Skip to content

Commit

Permalink
feat: Update avm/res/api-management/service - WAF Security recommen…
Browse files Browse the repository at this point in the history 
…dations (#3942)

## Description

Adds WAF Security defaults and UDTs.

## Pipeline Reference

| Pipeline |
| -------- |
|
[![avm.res.api-management.service](https://github.com/ReneHezser/bicep-registry-modules/actions/workflows/avm.res.api-management.service.yml/badge.svg?branch=api-gateway-waf-security)](https://github.com/ReneHezser/bicep-registry-modules/actions/workflows/avm.res.api-management.service.yml)
|

## Type of Change

- [ ] Update to CI Environment or utilities (Non-module affecting
changes)
- [x] Azure Verified Module updates:
- [ ] Bugfix containing backwards-compatible bug fixes, and I have NOT
bumped the MAJOR or MINOR version in `version.json`:
- [ ] Someone has opened a bug report issue, and I have included "Closes
#{bug_report_issue_number}" in the PR description.
- [ ] The bug was found by the module author, and no one has opened an
issue to report it yet.
- [x] Feature update backwards compatible feature updates, and I have
bumped the MINOR version in `version.json`.
- [ ] Breaking changes and I have bumped the MAJOR version in
`version.json`.
  - [x] Update to documentation

## Checklist

- [x] I'm sure there are no other open Pull Requests for the same
update/change
- [x] I have run `Set-AVMModule` locally to generate the supporting
module files.
- [x] My corresponding pipelines / checks run clean and green without
any errors or warnings

