Add reveal backend flag (#61)

Author: simonkurtz-MSFT

infrastructure/afd-apim-pe/create.ipynb

@@ -21,11 +21,12 @@
     "from apimtypes import *\n",
     "\n",
     "# 1) User-defined parameters (change these as needed)\n",
-    "rg_location = 'eastus2'\n",
-    "index       = 1\n",
-    "apim_sku    = APIM_SKU.STANDARDV2\n",
-    "deployment  = INFRASTRUCTURE.AFD_APIM_PE\n",
-    "use_ACA     = True\n",
+    "rg_location     = 'eastus2'\n",
+    "index           = 1\n",
+    "apim_sku        = APIM_SKU.STANDARDV2\n",
+    "deployment      = INFRASTRUCTURE.AFD_APIM_PE\n",
+    "use_ACA         = True\n",
+    "reveal_backend  = True  # Set to True to reveal the backend details in the API operations\n",
     "\n",
     "# 2) Service-defined parameters (please do not change these unless you know what you're doing)\n",
     "rg_name             = utils.get_infra_rg_name(deployment, index)\n",
@@ -55,10 +56,10 @@
     "if use_ACA:\n",
     "    utils.print_info('ACA APIs will be created.')\n",
     "\n",
-    "    backend_polixy_xml          = utils.read_policy_xml(BACKEND_XML_POLICY_PATH)\n",
-    "    aca_backend_1_policy_xml    = backend_polixy_xml.format(backend_id = 'aca-backend-1')\n",
-    "    aca_backend_2_policy_xml    = backend_polixy_xml.format(backend_id = 'aca-backend-2')\n",
-    "    aca_backend_pool_policy_xml = backend_polixy_xml.format(backend_id = 'aca-backend-pool')\n",
+    "    backend_policy_xml          = utils.read_policy_xml(BACKEND_XML_POLICY_PATH)\n",
+    "    aca_backend_1_policy_xml    = backend_policy_xml.format(backend_id = 'aca-backend-1')\n",
+    "    aca_backend_2_policy_xml    = backend_policy_xml.format(backend_id = 'aca-backend-2')\n",
+    "    aca_backend_pool_policy_xml = backend_policy_xml.format(backend_id = 'aca-backend-pool')\n",
     "\n",
     "    # Hello World (ACA Backend 1)\n",
     "    api_hwaca_1_get = GET_APIOperation('This is a GET for Hello World on ACA Backend 1')\n",
@@ -98,11 +99,11 @@
     "\n",
     "# 1) Define the Bicep parameters with serialized APIs and networking mode\n",
     "bicep_parameters = {\n",
-    "    'apimSku'           : {'value': apim_sku.value},\n",
-    "    'apis'              : {'value': [api.to_dict() for api in apis]},\n",
-    "    'policyFragments'   : {'value': [pf.to_dict() for pf in pfs]},\n",
-    "    'apimPublicAccess'  : {'value': apim_network_mode in [APIMNetworkMode.PUBLIC, APIMNetworkMode.EXTERNAL_VNET]},\n",
-    "    'useACA'            : {'value': use_ACA}\n",
+    "    'apimSku'               : {'value': apim_sku.value},\n",
+    "    'apis'                  : {'value': [api.to_dict() for api in apis]},\n",
+    "    'policyFragments'       : {'value': [pf.to_dict() for pf in pfs]},\n",
+    "    'apimPublicAccess'      : {'value': apim_network_mode in [APIMNetworkMode.PUBLIC, APIMNetworkMode.EXTERNAL_VNET]},\n",
+    "    'useACA'                : {'value': use_ACA}\n",
     "}\n",
     "\n",
     "# 2) Run the deployment\n",

infrastructure/afd-apim-pe/main.bicep

@@ -32,6 +32,9 @@ param policyFragments array = []
 @description('Set to true to make APIM publicly accessible. If false, APIM will be deployed into a VNet subnet for egress only.')
 param apimPublicAccess bool = true
 
+@description('Reveals the backend API information. Defaults to true. *** WARNING: This will expose backend API information to the caller - For learning & testing only! ***')
+param revealBackendApiInfo bool = true
+
 // Front Door
 param afdEndpointName string = 'afd-${resourceSuffix}'
 
