public void TestDeserializerBothValuesNull()
{
var identityJsonProperty = DeserializerHelper("UserAssignedBothValuesNull.json");
var back = UserAssignedIdentity.DeserializeUserAssignedIdentity(identityJsonProperty);
Assert.IsNull(back);
}
public void TestDeserializerDefaultJson()
{
JsonElement invalid = default(JsonElement);
Assert.Throws <ArgumentException>(delegate
{ UserAssignedIdentity.DeserializeUserAssignedIdentity(invalid); });
}
public void TestEqualsFalse()
{
UserAssignedIdentity identity1 = new UserAssignedIdentity(new Guid("72f988bf-86f1-41af-91ab-2d7cd011db47"), new Guid("de29bab1-49e1-4705-819b-4dfddceaaa98"));
UserAssignedIdentity identity2 = new UserAssignedIdentity(new Guid("72f988bf-86f1-41af-91ab-2d7cd011db42"), new Guid("de29bab1-49e1-4705-819b-4dfddceaaa98"));
Assert.IsFalse(UserAssignedIdentity.Equals(identity1, identity2));
}
public void TestDeserializerOneEmptyString()
{
var identityJsonProperty = DeserializerHelper("UserAssignedOneEmptyString.json");
Assert.Throws <FormatException>(delegate
{ UserAssignedIdentity.DeserializeUserAssignedIdentity(identityJsonProperty); });
}
public void TestDeserializerPrincipalIdValueNull()
{
var identityJsonProperty = DeserializerHelper("UserAssignedOneOtherValueNull.json");
Assert.Throws <InvalidOperationException>(delegate
{ UserAssignedIdentity.DeserializeUserAssignedIdentity(identityJsonProperty); });
}
public void TestSerializerValidUserNullSystem()
{
UserAssignedIdentity userAssignedIdentity = new UserAssignedIdentity(new Guid("72f988bf-86f1-41af-91ab-2d7cd011db47"), new Guid("de29bab1-49e1-4705-819b-4dfddceaaa98"));
var dict1 = new Dictionary <ResourceIdentifier, UserAssignedIdentity>();
dict1["/subscriptions/6b085460-5f21-477e-ba44-1035046e9101/resourceGroups/nbhatia_test/providers/Microsoft.Web/sites/autoreport"] = userAssignedIdentity;
Identity identity = new Identity(dict1, false);
string user = "******"clientId\":\"72f988bf-86f1-41af-91ab-2d7cd011db47\",\"principalId\":\"de29bab1-49e1-4705-819b-4dfddceaaa98\"}";
string expected = "{\"identity\":{" +
"\"kind\":\"UserAssigned\"," +
"\"userAssignedIdentities\":" +
"{" + "\"/subscriptions/6b085460-5f21-477e-ba44-1035046e9101/resourceGroups/nbhatia_test/providers/Microsoft.Web/sites/autoreport\":" +
user + "}}}";
string actual = "";
using (Stream stream = new MemoryStream())
{
using (StreamReader streamReader = new StreamReader(stream))
{
var writer = new Utf8JsonWriter(stream);
Identity.Serialize(writer, identity);
stream.Seek(0, SeekOrigin.Begin);
actual = streamReader.ReadToEnd();
}
}
Assert.AreEqual(expected, actual);
}
public void TestSerializerArray()
{
UserAssignedIdentity userAssignedIdentity1 = new UserAssignedIdentity(new Guid("3beb288c-c3f9-4300-896f-02fbf175b6be"), new Guid("d0416856-d6cf-466d-8d64-ddc8d7782096"));
UserAssignedIdentity userAssignedIdentity2 = new UserAssignedIdentity(new Guid("fbb39377-ff46-4a82-8c47-42d573180482"), new Guid("6d63ce43-c3ac-4b03-933d-4bc31eae50b2"));
string actual = "";
UserAssignedIdentity[] identities = { userAssignedIdentity1, userAssignedIdentity2 };
using (Stream stream = new MemoryStream())
{
using (StreamReader streamReader = new StreamReader(stream))
{
foreach (var identity in identities)
{
var writer = new Utf8JsonWriter(stream);
UserAssignedIdentity.Serialize(writer, identity);
stream.Seek(0, SeekOrigin.Begin);
actual = streamReader.ReadToEnd();
}
}
}
string expected = "{\"clientId\":\"3beb288c-c3f9-4300-896f-02fbf175b6be\"," +
