From c1c5072dc826b764b9e1365483926c8676ab9e0f Mon Sep 17 00:00:00 2001 From: cmendible <266546+cmendible@users.noreply.github.com> Date: Fri, 8 Sep 2023 10:44:57 +0200 Subject: [PATCH] migrated to APIOps --- .github/workflows/apis-deployment.yaml | 110 ---------- .../workflows/deploy-apis-with-apiops.yaml | 89 ++++++++ .github/workflows/run-publisher-with-env.yaml | 196 ++++++++++++++++++ README.md | 71 ++++--- apiops/apis/conferenceapi/apiInformation.json | 19 ++ .../apis/conferenceapi/policy.xml | 0 .../apis/conferenceapi/specification.json | 0 apiops/apis/conferenceapi/tags.json | 5 + .../apis/conferenceapi2/apiInformation.json | 19 ++ .../apis/conferenceapi2/policy.xml | 0 .../apis/conferenceapi2/specification.json | 0 apiops/apis/conferenceapi2/tags.json | 5 + .../apis/conferenceapi3/apiInformation.json | 19 ++ .../apis/conferenceapi3/policy.xml | 0 .../apis/conferenceapi3/specification.json | 0 apiops/apis/conferenceapi3/tags.json | 5 + apiops/policy.xml | 28 +++ apiops/products/ratelimited/apis.json | 5 + apiops/products/ratelimited/groups.json | 11 + apiops/products/ratelimited/policy.xml | 25 +++ .../ratelimited/productInformation.json | 10 + apiops/tags/external/tagInformation.json | 5 + apiops/tags/internal/tagInformation.json | 5 + apis/conferenceapi/apiconfig.yaml | 18 -- apis/conferenceapi2/apiconfig.yaml | 17 -- apis/conferenceapi3/apiconfig.yaml | 17 -- 26 files changed, 481 insertions(+), 198 deletions(-) delete mode 100644 .github/workflows/apis-deployment.yaml create mode 100644 .github/workflows/deploy-apis-with-apiops.yaml create mode 100644 .github/workflows/run-publisher-with-env.yaml create mode 100644 apiops/apis/conferenceapi/apiInformation.json rename apis/conferenceapi/policies.xml => apiops/apis/conferenceapi/policy.xml (100%) rename apis/conferenceapi/openapi.json => apiops/apis/conferenceapi/specification.json (100%) create mode 100644 apiops/apis/conferenceapi/tags.json create mode 100644 apiops/apis/conferenceapi2/apiInformation.json rename apis/conferenceapi2/policies.xml => apiops/apis/conferenceapi2/policy.xml (100%) rename apis/conferenceapi2/openapi.json => apiops/apis/conferenceapi2/specification.json (100%) create mode 100644 apiops/apis/conferenceapi2/tags.json create mode 100644 apiops/apis/conferenceapi3/apiInformation.json rename apis/conferenceapi3/policies.xml => apiops/apis/conferenceapi3/policy.xml (100%) rename apis/conferenceapi3/openapi.json => apiops/apis/conferenceapi3/specification.json (100%) create mode 100644 apiops/apis/conferenceapi3/tags.json create mode 100644 apiops/policy.xml create mode 100644 apiops/products/ratelimited/apis.json create mode 100644 apiops/products/ratelimited/groups.json create mode 100644 apiops/products/ratelimited/policy.xml create mode 100644 apiops/products/ratelimited/productInformation.json create mode 100644 apiops/tags/external/tagInformation.json create mode 100644 apiops/tags/internal/tagInformation.json delete mode 100644 apis/conferenceapi/apiconfig.yaml delete mode 100644 apis/conferenceapi2/apiconfig.yaml delete mode 100644 apis/conferenceapi3/apiconfig.yaml diff --git a/.github/workflows/apis-deployment.yaml b/.github/workflows/apis-deployment.yaml deleted file mode 100644 index 47917bc..0000000 --- a/.github/workflows/apis-deployment.yaml +++ /dev/null @@ -1,110 +0,0 @@ -name: APIs deployment - -on: - push: - branches: - - main - - dev - paths: - - 'apis/**' - - '.github/workflows/apis-deployment.yaml' - workflow_dispatch: - -env: - RG: contoso-${{ github.ref_name }}-rg - APIM_SERVICE: contoso-${{ github.ref_name }}-apim-123 - -jobs: - - generate-arm-templates: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - - name: Generate apiconfig with variables - shell: bash - run: | - for api in `ls apis` - do - cat apis/$api/apiconfig.yaml | \ - API_NAME=$api \ - APIM_SERVICE=$APIM_SERVICE \ - REPO=${{ github.repository }} \ - BRANCH=${{ github.ref_name }} \ - envsubst > apis/$api/apiconfig_resolved.yaml - done - - - name: Generate templates for API - uses: addnab/docker-run-action@v3 - with: - image: sancheski/arm-api-creator:0.0.1 - options: -v ${{ github.workspace }}/apis:/app/apis - run: | - for api in `ls /app/apis` - do - dotnet ArmTemplates.dll create --configFile /app/apis/$api/apiconfig_resolved.yaml - done - - - uses: actions/upload-artifact@v3 - with: - name: apis - path: ${{ github.workspace }}/apis - - provision-apis: - runs-on: ubuntu-latest - needs: generate-arm-templates - - steps: - - - uses: actions/download-artifact@v3 - with: - name: apis - path: apis - - - name: Azure Login - uses: azure/login@v1 - with: - creds: ${{ secrets.AZURE_CREDENTIALS }} - - - name: Provision API - uses: azure/CLI@v1 - with: - inlineScript: | - for api in `ls apis` - do - az deployment group create --resource-group $RG --template-file apis/$api/generatedtemplates/$api.api.template.json --parameters @apis/$api/generatedtemplates/$api-parameters.json - done - - delete-apis: - runs-on: ubuntu-latest - needs: provision-apis - - steps: - - - uses: actions/checkout@v2 - - - name: Azure Login - uses: azure/login@v1 - with: - creds: ${{ secrets.AZURE_CREDENTIALS }} - - - name: Delete API - uses: azure/CLI@v1 - with: - inlineScript: | - ls apis > mustremain.list - echo "Must remain in APIM" - cat mustremain.list - echo "" - az apim api list --service-name $APIM_SERVICE --resource-group $RG \ - -o tsv --query "[].{name:name}" > currentinapim.list - echo "Currently in APIM" - cat currentinapim.list - - for apiToRemove in `diff mustremain.list currentinapim.list \ - | grep -v "+++" | grep -v "\-\-\-" | grep -v "@@" \ - | grep + | awk -F+ '{print $2}'` - do - echo "Deleting API $apiToRemove... not present in git anymore" - az apim api delete -n $APIM_SERVICE -g $RG --api-id $apiToRemove -y - done diff --git a/.github/workflows/deploy-apis-with-apiops.yaml b/.github/workflows/deploy-apis-with-apiops.yaml new file mode 100644 index 0000000..859260a --- /dev/null +++ b/.github/workflows/deploy-apis-with-apiops.yaml @@ -0,0 +1,89 @@ +name: Deploy APIs via APIOps + +on: + push: + branches: + - main + - dev + paths: + - "apiops/**" + - ".github/workflows/deploy-apis-with-apiops.yaml" + - ".github/workflows/run-publisher-with-env.yaml" + + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: + inputs: + COMMIT_ID_CHOICE: + description: 'Choose "publish-all-artifacts-in-repo" only when you want to force republishing all artifacts (e.g. after build failure). Otherwise stick with the default behavior of "publish-artifacts-in-last-commit"' + required: true + type: choice + default: "publish-artifacts-in-last-commit" + options: + - "publish-artifacts-in-last-commit" + - "publish-all-artifacts-in-repo" + +env: + APIS_FOLDER: apiops + +jobs: + get-commit: + runs-on: ubuntu-latest + steps: + # Set the COMMIT_ID env variable + - name: Set the Commit Id + id: commit + run: | + echo "::set-output name=commit_id::${{ github.sha }}" + outputs: + commit_id: ${{ steps.commit.outputs.commit_id }} + get-apis-folder: + runs-on: ubuntu-latest + steps: + # Set the COMMIT_ID env variable + - name: Set the APIS folder Id + id: apis_folder + run: | + echo $APIS_FOLDER + outputs: + apis_folder: ${{ env.APIS_FOLDER }} + #Publish with Commit ID + Push-Changes-To-APIM-Dev-With-Commit-ID: + if: (github.event.inputs.COMMIT_ID_CHOICE == 'publish-artifacts-in-last-commit' || github.event.inputs.COMMIT_ID_CHOICE == '') + needs: [get-commit, get-apis-folder] + uses: ./.github/workflows/run-publisher-with-env.yaml + with: + API_MANAGEMENT_ENVIRONMENT: dev # change this to match the dev environment created in settings + COMMIT_ID: ${{ needs.get-commit.outputs.commit_id }} + API_MANAGEMENT_SERVICE_OUTPUT_FOLDER_PATH: ${{ needs.get-apis-folder.outputs.apis_folder }} # change this to the artifacts folder + secrets: inherit + + #Publish without Commit ID. Publishes all artifacts that reside in the artifacts forlder + Push-Changes-To-APIM-Dev-Without-Commit-ID: + if: ( github.event.inputs.COMMIT_ID_CHOICE == 'publish-all-artifacts-in-repo' ) + needs: [get-commit, get-apis-folder] + uses: ./.github/workflows/run-publisher-with-env.yaml + with: + API_MANAGEMENT_ENVIRONMENT: dev # change this to match the dev environment