@@ -170,6 +173,7 @@ module apimModule '../../shared/bicep/modules/apim/v1/apim.bicep' = {
     appInsightsId: appInsightsId
     apimSubnetResourceId: apimSubnetResourceId
     publicAccess: apimPublicAccess
+    globalPolicyXml: revealBackendApiInfo ? loadTextContent('../../shared/apim-policies/all-apis-reveal-backend.xml') : loadTextContent('../../shared/apim-policies/all-apis.xml')
   }
   dependsOn: [
     vnetModule

infrastructure/apim-aca/create.ipynb

@@ -21,10 +21,11 @@
     "from apimtypes import *\n",
     "\n",
     "# 1) User-defined parameters (change these as needed)\n",
-    "rg_location = 'eastus2'\n",
-    "index       = 1\n",
-    "apim_sku    = APIM_SKU.BASICV2\n",
-    "deployment  = INFRASTRUCTURE.APIM_ACA\n",
+    "rg_location     = 'eastus2'\n",
+    "index           = 1\n",
+    "apim_sku        = APIM_SKU.BASICV2\n",
+    "deployment      = INFRASTRUCTURE.APIM_ACA\n",
+    "reveal_backend  = True  # Set to True to reveal the backend details in the API operations\n",
     "\n",
     "# 2) Service-defined parameters (please do not change these)\n",
     "rg_name = utils.get_infra_rg_name(deployment, index)\n",
@@ -42,10 +43,10 @@
     "\n",
     "# Policies\n",
     "hello_world_policy_xml      = utils.read_policy_xml(HELLO_WORLD_XML_POLICY_PATH)\n",
-    "backend_polixy_xml          = utils.read_policy_xml(BACKEND_XML_POLICY_PATH)\n",
-    "aca_backend_1_policy_xml    = backend_polixy_xml.format(backend_id = 'aca-backend-1')\n",
-    "aca_backend_2_policy_xml    = backend_polixy_xml.format(backend_id = 'aca-backend-2')\n",
-    "aca_backend_pool_policy_xml = backend_polixy_xml.format(backend_id = 'aca-backend-pool')\n",
+    "backend_policy_xml          = utils.read_policy_xml(BACKEND_XML_POLICY_PATH)\n",
+    "aca_backend_1_policy_xml    = backend_policy_xml.format(backend_id = 'aca-backend-1')\n",
+    "aca_backend_2_policy_xml    = backend_policy_xml.format(backend_id = 'aca-backend-2')\n",
+    "aca_backend_pool_policy_xml = backend_policy_xml.format(backend_id = 'aca-backend-pool')\n",
     "\n",
     "# Hello World (Root)\n",
     "api_hwroot_get = GET_APIOperation('This is a GET for Hello World in the root', hello_world_policy_xml)\n",
@@ -88,9 +89,10 @@
     "\n",
     "# 1) Define the Bicep parameters with serialized APIs\n",
     "bicep_parameters = {\n",
-    "    'apimSku'   : {'value': apim_sku.value},\n",
-    "    'apis'      : {'value': [api.to_dict() for api in apis]},\n",
-    "    'policyFragments': {'value': [pf.to_dict() for pf in pfs]}\n",
+    "    'apimSku'               : {'value': apim_sku.value},\n",
+    "    'apis'                  : {'value': [api.to_dict() for api in apis]},\n",
+    "    'policyFragments'       : {'value': [pf.to_dict() for pf in pfs]},\n",
+    "    'revealBackendApiInfo'  : {'value:': reveal_backend}    \n",
     "}\n",
     "\n",
     "# 2) Run the deployment\n",

infrastructure/apim-aca/main.bicep

@@ -13,6 +13,9 @@ param apimSku string
 param apis array = []
 param policyFragments array = []
 
+@description('Reveals the backend API information. Defaults to true. *** WARNING: This will expose backend API information to the caller - For learning & testing only! ***')
+param revealBackendApiInfo bool = true
+
 