"\"principalId\":\"d0416856-d6cf-466d-8d64-ddc8d7782096\"}" +
"{\"clientId\":\"fbb39377-ff46-4a82-8c47-42d573180482\"," +
"\"principalId\":\"6d63ce43-c3ac-4b03-933d-4bc31eae50b2\"}";
Assert.AreEqual(expected, actual);
}
public void EqualsMethodFalse(string clientId1, string principalId1, string clientId2, string principalId2)
{
UserAssignedIdentity identity1 = new UserAssignedIdentity(new Guid(clientId1), new Guid(principalId1));
UserAssignedIdentity identity2 = new UserAssignedIdentity(new Guid(clientId2), new Guid(principalId2));
Assert.IsFalse(identity1.Equals(identity2));
}
public void TestDeserializerValidMultipleIdentities()
{
var json = GetFileText("UserAssignedValidMultipleIdentities.json");
JsonDocument document = JsonDocument.Parse(json);
UserAssignedIdentity[] identities = new UserAssignedIdentity[2];
var properties = document.RootElement.EnumerateObject().First().Value;
int count = 0;
foreach (var property in properties.EnumerateObject())
{
if (property.NameEquals("userAssignedIdentities"))
{
foreach (var keyValuePair in property.Value.EnumerateObject())
{
identities[count] = UserAssignedIdentity.DeserializeUserAssignedIdentity(keyValuePair.Value);
count++;
}
}
}
Assert.IsTrue("3beb288c-c3f9-4300-896f-02fbf175b6be".Equals(identities[0].ClientId.ToString()));
Assert.IsTrue("d0416856-d6cf-466d-8d64-ddc8d7782096".Equals(identities[0].PrincipalId.ToString()));
Assert.IsTrue("fbb39377-ff46-4a82-8c47-42d573180482".Equals(identities[1].ClientId.ToString()));
Assert.IsTrue("6d63ce43-c3ac-4b03-933d-4bc31eae50b2".Equals(identities[1].PrincipalId.ToString()));
}
public void TestSerializerNullIdentity()
{
UserAssignedIdentity userAssignedIdentity = null;
Assert.Throws <NullReferenceException>(delegate
{ JsonAsserts.AssertSerializes(userAssignedIdentity); });
}
public void TestEqualsBothIdentitiesNull()
{
UserAssignedIdentity identity1 = null;
UserAssignedIdentity identity2 = null;
Assert.IsTrue(UserAssignedIdentity.Equals(identity1, identity2));
}
public void EqualsMethodOneIdentityNull()
{
UserAssignedIdentity identity1 = new UserAssignedIdentity(Guid.Empty, Guid.Empty);
UserAssignedIdentity identity2 = null;
Assert.IsFalse(identity1.Equals(identity2));
}
public void CompareToMethodOneIdentityNull()
{
UserAssignedIdentity identity1 = new UserAssignedIdentity(Guid.Empty, Guid.Empty);
UserAssignedIdentity identity2 = null;
Assert.AreEqual(1, identity1.CompareTo(identity2));
}
public void CheckUserFalseConstructor(string resourceID, bool invalidParameter)
{
var dict1 = new Dictionary <ResourceIdentifier, UserAssignedIdentity>();
if (invalidParameter)
{
if (resourceID is null)
{
Assert.Throws <ArgumentNullException>(() => { dict1[resourceID] = new UserAssignedIdentity(Guid.Empty, Guid.Empty); });
}
else
{
Assert.Throws <ArgumentOutOfRangeException>(() => { dict1[resourceID] = new UserAssignedIdentity(Guid.Empty, Guid.Empty); });
}
}
else
{
dict1[resourceID] = new UserAssignedIdentity(Guid.Empty, Guid.Empty);
var system = new SystemAssignedIdentity(Guid.Empty, Guid.Empty);
Identity identity = new Identity(system, dict1);
Assert.IsNotNull(identity);
Assert.IsNotNull(identity.UserAssignedIdentities);
Assert.IsTrue(identity.UserAssignedIdentities.Count == 1);
Assert.IsNotNull(identity.SystemAssignedIdentity);
Assert.IsTrue(identity.SystemAssignedIdentity.TenantId.Equals(Guid.Empty));
Assert.IsTrue(identity.SystemAssignedIdentity.PrincipalId.Equals(Guid.Empty));
