Merge branch 'main' into feature/get-api-id

Author: simonkurtz-MSFT

.github/.copilot-instructions.md .github/copilot-instructions.md.github/.copilot-instructions.md renamed to .github/copilot-instructions.md

@@ -22,13 +22,20 @@
     "import utils\n",
     "from apimtypes import *\n",
     "\n",
-    "# User-defined parameters (change these as needed)\n",
+    "# ------------------------------\n",
+    "#    USER CONFIGURATION\n",
+    "# ------------------------------\n",
+    "\n",
     "rg_location = 'eastus2'             # Azure region for deployment\n",
     "index       = 1                     # Infrastructure index (use different numbers for multiple environments)\n",
     "apim_sku    = APIM_SKU.STANDARDV2   # Options: 'STANDARDV2', 'PREMIUMV2' (Basic not supported for private endpoints)\n",
-    "use_aca     = True                  # Include Azure Container Apps backends\n",
     "\n",
-    "# Create an instance of the desired infrastructure\n",
+    "\n",
+    "\n",
+    "# ------------------------------\n",
+    "#    SYSTEM CONFIGURATION\n",
+    "# ------------------------------\n",
+    "\n",
     "inb_helper = utils.InfrastructureNotebookHelper(rg_location, INFRASTRUCTURE.AFD_APIM_PE, index, apim_sku) \n",
     "success = inb_helper.create_infrastructure()\n",
     "\n",

infrastructure/afd-apim-pe/create.ipynb

@@ -1,46 +1,13 @@
 """
-Infrastructure creation module for AFD-APIM-PE.
-
-This module provides a reusable way to create Azure Front Door with API Management 
-(Private Endpoint) infrastructure that can be called from notebooks or other scripts.
+This module provides a reusable way to create Azure Front Door with API Management (Private Endpoint) infrastructure that can be called from notebooks or other scripts.
 """
 
 import sys
-import os
 import argparse
-from pathlib import Path
+from apimtypes import APIM_SKU, API, GET_APIOperation, BACKEND_XML_POLICY_PATH
+from infrastructures import AfdApimAcaInfrastructure
 import utils
-from apimtypes import *
-import json
 
-def _create_afd_apim_pe_infrastructure(
-    rg_location: str = 'eastus2',
-    index: int | None = None,
-    apim_sku: APIM_SKU = APIM_SKU.STANDARDV2,
-    use_aca: bool = True,
-    custom_apis: list[API] | None = None,
-    custom_policy_fragments: list[PolicyFragment] | None = None
-) -> utils.Output:
-    """
-    Create AFD-APIM-PE infrastructure with the specified parameters.
-    
-    Args:
-        rg_location (str): Azure region for deployment. Defaults to 'eastus2'.
-        index (int | None): Index for the infrastructure. Defaults to None (no index).
-        apim_sku (APIM_SKU): SKU for API Management. Defaults to STANDARDV2.
-        use_aca (bool): Whether to include Azure Container Apps. Defaults to True.
-        custom_apis (list[API] | None): Custom APIs to deploy. If None, uses default Hello World API.
-        custom_policy_fragments (list[PolicyFragment] | None): Custom policy fragments. If None, uses defaults.
-        
-    Returns:
-        utils.Output: The deployment result.
-    """
-    
-    # 1) Setup deployment parameters
-    deployment = INFRASTRUCTURE.AFD_APIM_PE
-    rg_name = utils.get_infra_rg_name(deployment, index)
-    rg_tags = utils.build_infrastructure_tags(deployment)
-    apim_network_mode = APIMNetworkMode.EXTERNAL_VNET
 
     print(f'\n🚀 Creating AFD-APIM-PE infrastructure...\n')
     print(f'   Infrastructure : {deployment.value}')
@@ -108,194 +75,72 @@ def _create_afd_apim_pe_infrastructure(
     infra_dir = Path(__file__).parent
 
     try:
-        os.chdir(infra_dir)
-        print(f'📁 Changed working directory to: {infra_dir}')
-        
-        # 6) Create the resource group if it doesn't exist
-        utils.create_resource_group(rg_name, rg_location, rg_tags)
+        # Create custom APIs for AFD-APIM-PE with optional Container Apps backends
+        custom_apis = _create_afd_specific_apis(not no_aca)
 
