I am trying to make my ARM templates that I'm generating by the APIM Resource Kit as generic as possible to promote API changes, etc. through Dev/QA/Prod environments.
The way I've found to set back end endpoints per environment is by name/value pairs via policies. It occurred to me doing this through the App Configuration instead of NVPs would allow me to make this more generic in the ARM templates. Does anyone know if there's a way to do this or can point in me in the right direction?
I figured out in the APIM resource kit, the serviceUrlParameters paramater for the extractor tool will handle generating out the files needed to make the backend endpoints configurable.
Related
My question relates to Azure API-Management-service and ARM templates. I have to be precise because of the redundant terms with different meanings. So forgive my unusual explanation.
Azure has a management-api resource that behaves like an api-gateway. Let's call it gateway-x. This resource has a feature called "Management REST API". You can enable this feature in the azure portal. Activating this feature provides a REST API that can interact with gateway-x
https://learn.microsoft.com/de-de/rest/api/apimanagement/apimanagementrest/api-management-rest
gateway-x was created through ARM templates. Unfortunately, it looks like there is no property for activate the "Management REST API" as I could do in the web-portal. Is that correct? I was also looking for a workaround using the azure-cli to do that. "az apim" but nope, it can basically nothing.
I need that rest API available within my CI/CD pipeline. Doing this manually is not an option.
Any Ideas?
I have a specific requirement for ARM templates and Azure API Management, so this question is different than other conditional ARM deployment questions.
Some background:
My APIM instance is deployed using ARM templates, however custom domains need to be setup but cannot be part of it. This is because my customer stores their certificates in a different system.
This means the custom domains are setup separately (manually) for the APIM instance, right after the instance was created by the ARM template.
The ARM template also applies the global policy and creates the products. I use a linked template setup.
The issue arises when we want to update something on the APIM instance, like extending the global policy or adding a product. Then the ARM template will also update the instance, but should leave the custom domain section untouched. According to the documentation, using 'incremental' mode leaves resources not in the ARM template untouched. So I thought to solve it by just leaving out the 'hostnameConfigurations' section in the ARM template. However it seems the ARM template doesn't ignore it, but interprets it as empty and effectively removing the custom domains from the APIM instance!
This doesn't seem like normal behavior, but I have to live with it. To solve this I have a couple of options.
One of them is extracting the global policies and products from the generic APIM ARM template, so I can skip the APIM instance part when updating. This would mean I have to run multiple separate ARM templates on creating the resources.
The solution I'd like to go for, is to conditionally deploy the ARM template creating the APIM instance, to only creating. I want to skip this linked template when the resource already exists.
I though I could do this by getting a reference to the APIM instance, but according to the documentation "The reference function derives its value from a runtime state, and therefore can't be used in the variables section.".
Question: Is it possible to conditionally deploy a linked ARM template, based on the fact whether a resource already exists or not?
The answer is no. You cannot really do that. Unless you are investigating different hacky ways. You can call Azure function to decide if the resource exist. You can use an output from the deployment to decide if the resource exist. But straight up there is nothing that can help you. only different hacks.
I'm currently building out a number of virtual machines in azure using a template that we've built out. I would like to be able to pull the name of the user who chose to deploy this template so that we can verify a number of things exist on the server for them (i.e. userid). Is there anyway to do this? Any help would be appreciated.
No, this is not possible using arm templates (unless using some pretty horrible\unreliable\outside of arm template hacks).
You could probably work around that by creating a parameter where user inputs his details, but even that the second part of your plan will fail. You cannot really do checks on the OS level configurations from the template.
ARM templates aren't meant to actually check things, and while some interactions are possible, they are very limited (like listKeys).
So in my API, I have a few secret endpoints hidden from the documentation. This is achieved nicely using the attribute IgnoreAPI. The endpoints aren't dangerous, but I just don't want them advertised to end users.
However, I'm now starting to use Azure API Management, in which you easily configure APIs using Swagger. IgnoreAPI stops the endpoint from going in the Swagger document, and thus, stops the auto-set up from discovering IgnoreAPI attributed endpoints.
Is there a standard way of making certain endpoints invisible on Azure API Management WITHOUT using ignoreAPI? Or is there a way to force in IgnoreAPI endpoints and hide them in the Developer Portal?
One option would be to create the "hidden" operations in a separate API that is attached to a hidden product. Currently there isn't a way to identify specific operations as hidden.
I'm still open to suggestions, but this is the best solution I found:
If you go into the Developer Portal Template Editor, you can edit the markup for the template that shows the list of endpoints. I made a blacklist that will skip my hidden endpoints. It works across all APIs too!
I am using azure Standard service plan and developing Logic Apps Work flows. Now i want to deploy it to different environment like QA/UAT.
I have referred few MSDN blogs and found out We can do the logic apps deployment to different subscriptions via Visual studio with Azure SDK. However I am using API Apps in the logic apps work flows like SQL connector, Transformation service, BizTalk Xpath Extractor etc..
Can you please let me know how do we deploy API Apps to different Environment. Please suggest.
Thanks,
Vinoth
One way is to create the logic app with the connectors you want and then export that ARM template LogicApp -> Settings -> Export Template. Of course this template might not be the ideal approach since it will have lot of stuff hard coded specific to that LA.
The good approach will be to create a new Azure resource Group project which has
the logic app ARM template,
just copy the defn part from you existing logic apps int the template definition section
make sure you have the connection resources creation added as part of you template.
Some useful resources
1. Checkout this MSDN link.
2. There is a utility also to get the LA templates, read this