Azure-Samples
diff --git a/‎.github/.copilot-instructions.md‎
Lines changed: 13 additions & 1 deletion b/‎.github/.copilot-instructions.md‎
Lines changed: 13 additions & 1 deletion
diff --git a/‎.gitignore‎
Lines changed: 1 addition & 0 deletions b/‎.gitignore‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎README.md‎
Lines changed: 2 additions & 2 deletions b/‎README.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎TEMPLATE_PARAMETERS_USAGE.md‎
Lines changed: 0 additions & 69 deletions b/‎TEMPLATE_PARAMETERS_USAGE.md‎
Lines changed: 0 additions & 69 deletions
diff --git a/‎examples/template_parameters_usage.py‎
Lines changed: 0 additions & 197 deletions b/‎examples/template_parameters_usage.py‎
Lines changed: 0 additions & 197 deletions
diff --git a/‎samples/authX-pro/create.ipynb‎
Lines changed: 11 additions & 20 deletions b/‎samples/authX-pro/create.ipynb‎
Lines changed: 11 additions & 20 deletions
@@ -10,7 +10,7 @@ This instructions file is designed to guide GitHub Copilot's behavior specifical
 
 **In case of any conflict, instructions from other individualized or project-specific files (such as `my-copilot.instructions.md`) take precedence over this file.**
 
-## Repo Context
+## Repository Context
 
 - This repository provides a playground to safely experiment with and learn Azure API Management (APIM) policies in various architectures.
 - The primary technologies are Python, Bicep, Jupyter notebooks, Azure CLI, APIM policy XML, and Markdown.
@@ -53,6 +53,17 @@ In case of any conflicting instructions, the following hierarchy shall apply. If
 - Use type annotations and docstrings where appropriate.
 - Prefer standard libraries and well-maintained dependencies.
 
+## Repository Structure
+
+- `/`: Root directory containing the main files and folders. Bicep configuration is stored in `bicepconfig.json`.
+- The following folders are all at the root level:
+    - `assets/`: PlantUML diagrams and images. Static assets such as these should be placed here. Any diagrams should be placed in the /diagrams/src subfolder.
+    - `infrastructure/`: Contains Jupyter notebooks for setting up various API Management infrastructures. When modifying samples, these notebooks should not need to be modified. 
+    - `samples/`: Various policy and scenario samples that can be applied to the infrastructures.
+    - `setup/`: General setup scripts and configurations for the repository and dev environment setup.
+    - `shared/`: Shared resources, such as Bicep modules, Python libraries, and other reusable components.
+    - `tests/`: Contains unit tests for Python code and Bicep modules. This folder should contain all tests for all code in the repository. 
+
 ## Formatting and Style
 
 - Maintain consistent indentation and whitespace but consider Editor Config settings, etc, for the repository.
@@ -117,6 +128,7 @@ param resourceSuffix string = uniqueString(subscription().id, resourceGroup().id
 - Prefer Python 3.12+ syntax and features unless otherwise specified.
 - When inserting a comment to describe a method, insert a blank line after the comment section.
 - Never leave a blank line at the very top of a Python file. The file must start immediately with the module docstring or code. Always remove any leading blank line at the top.
+- Do not have imports such as `from shared.python import Foo`. The /shared/python directory is covered by a root `.env` file. Just use `import Foo` or `from Foo import Bar` as appropriate.
 - After the module docstring, all import statements must come before any section headers (e.g., CONSTANTS, VARIABLES, etc.). Section headers should only appear after the imports. Here is a more explicit example:
 
     ```python
 
@@ -5,6 +5,7 @@ __pycache__/
 .venv/
 venv/
 env/
+.pytest_cache/
 
 # Jupyter
 .ipynb_checkpoints/
 
@@ -49,10 +49,10 @@ The first time you run a Jupyter notebook, you'll be asked to install the Jupyte
 
 | Sample Name                                                     | Description                                                                                                         | Supported Infrastructure(s)   |
 |:----------------------------------------------------------------|:--------------------------------------------------------------------------------------------------------------------|:------------------------------|
-| [General](./samples/general/create.ipynb)                       | Basic demo of APIM sample setup and policy usage.                                                                   | All infrastructures           |
-| [Load Balancing](./samples/load-balancing/create.ipynb)         | Priority and weighted load balancing across backends.                                                               | apim-aca, afd-apim (with ACA) |
 | [AuthX](./samples/authx/create.ipynb)                           | Authentication and role-based authorization in a mock HR API.                                                       | All infrastructures           |
 | [AuthX Pro](./samples/authx-pro/create.ipynb)                   | Authentication and role-based authorization in a mock product with multiple APIs and policy fragments.              | All infrastructures           |
+| [General](./samples/general/create.ipynb)                       | Basic demo of APIM sample setup and policy usage.                                                                   | All infrastructures           |
+| [Load Balancing](./samples/load-balancing/create.ipynb)         | Priority and weighted load balancing across backends.                                                               | apim-aca, afd-apim (with ACA) |
 | [Secure Blob Access](./samples/secure-blob-access/create.ipynb) | Secure blob access via the [valet key pattern](https://learn.microsoft.com/azure/architecture/patterns/valet-key).  | All infrastructures           |
 
