Sample and Documentation Refinements (#5)

Author: simonkurtz-MSFT

README.md

@@ -35,11 +35,13 @@ _Try it out, learn from it, apply it in your setups._
 
 We provide several common architectural approaches to integrating APIM into your Azure ecosystem. While these are high-fidelity setups, they are not production-ready. Please refer to the [Azure API Management landing zone accelerator](https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/app-platform/api-management/landing-zone-accelerator) for up-to-date production setups.
 
-- [Simple API Management](./infrastructure/simple-apim)
-  - Just the basics with a publicly accessible API Management intance fronting your APIs. This is the innermost way to experience and experiment with the APIM policies. 
-- [API Management & Container Apps](./infrastructure/apim-aca)
+- [Simple API Management](./infrastructure/simple-apim) (simple-apim)
+  - Just the basics with a publicly accessible API Management intance fronting your APIs. This is the innermost way to experience and experiment with the APIM policies.
+
+- [API Management & Container Apps](./infrastructure/apim-aca) (apim-aca)
   - APIs are often times implemented in containers that are running in Azure Container Apps. This architecture accesses the container apps publicly. It's beneficial to test both APIM and container app URLs here to contrast and compare experiences of API calls through and bypassing APIM. It is not intended to be a security baseline.
-- [Secure Front Door & API Management & Container Apps](./infrastructure/afd-apim)
+
+- [Secure Front Door & API Management & Container Apps](./infrastructure/afd-apim) (afd-apim)
   - A higher-fidelity implementation of a secured setup in which Azure Front Door connects to APIM via the new private link integration. This traffic, once it traverses through Front Door, rides entirely on Microsoft-owned and operated networks. Similarly, the connection from APIM to Container Apps is secured but through a VNet configuration (it is also entirely possible to do this via private link). It's noteworthy that we are using APIM Standard V2 here as we need the ability to accept a private link from Front Door.
 
 ---
@@ -71,6 +73,13 @@ Run through the following steps to create a Python virtual environment before do
 
 The first time you run a Jupyter notebook, you'll be asked to install the Jupyter kernel package (ipykernel).
 
+### List of Samples
+
+| Sample Name | Description | Supported Infrastructure(s) |
+|------------------|-----------------------------------------------------------------------------|--------------------------------------------|
+| [General](./samples/general) | Basic demonstration of APIM sample setup and policy usage. | All infrastructures |
+| [Load Balancing](./samples/load-balancing) | Example of APIM policy-based load balancing across backends. | apim-aca, afd-apim (with ACA) |
+
 ### Running a Sample
 
 1. Locate the specific sample's `create.ipynb` file and adjust the parameters under the `User-defined Parameters` header as you see fit.

infrastructure/afd-apim/create.ipynb

@@ -57,9 +57,9 @@
     "if use_ACA:\n",
     "    utils.print_info('ACA APIs will be created.')\n",
     "\n",
-    "    aca_backend_1_policy_xml    = utils.policy_xml_replacement(ACA_BACKEND_1_XML_POLICY_PATH)\n",
-    "    aca_backend_2_policy_xml    = utils.policy_xml_replacement(ACA_BACKEND_2_XML_POLICY_PATH)\n",
-    "    aca_backend_pool_policy_xml = utils.policy_xml_replacement(ACA_BACKEND_POOL_XML_POLICY_PATH)\n",
+    "    aca_backend_1_policy_xml    = utils.read_policy_xml(ACA_BACKEND_1_XML_POLICY_PATH)\n",
+    "    aca_backend_2_policy_xml    = utils.read_policy_xml(ACA_BACKEND_2_XML_POLICY_PATH)\n",
+    "    aca_backend_pool_policy_xml = utils.read_policy_xml(ACA_BACKEND_POOL_XML_POLICY_PATH)\n",
     "\n",
     "    # Hello World (ACA Backend 1)\n",
     "    api_hwaca_1_get = GET_APIOperation('This is a GET for Hello World on ACA Backend 1')\n",

infrastructure/afd-apim/main.bicep

@@ -136,7 +136,6 @@ module acaEnvModule '../../shared/bicep/modules/aca/v1/environment.bicep' = if (
   name: 'acaEnvModule'
   params: {
     name: 'cae-${resourceSuffix}'
-    location: location
     logAnalyticsWorkspaceCustomerId: lawModule.outputs.customerId
     logAnalyticsWorkspaceSharedKey: lawModule.outputs.clientSecret
     subnetResourceId: acaSubnetResourceId
@@ -148,24 +147,16 @@ module acaModule1 '../../shared/bicep/modules/aca/v1/containerapp.bicep' = if (u
   name: 'acaModule-1'
   params: {
     name: 'ca-${resourceSuffix}-mockwebapi-1'
-    location: location
     containerImage: IMG_MOCK_WEB_API
     environmentId: acaEnvModule.outputs.environmentId
-    cpu: '0.5'
-    memory: '1.0Gi'
-    ingressPort: 8080
   }
 }
 module acaModule2 '../../shared/bicep/modules/aca/v1/containerapp.bicep' = if (useACA) {
   name: 'acaModule-2'
   params: {
     name: 'ca-${resourceSuffix}-mockwebapi-2'
-    location: location
     containerImage: IMG_MOCK_WEB_API
     environmentId: acaEnvModule.outputs.environmentId
-    cpu: '0.5'
-    memory: '1.0Gi'
-    ingressPort: 8080
   }
 }
 