}
}
public void TestDeserializerClientIdInvalid()
{
var identityJsonProperty = DeserializerHelper("UserAssignedInvalid.json");
Assert.Throws <InvalidOperationException>(delegate
{ UserAssignedIdentity.DeserializeUserAssignedIdentity(identityJsonProperty); });
}
public void TestSerializerValidIdentity()
{
UserAssignedIdentity userAssignedIdentity = new UserAssignedIdentity(new Guid("72f988bf-86f1-41af-91ab-2d7cd011db47"), new Guid("de29bab1-49e1-4705-819b-4dfddceaaa98"));
string expected = "{\"clientId\":\"72f988bf-86f1-41af-91ab-2d7cd011db47\",\"principalId\":\"de29bab1-49e1-4705-819b-4dfddceaaa98\"}";
JsonAsserts.AssertSerialization(expected, userAssignedIdentity);
}
public void TestSerializerNullWriter()
{
UserAssignedIdentity userAssignedIdentity = new UserAssignedIdentity(new Guid("72f988bf-86f1-41af-91ab-2d7cd011db47"), new Guid("de29bab1-49e1-4705-819b-4dfddceaaa98"));
var serializable = userAssignedIdentity as IUtf8JsonSerializable;
Assert.Throws <ArgumentNullException>(delegate
{ serializable.Write(null); });
}
public void CompareTo(int answer, string clientId1, string principalId1, string clientId2, string principalId2)
{
UserAssignedIdentity identity1 = new UserAssignedIdentity(new Guid(clientId1), new Guid(principalId1));
UserAssignedIdentity identity2 = new UserAssignedIdentity(new Guid(clientId2), new Guid(principalId2));
Assert.AreEqual(answer, identity1.CompareTo(identity2));
Assert.AreEqual(answer * -1, identity2.CompareTo(identity1));
}
public void TestDeserializerValidExtraField()
{
var identityJsonProperty = DeserializerHelper("UserAssignedExtraField.json");
UserAssignedIdentity back = UserAssignedIdentity.DeserializeUserAssignedIdentity(identityJsonProperty);
Assert.IsTrue("3beb288c-c3f9-4300-896f-02fbf175b6be".Equals(back.ClientId.ToString()));
Assert.IsTrue("d0416856-d6cf-466d-8d64-ddc8d7782096".Equals(back.PrincipalId.ToString()));
}
public void TestSerializerNullWriter()
{
UserAssignedIdentity userAssignedIdentity = new UserAssignedIdentity(new Guid("72f988bf-86f1-41af-91ab-2d7cd011db47"), new Guid("de29bab1-49e1-4705-819b-4dfddceaaa98"));
using (Stream stream = new MemoryStream())
{
Assert.Throws <ArgumentNullException>(delegate { UserAssignedIdentity.Serialize(null, userAssignedIdentity); });
}
}
public void TestSerializerNullIdentity()
{
UserAssignedIdentity userAssignedIdentity = null;
using (Stream stream = new MemoryStream())
{
var writer = new Utf8JsonWriter(stream);
Assert.Throws <ArgumentNullException>(delegate { UserAssignedIdentity.Serialize(writer, userAssignedIdentity); });
}
}
public void TestSerializerValidUserNullSystem()
{
UserAssignedIdentity userAssignedIdentity = new UserAssignedIdentity(new Guid("72f988bf-86f1-41af-91ab-2d7cd011db47"), new Guid("de29bab1-49e1-4705-819b-4dfddceaaa98"));
var dict1 = new Dictionary<string, UserAssignedIdentity>();
dict1["/subscriptions/db1ab6f0-4769-4aa7-930e-01e2ef9c123c/resourceGroups/tester/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testidentity"] = userAssignedIdentity;
ManagedServiceIdentity identity = new ManagedServiceIdentity(null, null, ManagedServiceIdentityType.UserAssigned, dict1);
string user = "******";
string expected = "{\"type\":\"UserAssigned\"," +
"\"userAssignedIdentities\":" +
"{" + "\"/subscriptions/db1ab6f0-4769-4aa7-930e-01e2ef9c123c/resourceGroups/tester/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testidentity\":" +