created in settings + API_MANAGEMENT_SERVICE_OUTPUT_FOLDER_PATH: ${{ needs.get-apis-folder.outputs.apis_folder }} # change this to the artifacts folder + secrets: inherit + + Push-Changes-To-APIM-Prod-With-Commit-ID: + if: (github.event.inputs.COMMIT_ID_CHOICE == 'publish-artifacts-in-last-commit' || github.event.inputs.COMMIT_ID_CHOICE == '') + needs: [get-commit, get-apis-folder, Push-Changes-To-APIM-Dev-With-Commit-ID] + uses: ./.github/workflows/run-publisher-with-env.yaml + with: + API_MANAGEMENT_ENVIRONMENT: prod # change this to match the prod environment created in settings + CONFIGURATION_YAML_PATH: configuration.prod.yaml # make sure the file is available at the root + API_MANAGEMENT_SERVICE_OUTPUT_FOLDER_PATH: ${{ needs.get-apis-folder.outputs.apis_folder }} # change this to the artifacts folder + COMMIT_ID: ${{ needs.get-commit.outputs.commit_id }} + secrets: inherit + + Push-Changes-To-APIM-Prod-Without-Commit-ID: + if: ( github.event.inputs.COMMIT_ID_CHOICE == 'publish-all-artifacts-in-repo' ) + needs: [get-commit, get-apis-folder, Push-Changes-To-APIM-Dev-Without-Commit-ID] + uses: ./.github/workflows/run-publisher-with-env.yaml + with: + API_MANAGEMENT_ENVIRONMENT: prod # change this to match the prod environment created in settings + CONFIGURATION_YAML_PATH: configuration.prod.yaml # make sure the file is available at the root + API_MANAGEMENT_SERVICE_OUTPUT_FOLDER_PATH: ${{ needs.get-apis-folder.outputs.apis_folder }} # change this to the artifacts folder + secrets: inherit diff --git a/.github/workflows/run-publisher-with-env.yaml b/.github/workflows/run-publisher-with-env.yaml new file mode 100644 index 0000000..5562562 --- /dev/null +++ b/.github/workflows/run-publisher-with-env.yaml @@ -0,0 +1,196 @@ +name: Run Publisher with Environment + +on: + workflow_call: + inputs: + API_MANAGEMENT_ENVIRONMENT: + required: true + type: string + CONFIGURATION_YAML_PATH: + required: false + type: string + COMMIT_ID: + required: false + type: string + API_MANAGEMENT_SERVICE_OUTPUT_FOLDER_PATH: + required: true + type: string + +env: + apiops_release_version: v4.9.1 + #By default, this will be Information but if you want something different you will need to add a variable in the Settings -> Environment -> Environment variables section + Logging__LogLevel__Default: ${{ vars.LOG_LEVEL }} + +jobs: + build: + runs-on: ubuntu-latest + environment: ${{ inputs.API_MANAGEMENT_ENVIRONMENT }} + steps: + # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it + - uses: actions/checkout@v3 + with: + fetch-depth: 2 + + # Run Spectral + - uses: actions/setup-node@v3 + with: + node-version: "14" + - run: npm install -g @stoplight/spectral + - run: spectral lint "${{ GITHUB.WORKSPACE }}/${{ inputs.API_MANAGEMENT_SERVICE_OUTPUT_FOLDER_PATH }}\apis\*.{json,yml,yaml}" --ruleset https://raw.githubusercontent.com/connectedcircuits/devops-api-linter/main/rules.yaml + + # Add this step for each APIM environment and pass specific set of secrets that you want replaced in the env section below + - name: "Perform namevalue secret substitution in configuration.${{ inputs.API_MANAGEMENT_ENVIRONMENT}}.yaml" + if: (inputs.API_MANAGEMENT_ENVIRONMENT == 'prod' ) + uses: cschleiden/replace-tokens@v1.1 + with: + tokenPrefix: "{#" + tokenSuffix: "#}" + files: ${{ format('["**/configuration.{0}.yaml"]', inputs.API_MANAGEMENT_ENVIRONMENT) }} + # specify environment specific secrets to be replaced. For example the QA environment could have a different set sercrets to + # replace within the configuration.