Feat/dtoss 3407 apim add hostname config (#53)

* Adding output to module * Add custom domains and add integration * Add custom domains and add integration
NHSDigital · Nov 18, 2024 · 36f0b2d · 36f0b2d
1 parent 0525a71
commit 36f0b2d
Show file tree

Hide file tree

Showing 2 changed files with 157 additions and 6 deletions.
diff --git a/infrastructure/modules/api-management/main.tf b/infrastructure/modules/api-management/main.tf
@@ -1,10 +1,9 @@
 resource "azurerm_api_management" "apim" {
-  name                 = var.name
-  location             = var.location
-  resource_group_name  = var.resource_group_name
-  publisher_name       = var.publisher_name
-  publisher_email      = var.publisher_email
-  public_ip_address_id = var.public_ip_address_id
+  name                = var.name
+  location            = var.location
+  resource_group_name = var.resource_group_name
+  publisher_name      = var.publisher_name
+  publisher_email     = var.publisher_email
 
   sku_name = "${var.sku_name}_${var.sku_capacity}"
   zones    = var.zones
@@ -45,10 +44,83 @@ resource "azurerm_api_management" "apim" {
     }
   }
 
+  dynamic "hostname_configuration" {
+    for_each = length(concat(
+      var.management_hostname_configuration,
+      var.developer_portal_hostname_configuration,
+      var.proxy_hostname_configuration,
+    )) == 0 ? [] : ["enabled"]
+
+    content {
+      dynamic "management" {
+        for_each = var.management_hostname_configuration
+        content {
+          host_name                    = management.value.host_name
+          key_vault_id                 = management.value.key_vault_id
+          certificate                  = management.value.certificate
+          certificate_password         = management.value.certificate_password
+          negotiate_client_certificate = management.value.negotiate_client_certificate
+        }
+      }
+
+      dynamic "developer_portal" {
+        for_each = var.developer_portal_hostname_configuration
+        content {
+          host_name                    = developer_portal.value.host_name
+          key_vault_id                 = developer_portal.value.key_vault_id
+          certificate                  = developer_portal.value.certificate
+          certificate_password         = developer_portal.value.certificate_password
+          negotiate_client_certificate = developer_portal.value.negotiate_client_certificate
+        }
+      }
+
+      dynamic "proxy" {
+        for_each = var.proxy_hostname_configuration
+        content {
+          host_name                    = proxy.value.host_name
+          default_ssl_binding          = proxy.value.default_ssl_binding
+          key_vault_id                 = proxy.value.key_vault_id
+          certificate                  = proxy.value.certificate
+          certificate_password         = proxy.value.certificate_password
+          negotiate_client_certificate = proxy.value.negotiate_client_certificate
+        }
+      }
+
+      dynamic "scm" {
+        for_each = var.scm_hostname_configuration
+        content {
+          host_name                    = scm.value.host_name
+          key_vault_id                 = scm.value.key_vault_id
+          certificate                  = scm.value.certificate
+          certificate_password         = scm.value.certificate_password
+          negotiate_client_certificate = scm.value.negotiate_client_certificate
+        }
+      }
+
+    }
+  }
+
   identity {
     type         = var.identity_type
     identity_ids = var.identity_ids != "SystemAssigned" ? var.identity_ids : []
   }
 
   tags = var.tags
 }
+
+
+
+
+/*_________________________________________________
+  Manages an API Management AAD Identity Provider.
+_________________________________________________*/
+
+resource "azurerm_api_management_identity_provider_aad" "apim" {
+  api_management_name = azurerm_api_management.apim.name
+  resource_group_name = azurerm_api_management.apim.resource_group_name
+
+  client_id       = var.client_id
+  client_secret   = var.client_secret
+  allowed_tenants = var.allowed_tenants
+  client_library  = var.client_library
+}
diff --git a/infrastructure/modules/api-management/variables.tf b/infrastructure/modules/api-management/variables.tf
@@ -45,6 +45,19 @@ variable "certificate_details" {
   default = []
 }
 
+variable "developer_portal_hostname_configuration" {
+  description = "Developer Portal hostname configurations."
+  type = list(object({
+    host_name                    = string
+    key_vault_id                 = optional(string)
+    certificate                  = optional(string)
+    certificate_password         = optional(string)
+    negotiate_client_certificate = optional(bool, false)
+  }))
+  default  = []
+  nullable = false
+}
+
 variable "gateway_disabled" {
   description = "Specifies whether the gateway is disabled."
   type        = bool
@@ -71,6 +84,32 @@ variable "identity_type" {
   default = "SystemAssigned"
 }
 
+variable "management_hostname_configuration" {
+  description = "List of management hostname configurations."
+  type = list(object({
+    host_name                    = string
+    key_vault_id                 = optional(string)
+    certificate                  = optional(string)
+    certificate_password         = optional(string)
+    negotiate_client_certificate = optional(bool, false)
+  }))
+  default  = []
+  nullable = false
+}
+
+variable "proxy_hostname_configuration" {
+  description = "List of proxy hostname configurations."
+  type = list(object({
+    host_name                    = string
+    key_vault_id                 = optional(string)
+    certificate                  = optional(string)
+    certificate_password         = optional(string)
+    negotiate_client_certificate = optional(bool, false)
+  }))
+  default  = []
+  nullable = false
+}
+
 variable "public_ip_address_id" {
   description = "The ID of the public IP address to associate with the API Management service."
   type        = string
@@ -91,6 +130,19 @@ variable "publisher_name" {
   type        = string
 }
 
+variable "scm_hostname_configuration" {
+  description = "List of SCM hostname configurations."
+  type = list(object({
+    host_name                    = string
+    key_vault_id                 = optional(string)
+    certificate                  = optional(string)
+    certificate_password         = optional(string)
+    negotiate_client_certificate = optional(bool, false)
+  }))
+  default  = []
+  nullable = false
+}
+
 variable "sku_capacity" {
   description = "The capacity of the SKU of the API Management service."
   type        = number
@@ -144,3 +196,30 @@ variable "zones" {
     error_message = "The number of availability zones must be less than or equal to 3."
   }
 }
+
+
+/*_________________________________________________
+  API Management AAD Identity Provider variables.
+_________________________________________________*/
+
+variable "allowed_tenants" {
+  description = "A list of allowed tenants for the API Management AAD Identity Provider."
+  type        = list(string)
+  default     = []
+}
+
+variable "client_id" {
+  description = "The client ID for the API Management AAD Identity Provider."
+  type        = string
+}
+
+variable "client_library" {
+  description = "The client library for the API Management AAD Identity Provider."
+  type        = string
+  default     = "MSAL"
+}
+
+variable "client_secret" {
+  description = "The client secret for the API Management AAD Identity Provider."
+  type        = string
+}