user + "}}";
JsonAsserts.AssertConverterSerialization(expected, identity);
}
public void TestSerializerValidUserNullSystem()
{
UserAssignedIdentity userAssignedIdentity = new UserAssignedIdentity(new Guid("72f988bf-86f1-41af-91ab-2d7cd011db47"), new Guid("de29bab1-49e1-4705-819b-4dfddceaaa98"));
var dict1 = new Dictionary <ResourceIdentifier, UserAssignedIdentity>();
dict1[new ResourceIdentifier("/subscriptions/6b085460-5f21-477e-ba44-1035046e9101/resourceGroups/nbhatia_test/providers/Microsoft.Web/sites/autoreport")] = userAssignedIdentity;
ResourceIdentity identity = new ResourceIdentity(dict1, false);
string user = "******";
string expected = "{\"identity\":{" +
"\"type\":\"UserAssigned\"," +
"\"userAssignedIdentities\":" +
"{" + "\"/subscriptions/6b085460-5f21-477e-ba44-1035046e9101/resourceGroups/nbhatia_test/providers/Microsoft.Web/sites/autoreport\":" +
user + "}}}";
JsonAsserts.AssertSerialization(expected, identity);
}
public void TestDeserializerInvalidMultipleIdentities()
{
var json = File.ReadAllText("./TestAssets/UserAssignedIdentity/UserAssignedInvalidMultipleIdentities.json");
JsonDocument document = JsonDocument.Parse(json);
var properties = document.RootElement.EnumerateObject().First().Value;
foreach (var property in properties.EnumerateObject())
{
if (property.NameEquals("userAssignedIdentities"))
{
foreach (var keyValuePair in property.Value.EnumerateObject())
{
Assert.Throws <InvalidOperationException>(delegate { UserAssignedIdentity.Deserialize(keyValuePair.Value); });
}
}
}
}
public void TestSerializerValidIdentity()
{
UserAssignedIdentity userAssignedIdentity = new UserAssignedIdentity(new Guid("72f988bf-86f1-41af-91ab-2d7cd011db47"), new Guid("de29bab1-49e1-4705-819b-4dfddceaaa98"));
string actual = "";
using (Stream stream = new MemoryStream())
{
using (StreamReader streamReader = new StreamReader(stream))
{
var writer = new Utf8JsonWriter(stream);
UserAssignedIdentity.Serialize(writer, userAssignedIdentity);
stream.Seek(0, SeekOrigin.Begin);
actual = streamReader.ReadToEnd();
}
}
string expected = "{\"clientId\":\"72f988bf-86f1-41af-91ab-2d7cd011db47\",\"principalId\":\"de29bab1-49e1-4705-819b-4dfddceaaa98\"}";
Assert.AreEqual(expected, actual);
}
public void TestSerializerValidSystemAndUserV3()
{
UserAssignedIdentity userAssignedIdentity = new UserAssignedIdentity(new Guid("72f988bf-86f1-41af-91ab-2d7cd011db47"), new Guid("de29bab1-49e1-4705-819b-4dfddceaaa98"));
var dict1 = new Dictionary <ResourceIdentifier, UserAssignedIdentity>();
dict1[new ResourceIdentifier("/subscriptions/db1ab6f0-4769-4aa7-930e-01e2ef9c123c/resourceGroups/tester/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testidentity")] = userAssignedIdentity;
ManagedServiceIdentity identity = new ManagedServiceIdentity(new Guid("de29bab1-49e1-4705-819b-4dfddceaaa98"), new Guid("72f988bf-86f1-41af-91ab-2d7cd011db47"), ManagedServiceIdentityType.SystemAssignedUserAssigned, dict1);
string user = "******";
string expected = "{" +
"\"type\":\"SystemAssigned,UserAssigned\"," +
"\"userAssignedIdentities\":" +
"{" + "\"/subscriptions/db1ab6f0-4769-4aa7-930e-01e2ef9c123c/resourceGroups/tester/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testidentity\":" +
user + "}}";
var serializeOptions = new JsonSerializerOptions {
Converters = { new ManagedServiceIdentityTypeV3Converter() }
};
JsonAsserts.AssertConverterSerialization(expected, identity, serializeOptions);
}