 // ------------------
 //    "CONSTANTS"
@@ -80,6 +83,7 @@ module apimModule '../../shared/bicep/modules/apim/v1/apim.bicep' = {
     apimSku: apimSku
     appInsightsInstrumentationKey: appInsightsInstrumentationKey
     appInsightsId: appInsightsId
+    globalPolicyXml: revealBackendApiInfo ? loadTextContent('../../shared/apim-policies/all-apis-reveal-backend.xml') : loadTextContent('../../shared/apim-policies/all-apis.xml')
   }
 }
 

infrastructure/simple-apim/create.ipynb

@@ -21,10 +21,11 @@
     "from apimtypes import *\n",
     "\n",
     "# 1) User-defined parameters (change these as needed)\n",
-    "rg_location = 'eastus2'\n",
-    "index       = 1\n",
-    "apim_sku    = APIM_SKU.BASICV2\n",
-    "deployment  = INFRASTRUCTURE.SIMPLE_APIM\n",
+    "rg_location     = 'eastus2'\n",
+    "index           = 1\n",
+    "apim_sku        = APIM_SKU.BASICV2\n",
+    "deployment      = INFRASTRUCTURE.SIMPLE_APIM\n",
+    "reveal_backend  = True  # Set to True to reveal the backend details in the API operations\n",
     "\n",
     "# 2) Service-defined parameters (please do not change these)\n",
     "rg_name = utils.get_infra_rg_name(deployment, index)\n",
@@ -72,9 +73,10 @@
     "\n",
     "# 1) Define the Bicep parameters with serialized APIs\n",
     "bicep_parameters = {\n",
-    "    'apimSku'   : {'value': apim_sku.value},\n",
-    "    'apis'      : {'value': [api.to_dict() for api in apis]},\n",
-    "    'policyFragments': {'value': [pf.to_dict() for pf in pfs]}\n",
+    "    'apimSku'               : {'value': apim_sku.value},\n",
+    "    'apis'                  : {'value': [api.to_dict() for api in apis]},\n",
+    "    'policyFragments'       : {'value': [pf.to_dict() for pf in pfs]},\n",
+    "    'revealBackendApiInfo'  : {'value:': reveal_backend}\n",
     "}\n",
     "\n",
     "# 2) Run the deployment\n",

infrastructure/simple-apim/main.bicep

@@ -14,6 +14,9 @@ param apimSku string
 param apis array = []
 param policyFragments array = []
 
+@description('Reveals the backend API information. Defaults to true. *** WARNING: This will expose backend API information to the caller - For learning & testing only! ***')
+param revealBackendApiInfo bool = true
+
 // ------------------
 //    RESOURCES
 // ------------------
@@ -44,6 +47,7 @@ module apimModule '../../shared/bicep/modules/apim/v1/apim.bicep' = {
     apimSku: apimSku
     appInsightsInstrumentationKey: appInsightsInstrumentationKey
     appInsightsId: appInsightsId
+    globalPolicyXml: revealBackendApiInfo ? loadTextContent('../../shared/apim-policies/all-apis-reveal-backend.xml') : loadTextContent('../../shared/apim-policies/all-apis.xml')
   }
 }
 

shared/apim-policies/all-apis-reveal-backend.xml

@@ -0,0 +1,34 @@
+<!--
+    This is the global All APIs policy.
+    If you want to apply CORS policies to all APIs, uncomment the CORS policy block below and make the necessary adjustments to the allowed origins.
+-->
+<policies>
+    <inbound>
+        <!--
+        <cors allow-credentials="true" terminate-unmatched-request="false">
+            <allowed-origins>
+                <origin>[ADD YOUR ORIGINS]</origin>
+            </allowed-origins>
+            <allowed-methods preflight-result-max-age="300">
+                <method>*</method>
+            </allowed-methods>
+            <allowed-headers>
+                <header>*</header>
+            </allowed-headers>
+            <expose-headers>
+                <header>*</header>
+            </expose-headers>
+        </cors>
+        -->
+    </inbound>
+    <backend>
+        <forward-request />
+    </backend>
+    <outbound>
+        <!-- Please be aware that this reveals internal information to the caller. Use for learning and testing only. -->
+        <set-header name="X-Backend-URL" exists-action="override">
+            <value>@(context.Request.Url.ToString())</value>
+        </set-header>
+    </outbound>
+    <on-error />
+</policies>