---------

Co-authored-by: Erika Gressi <[email protected]>
Co-authored-by: Alexander Sehr <[email protected]>
  • Loading branch information
@ReneHezser @eriqua @AlexanderSehr
3 people authored Feb 20, 2025
1 parent a6d24c4 commit ac7a2d6
Show file tree
Hide file tree
Showing 13 changed files with 93 additions and 72 deletions.
33 changes: 27 additions & 6 deletions avm/res/api-management/service/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -342,6 +342,10 @@ module service 'br/public:avm/res/api-management/service:<version>' = {
displayName: 'Echo API'
name: 'echo-api'
path: 'echo'
protocols: [
'http'
'https'
]
serviceUrl: 'http://echoapi.cloudapp.net/api'
}
]
Expand Down Expand Up @@ -578,6 +582,10 @@ module service 'br/public:avm/res/api-management/service:<version>' = {
"displayName": "Echo API",
"name": "echo-api",
"path": "echo",
"protocols": [
"http",
"https"
],
"serviceUrl": "http://echoapi.cloudapp.net/api"
}
]
Expand Down Expand Up @@ -840,6 +848,10 @@ param apis = [
displayName: 'Echo API'
name: 'echo-api'
path: 'echo'
protocols: [
'http'
'https'
]
serviceUrl: 'http://echoapi.cloudapp.net/api'
}
]
Expand Down Expand Up @@ -1140,6 +1152,9 @@ module service 'br/public:avm/res/api-management/service:<version>' = {
displayName: 'Echo API'
name: 'echo-api'
path: 'echo'
protocols: [
'https'
]
serviceUrl: 'https://echoapi.cloudapp.net/api'
}
]
Expand All @@ -1163,8 +1178,8 @@ module service 'br/public:avm/res/api-management/service:<version>' = {
{
name: 'backend'
tls: {
validateCertificateChain: false
validateCertificateName: false
validateCertificateChain: true
validateCertificateName: true
}
url: 'https://echoapi.cloudapp.net/api'
}
Expand Down Expand Up @@ -1351,6 +1366,9 @@ module service 'br/public:avm/res/api-management/service:<version>' = {
"displayName": "Echo API",
"name": "echo-api",
"path": "echo",
"protocols": [
"https"
],
"serviceUrl": "https://echoapi.cloudapp.net/api"
}
]
Expand Down Expand Up @@ -1378,8 +1396,8 @@ module service 'br/public:avm/res/api-management/service:<version>' = {
{
"name": "backend",
"tls": {
"validateCertificateChain": false,
"validateCertificateName": false
"validateCertificateChain": true,
"validateCertificateName": true
},
"url": "https://echoapi.cloudapp.net/api"
}
Expand Down Expand Up @@ -1584,6 +1602,9 @@ param apis = [
displayName: 'Echo API'
name: 'echo-api'
path: 'echo'
protocols: [
'https'
]
serviceUrl: 'https://echoapi.cloudapp.net/api'
}
]
Expand All @@ -1607,8 +1628,8 @@ param backends = [
{
name: 'backend'
tls: {
validateCertificateChain: false
validateCertificateName: false
validateCertificateChain: true
validateCertificateName: true
}
url: 'https://echoapi.cloudapp.net/api'
}
Expand Down
4 changes: 2 additions & 2 deletions avm/res/api-management/service/api-version-set/main.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.33.13.18514",
"templateHash": "6801592949576181154"
"version": "0.33.93.31351",
"templateHash": "7829811049560910009"
},
"name": "API Management Service API Version Sets",
"description": "This module deploys an API Management Service API Version Set."
Expand Down
4 changes: 2 additions & 2 deletions avm/res/api-management/service/api/diagnostics/main.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.33.13.18514",
"templateHash": "4899675580903703157"
"version": "0.33.93.31351",
"templateHash": "13183080858238494781"
},
"name": "API Management Service APIs Diagnostics.",
"description": "This module deploys an API Management Service API Diagnostics."
Expand Down
12 changes: 6 additions & 6 deletions avm/res/api-management/service/api/main.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.33.13.18514",
"templateHash": "11063536724422240669"
"version": "0.33.93.31351",
"templateHash": "273590710214674608"
},
"name": "API Management Service APIs",
"description": "This module deploys an API Management Service API."
Expand Down Expand Up @@ -279,8 +279,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.33.13.18514",
"templateHash": "8003925948340237461"
"version": "0.33.93.31351",
"templateHash": "1494563992508164069"
},
"name": "API Management Service APIs Policies",
"description": "This module deploys an API Management Service API Policy."
Expand Down Expand Up @@ -425,8 +425,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.33.13.18514",
"templateHash": "4899675580903703157"
"version": "0.33.93.31351",
"templateHash": "13183080858238494781"
},
"name": "API Management Service APIs Diagnostics.",
"description": "This module deploys an API Management Service API Diagnostics."
Expand Down
4 changes: 2 additions & 2 deletions avm/res/api-management/service/api/policy/main.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.33.13.18514",
"templateHash": "8003925948340237461"
"version": "0.33.93.31351",
"templateHash": "1494563992508164069"
},
"name": "API Management Service APIs Policies",
"description": "This module deploys an API Management Service API Policy."
Expand Down
4 changes: 2 additions & 2 deletions avm/res/api-management/service/main.bicep
View file
Original file line number Diff line number Diff line change
Expand Up @@ -282,7 +282,7 @@ module service_apis 'api/main.bicep' = [
apiVersionDescription: api.?apiVersionDescription
apiVersionSetId: api.?apiVersionSetId
authenticationSettings: api.?authenticationSettings
format: api.?format ?? 'openapi'
format: api.?format
isCurrent: api.?isCurrent
protocols: api.?protocols
policies: api.?policies
Expand Down Expand Up @@ -351,7 +351,7 @@ module service_backends 'backend/main.bicep' = [
resourceId: backend.?resourceId
serviceFabricCluster: backend.?serviceFabricCluster
title: backend.?title
tls: backend.?tls
tls: backend.?tls ?? { validateCertificateChain: true, validateCertificateName: true }
}
}
]
Expand Down
76 changes: 38 additions & 38 deletions avm/res/api-management/service/main.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.33.13.18514",
"templateHash": "14024053243776143462"
"version": "0.33.93.31351",
"templateHash": "16108971413887515803"
},
"name": "API Management Services",
"description": "This module deploys an API Management Service. The default deployment is set to use a Premium SKU to align with Microsoft WAF-aligned best practices. In most cases, non-prod deployments should use a lower-tier SKU."
Expand Down Expand Up @@ -782,7 +782,7 @@
"value": "[tryGet(parameters('apis')[copyIndex()], 'authenticationSettings')]"