public void TestSerializerValidSystemAndUser()
{
SystemAssignedIdentity systemAssignedIdentity = new SystemAssignedIdentity(new Guid("72f988bf-86f1-41af-91ab-2d7cd011db47"), new Guid("de29bab1-49e1-4705-819b-4dfddceaaa98"));
UserAssignedIdentity userAssignedIdentity = new UserAssignedIdentity(new Guid("72f988bf-86f1-41af-91ab-2d7cd011db47"), new Guid("de29bab1-49e1-4705-819b-4dfddceaaa98"));
var dict1 = new Dictionary <ResourceIdentifier, UserAssignedIdentity>();
dict1["/subscriptions/6b085460-5f21-477e-ba44-1035046e9101/resourceGroups/nbhatia_test/providers/Microsoft.Web/sites/autoreport"] = userAssignedIdentity;
ResourceIdentity identity = new ResourceIdentity(systemAssignedIdentity, dict1);
string system = "\"principalId\":\"de29bab1-49e1-4705-819b-4dfddceaaa98\",\"tenantId\":\"72f988bf-86f1-41af-91ab-2d7cd011db47\"";
string user = "******"clientId\":\"72f988bf-86f1-41af-91ab-2d7cd011db47\",\"principalId\":\"de29bab1-49e1-4705-819b-4dfddceaaa98\"}";
string expected = "{\"identity\":{" +
system + "," +
"\"type\":\"SystemAssigned, UserAssigned\"," +
"\"userAssignedIdentities\":" +
"{" + "\"/subscriptions/6b085460-5f21-477e-ba44-1035046e9101/resourceGroups/nbhatia_test/providers/Microsoft.Web/sites/autoreport\":" +
user + "}}}";
JsonAsserts.AssertSerialization(expected, identity);
}
public void TestSerializerArray()
{
UserAssignedIdentity userAssignedIdentity1 = new UserAssignedIdentity(new Guid("3beb288c-c3f9-4300-896f-02fbf175b6be"), new Guid("d0416856-d6cf-466d-8d64-ddc8d7782096"));
UserAssignedIdentity userAssignedIdentity2 = new UserAssignedIdentity(new Guid("fbb39377-ff46-4a82-8c47-42d573180482"), new Guid("6d63ce43-c3ac-4b03-933d-4bc31eae50b2"));
UserAssignedIdentity[] identities = { userAssignedIdentity1, userAssignedIdentity2 };
using var memoryStream = new MemoryStream();
foreach (var identity in identities)
{
var serializable = identity as IUtf8JsonSerializable;
using (var writer = new Utf8JsonWriter(memoryStream))
{
serializable.Write(writer);
}
}
string expected = "{}{}";
var actual = Encoding.UTF8.GetString(memoryStream.ToArray());
Assert.AreEqual(expected, actual);
}
public AzureHDInsightUserAssignedIdentity(UserAssignedIdentity userAssignedIdentity)
{
PrincipalId = userAssignedIdentity?.PrincipalId;
ClientId = userAssignedIdentity?.ClientId;
TenantId = userAssignedIdentity?.TenantId;
}
public MyStack()
{
var config = new Config();
var environment = Deployment.Instance.StackName;
// Create an Azure Resource Group
var resourceGroup = new ResourceGroup("rg", new ResourceGroupArgs
{
Name = NamingConvention.GetResourceGroupName(environment)
});
var vnet = new VirtualNetwork("vnet", new VirtualNetworkArgs
{
Name = NamingConvention.GetVNetName(environment),
ResourceGroupName = resourceGroup.Name,
AddressSpaces =
{
config.Require("vnet.addressSpaces")
}
});
// Create a Subnet for the cluster
var apimSubnet = new Subnet("apim-net", new SubnetArgs
{
Name = "apim-net",
ResourceGroupName = resourceGroup.Name,
VirtualNetworkName = vnet.Name,
AddressPrefixes =
{
config.Require("vnet.subnets.apim.addressPrefixes")
},
});
// Create a Subnet for the afw
var firewallSubnet = new Subnet("afw-net", new SubnetArgs
{
Name = "AzureFirewallSubnet",
ResourceGroupName = resourceGroup.Name,
VirtualNetworkName = vnet.Name,
AddressPrefixes =
{
config.Require("vnet.subnets.afw.addressPrefixes")
},
});
var agwSubnet = new Subnet("agw-net", new SubnetArgs
{
Name = "agw-net",
