Enable SSL on custom domains using users certificate or CDN managed c…

…ertificate (#5276)
Azure · Feb 28, 2019 · 5305cfa · 5305cfa
1 parent 8360996
commit 5305cfa
Show file tree

Hide file tree

Showing 4 changed files with 228 additions and 18 deletions.
diff --git a/specification/cdn/resource-manager/Microsoft.Cdn/stable/2017-10-12/cdn.json b/specification/cdn/resource-manager/Microsoft.Cdn/stable/2017-10-12/cdn.json
@@ -1653,8 +1653,11 @@
         "description": "Enable https delivery of the custom domain.",
         "operationId": "CustomDomains_EnableCustomHttps",
         "x-ms-examples": {
-          "CustomDomains_EnableCustomHttps": {
-            "$ref": "./examples/CustomDomains_EnableCustomHttps.json"
+          "CustomDomains_EnableCustomHttpsUsingYourOwnCertificate": {
+            "$ref": "./examples/CustomDomains_EnableCustomHttpsUsingBYOC.json"
+          },
+          "CustomDomains_EnableCustomHttpsUsingCDNManagedCertificate" :{
+            "$ref": "./examples/CustomDomains_EnableCustomHttpsUsingCDNManagedCertificate.json"
           }
         },
         "parameters": [
@@ -1682,6 +1685,15 @@
             "required": true,
             "type": "string"
           },
+          {
+            "name": "customDomainHttpsParameters",
+            "in": "body",
+            "description": "The configuration specifying how to enable HTTPS for the custom domain - using CDN managed certificate or user's own certificate. If not specified, enabling ssl uses CDN managed certificate by default.",
+            "required": false,
+            "schema": {
+              "$ref": "#/definitions/CustomDomainHttpsParameters"
+            }
+          },
           {
             "$ref": "#/parameters/subscriptionIdParameter"
           },
@@ -2765,6 +2777,166 @@
         }
       }
     },
+    "CustomDomainHttpsParameters": {
+      "description": "The JSON object that contains the properties to secure a custom domain.",
+      "discriminator": "certificateSource",
+      "required": [
+        "certificateSource",
+        "protocolType"
+      ],
+      "properties": {
+        "certificateSource": {
+          "description": "Defines the source of the SSL certificate.",
+          "enum": [
+            "AzureKeyVault",
+            "Cdn"
+          ],
+          "type": "string",
+          "x-ms-enum": {
+            "name": "CertificateSource",
+            "modelAsString": true
+          }
+        },
+        "protocolType": {
+          "description": "Defines the TLS extension protocol that is used for secure delivery.",
+          "enum": [
+            "ServerNameIndication",
+            "IPBased"
+          ],
+          "type": "string",
+          "x-ms-enum": {
+            "name": "ProtocolType",
+            "modelAsString": true
+          }
+        }
+      }
+    },
+    "CdnManagedHttpsParameters": {
+      "description": "Defines the certificate source parameters using CDN managed certificate for enabling SSL.",
+      "x-ms-discriminator-value": "Cdn",
+      "allOf": [
+        {
+          "$ref": "#/definitions/CustomDomainHttpsParameters"
+        }
+      ],
+      "required": [
+        "certificateSourceParameters"
+      ],
+      "properties": {
+        "certificateSourceParameters": {
+          "description": "Defines the certificate source parameters using CDN managed certificate for enabling SSL.",
+          "$ref": "#/definitions/CdnCertificateSourceParameters"
+        }
+      }
+    }, 
+    "CdnCertificateSourceParameters": {
+      "description": "Defines the parameters for using CDN managed certificate for securing custom domain.",
+      "required": [
+        "@odata.type",
+        "certificateType"
+      ],
+      "properties": {
+        "@odata.type": {
+          "type": "string",
+          "enum": [
+            "#Microsoft.Azure.Cdn.Models.CdnCertificateSourceParameters"
+          ]  
+        },
+        "certificateType": {
+          "description": "Type of certificate used",
+          "enum": [
+            "Shared",
+            "Dedicated"
+          ],
+          "type": "string",
+          "x-ms-enum": {
+            "name": "CertificateType",
+            "modelAsString": true
+          }
+        }
+      }
+    },
+    "UserManagedHttpsParameters": {
+      "description": "Defines the certificate source parameters using user's keyvault certificate for enabling SSL.",
+      "x-ms-discriminator-value": "AzureKeyVault",
+      "allOf": [
+        {
+          "$ref": "#/definitions/CustomDomainHttpsParameters"
+        }
+      ],
+      "required": [
+        "certificateSourceParameters"
+      ],
+      "properties": {
+        "certificateSourceParameters": {
+          "description": "Defines the certificate source parameters using user's keyvault certificate for enabling SSL.",
+          "$ref": "#/definitions/KeyVaultCertificateSourceParameters"
+        }
+      }
+    }, 
+    "KeyVaultCertificateSourceParameters": {
+      "description": "Describes the parameters for using a user's KeyVault certificate for securing custom domain.",
+      "required": [
+        "@odata.type",
+        "subscriptionId",
+        "resourceGroupName",
+        "vaultName",
+        "secretName",
+        "secretVersion",
+        "updateRule",
+        "deleteRule"
+      ],
+      "properties": {
+        "@odata.type": {
+          "type": "string",
+          "enum": [
+            "#Microsoft.Azure.Cdn.Models.KeyVaultCertificateSourceParameters"
+          ]  
+        },
+        "subscriptionId": {
+          "description": "Subscription Id of the user's Key Vault containing the SSL certificate",
+          "type": "string"
+        },
+        "resourceGroupName": {
+          "description": "Resource group of the user's Key Vault containing the SSL certificate",
+          "type": "string"
+        },
+        "vaultName": {
+          "description": "The name of the user's Key Vault containing the SSL certificate",
+          "type": "string"
+        },
+        "secretName": {
+          "description": "The name of Key Vault Secret (representing the full certificate PFX) in Key Vault.",
+          "type": "string"
+        },
+        "secretVersion": {
+          "description": "The version(GUID) of Key Vault Secret in Key Vault.",
+          "type": "string"
+        },
+        "updateRule": {
+          "description": "Describes the action that shall be taken when the certificate is updated in Key Vault.",
+          "type": "string",
+          "enum": [
+             "NoAction"
+          ],
+          "x-ms-enum": {
+            "name": "UpdateRule",
+            "modelAsString": true
+          }
+        },
+        "deleteRule": {
+          "description": "Describes the action that shall be taken when the certificate is removed from Key Vault.",
+          "type": "string",
+          "enum": [
+             "NoAction"
+          ],
+          "x-ms-enum": {
+            "name": "DeleteRule",
+            "modelAsString": true
+          }
+        }
+      }
+    },
     "CustomDomainListResult": {
       "description": "Result of the request to list custom domains. It contains a list of custom domain objects and a URL link to get the next set of results.",
       "properties": {