[environment].yaml file + env: + testSecretValue: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }} + + - name: Run publisher without Config Yaml but with Commit ID + if: ( inputs.CONFIGURATION_YAML_PATH == '' && inputs.COMMIT_ID != '') + env: + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} + AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + AZURE_RESOURCE_GROUP_NAME: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }} + API_MANAGEMENT_SERVICE_NAME: ${{ secrets.API_MANAGEMENT_SERVICE_NAME }} + API_MANAGEMENT_SERVICE_OUTPUT_FOLDER_PATH: ${{ GITHUB.WORKSPACE }}/${{ inputs.API_MANAGEMENT_SERVICE_OUTPUT_FOLDER_PATH }} + COMMIT_ID: ${{ inputs.COMMIT_ID }} + run: | + Set-StrictMode -Version Latest + $ErrorActionPreference = "Stop" + $VerbosePreference = "Continue" + $InformationPreference = "Continue" + + Write-Information "Downloading publisher..." + $publisherFileName = "${{ runner.os }}" -like "*win*" ? "publisher.win-x64.exe" : "publisher.linux-x64.exe" + $uri = "https://github.com/Azure/apiops/releases/download/${{ env.apiops_release_version }}/$publisherFileName" + $destinationFilePath = Join-Path "${{ runner.temp }}" "publisher.exe" + Invoke-WebRequest -Uri "$uri" -OutFile "$destinationFilePath" + + if ("${{ runner.os }}" -like "*linux*") + { + Write-Information "Setting file permissions..." + & chmod +x "$destinationFilePath" + if ($LASTEXITCODE -ne 0) { throw "Setting file permissions failed."} + } + + & "$destinationFilePath" + if ($LASTEXITCODE -ne 0) { throw "Running publisher failed."} + + Write-Information "Execution complete." + shell: pwsh + + - name: Run publisher without Config Yaml or Commit ID + if: ( inputs.CONFIGURATION_YAML_PATH == '' && inputs.COMMIT_ID == '') + env: + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} + AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + AZURE_RESOURCE_GROUP_NAME: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }} + API_MANAGEMENT_SERVICE_NAME: ${{ secrets.API_MANAGEMENT_SERVICE_NAME }} + API_MANAGEMENT_SERVICE_OUTPUT_FOLDER_PATH: ${{ GITHUB.WORKSPACE }}/${{ inputs.API_MANAGEMENT_SERVICE_OUTPUT_FOLDER_PATH }} + run: | + Set-StrictMode -Version Latest + $ErrorActionPreference = "Stop" + $VerbosePreference = "Continue" + $InformationPreference = "Continue" + + Write-Information "Downloading publisher..." + $publisherFileName = "${{ runner.os }}" -like "*win*" ? "publisher.win-x64.exe" : "publisher.linux-x64.exe" + $uri = "https://github.com/Azure/apiops/releases/download/${{ env.apiops_release_version }}/$publisherFileName" + $destinationFilePath = Join-Path "${{ runner.temp }}" "publisher.exe" + Invoke-WebRequest -Uri "$uri" -OutFile "$destinationFilePath" + + if ("${{ runner.os }}" -like "*linux*") + { + Write-Information "Setting file permissions..." + & chmod +x "$destinationFilePath" + if ($LASTEXITCODE -ne 0) { throw "Setting file permissions failed."} + } + + & "$destinationFilePath" + if ($LASTEXITCODE -ne 0) { throw "Running publisher failed."} + + Write-Information "Execution complete." + shell: pwsh + + - name: Run publisher with Config Yaml and Commit id + if: ( inputs.CONFIGURATION_YAML_PATH != '' && inputs.COMMIT_ID != '') + env: + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} + AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + AZURE_RESOURCE_GROUP_NAME: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }} + API_MANAGEMENT_SERVICE_NAME: ${{ secrets.API_MANAGEMENT_SERVICE_NAME }} + API_MANAGEMENT_SERVICE_OUTPUT_FOLDER_PATH: ${{ GITHUB.WORKSPACE }}/${{ inputs.API_MANAGEMENT_SERVICE_OUTPUT_FOLDER_PATH }} + CONFIGURATION_YAML_PATH: ${{ GITHUB.WORKSPACE }}/${{ inputs.CONFIGURATION_YAML_PATH }} + COMMIT_ID: ${{ inputs.COMMIT_ID }} + run: | + Set-StrictMode -Version Latest + $ErrorActionPreference = "Stop" + $VerbosePreference = "Continue" + $InformationPreference = "Continue" + + Write-Information "Downloading publisher..." + $publisherFileName = "${{ runner.os }}" -like "*win*" ? "publisher.win-x64.exe" : "publisher.linux-x64.exe" + $uri = "https://github.com/Azure/apiops/releases/download/${{ env.apiops_release_version }}/$publisherFileName" + $destinationFilePath = Join-Path "${{ runner.temp }}" "publisher.exe" + Invoke-WebRequest -Uri "$uri" -OutFile "$destinationFilePath" + + if ("${{ runner.os }}" -like "*linux*") + { + Write-Information "Setting file permissions..." + & chmod +x "$destinationFilePath" + if ($LASTEXITCODE -ne 0) { throw "Setting file permissions failed."} + } + + & "$destinationFilePath" + if ($LASTEXITCODE -ne 0) { throw "Running publisher failed."