-        # 7) First deployment with public access enabled
-        print('\n🚀 Phase 1: Creating infrastructure with public access enabled...')
-        output = utils.create_bicep_deployment_group(rg_name, rg_location, deployment, bicep_parameters)
+        infra = AfdApimAcaInfrastructure(location, index, apim_sku, infra_apis = custom_apis)
+        result = infra.deploy_infrastructure()
 
-        if not output.success:
-            print('❌ Phase 1 deployment failed!')
-            return output
-            
-        # Extract service details for private link approval
-        if output.json_data:
-            apim_service_id = output.get('apimServiceId', 'APIM Service Id', suppress_logging = True)
-            
-            print('✅ Phase 1 deployment completed successfully!')
-            
-            # 8) Approve private link connections
-            print('\n🔗 Approving Front Door private link connections...')
-            _approve_private_link_connections(apim_service_id)
-            
-            # 9) Second deployment to disable public access
-            print('\n🔒 Phase 2: Disabling APIM public access...')
-            bicep_parameters['apimPublicAccess']['value'] = False
+        sys.exit(0 if result.success else 1)
 
-            output = utils.create_bicep_deployment_group(rg_name, rg_location, deployment, bicep_parameters)
-            
-            if output.success:
-                print('\n✅ Infrastructure creation completed successfully!')
-                if output.json_data:
-                    apim_gateway_url = output.get('apimResourceGatewayURL', 'APIM API Gateway URL', suppress_logging = True)
-                    afd_endpoint_url = output.get('fdeSecureUrl', 'Front Door Endpoint URL', suppress_logging = True)
-                    apim_apis = output.getJson('apiOutputs', 'APIs', suppress_logging = True)
-                    
-                    print(f'\n📋 Infrastructure Details:')
-                    print(f'   Resource Group     : {rg_name}')
-                    print(f'   Location           : {rg_location}')
-                    print(f'   APIM SKU           : {apim_sku.value}')
-                    print(f'   Use ACA            : {use_aca}')
-                    print(f'   Gateway URL        : {apim_gateway_url}')
-                    print(f'   Front Door URL     : {afd_endpoint_url}')
-                    print(f'   APIs Created       : {len(apim_apis)}')
-                    
-                    # Perform basic verification
-                    _verify_infrastructure(rg_name, use_aca)
-            else:
-                print('❌ Phase 2 deployment failed!')
-                
-        return output
-        
-    finally:
-        # Always restore the original working directory
-        os.chdir(original_cwd)
-        print(f'📁 Restored working directory to: {original_cwd}')
-
-def _approve_private_link_connections(apim_service_id: str) -> None:
-    """
-    Approve pending private link connections for the APIM service.
-    
-    Args:
-        apim_service_id (str): The resource ID of the APIM service.
-    """
-    
-    # Get all pending private endpoint connections as JSON
-    output = utils.run(f"az network private-endpoint-connection list --id {apim_service_id} --query \"[?contains(properties.privateLinkServiceConnectionState.status, 'Pending')]\" -o json", print_command_to_run = False)
-
-    # Handle both a single object and a list of objects
-    pending_connections = output.json_data if output.success and output.is_json else []
-
-    if isinstance(pending_connections, dict):
-        pending_connections = [pending_connections]
-
-    total = len(pending_connections)
-    print(f'Found {total} pending private link service connection(s).')
-
-    if total > 0:
-        for i, conn in enumerate(pending_connections, 1):
-            conn_id = conn.get('id')
-            conn_name = conn.get('name', '<unknown>')
-            print(f'  {i}/{total}: Approving {conn_name}')
+    except Exception as e:
+        print(f'\n💥 Error: {str(e)}')
+        sys.exit(1)
 
-            approve_result = utils.run(
-                f"az network private-endpoint-connection approve --id {conn_id} --description 'Approved'",
-                f'Private Link Connection approved: {conn_name}',
-                f'Failed to approve Private Link Connection: {conn_name}',
-                print_command_to_run = False
-            )
 
-        print('✅ Private link approvals completed')
-    else:
-        print('No pending private link service connections found. Nothing to approve.')
-
-def _verify_infrastructure(rg_name: str, use_aca: bool) -> bool:
+def _create_afd_specific_apis(use_aca: bool = True) -> list[API]:
     """
-    Verify that the infrastructure was created successfully.
+    Create AFD-APIM-PE specific APIs with optional Container Apps backends.
     