},
"format": {
"value": "[coalesce(tryGet(parameters('apis')[copyIndex()], 'format'), 'openapi')]"
"value": "[tryGet(parameters('apis')[copyIndex()], 'format')]"
},
"isCurrent": {
"value": "[tryGet(parameters('apis')[copyIndex()], 'isCurrent')]"
Expand Down Expand Up @@ -822,8 +822,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.33.13.18514",
"templateHash": "11063536724422240669"
"version": "0.33.93.31351",
"templateHash": "273590710214674608"
},
"name": "API Management Service APIs",
"description": "This module deploys an API Management Service API."
Expand Down Expand Up @@ -1096,8 +1096,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.33.13.18514",
"templateHash": "8003925948340237461"
"version": "0.33.93.31351",
"templateHash": "1494563992508164069"
},
"name": "API Management Service APIs Policies",
"description": "This module deploys an API Management Service API Policy."
Expand Down Expand Up @@ -1242,8 +1242,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.33.13.18514",
"templateHash": "4899675580903703157"
"version": "0.33.93.31351",
"templateHash": "13183080858238494781"
},
"name": "API Management Service APIs Diagnostics.",
"description": "This module deploys an API Management Service API Diagnostics."
Expand Down Expand Up @@ -1469,8 +1469,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.33.13.18514",
"templateHash": "6801592949576181154"
"version": "0.33.93.31351",
"templateHash": "7829811049560910009"
},
"name": "API Management Service API Version Sets",
"description": "This module deploys an API Management Service API Version Set."
Expand Down Expand Up @@ -1609,8 +1609,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.33.13.18514",
"templateHash": "9439651007814693141"
"version": "0.33.93.31351",
"templateHash": "6804762094873651550"
},
"name": "API Management Service Authorization Servers",
"description": "This module deploys an API Management Service Authorization Server."
Expand Down Expand Up @@ -1848,7 +1848,7 @@
"value": "[tryGet(parameters('backends')[copyIndex()], 'title')]"
},
"tls": {
"value": "[tryGet(parameters('backends')[copyIndex()], 'tls')]"
"value": "[coalesce(tryGet(parameters('backends')[copyIndex()], 'tls'), createObject('validateCertificateChain', true(), 'validateCertificateName', true()))]"
}
},
"template": {
Expand All @@ -1858,8 +1858,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.33.13.18514",
"templateHash": "13471923779604074887"
"version": "0.33.93.31351",
"templateHash": "4453336321720967633"
},
"name": "API Management Service Backends",
"description": "This module deploys an API Management Service Backend."
Expand Down Expand Up @@ -2038,8 +2038,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.33.13.18514",
"templateHash": "3359248846501864533"
"version": "0.33.93.31351",
"templateHash": "18419808380672694533"
},
"name": "API Management Service Caches",
"description": "This module deploys an API Management Service Cache."
Expand Down Expand Up @@ -2192,8 +2192,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.33.13.18514",
"templateHash": "4899675580903703157"
"version": "0.33.93.31351",
"templateHash": "13183080858238494781"
},
"name": "API Management Service APIs Diagnostics.",
"description": "This module deploys an API Management Service API Diagnostics."
Expand Down Expand Up @@ -2421,8 +2421,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.33.13.18514",
"templateHash": "9439755619586446330"
"version": "0.33.93.31351",
"templateHash": "13263983509172438133"
},
"name": "API Management Service Identity Providers",
"description": "This module deploys an API Management Service Identity Provider."
Expand Down Expand Up @@ -2630,8 +2630,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.33.13.18514",
"templateHash": "13044725911661445483"
"version": "0.33.93.31351",
"templateHash": "9800847829037569395"
},
"name": "API Management Service Loggers",
"description": "This module deploys an API Management Service Logger."
Expand Down Expand Up @@ -2774,8 +2774,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.33.13.18514",
"templateHash": "8157254408403610295"
"version": "0.33.93.31351",
"templateHash": "11386329254828299336"
},
"name": "API Management Service Named Values",
"description": "This module deploys an API Management Service Named Value."
Expand Down Expand Up @@ -2911,8 +2911,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.33.13.18514",
"templateHash": "3588318966794177458"
"version": "0.33.93.31351",
"templateHash": "2236873279760395261"
},
"name": "API Management Service Portal Settings",
"description": "This module deploys an API Management Service Portal Setting."
Expand Down Expand Up @@ -3009,8 +3009,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.33.13.18514",
"templateHash": "12529707644768894354"
"version": "0.33.93.31351",
"templateHash": "1189152396458775709"
},
"name": "API Management Service Policies",
"description": "This module deploys an API Management Service Policy."
Expand Down Expand Up @@ -3143,8 +3143,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.33.13.18514",
"templateHash": "7427869826758534329"
"version": "0.33.93.31351",
"templateHash": "9602469673358610075"
},
"name": "API Management Service Products",
"description": "This module deploys an API Management Service Product."
Expand Down Expand Up @@ -3271,8 +3271,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.33.13.18514",
"templateHash": "6881101310103461222"
"version": "0.33.93.31351",
"templateHash": "7187924573150749189"
},
"name": "API Management Service Products APIs",
"description": "This module deploys an API Management Service Product API."
Expand Down Expand Up @@ -3360,8 +3360,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.33.13.18514",
"templateHash": "7173352386317054073"
"version": "0.33.93.31351",
"templateHash": "12351031153434834126"
},
"name": "API Management Service Products Groups",
"description": "This module deploys an API Management Service Product Group."
Expand Down Expand Up @@ -3519,8 +3519,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.33.13.18514",
"templateHash": "3748720225613039754"
"version": "0.33.93.31351",
"templateHash": "16999168968925536172"
},
"name": "API Management Service Subscriptions",
"description": "This module deploys an API Management Service Subscription."
Expand Down
Loading

0 comments on commit ac7a2d6

Please sign in to comment.