} + + Write-Information "Execution complete." + shell: pwsh + + - name: Run publisher with Config Yaml but without Commit id + if: ( inputs.CONFIGURATION_YAML_PATH != '' && inputs.COMMIT_ID == '') + env: + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} + AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + AZURE_RESOURCE_GROUP_NAME: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }} + API_MANAGEMENT_SERVICE_NAME: ${{ secrets.API_MANAGEMENT_SERVICE_NAME }} + API_MANAGEMENT_SERVICE_OUTPUT_FOLDER_PATH: ${{ GITHUB.WORKSPACE }}/${{ inputs.API_MANAGEMENT_SERVICE_OUTPUT_FOLDER_PATH }} + CONFIGURATION_YAML_PATH: ${{ GITHUB.WORKSPACE }}/${{ inputs.CONFIGURATION_YAML_PATH }} + run: | + Set-StrictMode -Version Latest + $ErrorActionPreference = "Stop" + $VerbosePreference = "Continue" + $InformationPreference = "Continue" + + Write-Information "Downloading publisher..." + $publisherFileName = "${{ runner.os }}" -like "*win*" ? "publisher.win-x64.exe" : "publisher.linux-x64.exe" + $uri = "https://github.com/Azure/apiops/releases/download/${{ env.apiops_release_version }}/$publisherFileName" + $destinationFilePath = Join-Path "${{ runner.temp }}" "publisher.exe" + Invoke-WebRequest -Uri "$uri" -OutFile "$destinationFilePath" + + if ("${{ runner.os }}" -like "*linux*") + { + Write-Information "Setting file permissions..." + & chmod +x "$destinationFilePath" + if ($LASTEXITCODE -ne 0) { throw "Setting file permissions failed."} + } + + & "$destinationFilePath" + if ($LASTEXITCODE -ne 0) { throw "Running publisher failed."} + + Write-Information "Execution complete." + shell: pwsh \ No newline at end of file diff --git a/README.md b/README.md index 8bec430..0063335 100644 --- a/README.md +++ b/README.md @@ -2,50 +2,41 @@ ## Overview -This repository contains full APIs with policies and all the content required for an APIM demo. - +This repository contains full APIs with policies and all the content required for an Azure APIM and APIOps demo. ## Prerequisites -This demo requires the following prerequisites: -- Have an APIM previously deployed and configured. You can follow the steps described in this repository: [apim-demo-infra](https://github.com/dsanchor/apim-demo-infra) -- Fork this repository and clone it locally. +The following prerequisites are required for this demo: +- An APIM previously deployed and configured. The steps described in this repository can be followed: [apim-demo-infra](https://github.com/dsanchor/apim-demo-infra) +- This repository must be forked and cloned locally. - An Azure subscription - The Azure CLI - A Service Principal with Contributor rights on the subscription -- Setup credentials in Github Secrets +- Credentials and Variables must be set up as GitHub Secrets -See next sections for instructions on how to set up these prerequisites. +The next sections provide instructions on how to set up these prerequisites. ### Fork and clone the repository -Fork this repository first. -Then, clone it locally by running the following command in the directory where you want to have the repository: +This repository must be forked first. Then, it can be cloned locally by running the following command in the directory where the repository is desired: ```bash git clone .git ``` -Move to the *dev* branch: - -```bash -git checkout dev -``` - -We will use the *dev* branch to make changes to the infrastructure which will be deployed as the Develpoment environment. The *main* branch will be used to deploy the Production environment after the changes have been tested in the Development environment, create a PR from the *dev* branch to the *main* branch and merge it. - +The *main* branch will be used to make changes to the infrastructure. The changes will be deployed to the *dev* (Development) environment first. After the changes have been tested in the Development environment, they will be promoted to the prod (Production) environment via a workflow. ### Azure subscription -You must have an Azure subscription to deploy this demo. If you don't have an Azure subscription, you can create a [free account](https://azure.microsoft.com/free). +An Azure subscription is required to deploy this demo. If an Azure subscription