@@ -267,7 +258,6 @@ module apimDnsPrivateLinkModule '../../shared/bicep/modules/dns/v1/dns-private-l
 module acaDnsPrivateZoneModule '../../shared/bicep/modules/dns/v1/aca-dns-private-zone.bicep' = if (useACA && !empty(acaSubnetResourceId)) {
   name: 'acaDnsPrivateZoneModule'
   params: {
-    location: location
     acaEnvironmentRandomSubdomain: acaEnvModule.outputs.environmentRandomSubdomain
     acaEnvironmentStaticIp: acaEnvModule.outputs.environmentStaticIp
     vnetId: vnetModule.outputs.vnetId
@@ -278,7 +268,6 @@ module acaDnsPrivateZoneModule '../../shared/bicep/modules/dns/v1/aca-dns-privat
 module afdModule '../../shared/bicep/modules/afd/v1/afd.bicep' = {
   name: 'afdModule'
   params: {
-    location: 'global'
     resourceSuffix: resourceSuffix
     afdName: afdEndpointName
     fdeName: afdEndpointName

infrastructure/apim-aca/create.ipynb

@@ -45,10 +45,10 @@
     "# 3) Define the APIs and their operations and policies\n",
     "\n",
     "# Policies\n",
-    "hello_world_policy_xml      = utils.policy_xml_replacement(HELLO_WORLD_XML_POLICY_PATH)\n",
-    "aca_backend_1_policy_xml    = utils.policy_xml_replacement(ACA_BACKEND_1_XML_POLICY_PATH)\n",
-    "aca_backend_2_policy_xml    = utils.policy_xml_replacement(ACA_BACKEND_2_XML_POLICY_PATH)\n",
-    "aca_backend_pool_policy_xml = utils.policy_xml_replacement(ACA_BACKEND_POOL_XML_POLICY_PATH)\n",
+    "hello_world_policy_xml      = utils.read_policy_xml(HELLO_WORLD_XML_POLICY_PATH)\n",
+    "aca_backend_1_policy_xml    = utils.read_policy_xml(ACA_BACKEND_1_XML_POLICY_PATH)\n",
+    "aca_backend_2_policy_xml    = utils.read_policy_xml(ACA_BACKEND_2_XML_POLICY_PATH)\n",
+    "aca_backend_pool_policy_xml = utils.read_policy_xml(ACA_BACKEND_POOL_XML_POLICY_PATH)\n",
     "\n",
     "# Hello World (Root)\n",
     "api_hwroot_get = GET_APIOperation('This is a GET for Hello World in the root', hello_world_policy_xml)\n",

infrastructure/apim-aca/main.bicep

@@ -9,7 +9,6 @@ param location string = resourceGroup().location
 param resourceSuffix string = uniqueString(subscription().id, resourceGroup().id)
 
 param apimName string = 'apim-${resourceSuffix}'
-
 param apimSku string
 param apis array = []
 
@@ -59,26 +58,17 @@ module acaModule1 '../../shared/bicep/modules/aca/v1/containerapp.bicep' = {
   name: 'acaModule-1'
   params: {
     name: 'ca-${resourceSuffix}-mockwebapi-1'
-    location: location
     containerImage: IMG_MOCK_WEB_API
     environmentId: acaEnvModule.outputs.environmentId
-    cpu: '0.5'
-    memory: '1.0Gi'
-    ingressPort: 8080
-    ingressExternal: true
   }
 }
+
 module acaModule2 '../../shared/bicep/modules/aca/v1/containerapp.bicep' = {
   name: 'acaModule-2'
   params: {
     name: 'ca-${resourceSuffix}-mockwebapi-2'
-    location: location
     containerImage: IMG_MOCK_WEB_API
     environmentId: acaEnvModule.outputs.environmentId
-    cpu: '0.5'
-    memory: '1.0Gi'
-    ingressPort: 8080
-    ingressExternal: true
   }
 }
 

infrastructure/simple-apim/create.ipynb

@@ -43,7 +43,7 @@
     "# 3) Define the APIs and their operations and policies\n",
     "\n",
     "# Policies\n",
-    "hello_world_policy_xml  = utils.policy_xml_replacement(HELLO_WORLD_XML_POLICY_PATH)\n",
+    "hello_world_policy_xml = utils.read_policy_xml(HELLO_WORLD_XML_POLICY_PATH)\n",
     "\n",
     "# Hello World (Root)\n",
     "api_hwroot_get = GET_APIOperation('This is a GET for API 1', hello_world_policy_xml)\n",

