Update bicep for APIM authN (#7)

devkimchi · Oct 2, 2023 · 2a7d65a · 2a7d65a
1 parent 2fa1e87
commit 2a7d65a
Show file tree

Hide file tree

Showing 3 changed files with 74 additions and 0 deletions.
diff --git a/infra/apim-policy-github-operation-getaccesstoken.xml b/infra/apim-policy-github-operation-getaccesstoken.xml
@@ -0,0 +1,18 @@
+<policies>
+  <inbound>
+    <base />
+    <get-authorization-context provider-id="github" authorization-id="github" context-variable-name="auth-context" identity-type="managed" ignore-error="false" />
+    <return-response>
+      <set-body>@(((Authorization)context.Variables.GetValueOrDefault("auth-context"))?.AccessToken)</set-body>
+    </return-response>
+  </inbound>
+  <backend>
+    <base />
+  </backend>
+  <outbound>
+    <base />
+  </outbound>
+  <on-error>
+    <base />
+  </on-error>
+</policies>
diff --git a/infra/main.bicep b/infra/main.bicep
@@ -61,6 +61,32 @@ var apps = [
       operations: []
     }
   }
+  {
+    name: 'github'
+    isFunctionApp: false
+    functionAppSuffix: 'github'
+    appSettings: {}
+    apimIntegrated: true
+    api: {
+      name: 'GITHUB'
+      path: 'github'
+      serviceUrl: 'https://api.github.com'
+      referenceUrl: 'https://raw.githubusercontent.com/${gitHubUsername}/${gitHubRepositoryName}/${gitHubBranchName}/infra/openapi-{{SUFFIX}}.{{EXTENSION}}'
+      format: 'openapi-link'
+      extension: 'yaml'
+      subscription: true
+      product: 'default'
+      operations: [
+        {
+          name: 'GetAccessToken'
+          policy: {
+            format: 'xml-link'
+            value: 'https://raw.githubusercontent.com/${gitHubUsername}/${gitHubRepositoryName}/${gitHubBranchName}/infra/apim-policy-github-operation-getaccesstoken.xml'
+          }
+        }
+      ]
+    }
+  }
 ]
 
 module apim './provision-ApiManagement.bicep' = {

diff --git a/infra/openapi-github.yaml b/infra/openapi-github.yaml
@@ -0,0 +1,30 @@
+openapi: 3.0.1
+info:
+  title: GitHub Auth API
+  description: This is a set of APIs that deals with GitHub authN APIs.
+  license:
+    name: MIT
+    url: http://opensource.org/licenses/MIT
+  version: 1.0.0
+servers:
+  - url: http://localhost:7071/api
+paths:
+  /access-token:
+    post:
+      tags:
+        - auth
+      summary: Gets the GitHub OAuth access token
+      description: This gets the OAuth access token for GitHub API.
+      operationId: getAccessToken
+      responses:
+        '200':
+          description: This returns the completion generated from the OpenAI API.
+          content:
+            text/plain:
+              schema:
+                type: string
+              examples:
+                access-token:
+                  value: "WW91VHViZSBTZXJpYWxpc2Vy"
+          x-ms-summary: The access token generated from GitHub.
+      x-ms-visibility: important