.4906", + "templateHash": "9499976066778278010" }, "name": "API Management Service Subscriptions", "description": "This module deploys an API Management Service Subscription.", diff --git a/avm/res/api-management/service/named-value/main.json b/avm/res/api-management/service/named-value/main.json index fdc0c0b970..4be9cba518 100644 --- a/avm/res/api-management/service/named-value/main.json +++ b/avm/res/api-management/service/named-value/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "14618669791216532904" + "version": "0.29.47.4906", + "templateHash": "3479776319506170502" }, "name": "API Management Service Named Values", "description": "This module deploys an API Management Service Named Value.", diff --git a/avm/res/api-management/service/policy/main.json b/avm/res/api-management/service/policy/main.json index 463c1a7203..83d9434240 100644 --- a/avm/res/api-management/service/policy/main.json +++ b/avm/res/api-management/service/policy/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "5324506884411715219" + "version": "0.29.47.4906", + "templateHash": "11443463088593763324" }, "name": "API Management Service Policies", "description": "This module deploys an API Management Service Policy.", diff --git a/avm/res/api-management/service/portalsetting/main.json b/avm/res/api-management/service/portalsetting/main.json index 7126cf7ed1..779c574120 100644 --- a/avm/res/api-management/service/portalsetting/main.json +++ b/avm/res/api-management/service/portalsetting/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "535385624688793699" + "version": "0.29.47.4906", + "templateHash": "10271256088614129674" }, "name": "API Management Service Portal Settings", "description": "This module deploys an API Management Service Portal Setting.", diff --git a/avm/res/api-management/service/product/api/main.json b/avm/res/api-management/service/product/api/main.json index 5eb9fa4987..4042b9bf61 100644 --- a/avm/res/api-management/service/product/api/main.json +++ b/avm/res/api-management/service/product/api/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "4018261656720912671" + "version": "0.29.47.4906", + "templateHash": "1052981479169082206" }, "name": "API Management Service Products APIs", "description": "This module deploys an API Management Service Product API.", diff --git a/avm/res/api-management/service/product/group/main.json b/avm/res/api-management/service/product/group/main.json index df0b793b4a..4ac13f0dac 100644 --- a/avm/res/api-management/service/product/group/main.json +++ b/avm/res/api-management/service/product/group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "6078964374640716249" + "version": "0.29.47.4906", + "templateHash": "5748451278124986706" }, "name": "API Management Service Products Groups", "description": "This module deploys an API Management Service Product Group.", diff --git a/avm/res/api-management/service/product/main.json b/avm/res/api-management/service/product/main.json index 05b02c725b..73dd3977b6 100644 --- a/avm/res/api-management/service/product/main.json +++ b/avm/res/api-management/service/product/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "13125454306061578309" + "version": "0.29.47.4906", + "templateHash": "6230115773857876317" }, "name": "API Management Service Products", "description": "This module deploys an API Management Service Product.", @@ -126,8 +126,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "4018261656720912671" + "version": "0.29.47.4906", + "templateHash": "1052981479169082206" }, "name": "API Management Service Products APIs", "description": "This module deploys an API Management Service Product API.", @@ -216,8 +216,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "6078964374640716249" + "version": "0.29.47.4906", + "templateHash": "5748451278124986706" }, "name": "API Management Service Products Groups", "description": "This module deploys an API Management Service Product Group.", diff --git a/avm/res/api-management/service/subscription/main.json b/avm/res/api-management/service/subscription/main.json index 5a7676a0e6..5510d60858 100644 --- a/avm/res/api-management/service/subscription/main.json +++ b/avm/res/api-management/service/subscription/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "4461001441551159036" + "version": "0.29.47.4906", + "templateHash": "9499976066778278010" }, "name": "API Management Service Subscriptions", "description": "This module deploys an API Management Service Subscription.", diff --git a/avm/res/api-management/service/tests/e2e/consumptionSku/main.test.bicep b/avm/res/api-management/service/tests/e2e/consumptionSku/main.test.bicep new file mode 100644 index 0000000000..98c77a6933 --- /dev/null +++ b/avm/res/api-management/service/tests/e2e/consumptionSku/main.test.bicep @@ -0,0 +1,51 @@ +targetScope = 'subscription' + +metadata name = 'Deploying a Consumption SKU' +metadata description = 'This instance deploys the module using a Consumption SKU.' + +// ========== // +// Parameters // +// ========== // + +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'dep-${namePrefix}-apimanagement.service-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param resourceLocation string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'apiscon' + +@description('Optional. A token to inject into the name of each resource.') +param namePrefix string = '#_namePrefix_#' + +// ============ // +// Dependencies // +// ============ // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: resourceLocation +} + +// ============== // +// Test Execution // +// ============== // + +@batchSize(1) +module testDeployment '../../../main.bicep' = [ + for iteration in ['init', 'idem']: { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' + params: { + name: '${namePrefix}${serviceShort}001' + location: resourceLocation + publisherEmail: 'apimgmt-noreply@mail.windowsazure.com' + publisherName: '${namePrefix}-az-amorg-x-001' + sku: 'Consumption' + } + } +] diff --git a/avm/res/api-management/service/tests/e2e/defaults/main.test.bicep b/avm/res/api-management/service/tests/e2e/defaults/main.test.bicep index 4b757bf9b6..d1dd29a05c 100644 --- a/avm/res/api-management/service/tests/e2e/defaults/main.test.bicep +++ b/avm/res/api-management/service/tests/e2e/defaults/main.test.bicep @@ -36,13 +36,15 @@ resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { // ============== // @batchSize(1) -module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' ]: { - scope: resourceGroup - name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' - params: { - name: '${namePrefix}${serviceShort}001' - location: resourceLocation - publisherEmail: 'apimgmt-noreply@mail.windowsazure.com' - publisherName: '${namePrefix}-az-amorg-x-001' +module testDeployment '../../../main.bicep' = [ + for iteration in ['init', 'idem']: { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' + params: { + name: '${namePrefix}${serviceShort}001' + location: resourceLocation + publisherEmail: 'apimgmt-noreply@mail.windowsazure.com' + publisherName: '${namePrefix}-az-amorg-x-001' + } } -}] +] diff --git a/avm/res/api-management/service/tests/e2e/developerSku/main.test.bicep b/avm/res/api-management/service/tests/e2e/developerSku/main.test.bicep new file mode 100644 index 0000000000..419585af28 --- /dev/null +++ b/avm/res/api-management/service/tests/e2e/developerSku/main.test.bicep @@ -0,0 +1,51 @@ +targetScope = 'subscription' + +metadata name = 'Deploying a Developer SKU' +metadata description = 'This instance deploys the module using a Developer SKU.' + +// ========== // +// Parameters // +// ========== // + +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'dep-${namePrefix}-apimanagement.service-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param resourceLocation string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'apisdev' + +@description('Optional. A token to inject into the name of each resource.') +param namePrefix string = '#_namePrefix_#' + +// ============ // +// Dependencies // +// ============ // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: resourceLocation +} + +// ============== // +// Test Execution // +// ============== // + +@batchSize(1) +module testDeployment '../../../main.bicep' = [ + for iteration in ['init', 'idem']: { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' + params: { + name: '${namePrefix}${serviceShort}001' + location: resourceLocation + publisherEmail: 'apimgmt-noreply@mail.windowsazure.com' + publisherName: '${namePrefix}-az-amorg-x-001' + sku: 'Developer' + } + } +] diff --git a/avm/res/api-management/service/tests/e2e/v2sku/main.test.bicep b/avm/res/api-management/service/tests/e2e/v2Sku/main.test.bicep similarity index 93% rename from avm/res/api-management/service/tests/e2e/v2sku/main.test.bicep rename to avm/res/api-management/service/tests/e2e/v2Sku/main.test.bicep index 49fa338dc6..62151c9a05 100644 --- a/avm/res/api-management/service/tests/e2e/v2sku/main.test.bicep +++ b/avm/res/api-management/service/tests/e2e/v2Sku/main.test.bicep @@ -1,7 +1,7 @@ targetScope = 'subscription' -metadata name = 'Test deploying apim v2 sku' -metadata description = 'This instance deploys the module using a v2 SKU with the minimum set of required parameters.' +metadata name = 'Deploying an APIM v2 sku' +metadata description = 'This instance deploys the module using a v2 SKU.' // ========== // // Parameters // diff --git a/avm/utilities/pipelines/staticValidation/psrule/.ps-rule/min-suppress.Rule.yaml b/avm/utilities/pipelines/staticValidation/psrule/.ps-rule/min-suppress.Rule.yaml index 5e9c67b778..603250a1e1 100644 --- a/avm/utilities/pipelines/staticValidation/psrule/.ps-rule/min-suppress.Rule.yaml +++ b/avm/utilities/pipelines/staticValidation/psrule/.ps-rule/min-suppress.Rule.yaml @@ -43,6 +43,9 @@ spec: - Azure.FrontDoor.Probe # Supressed as the probe is being provided as parameter and we are not able to enforce as default value - Azure.FrontDoor.ProbeMethod # Supressed as the probe method is being provided as parameter and we are not able to enforce as default value - Azure.FrontDoor.ProbePath # Supressed as the probe path is being provided as parameter and we are not able to enforce as default value + # Azure API Management + - Azure.APIM.MultiRegion # Team agreed this is too expensive for most use cases and is safe to ignore. Would require dependencies for a min deployment. + - Azure.APIM.ManagedIdentity if: name: "." contains: diff --git a/avm/utilities/pipelines/staticValidation/psrule/ps-rule.yaml b/avm/utilities/pipelines/staticValidation/psrule/ps-rule.yaml index cedbb7630d..3f1c9005fa 100644 --- a/avm/utilities/pipelines/staticValidation/psrule/ps-rule.yaml +++ b/avm/utilities/pipelines/staticValidation/psrule/ps-rule.yaml @@ -80,4 +80,3 @@ rule: - Azure.KeyVault.PurgeProtect - Azure.VM.UseHybridUseBenefit - Azure.AppConfig.PurgeProtect - - Azure.APIM.MultiRegion # Team agreed this is too expensive for most use cases and is safe to ignore.