samples/_TEMPLATE/create.ipynb

@@ -18,6 +18,10 @@
     "1. [LEARNING / EXPERIMENTATION OBJECTIVE 2]\n",
     "1. ...\n",
     "\n",
+    "## Lab Components\n",
+    "\n",
+    "[DESCRIBE IN MORE DETAIL WHAT THIS LAB SETS UP AND HOW THIS BENEFITS THE LEARNER/USER.]\n",
+    "\n",
     "## Configuration\n",
     "\n",
     "1. Decide which of the [Infrastructure Architectures](../../README.md#infrastructure-architectures) you wish to use.\n",
@@ -51,7 +55,8 @@
     "rg_location = 'eastus2'\n",
     "index       = 1\n",
     "deployment  = INFRASTRUCTURE.AFD_APIM_PE\n",
-    "tags        = ['TAG1', 'TAG2', '...']       // [ENTER DESCRIPTIVE TAG(S)]\n",
+    "tags        = ['tag1', 'tag2', '...']       # ENTER DESCRIPTIVE TAG(S)\n",
+    "api_prefix  = ''                            # OPTIONAL: ENTER A PREFIX FOR THE APIS TO REDUCE COLLISION POTENTIAL WITH OTHER SAMPLES\n",
     "\n",
     "# 2) Service-defined parameters (please do not change these)\n",
     "rg_name = utils.get_infra_rg_name(deployment, index)\n",
@@ -68,6 +73,7 @@
     "\n",
     "# APIs Array\n",
     "# apis: List[API] = [api1, apin]\n",
+    "apis: List[API] = []\n",
     "\n",
     "utils.print_ok('Notebook initialized')"
    ]
@@ -132,7 +138,7 @@
     "import utils\n",
     "from apimrequests import ApimRequests\n",
     "\n",
-    "[ADD RELEVANT TESTS HERE]\n",
+    "# [ADD RELEVANT TESTS HERE]\n",
     "\n",
     "# 1) Issue a direct request to API Management\n",
     "# reqsApim = ApimRequests(apim_gateway_url)\n",

samples/_TEMPLATE/main.bicep

@@ -12,24 +12,27 @@ param apimName string = 'apim-${resourceSuffix}'
 param appInsightsName string = 'appi-${resourceSuffix}'
 param apis array = []
 
+// [ADD RELEVANT PARAMETERS HERE]
 
 // ------------------
 //    RESOURCES
 // ------------------
 
 // https://learn.microsoft.com/azure/templates/microsoft.insights/components
-resource appInsightsModule 'Microsoft.Insights/components@2020-02-02' existing = {
+resource appInsights 'Microsoft.Insights/components@2020-02-02' existing = {
   name: appInsightsName
 }
 
-var appInsightsId = appInsightsModule.id
-var appInsightsInstrumentationKey = appInsightsModule.properties.InstrumentationKey
+var appInsightsId = appInsights.id
+var appInsightsInstrumentationKey = appInsights.properties.InstrumentationKey
 
 // https://learn.microsoft.com/azure/templates/microsoft.apimanagement/service
 resource apimService 'Microsoft.ApiManagement/service@2024-06-01-preview' existing = {
   name: apimName
 }
 
+// [ADD RELEVANT BICEP MODULES HERE]
+
 // APIM APIs
 module apisModule '../../shared/bicep/modules/apim/v1/api.bicep' = [for api in apis: if(length(apis) > 0) {
   name: '${api.name}-${resourceSuffix}'
@@ -50,3 +53,4 @@ module apisModule '../../shared/bicep/modules/apim/v1/api.bicep' = [for api in a
 output apimServiceId string = apimService.id
 output apimServiceName string = apimService.name
 output apimResourceGatewayURL string = apimService.properties.gatewayUrl
+// [ADD RELEVANT OUTPUTS HERE]

shared/bicep/modules/afd/v1/afd.bicep

@@ -9,9 +9,6 @@
 //    PARAMETERS
 // ------------------------------
 
-@description('Location to be used for resources. Defaults to the resource group location')
-param location string = resourceGroup().location
-
 @description('The unique suffix to append. Defaults to a unique string based on subscription and resource group IDs.')
 param resourceSuffix string = uniqueString(subscription().id, resourceGroup().id)
 

shared/bicep/modules/apim/v1/api.bicep

@@ -9,9 +9,6 @@
 //    PARAMETERS
 // ------------------------------
 
-@description('Location to be used for resources. Defaults to the resource group location')
-param location string = resourceGroup().location
-
 @description('The unique suffix to append. Defaults to a unique string based on subscription and resource group IDs.')
 param resourceSuffix string = uniqueString(subscription().id, resourceGroup().id)