is not available, a [free account](https://azure.microsoft.com/free) can be created. ### Azure CLI -We will create some prerequired resources with the [Azure CLI](https://docs.microsoft.com/cli/azure/install-azure-cli). +Some resources will be created with the Azure CLI. [Azure CLI](https://docs.microsoft.com/cli/azure/install-azure-cli). ### Service Principal -This demo needs a Service Principal to deploy the infrastructure. You can create a Service Principal with the following instructions: +A Service Principal is needed to deploy the infrastructure for this demo. A Service Principal can be created with the following instructions: - Log in to Azure: @@ -65,39 +56,43 @@ az account list -o table export SUBSCRIPTION_ID= ``` -- Create the Service Principal with contributor rights on the subscription: +- Create a Service Principal with contributor rights on the subscription: ```bash az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/$SUBSCRIPTION_ID" --sdk-auth ``` -Copy the json output of the command and keep it safe for next step (JSON_SP_FOR_GITHUB). +The json output of the command must be copied and kept safe for next step. -For details, see the instructions in the [Azure CLI documentation](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli?view=azure-cli-latest) to create a Service Principal. +For details, see the instructions in the [Azure CLI documentation](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli?view=azure-cli-latest) to create a Service Principal. -### Github Secrets +### GitHub Environments -We will create the following secrets in Github Secrets, where all values are the ones you got from the previous step: +The following environments must be created in the GitHub repository: -- AZURE_CREDENTIALS = +- dev +- prod +Follow the instructions in the [GitHub documentation](https://docs.github.com/en/actions/reference/environments) to create the environments. +### GitHub Secrets -# Run the automation - -We have included a [GitHub Action](.github/workflows/apis-deployment.yaml) to run the apis deployment. - -This automation will register APIs inside APIM and its related policies. +The following secrets must be created as GitHub Secrets for each environment, values are obtained from the previous steps including the Azure APIM deployment: -Before running the automation, under *.github/workflows/* directory, find the *apis-deployment.yaml* file and modify the name of the variables: +- AZURE_CLIENT_ID +- AZURE_CLIENT_SECRET +- AZURE_TENANT_ID +- AZURE_SUBSCRIPTION_ID +- AZURE_RESOURCE_GROUP_NAME +- API_MANAGEMENT_SERVICE_NAME -- RG: Name of the resource group where the APIM service is located. +# Run the automation -- APIM_SERVICE: Name of the APIM service instance +A [GitHub Action](.github/workflows/deploy-apis-with-apiops.yaml) has been included to run the apis deployment. -Open *policies.xml* file from *apis/conferenceapi2* folder and replace the string INSERT-AZURE-AAD-TENANT-GUID with the Azure Active Directory TenantId used when creating the App Registration +This automation will register APIs inside APIM and its related policies, tags and products. -To run the automation, push the changes to the *dev* branch. The automation will run automatically. +To run the automation, push the changes to the *dev* or *main* branch. The automation will run automatically. ```bash git add . @@ -105,3 +100,7 @@ git commit -m "Initial commit" git push origin dev ``` +## References: + +- [APIOps Documentation](https://azure.github.io/apiops/apiops/0-labPrerequisites/) +- [APIOps GitHub Repository](https://github.com/Azure/apiops) \ No newline at end of file diff --git a/apiops/apis/conferenceapi/apiInformation.json b/apiops/apis/conferenceapi/apiInformation.json new file mode 100644 index 0000000..c800462 --- /dev/null +++ b/apiops/apis/conferenceapi/apiInformation.json @@ -0,0 +1,19 @@ +{ + "properties": { + "apiRevision": "1", + "apiVersionSetId": "", + "authenticationSettings": {}, + "description": "", + "displayName": "Conference API", + "isCurrent": true, + "path": "conferences", + "protocols": [ + "https" + ], + "subscriptionKeyParameterNames": { + "header": "Ocp-Apim-Subscription-Key", + "query": "subscription-key" + }, + "subscriptionRequired": true + } +} \ No newline at end of file diff --git a/apis/conferenceapi/policies.xml b/apiops/apis/conferenceapi/policy.xml similarity index 100% rename from apis/conferenceapi/policies.xml rename to apiops/apis/conferenceapi/policy.xml diff --git a/apis/conferenceapi/openapi.json b/apiops/apis/conferenceapi/specification.json similarity index 100% rename from apis/conferenceapi/openapi.json rename to apiops/apis/conferenceapi/specification.json diff --git a/apiops/apis/conferenceapi/tags.json b/apiops/apis/conferenceapi/tags.json new file mode 100644 index 0000000..5dea0d5 --- /dev/null +++ b/apiops/apis/conferenceapi/tags.json @@ -0,0 +1,5 @@ +[ + { + "name": "external" + } +] \ No newline at end of file diff --git a/apiops/apis/conferenceapi2/apiInformation.json b/apiops/apis/conferenceapi2/apiInformation.json new file mode 100644 index 0000000..0e50537 --- /dev/null +++ b/apiops/apis/conferenceapi2/apiInformation.json @@ -0,0 +1,19 @@ +{ + "properties": { + "apiRevision": "1", + "apiVersionSetId": "", + "authenticationSettings": {}, + "description": "", + "displayName": "Conference API 2", + "isCurrent": true, + "path": "conferences2", + "protocols": [ + "https" + ], + "subscriptionKeyParameterNames": { + "header": "Ocp-Apim-Subscription-Key", + "query": "subscription-key" + }, + "subscriptionRequired": true + } +} \ No newline at end of file diff --git a/apis/conferenceapi2/policies.xml b/apiops/apis/conferenceapi2/policy.xml similarity index 100% rename from apis/conferenceapi2/policies.xml rename to apiops/apis/conferenceapi2/policy.xml diff --git a/apis/conferenceapi2/openapi.json b/apiops/apis/conferenceapi2/specification.json similarity index 100% rename from apis/conferenceapi2/openapi.json rename to apiops/apis/conferenceapi2/specification.json diff --git a/apiops/apis/conferenceapi2/tags.json b/apiops/apis/conferenceapi2/tags.json new file mode 100644 index 0000000..5dea0d5 --- /dev/null +++ b/apiops/apis/conferenceapi2/tags.json @@ -0,0 +1,5 @@ +[ + { + "name": "external" + } +] \ No newline at end of file diff --git a/apiops/apis/conferenceapi3/apiInformation.json b/apiops/apis/conferenceapi3/apiInformation.json new file mode 100644 index 0000000..d359846 --- /dev/null +++ b/apiops/apis/conferenceapi3/apiInformation.json @@ -0,0 +1,19 @@ +{ + "properties": { + "apiRevision": "1", + "apiVersionSetId": "", + "authenticationSettings": {}, + "description": "", + "displayName": "Conference API 3", + "isCurrent": true, + "path": "conferences3", + "protocols": [ + "https" + ], + "subscriptionKeyParameterNames": { + "header": "Ocp-Apim-Subscription-Key", + "query": "subscription-key" + }, + "subscriptionRequired": true + } +} \ No newline at end of file diff --git a/apis/conferenceapi3/policies.xml b/apiops/apis/conferenceapi3/policy.xml similarity index 100% rename from apis/conferenceapi3/policies.xml rename to apiops/apis/conferenceapi3/policy.xml diff --git a/apis/conferenceapi3/openapi.json b/apiops/apis/conferenceapi3/specification.json similarity index 100% rename from apis/conferenceapi3/openapi.json rename to apiops/apis/conferenceapi3/specification.json diff --git a/apiops/apis/conferenceapi3/tags.json b/apiops/apis/conferenceapi3/tags.json new file mode 100644 index 0000000..5dea0d5 --- /dev/null +++ b/apiops/apis/conferenceapi3/tags.json @@ -0,0 +1,5 @@ +[ + { + "name": "external" + } +] \ No newline at end of file diff --git a/apiops/policy.xml b/apiops/policy.xml new file mode 100644 index 0000000..56e65da --- /dev/null +++ b/apiops/policy.xml @@ -0,0 +1,28 @@ + + + + + + {{environment}} + + + GET + POST + + + + + + + + + \ No newline at end of file diff --git a/apiops/products/ratelimited/apis.json b/apiops/products/ratelimited/apis.json new file mode 100644 index 0000000..849e3b4 --- /dev/null +++ b/apiops/products/ratelimited/apis.json @@ -0,0 +1,5 @@ +[ + { + "name": "conferenceapi3" + } +] \ No newline at end of file diff --git a/apiops/products/ratelimited/groups.json