feat: upload private certificats to Azure API Management certificate …

…store (#153) * feat: upload private certificats to Azure API Management certificate store * Update docs/preview/features/powershell/azure-api-management.md Co-authored-by: Maxim Braekman <[email protected]> * Update docs/preview/features/powershell/azure-api-management.md Co-authored-by: Maxim Braekman <[email protected]> * Update docs/preview/features/powershell/azure-api-management.md Co-authored-by: Maxim Braekman <[email protected]> * Update src/Arcus.Scripting.ApiManagement/Arcus.Scripting.ApiManagement.psm1 Co-authored-by: Maxim Braekman <[email protected]> * Update Arcus.Scripting.ApiManagement.psm1 * Update Upload-AzApiManagementCertificate.ps1 * Update src/Arcus.Scripting.ApiManagement/Arcus.Scripting.ApiManagement.psm1 Co-authored-by: Maxim Braekman <[email protected]> * Update Upload-AzApiManagementCertificate.ps1 Co-authored-by: Maxim Braekman <[email protected]>
arcus-azure · Apr 8, 2021 · f98cb54 · f98cb54
1 parent 9187132
commit f98cb54
Show file tree

Hide file tree

Showing 6 changed files with 91 additions and 1 deletion.
diff --git a/docs/preview/features/powershell/azure-api-management.md b/docs/preview/features/powershell/azure-api-management.md
@@ -14,6 +14,7 @@ This module provides the following capabilities:
 - [Removing all Azure API Management defaults from the instance](#removing-all-azure-api-management-defaults-from-the-instance)
 - [Restoring an API Management service](#restoring-an-api-management-service)
 - [Setting authentication keys to an API in the Azure API Management instance](#setting-authentication-keys-to-an-api-in-the-azure-api-management-instance)
+- [Uploading private certificates to the Azure API Management certificate store](#uploading-private-certificates-to-the-azure-api-management-certificate-store)
 