     Args:
-        rg_name (str): Resource group name.
-        use_aca (bool): Whether Container Apps were included.
+        use_aca (bool): Whether to include Azure Container Apps backends. Defaults to true.
         
     Returns:
-        bool: True if verification passed, False otherwise.
+        list[API]: List of AFD-specific APIs.
     """
 
-    print('\n🔍 Verifying infrastructure...')
+    # If Container Apps is enabled, create the ACA APIs in APIM
+    if use_aca:
+        pol_backend          = utils.read_policy_xml(BACKEND_XML_POLICY_PATH)
+        pol_aca_backend_1    = pol_backend.format(backend_id = 'aca-backend-1')
+        pol_aca_backend_2    = pol_backend.format(backend_id = 'aca-backend-2')
+        pol_aca_backend_pool = pol_backend.format(backend_id = 'aca-backend-pool')
+
+        # API 1: Hello World (ACA Backend 1)
+        api_hwaca_1_get      = GET_APIOperation('This is a GET for Hello World on ACA Backend 1')
+        api_hwaca_1          = API('hello-world-aca-1', 'Hello World (ACA 1)', '/aca-1', 'This is the ACA API for Backend 1', pol_aca_backend_1, [api_hwaca_1_get])
+
+        # API 2: Hello World (ACA Backend 2)
+        api_hwaca_2_get      = GET_APIOperation('This is a GET for Hello World on ACA Backend 2')
+        api_hwaca_2          = API('hello-world-aca-2', 'Hello World (ACA 2)', '/aca-2', 'This is the ACA API for Backend 2', pol_aca_backend_2, [api_hwaca_2_get])
+
+        # API 3: Hello World (ACA Backend Pool)
+        api_hwaca_pool_get   = GET_APIOperation('This is a GET for Hello World on ACA Backend Pool')
+        api_hwaca_pool       = API('hello-world-aca-pool', 'Hello World (ACA Pool)', '/aca-pool', 'This is the ACA API for Backend Pool', pol_aca_backend_pool, [api_hwaca_pool_get])
+
+        return [api_hwaca_1, api_hwaca_2, api_hwaca_pool]
 
-    try:
-        # Check if the resource group exists
-        if not utils.does_resource_group_exist(rg_name):
-            print('❌ Resource group does not exist!')
-            return False
-        
-        print('✅ Resource group verified')
-        
-        # Get APIM service details
-        output = utils.run(f'az apim list -g {rg_name} --query "[0]" -o json', print_command_to_run = False, print_errors = False)
-        
-        if output.success and output.json_data:
-            apim_name = output.json_data.get('name')
-            print(f'✅ APIM Service verified: {apim_name}')
-            
-            # Check Front Door
-            afd_output = utils.run(f'az afd profile list -g {rg_name} --query "[0]" -o json', print_command_to_run = False, print_errors = False)
-            
-            if afd_output.success and afd_output.json_data:
-                afd_name = afd_output.json_data.get('name')
-                print(f'✅ Azure Front Door verified: {afd_name}')
-                
-                # Check Container Apps if enabled
-                if use_aca:
-                    aca_output = utils.run(f'az containerapp list -g {rg_name} --query "length(@)"', print_command_to_run = False, print_errors = False)
-                    
-                    if aca_output.success:
-                        aca_count = int(aca_output.text.strip())
-                        print(f'✅ Container Apps verified: {aca_count} app(s) created')
-            
-            print('\n🎉 Infrastructure verification completed successfully!')
-            return True
-            
-        else:
-            print('\n❌ APIM service not found!')
-            return False
-            
-    except Exception as e:
-        print(f'\n⚠️  Verification failed with error: {str(e)}')
-        return False
-
+    return []
 def main():
     """
     Main entry point for command-line usage.
     """
 