b/apiops/products/ratelimited/groups.json new file mode 100644 index 0000000..370a1a0 --- /dev/null +++ b/apiops/products/ratelimited/groups.json @@ -0,0 +1,11 @@ +[ + { + "name": "administrators" + }, + { + "name": "developers" + }, + { + "name": "guests" + } +] \ No newline at end of file diff --git a/apiops/products/ratelimited/policy.xml b/apiops/products/ratelimited/policy.xml new file mode 100644 index 0000000..c276c33 --- /dev/null +++ b/apiops/products/ratelimited/policy.xml @@ -0,0 +1,25 @@ + + + + + + + + + + + + + + \ No newline at end of file diff --git a/apiops/products/ratelimited/productInformation.json b/apiops/products/ratelimited/productInformation.json new file mode 100644 index 0000000..16dbc4c --- /dev/null +++ b/apiops/products/ratelimited/productInformation.json @@ -0,0 +1,10 @@ +{ + "properties": { + "approvalRequired": true, + "description": "Subscribers have completely unlimited access to the API. Administrator approval is required.", + "displayName": "ratelimited", + "state": "published", + "subscriptionRequired": true, + "subscriptionsLimit": 1 + } +} \ No newline at end of file diff --git a/apiops/tags/external/tagInformation.json b/apiops/tags/external/tagInformation.json new file mode 100644 index 0000000..4aec094 --- /dev/null +++ b/apiops/tags/external/tagInformation.json @@ -0,0 +1,5 @@ +{ + "properties": { + "displayName": "external" + } + } \ No newline at end of file diff --git a/apiops/tags/internal/tagInformation.json b/apiops/tags/internal/tagInformation.json new file mode 100644 index 0000000..c0b6549 --- /dev/null +++ b/apiops/tags/internal/tagInformation.json @@ -0,0 +1,5 @@ +{ + "properties": { + "displayName": "internal" + } + } \ No newline at end of file diff --git a/apis/conferenceapi/apiconfig.yaml b/apis/conferenceapi/apiconfig.yaml deleted file mode 100644 index 4a0e00a..0000000 --- a/apis/conferenceapi/apiconfig.yaml +++ /dev/null @@ -1,18 +0,0 @@ -version: 0.0.1 -apimServiceName: ${APIM_SERVICE} -apis: - - name: ${API_NAME} - type: http - suffix: conferences - displayName: Conference API - openApiSpec: https://raw.githubusercontent.com/${REPO}/${BRANCH}/apis/${API_NAME}/openapi.json - openApiSpecFormat: swagger - policy: https://raw.githubusercontent.com/${REPO}/${BRANCH}/apis/${API_NAME}/policies.xml - isCurrent: true -outputLocation: /app/apis/${API_NAME}/generatedtemplates -linked: false -baseFileName: ${API_NAME} -serviceUrlParameters: - - apiName: ${API_NAME} - serviceUrl: https://conferenceapi.azurewebsites.net - diff --git a/apis/conferenceapi2/apiconfig.yaml b/apis/conferenceapi2/apiconfig.yaml deleted file mode 100644 index 473a3cb..0000000 --- a/apis/conferenceapi2/apiconfig.yaml +++ /dev/null @@ -1,17 +0,0 @@ -version: 0.0.1 -apimServiceName: ${APIM_SERVICE} -apis: - - name: ${API_NAME} - type: http - suffix: conferences2 - displayName: Conference API 2 - openApiSpec: https://raw.githubusercontent.com/${REPO}/${BRANCH}/apis/${API_NAME}/openapi.json - openApiSpecFormat: swagger - policy: https://raw.githubusercontent.com/${REPO}/${BRANCH}/apis/${API_NAME}/policies.xml - isCurrent: true -outputLocation: /app/apis/${API_NAME}/generatedtemplates -linked: false -baseFileName: ${API_NAME} -serviceUrlParameters: - - apiName: ${API_NAME} - serviceUrl: https://conferenceapi.azurewebsites.net diff --git a/apis/conferenceapi3/apiconfig.yaml b/apis/conferenceapi3/apiconfig.yaml deleted file mode 100644 index e8f62b8..0000000 --- a/apis/conferenceapi3/apiconfig.yaml +++ /dev/null @@ -1,17 +0,0 @@ -version: 0.0.1 -apimServiceName: ${APIM_SERVICE} -apis: - - name: ${API_NAME} - type: http - suffix: conferences3 - displayName: Conference API 3 - openApiSpec: https://raw.githubusercontent.com/${REPO}/${BRANCH}/apis/${API_NAME}/openapi.json - openApiSpecFormat: swagger - policy: https://raw.githubusercontent.com/${REPO}/${BRANCH}/apis/${API_NAME}/policies.xml - isCurrent: true -outputLocation: /app/apis/${API_NAME}/generatedtemplates -linked: false -baseFileName: ${API_NAME} -serviceUrlParameters: - - apiName: ${API_NAME} - serviceUrl: https://conferenceapi.azurewebsites.net