ResourceGroupName = resourceGroup.Name,
VirtualNetworkName = vnet.Name,
AddressPrefixes =
{
config.Require("vnet.subnets.agw.addressPrefixes")
},
});
var privateEndpointSubnet = new Subnet("functions-net", new SubnetArgs
{
Name = "functions-net",
ResourceGroupName = resourceGroup.Name,
VirtualNetworkName = vnet.Name,
AddressPrefixes =
{
config.Require("vnet.subnets.functions.addressPrefixes")
},
});
var eventHubNamespace = new EventHubNamespace("ehn", new EventHubNamespaceArgs
{
Name = "iac-apim-logging-ns",
Location = resourceGroup.Location,
ResourceGroupName = resourceGroup.Name,
Sku = "Standard",
Capacity = 1
});
var eventHub = new EventHub("eh", new EventHubArgs
{
Name = "apim-logging",
NamespaceName = eventHubNamespace.Name,
ResourceGroupName = resourceGroup.Name,
PartitionCount = 2,
MessageRetention = 1,
});
var apimExternal = new Service("apim-external", new ServiceArgs
{
Name = "iac-dev-ext-apim",
ResourceGroupName = resourceGroup.Name,
Location = resourceGroup.Location,
PublisherName = "IaC",
PublisherEmail = "*****@*****.**",
SkuName = "Developer_1",
Identity = new ServiceIdentityArgs
{
Type = "SystemAssigned"
},
VirtualNetworkType = "External",
VirtualNetworkConfiguration = new ServiceVirtualNetworkConfigurationArgs
{
SubnetId = apimSubnet.Id
},
HostnameConfiguration = new ServiceHostnameConfigurationArgs
{
Proxies = new []
{
new ServiceHostnameConfigurationProxyArgs
{
HostName = "iac-dev-ext-apim.azure-api.net",
DefaultSslBinding = false,
NegotiateClientCertificate = false
},
new ServiceHostnameConfigurationProxyArgs
{
HostName = "api.iac-labs.com",
KeyVaultId = config.Require("certificate.keyvaultid"),
DefaultSslBinding = true,
NegotiateClientCertificate = false
},
new ServiceHostnameConfigurationProxyArgs
{
HostName = "api29cc67d2.iac-labs.com",
KeyVaultId = config.Require("certificate.keyvaultid"),
DefaultSslBinding = true,
NegotiateClientCertificate = false
}
}
}
});
var apimInternal = new Service("apim-int", new ServiceArgs
{
Name = NamingConvention.GetApimName(environment),
ResourceGroupName = resourceGroup.Name,
Location = resourceGroup.Location,
PublisherName = "IaC",
PublisherEmail = "*****@*****.**",
SkuName = "Developer_1",
Identity = new ServiceIdentityArgs
{
Type = "SystemAssigned"
},
VirtualNetworkType = "Internal",
VirtualNetworkConfiguration = new ServiceVirtualNetworkConfigurationArgs
{
SubnetId = apimSubnet.Id
},
HostnameConfiguration = new ServiceHostnameConfigurationArgs
{
Proxies = new []
{
new ServiceHostnameConfigurationProxyArgs
{
HostName = "iac-dev-apim.azure-api.net",
DefaultSslBinding = false,
NegotiateClientCertificate = false
},
new ServiceHostnameConfigurationProxyArgs
{
HostName = "api.iac-labs.com",
KeyVaultId = config.Require("certificate.keyvaultid"),
DefaultSslBinding = true,
NegotiateClientCertificate = false
},
new ServiceHostnameConfigurationProxyArgs
{
HostName = "api29cc67d2.iac-labs.com",
KeyVaultId = config.Require("certificate.keyvaultid"),
DefaultSslBinding = true,
NegotiateClientCertificate = false
},
new ServiceHostnameConfigurationProxyArgs
{
HostName = "api-internal.iac-labs.com",
KeyVaultId = config.Require("certificate.keyvaultid"),
DefaultSslBinding = true,
NegotiateClientCertificate = false
}
}
}
});
var apim1 = Output.Create(GetService.InvokeAsync(new GetServiceArgs
{
Name = "iac-dev-apim1",
ResourceGroupName = "iac-dev-rg",
}));
if (config.RequireBoolean("firstTimeAPIM"))
{
