From f98cb54d47da8a11eff0f33fae11f08787434f91 Mon Sep 17 00:00:00 2001 From: stijnmoreels <9039753+stijnmoreels@users.noreply.github.com> Date: Thu, 8 Apr 2021 11:41:23 +0200 Subject: [PATCH] feat: upload private certificats to Azure API Management certificate store (#153) * feat: upload private certificats to Azure API Management certificate store * Update docs/preview/features/powershell/azure-api-management.md Co-authored-by: Maxim Braekman * Update docs/preview/features/powershell/azure-api-management.md Co-authored-by: Maxim Braekman * Update docs/preview/features/powershell/azure-api-management.md Co-authored-by: Maxim Braekman * Update src/Arcus.Scripting.ApiManagement/Arcus.Scripting.ApiManagement.psm1 Co-authored-by: Maxim Braekman * Update Arcus.Scripting.ApiManagement.psm1 * Update Upload-AzApiManagementCertificate.ps1 * Update src/Arcus.Scripting.ApiManagement/Arcus.Scripting.ApiManagement.psm1 Co-authored-by: Maxim Braekman * Update Upload-AzApiManagementCertificate.ps1 Co-authored-by: Maxim Braekman --- .../powershell/azure-api-management.md | 19 +++++++++++ .../Arcus.Scripting.ApiManagement.psd1 | 3 +- .../Arcus.Scripting.ApiManagement.psm1 | 32 +++++++++++++++++++ .../Arcus.Scripting.ApiManagement.pssproj | 1 + .../Upload-AzApiManagementCertificate.ps1 | 13 ++++++++ .../Arcus.Scripting.ApiManagement.tests.ps1 | 24 ++++++++++++++ 6 files changed, 91 insertions(+), 1 deletion(-) create mode 100644 src/Arcus.Scripting.ApiManagement/Scripts/Upload-AzApiManagementCertificate.ps1 diff --git a/docs/preview/features/powershell/azure-api-management.md b/docs/preview/features/powershell/azure-api-management.md index af69de83..8d59c903 100644 --- a/docs/preview/features/powershell/azure-api-management.md +++ b/docs/preview/features/powershell/azure-api-management.md @@ -14,6 +14,7 @@ This module provides the following capabilities: - [Removing all Azure API Management defaults from the instance](#removing-all-azure-api-management-defaults-from-the-instance) - [Restoring an API Management service](#restoring-an-api-management-service) - [Setting authentication keys to an API in the Azure API Management instance](#setting-authentication-keys-to-an-api-in-the-azure-api-management-instance) +- [Uploading private certificates to the Azure API Management certificate store](#uploading-private-certificates-to-the-azure-api-management-certificate-store) ## Installation @@ -201,3 +202,21 @@ Write-Host "Using API Management instance '$ServiceName' in resource group '$Res Write-Host "Subscription key header 'my-api-key' was assigned" Write-Host "Subscription key query parameter 'myApiKey' was assigned" ``` + +## Uploading private certificates to the Azure API Management certificate store +Uploads a private certificate to the Azure API Management certificate store, allowing authentication against backend services. + +| Parameter | Mandatory | Description | +| --------------------- | --------- | --------------------------------------------------------------------------------------------- | +| `ResourceGroupName` | yes | The resource group containing the Azure API Management instance | +| `ServiceName` | yes | The name of the Azure API Management instance | +| `CertificateFilePath` | yes | The full file path to the location of the private certificate | +| `CertificatePassword` | yes | The password for the private certificate | + +**Example** + +```powershell +PS> Upload-AzApiManagementCertificate -ResourceGroupName "my-resource-group" -ServiceName "my-api-management-instance' -CertificateFilePath "c:\temp\certificate.pfx" -CertificatePassword "P@ssw0rd" +# Using API Management instance 'my-api-management-instance' in resource group 'my-resource-group' +# Uploaded private certificate at 'c:\temp\certificate.pfx' +``` diff --git a/src/Arcus.Scripting.ApiManagement/Arcus.Scripting.ApiManagement.psd1 b/src/Arcus.Scripting.ApiManagement/Arcus.Scripting.ApiManagement.psd1 index 7db00b5b..f8407426 100644 --- a/src/Arcus.Scripting.ApiManagement/Arcus.Scripting.ApiManagement.psd1 +++ b/src/Arcus.Scripting.ApiManagement/Arcus.Scripting.ApiManagement.psd1 @@ -74,7 +74,8 @@ FunctionsToExport = @( 'Backup-AzApiManagementService', 'Remove-AzApiManagementDefaults', 'Restore-AzApiManagementService', - 'Set-AzApiManagementApiSubscriptionKey') + 'Set-AzApiManagementApiSubscriptionKey', + 'Upload-AzApiManagementCertificate') # Cmdlets to export from this module CmdletsToExport = '*' diff --git a/src/Arcus.Scripting.ApiManagement/Arcus.Scripting.ApiManagement.psm1 b/src/Arcus.Scripting.ApiManagement/Arcus.Scripting.ApiManagement.psm1 index c65fa811..e2d03347 100644 --- a/src/Arcus.Scripting.ApiManagement/Arcus.Scripting.ApiManagement.psm1 +++ b/src/Arcus.Scripting.ApiManagement/Arcus.Scripting.ApiManagement.psm1 @@ -317,3 +317,35 @@ function Set-AzApiManagementApiSubscriptionKey { } Export-ModuleMember -Function Set-AzApiManagementApiSubscriptionKey + +<# + .Synopsis + Uploads a certificate to the Azure API Management certificate store. + + .Description + Uploads a private certificate to the Azure API Management certificate store, allowing authentication against backend services. + + .Parameter ResourceGroupName + The name of the resource group containing the Azure API Management instance. + + .Parameter ServiceName + The name of the Azure API Management instance. + + .Parameter CertificateFilePath + The full file path to the location of the public certificate. + + .Parameter CertificatePassword + The password for the private certificate. +#> +function Upload-AzApiManagementCertificate { + param( + [Parameter(Mandatory = $true)][string] $ResourceGroupName = $(throw "Resource group name is required"), + [Parameter(Mandatory = $true)][string] $ServiceName = $(throw "API management service name is required"), + [Parameter(Mandatory = $true)][string] $CertificateFilePath = $(throw "Full file path to the certificate is required"), + [Parameter(Mandatory = $true)][string] $CertificatePassword = $(throw "Password for certificate is required") + ) + + . $PSScriptRoot\Scripts\Upload-AzApiManagementCertificate.ps1 -ResourceGroupName $ResourceGroupName -ServiceName $ServiceName -CertificateFilePath $CertificateFilePath -CertificatePassword $CertificatePassword +} + +Export-ModuleMember -Function Upload-AzApiManagementCertificate diff --git a/src/Arcus.Scripting.ApiManagement/Arcus.Scripting.ApiManagement.pssproj b/src/Arcus.Scripting.ApiManagement/Arcus.Scripting.ApiManagement.pssproj index 996f1f45..d516a6a3 100644 --- a/src/Arcus.Scripting.ApiManagement/Arcus.Scripting.ApiManagement.pssproj +++ b/src/Arcus.Scripting.ApiManagement/Arcus.Scripting.ApiManagement.pssproj @@ -39,6 +39,7 @@ + diff --git a/src/Arcus.Scripting.ApiManagement/Scripts/Upload-AzApiManagementCertificate.ps1 b/src/Arcus.Scripting.ApiManagement/Scripts/Upload-AzApiManagementCertificate.ps1 new file mode 100644 index 00000000..053d8595 --- /dev/null +++ b/src/Arcus.Scripting.ApiManagement/Scripts/Upload-AzApiManagementCertificate.ps1 @@ -0,0 +1,13 @@ +param( + [Parameter(Mandatory = $true)][string] $ResourceGroupName = $(throw "Resource group name is required"), + [Parameter(Mandatory = $true)][string] $ServiceName = $(throw "API management service name is required"), + [Parameter(Mandatory = $true)][string] $CertificateFilePath = $(throw "Full file path to certificate is required"), + [Parameter(Mandatory = $true)][string] $CertificatePassword = $(throw "Password for certificate is required") +) + +$context = New-AzApiManagementContext -ResourceGroupName $ResourceGroupName -ServiceName $ServiceName +Write-Host "Using API Management instance '$ServiceName' in resource group '$ResourceGroupName'" + +Write-Verbose "Uploading private certificate at '$CertificateFilePath'..." +New-AzApiManagementCertificate -Context $context -PfxFilePath $CertificateFilePath -PfxPassword $CertificatePassword +Write-Host "Uploaded private certificate at '$CertificateFilePath'" diff --git a/src/Arcus.Scripting.Tests.Unit/Arcus.Scripting.ApiManagement.tests.ps1 b/src/Arcus.Scripting.Tests.Unit/Arcus.Scripting.ApiManagement.tests.ps1 index 8a89ccb2..816a2368 100644 --- a/src/Arcus.Scripting.Tests.Unit/Arcus.Scripting.ApiManagement.tests.ps1 +++ b/src/Arcus.Scripting.Tests.Unit/Arcus.Scripting.ApiManagement.tests.ps1 @@ -716,6 +716,30 @@ Describe "Arcus" { # Act Set-AzApiManagementApiSubscriptionKey -ResourceGroupName $resourceGroup -ServiceName $serviceName -ApiId $apiId -HeaderName $apiKeyHeaderName -QueryParamName $apiKeyQueryParamName + # Assert + Assert-VerifiableMock + } + It "Uploads private certificate to API Management" { + # Arrange + $resourceGroup = "customer" + $name = "customer-name" + $filePath = "c:\temp\certificate.pfx" + $password = "P@ssw0rd" + $stubContext = New-Object -TypeName Microsoft.Azure.Commands.ApiManagement.ServiceManagement.Models.PsApiManagementContext + + Mock New-AzApiManagementContext { + $ResourceGroupName | Should -Be $resourceGroup + $ServiceName | Should -Be $name + return $stubContext } -Verifiable + + Mock New-AzApiManagementCertificate { + $Context | Should -Be $stubContext + $PfxFilePath | Should -Be $filePath + $PfxPassword | Should -Be $password } -Verifiable + + # Act + Upload-AzApiManagementCertificate -ResourceGroupName $resourceGroup -ServiceName $name -CertificateFilePath $filePath -CertificatePassword $password + # Assert Assert-VerifiableMock }