179 строки
6.6 KiB
JSON
179 строки
6.6 KiB
JSON
{
|
|
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
|
"contentVersion": "1.0.0.0",
|
|
"parameters": {
|
|
"baseName": {
|
|
"type": "string",
|
|
"defaultValue": "[resourceGroup().name]",
|
|
"metadata": {
|
|
"description": "The base resource name."
|
|
}
|
|
},
|
|
"appUri": {
|
|
"type": "string",
|
|
"defaultValue": "http://localhost:1234",
|
|
"metadata": {
|
|
"description": "The URI of the web application to allow CORS access. By default parcel will run it on http://localhost:1234"
|
|
}
|
|
}
|
|
},
|
|
"variables": {
|
|
"serviceName": "[concat(parameters('baseName'), '-api')]",
|
|
"vaultName": "[concat(parameters('baseName'), '-keyvault')]"
|
|
},
|
|
"resources": [
|
|
{
|
|
"type": "Microsoft.ApiManagement/service",
|
|
"apiVersion": "2019-01-01",
|
|
"name": "[variables('serviceName')]",
|
|
"location": "[resourceGroup().location]",
|
|
"properties": {
|
|
"enableClientCertificate": true,
|
|
"virtualNetworkType": "External",
|
|
"publisherEmail": "noreply@example.com",
|
|
"publisherName": "api-admin"
|
|
},
|
|
"sku": {
|
|
"name": "Developer"
|
|
},
|
|
"identity": {
|
|
"type": "SystemAssigned"
|
|
},
|
|
"resources": [
|
|
{
|
|
"type": "properties",
|
|
"apiVersion": "2019-01-01",
|
|
"name": "vault-name",
|
|
"dependsOn": [
|
|
"[resourceId('Microsoft.ApiManagement/service', variables('serviceName'))]"
|
|
],
|
|
"properties": {
|
|
"displayName": "vault-name",
|
|
"value": "[variables('vaultName')]",
|
|
"secret": false
|
|
}
|
|
},
|
|
{
|
|
"type": "properties",
|
|
"apiVersion": "2019-01-01",
|
|
"name": "secret-name",
|
|
"dependsOn": [
|
|
"[resourceId('Microsoft.ApiManagement/service', variables('serviceName'))]"
|
|
],
|
|
"properties": {
|
|
"displayName": "secret-name",
|
|
"value": "test",
|
|
"secret": false
|
|
}
|
|
},
|
|
{
|
|
"type": "properties",
|
|
"apiVersion": "2019-01-01",
|
|
"name": "app-uri",
|
|
"dependsOn": [
|
|
"[resourceId('Microsoft.ApiManagement/service', variables('serviceName'))]"
|
|
],
|
|
"properties": {
|
|
"displayName": "app-uri",
|
|
"value": "[parameters('appUri')]",
|
|
"secret": false
|
|
}
|
|
},
|
|
{
|
|
"type": "apis",
|
|
"apiVersion": "2019-01-01",
|
|
"name": "secret-manager",
|
|
"dependsOn": [
|
|
"[resourceId('Microsoft.ApiManagement/service', variables('serviceName'))]"
|
|
],
|
|
"properties": {
|
|
"displayName": "secret-manager",
|
|
"apiRevision": "1",
|
|
"path": "",
|
|
"protocols": ["https"],
|
|
"isCurrent": true
|
|
},
|
|
"resources": [
|
|
{
|
|
"type": "operations",
|
|
"apiVersion": "2019-01-01",
|
|
"name": "get-secret",
|
|
"dependsOn": [
|
|
"[resourceId('Microsoft.ApiManagement/service/apis', variables('serviceName'), 'secret-manager')]"
|
|
],
|
|
"properties": {
|
|
"displayName": "get-secret",
|
|
"method": "GET",
|
|
"urlTemplate": "get-secret",
|
|
"responses": []
|
|
},
|
|
"resources": [
|
|
{
|
|
"type": "policies",
|
|
"apiVersion": "2019-01-01",
|
|
"name": "policy",
|
|
"dependsOn": [
|
|
"[resourceId('Microsoft.ApiManagement/service/apis/operations', variables('serviceName'), 'secret-manager', 'get-secret')]",
|
|
"[resourceId('Microsoft.ApiManagement/service/properties', variables('serviceName'), 'vault-name')]",
|
|
"[resourceId('Microsoft.ApiManagement/service/properties', variables('serviceName'), 'secret-name')]"
|
|
],
|
|
"properties": {
|
|
"value": "<policies>\r\n <inbound>\r\n <base />\r\n <cors>\r\n <allowed-origins>\r\n <origin>{{app-uri}}</origin>\r\n </allowed-origins>\r\n <allowed-methods>\r\n <method>GET</method>\r\n <method>POST</method>\r\n </allowed-methods>\r\n </cors>\r\n <send-request mode=\"new\" response-variable-name=\"vault-secret\" timeout=\"20\" ignore-error=\"false\">\r\n <set-url>https://{{vault-name}}.vault.azure.net/secrets/{{secret-name}}/?api-version=7.0</set-url>\r\n <set-method>GET</set-method>\r\n <authentication-managed-identity resource=\"https://vault.azure.net\" />\r\n </send-request>\r\n </inbound>\r\n <backend>\r\n <return-response response-variable-name=\"existing context variable\">\r\n <set-status code=\"200\" />\r\n <set-body>@(((IResponse)context.Variables[\"vault-secret\"]).Body.As<string>())</set-body>\r\n </return-response>\r\n </backend>\r\n <outbound>\r\n <base />\r\n </outbound>\r\n <on-error>\r\n <base />\r\n </on-error>\r\n</policies>",
|
|
"format": "xml"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"type": "Microsoft.KeyVault/vaults",
|
|
"name": "[variables('vaultName')]",
|
|
"apiVersion": "2018-02-14",
|
|
"location": "[resourceGroup().location]",
|
|
"dependsOn": ["[resourceId('Microsoft.ApiManagement/service', variables('serviceName'))]"],
|
|
"properties": {
|
|
"tenantId": "[subscription().tenantId]",
|
|
"accessPolicies": [
|
|
{
|
|
"tenantId": "[reference(resourceId('Microsoft.ApiManagement/service', variables('serviceName')), '2019-01-01', 'Full').identity.tenantId]",
|
|
"objectId": "[reference(resourceId('Microsoft.ApiManagement/service', variables('serviceName')), '2019-01-01', 'Full').identity.principalId]",
|
|
"permissions": {
|
|
"secrets": ["get"]
|
|
}
|
|
}
|
|
],
|
|
"sku": {
|
|
"family": "A",
|
|
"name": "standard"
|
|
}
|
|
},
|
|
"resources": [
|
|
{
|
|
"type": "secrets",
|
|
"name": "test",
|
|
"apiVersion": "2018-02-14",
|
|
"dependsOn": ["[resourceId('Microsoft.KeyVault/vaults', variables('vaultName'))]"],
|
|
"tags": {},
|
|
"properties": {
|
|
"value": "I am a secret!",
|
|
"contentType": "string"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"outputs": {
|
|
"azure_keyvault_name": {
|
|
"type": "string",
|
|
"value": "[variables('vaultName')]"
|
|
},
|
|
"azure_api_name": {
|
|
"type": "string",
|
|
"value": "[variables('serviceName')]"
|
|
}
|
|
}
|
|
}
|