var apimInternal1 = new Service("apim-int1", new ServiceArgs
{
Name = "iac-dev-apim1",
ResourceGroupName = resourceGroup.Name,
Location = resourceGroup.Location,
PublisherName = "IaC",
PublisherEmail = "*****@*****.**",
SkuName = "Developer_1",
Identity = new ServiceIdentityArgs
{
Type = "SystemAssigned"
},
VirtualNetworkType = "Internal",
VirtualNetworkConfiguration = new ServiceVirtualNetworkConfigurationArgs
{
SubnetId = apimSubnet.Id
}
});
}
else
{
var apimInternal1 = new Service("apim-int1", new ServiceArgs
{
Name = "iac-dev-apim1",
ResourceGroupName = resourceGroup.Name,
Location = resourceGroup.Location,
PublisherName = "IaC",
PublisherEmail = "*****@*****.**",
SkuName = "Developer_1",
Identity = new ServiceIdentityArgs
{
Type = "SystemAssigned"
},
VirtualNetworkType = "Internal",
VirtualNetworkConfiguration = new ServiceVirtualNetworkConfigurationArgs
{
SubnetId = apimSubnet.Id
},
HostnameConfiguration = new ServiceHostnameConfigurationArgs
{
Proxies = new []
{
new ServiceHostnameConfigurationProxyArgs
{
HostName = "iac-dev-apim1.azure-api.net",
DefaultSslBinding = false,
NegotiateClientCertificate = false
},
new ServiceHostnameConfigurationProxyArgs
{
HostName = "api.iac-labs.com",
KeyVaultId = config.Require("certificate.keyvaultid"),
DefaultSslBinding = true,
NegotiateClientCertificate = false
},
}
}
});
}
var ehLogger = new Logger("ehLogger", new LoggerArgs
{
Name = "ehLogger",
ResourceGroupName = resourceGroup.Name,
ApiManagementName = apimInternal.Name,
Eventhub = new LoggerEventhubArgs
{
Name = eventHub.Name,
ConnectionString = eventHubNamespace.DefaultPrimaryConnectionString
}
});
var agwName = NamingConvention.GetAGWName("api", environment);
var agwPublicIp = new PublicIp("agw-api-pip", new PublicIpArgs
{
Name = NamingConvention.GetPublicIpName("agw-api", environment),
ResourceGroupName = resourceGroup.Name,
Sku = "Standard",
AllocationMethod = "Static",
DomainNameLabel = agwName
});
var agwMI = new UserAssignedIdentity("agw-mi", new UserAssignedIdentityArgs
{
Name = NamingConvention.GetManagedIdentityName("agw", environment),
ResourceGroupName = resourceGroup.Name
});
var apiAgw = new ApplicationGateway("agw-api", new ApplicationGatewayArgs
{
Name = agwName,
ResourceGroupName = resourceGroup.Name,
Identity = new ApplicationGatewayIdentityArgs
{
Type = "UserAssigned",
IdentityIds = agwMI.Id
},
Sku = new ApplicationGatewaySkuArgs
{
Name = "WAF_v2",
Tier = "WAF_v2",
Capacity = 1
},
SslCertificates = new []
{
new ApplicationGatewaySslCertificateArgs
{
Name = "gateway-listener",
KeyVaultSecretId = config.Require("certificate.keyvaultid")
}
},
FrontendPorts = new []
{
new ApplicationGatewayFrontendPortArgs
{
Name = "port443",
Port = 443
},
new ApplicationGatewayFrontendPortArgs
{
Name = "port80",
Port = 80
}
},
GatewayIpConfigurations = new []
{
new ApplicationGatewayGatewayIpConfigurationArgs
{
Name = "appGatewayIpConfig",
SubnetId = agwSubnet.Id
}
},
FrontendIpConfigurations = new []
{
new ApplicationGatewayFrontendIpConfigurationArgs
{
Name = "frontendIP",
PublicIpAddressId = agwPublicIp.Id
}
},
HttpListeners = new []
{
new ApplicationGatewayHttpListenerArgs
{
Name = "default",
FrontendIpConfigurationName = "frontendIP",
FrontendPortName = "port443",
Protocol = "Https",
HostName = "api.iac-labs.com",
RequireSni = true,
SslCertificateName = "gateway-listener"
}
},
BackendAddressPools = new[]
{
new ApplicationGatewayBackendAddressPoolArgs
{
Name = "apim",