 ## Installation
 
@@ -201,3 +202,21 @@ Write-Host "Using API Management instance '$ServiceName' in resource group '$Res
 Write-Host "Subscription key header 'my-api-key' was assigned"
 Write-Host "Subscription key query parameter 'myApiKey' was assigned"
 ```
+
+## Uploading private certificates to the Azure API Management certificate store
+Uploads a private certificate to the Azure API Management certificate store, allowing authentication against backend services.
+
+| Parameter             | Mandatory | Description                                                                                   |
+| --------------------- | --------- | --------------------------------------------------------------------------------------------- |
+| `ResourceGroupName`   | yes       | The resource group containing the Azure API Management instance                               |
+| `ServiceName`         | yes       | The name of the Azure API Management instance                                                 |
+| `CertificateFilePath` | yes       | The full file path to the location of the private certificate                                 |
+| `CertificatePassword` | yes       | The password for the private certificate                                                      |
+
+**Example**
+
+```powershell
+PS> Upload-AzApiManagementCertificate -ResourceGroupName "my-resource-group" -ServiceName "my-api-management-instance' -CertificateFilePath "c:\temp\certificate.pfx" -CertificatePassword "P@ssw0rd"
+# Using API Management instance 'my-api-management-instance' in resource group 'my-resource-group'
+# Uploaded private certificate at 'c:\temp\certificate.pfx'
+```
diff --git a/src/Arcus.Scripting.ApiManagement/Arcus.Scripting.ApiManagement.psd1 b/src/Arcus.Scripting.ApiManagement/Arcus.Scripting.ApiManagement.psd1
@@ -74,7 +74,8 @@ FunctionsToExport = @(
     'Backup-AzApiManagementService',
     'Remove-AzApiManagementDefaults',
     'Restore-AzApiManagementService',
-    'Set-AzApiManagementApiSubscriptionKey')
+    'Set-AzApiManagementApiSubscriptionKey',
+    'Upload-AzApiManagementCertificate')
 
 # Cmdlets to export from this module
 CmdletsToExport = '*'

diff --git a/src/Arcus.Scripting.ApiManagement/Arcus.Scripting.ApiManagement.psm1 b/src/Arcus.Scripting.ApiManagement/Arcus.Scripting.ApiManagement.psm1
@@ -317,3 +317,35 @@ function Set-AzApiManagementApiSubscriptionKey {
 }
 
 Export-ModuleMember -Function Set-AzApiManagementApiSubscriptionKey
+
+<#
+ .Synopsis
+  Uploads a certificate to the Azure API Management certificate store.
+
+ .Description
+  Uploads a private certificate to the Azure API Management certificate store, allowing authentication against backend services.
+
+ .Parameter ResourceGroupName
+  The name of the resource group containing the Azure API Management instance.
+
+ .Parameter ServiceName
+  The name of the Azure API Management instance.
+
+ .Parameter CertificateFilePath
+  The full file path to the location of the public certificate.
+
+ .Parameter CertificatePassword
+  The password for the private certificate.
+#>
+function Upload-AzApiManagementCertificate {
+    param(
+        [Parameter(Mandatory = $true)][string] $ResourceGroupName = $(throw "Resource group name is required"),
+        [Parameter(Mandatory = $true)][string] $ServiceName = $(throw "API management service name is required"),
+        [Parameter(Mandatory = $true)][string] $CertificateFilePath = $(throw "Full file path to the certificate is required"),
+        [Parameter(Mandatory = $true)][string] $CertificatePassword = $(throw "Password for certificate is required")
+    )
+
+    . $PSScriptRoot\Scripts\Upload-AzApiManagementCertificate.ps1 -ResourceGroupName $ResourceGroupName -ServiceName $ServiceName -CertificateFilePath $CertificateFilePath -CertificatePassword $CertificatePassword
+}
+
+Export-ModuleMember -Function Upload-AzApiManagementCertificate
diff --git a/src/Arcus.Scripting.ApiManagement/Arcus.Scripting.ApiManagement.pssproj b/src/Arcus.Scripting.ApiManagement/Arcus.Scripting.ApiManagement.pssproj
@@ -39,6 +39,7 @@
     <Compile Include="Scripts\Import-AzApiManagementOperationPolicy.ps1" />
     <Compile Include="Scripts\Restore-AzApiManagementService.ps1" />
     <Compile Include="Scripts\Set-AzApiManagementApiSubscriptionKey.ps1" />
+    <Compile Include="Scripts\Upload-AzApiManagementCertificate.ps1" />
   </ItemGroup>
   <Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
   <Target Name="Build" />

diff --git a/src/Arcus.Scripting.ApiManagement/Scripts/Upload-AzApiManagementCertificate.ps1 b/src/Arcus.Scripting.ApiManagement/Scripts/Upload-AzApiManagementCertificate.ps1
@@ -0,0 +1,13 @@
+param(
+    [Parameter(Mandatory = $true)][string] $ResourceGroupName = $(throw "Resource group name is required"),
+    [Parameter(Mandatory = $true)][string] $ServiceName = $(throw "API management service name is required"),
+    [Parameter(Mandatory = $true)][string] $CertificateFilePath = $(throw "Full file path to certificate is required"),
+    [Parameter(Mandatory = $true)][string] $CertificatePassword = $(throw "Password for certificate is required")
+)
+
+$context = New-AzApiManagementContext -ResourceGroupName $ResourceGroupName -ServiceName $ServiceName
+Write-Host "Using API Management instance '$ServiceName' in resource group '$ResourceGroupName'"
+
+Write-Verbose "Uploading private certificate at '$CertificateFilePath'..."
+New-AzApiManagementCertificate -Context $context -PfxFilePath $CertificateFilePath -PfxPassword $CertificatePassword
+Write-Host "Uploaded private certificate at '$CertificateFilePath'"
diff --git a/src/Arcus.Scripting.Tests.Unit/Arcus.Scripting.ApiManagement.tests.ps1 b/src/Arcus.Scripting.Tests.Unit/Arcus.Scripting.ApiManagement.tests.ps1
@@ -716,6 +716,30 @@ Describe "Arcus" {
                 # Act
                 Set-AzApiManagementApiSubscriptionKey -ResourceGroupName $resourceGroup -ServiceName $serviceName -ApiId $apiId -HeaderName $apiKeyHeaderName -QueryParamName $apiKeyQueryParamName
 
+                # Assert
+                Assert-VerifiableMock
+            }
+            It "Uploads private certificate to API Management" {
+                # Arrange
+                $resourceGroup = "customer"
+                $name = "customer-name"
+                $filePath = "c:\temp\certificate.pfx"
+                $password = "P@ssw0rd"
+                $stubContext = New-Object -TypeName Microsoft.Azure.Commands.ApiManagement.ServiceManagement.Models.PsApiManagementContext
+
+                Mock New-AzApiManagementContext {
+                    $ResourceGroupName | Should -Be $resourceGroup
+                    $ServiceName | Should -Be $name
+                    return $stubContext } -Verifiable
+
+                Mock New-AzApiManagementCertificate {
+                    $Context | Should -Be $stubContext
+                    $PfxFilePath | Should -Be $filePath
+                    $PfxPassword | Should -Be $password } -Verifiable
+
+                # Act
+                Upload-AzApiManagementCertificate -ResourceGroupName $resourceGroup -ServiceName $name -CertificateFilePath $filePath -CertificatePassword $password
+
                 # Assert
                 Assert-VerifiableMock
             }