-    parser = argparse.ArgumentParser(description='Create AFD-APIM-PE infrastructure')
-    parser.add_argument('--location', default='eastus2', help='Azure region (default: eastus2)')
-    parser.add_argument('--index', type=int, help='Infrastructure index')
-    parser.add_argument('--sku', choices=['Standardv2', 'Premiumv2'], default='Standardv2', help='APIM SKU (default: Standardv2)')
-    parser.add_argument('--no-aca', action='store_true', help='Disable Azure Container Apps')
-    
+    parser = argparse.ArgumentParser(description = 'Create AFD-APIM-PE infrastructure')
+    parser.add_argument('--location', default = 'eastus2', help = 'Azure region (default: eastus2)')
+    parser.add_argument('--index', type = int, help = 'Infrastructure index')
+    parser.add_argument('--sku', choices = ['Standardv2', 'Premiumv2'], default = 'Standardv2', help = 'APIM SKU (default: Standardv2)')
+    parser.add_argument('--no-aca', action = 'store_true', help = 'Disable Azure Container Apps')
     args = parser.parse_args()
-    
-    # Convert SKU string to enum
-    sku_map = {
-        'Standardv2': APIM_SKU.STANDARDV2,
-        'Premiumv2': APIM_SKU.PREMIUMV2
-    }
-    
+
+    # Convert SKU string to enum using the enum's built-in functionality
     try:
-        result = _create_afd_apim_pe_infrastructure(
-            rg_location = args.location, 
-            index = args.index, 
-            apim_sku = sku_map[args.sku],
-            use_aca = not args.no_aca
-        )
-        
-        if result.success:
-            print('\n🎉 Infrastructure creation completed successfully!')
-            sys.exit(0)
-        else:
-            print('\n💥 Infrastructure creation failed!')
-            sys.exit(1)
-            
-    except Exception as e:
-        print(f'\n💥 Error: {str(e)}')
+        apim_sku = APIM_SKU(args.sku)
+    except ValueError:
+        print(f"Error: Invalid SKU '{args.sku}'. Valid options are: {', '.join([sku.value for sku in APIM_SKU])}")
         sys.exit(1)
 
+    create_infrastructure(args.location, args.index, apim_sku, args.no_aca)
 
 if __name__ == '__main__':
     main()

infrastructure/afd-apim-pe/create_infrastructure.py

@@ -292,6 +292,7 @@ module afdModule '../../shared/bicep/modules/afd/v1/afd.bicep' = {
     fdeName: afdEndpointName
     afdSku: 'Premium_AzureFrontDoor'
     apimName: apimName
+    logAnalyticsWorkspaceId: lawId
   }
   dependsOn: [
     apimModule

infrastructure/afd-apim-pe/main.bicep

@@ -20,13 +20,20 @@
     "import utils\n",
     "from apimtypes import *\n",
     "\n",
-    "# User-defined parameters (change these as needed)\n",
-    "rg_location     = 'eastus2'         # Azure region for deployment\n",
-    "index           = 1                 # Infrastructure index (use different numbers for multiple environments)\n",
-    "apim_sku        = APIM_SKU.BASICV2  # Options: 'BASICV2', 'STANDARDV2', 'PREMIUMV2'\n",
-    "reveal_backend  = True              # Set to True to reveal the backend details in the API operations\n",
+    "# ------------------------------\n",
+    "#    USER CONFIGURATION\n",
+    "# ------------------------------\n",
+    "\n",
+    "rg_location = 'eastus2'             # Azure region for deployment\n",
+    "index       = 1                     # Infrastructure index (use different numbers for multiple environments)\n",
+    "apim_sku    = APIM_SKU.BASICV2      # Options: 'BASICV2', 'STANDARDV2', 'PREMIUMV2'\n",
+    "\n",
+    "\n",
+    "\n",
+    "# ------------------------------\n",
+    "#    SYSTEM CONFIGURATION\n",
+    "# ------------------------------\n",
     "\n",
-    "# Create an instance of the desired infrastructure\n",
     "inb_helper = utils.InfrastructureNotebookHelper(rg_location, INFRASTRUCTURE.APIM_ACA, index, apim_sku) \n",
     "success = inb_helper.create_infrastructure()\n",
     "\n",