 ### ▶️ Running a Sample
 
@@ -107,9 +107,9 @@
     "# 3) Set up the named values\n",
     "nvs: List[NamedValue] = [\n",
     "    NamedValue(jwt_key_name, jwt_key_value_bytes_b64, True),\n",
-    "    NamedValue('HRMemberRoleId', HR_MEMBER_ROLE_ID),\n",
-    "    NamedValue('HRAssociateRoleId', HR_ASSOCIATE_ROLE_ID),\n",
-    "    NamedValue('HRAdministratorRoleId', HR_ADMINISTRATOR_ROLE_ID)\n",
+    "    NamedValue('HRMemberRoleId', Role.HR_MEMBER),\n",
+    "    NamedValue('HRAssociateRoleId', Role.HR_ASSOCIATE),\n",
+    "    NamedValue('HRAdministratorRoleId', Role.HR_ADMINISTRATOR)\n",
     "]\n",
     "\n",
     "# 4) Set up the policy fragments\n",
@@ -226,25 +226,17 @@
    "source": [
     "import utils\n",
     "from apimrequests import ApimRequests\n",
-    "from apimjwt import JwtPayload, SymmetricJwtToken\n",
-    "from apimtypes import HR_MEMBER_ROLE_ID, HR_ADMINISTRATOR_ROLE_ID, HR_ASSOCIATE_ROLE_ID\n",
+    "from apimtypes import Role\n",
+    "from users import UserHelper\n",
+    "from authfactory import AuthFactory\n",
     "\n",
     "# Preflight: Check if the infrastructure architecture deployment uses Azure Front Door. If so, assume that APIM is not directly accessible and use the Front Door URL instead.\n",
-    "endpoint_url = apim_gateway_url\n",
-    "utils.print_message('Checking if the infrastructure architecture deployment uses Azure Front Door.', blank_above = True)\n",
-    "afd_endpoint_url = utils.get_frontdoor_url(deployment, rg_name)\n",
-    "\n",
-    "if afd_endpoint_url:\n",
-    "    endpoint_url = afd_endpoint_url\n",
-    "    utils.print_message(f'Using Azure Front Door URL: {afd_endpoint_url}', blank_above = True)\n",
-    "else:\n",
-    "    utils.print_message(f'Using APIM Gateway URL: {apim_gateway_url}', blank_above = True)\n",
+    "endpoint_url = utils.test_url_preflight_check(deployment, rg_name, apim_gateway_url)\n",
     "\n",
     "# 1) HR Administrator\n",
     "# Create a JSON Web Token with a payload and sign it with the symmetric key from above.\n",
-    "jwt_payload_hr_admin = JwtPayload(subject = 'user123', name = 'Angie Administrator', roles = [HR_MEMBER_ROLE_ID, HR_ADMINISTRATOR_ROLE_ID])\n",
-    "encoded_jwt_token_hr_admin = SymmetricJwtToken(jwt_key_value, jwt_payload_hr_admin).encode()\n",
-    "print(f'\\nJWT token HR Admin: {encoded_jwt_token_hr_admin}')  # this value is used to call the APIs via APIM\n",
+    "encoded_jwt_token_hr_admin = AuthFactory.create_symmetric_jwt_token_for_user(UserHelper.get_user_by_role(Role.HR_ADMINISTRATOR), jwt_key_value)\n",
+    "print(f'\\nJWT token for HR Admin:\\n{encoded_jwt_token_hr_admin}')  # this value is used to call the APIs via APIM\n",
     "\n",
     "# Set up an APIM requests object with the JWT token\n",
     "reqsApimAdmin = ApimRequests(endpoint_url)\n",
@@ -258,9 +250,8 @@
     "\n",
     "# 2) HR Associate\n",
     "# Create a JSON Web Token with a payload and sign it with the symmetric key from above.\n",
-    "jwt_payload_hr_associate = JwtPayload(subject = 'user789', name = 'Aaron Associate', roles = [HR_MEMBER_ROLE_ID, HR_ASSOCIATE_ROLE_ID])\n",
-    "encoded_jwt_token_hr_associate = SymmetricJwtToken(jwt_key_value, jwt_payload_hr_associate).encode()\n",
-    "print(f'\\nJWT token HR Associate: {encoded_jwt_token_hr_associate}')  # this value is used to call the APIs via APIM\n",
+    "encoded_jwt_token_hr_associate = AuthFactory.create_symmetric_jwt_token_for_user(UserHelper.get_user_by_role(Role.HR_ASSOCIATE), jwt_key_value)\n",
+    "print(f'\\nJWT token for HR Associate:\\n{encoded_jwt_token_hr_associate}')  # this value is used to call the APIs via APIM\n",
     "\n",
     "# Set up an APIM requests object with the JWT token\n",
     "reqsApimAssociate = ApimRequests(endpoint_url)\n",