IpAddresses = apimInternal.PrivateIpAddresses //config.RequireSecret("apim.backend.ip")
}
},
Probes = new[]
{
new ApplicationGatewayProbeArgs
{
Name = "apim-probe-default",
Protocol = "Https",
Path = "/status-0123456789abcdef",
Host = "api.iac-labs.com",
Interval = 30,
Timeout = 120,
UnhealthyThreshold = 8,
PickHostNameFromBackendHttpSettings = false,
MinimumServers = 0
}
},
BackendHttpSettings = new []
{
new ApplicationGatewayBackendHttpSettingArgs
{
Name = "apim-settings-default",
Port = 443,
Protocol = "Https",
CookieBasedAffinity = "Disabled",
PickHostNameFromBackendAddress = false,
RequestTimeout = 30,
ProbeName = "apim-probe-default"
}
},
RequestRoutingRules = new[]
{
new ApplicationGatewayRequestRoutingRuleArgs
{
Name = "default",
RuleType = "Basic",
HttpListenerName = "default",
BackendAddressPoolName = "apim",
BackendHttpSettingsName = "apim-settings-default"
}
}
});
// var la = new AnalyticsWorkspace("la", new AnalyticsWorkspaceArgs
// {
// Name = NamingConvention.GetLogAnalyticsName(environment),
// ResourceGroupName = resourceGroup.Name,
// Location = resourceGroup.Location,
// Sku = "PerGB2018"
// });
// var firewallName = NamingConvention.GetFirewallName(environment);
//
// var afwPublicIp = new PublicIp("afw-pip", new PublicIpArgs
// {
// Location = resourceGroup.Location,
// ResourceGroupName = resourceGroup.Name,
// AllocationMethod = "Static",
// Sku = "Standard",
// DomainNameLabel = firewallName
// });
//
// var afw = new Firewall("afw", new FirewallArgs
// {
// Name = firewallName,
// Location = resourceGroup.Location,
// ResourceGroupName = resourceGroup.Name,
// IpConfigurations =
// {
// new FirewallIpConfigurationArgs
// {
// Name = "configuration",
// SubnetId = firewallSubnet.Id,
// PublicIpAddressId = afwPublicIp.Id,
// },
// },
// });
//
// var afwNatRuleCollection = new FirewallNatRuleCollection("apim-dnat", new FirewallNatRuleCollectionArgs
// {
// Name = "apim-dnat",
// AzureFirewallName = afw.Name,
// ResourceGroupName = resourceGroup.Name,
// Priority = 100,
// Action = "Dnat",
// Rules =
// {
// new FirewallNatRuleCollectionRuleArgs
// {
// Name = "apim",
// SourceAddresses = "*",
// DestinationPorts =
// {
// "443",
// },
// DestinationAddresses =
// {
// afwPublicIp.IpAddress,
// },
// TranslatedPort = "443",
// TranslatedAddress = apimInternal.PrivateIpAddresses.First(),
// Protocols =
// {
// "UDP",
// "TCP",
// }
// }
// }
// });
// var afwDiagnosticSetting = new DiagnosticSetting("afw-diagnostics", new DiagnosticSettingArgs
// {
// Name = "diagnostics",
// TargetResourceId = afw.Id,
// LogAnalyticsWorkspaceId = la.Id,
// Logs =
// {
// new DiagnosticSettingLogArgs
// {
// Category = "AzureFirewallApplicationRule",
// Enabled = true,
// RetentionPolicy = new DiagnosticSettingLogRetentionPolicyArgs
// {
// Enabled = false
// }
// },
// new DiagnosticSettingLogArgs
// {
// Category = "AzureFirewallNetworkRule",
// Enabled = true,
// RetentionPolicy = new DiagnosticSettingLogRetentionPolicyArgs
// {
// Enabled = false
// }
// },
// new DiagnosticSettingLogArgs
// {
// Category = "AzureFirewallDnsProxy",
// Enabled = true,
// RetentionPolicy = new DiagnosticSettingLogRetentionPolicyArgs
// {
// Enabled = false,
// }
// }
// },
// Metrics =
// {
// new DiagnosticSettingMetricArgs
// {
// Category = "AllMetrics",
// Enabled = true,
// RetentionPolicy = new DiagnosticSettingMetricRetentionPolicyArgs
// {
// Enabled = false,
// }
// }
// }
// });
}