diff --git a/...rce-manager/Microsoft.Cdn/stable/2017-10-12/examples/CustomDomains_EnableCustomHttps.json b/...rce-manager/Microsoft.Cdn/stable/2017-10-12/examples/CustomDomains_EnableCustomHttps.json
diff --git a/...er/Microsoft.Cdn/stable/2017-10-12/examples/CustomDomains_EnableCustomHttpsUsingBYOC.json b/...er/Microsoft.Cdn/stable/2017-10-12/examples/CustomDomains_EnableCustomHttpsUsingBYOC.json
@@ -0,0 +1,30 @@
+{
+  "parameters": {
+    "api-version": "2017-10-12",
+    "subscriptionId": "subid",
+    "resourceGroupName": "RG",
+    "profileName": "profile1",
+    "endpointName": "endpoint1",
+    "customDomainName": "www-someDomain-net",
+    "customHttpsParameters": {
+      "certificateSource": "AzureKeyVault",
+      "protocolType": "ServerNameIndication",
+      "certificateSourceParameters": {
+       "OData.type":"#Microsoft.Azure.Cdn.Models.KeyVaultCertificateSourceParameters",
+       "subscriptionId":"subid",
+       "resourceGroupName":"RG",
+       "vaultName":"kv",
+       "secretName" : "secret1",
+       "secretVersion" :"00000000-0000-0000-0000-000000000000",
+       "updateRule": "NoAction",
+       "deleteRule": "NoAction"
+       }
+    }
+  },
+  "responses": {
+    "200": {
+      "body": {  
+      }
+    }
+  }
+}
diff --git a/...stable/2017-10-12/examples/CustomDomains_EnableCustomHttpsUsingCDNManagedCertificate.json b/...stable/2017-10-12/examples/CustomDomains_EnableCustomHttpsUsingCDNManagedCertificate.json
@@ -0,0 +1,24 @@
+{
+    "parameters": {
+      "api-version": "2017-10-12",
+      "subscriptionId": "subid",
+      "resourceGroupName": "RG",
+      "profileName": "profile1",
+      "endpointName": "endpoint1",
+      "customDomainName": "www-someDomain-net",
+      "customHttpsParameters": {
+        "certificateSource": "Cdn",
+        "protocolType": "ServerNameIndication",
+        "certificateSourceParameters": {
+         "OData.type":"#Microsoft.Azure.Cdn.Models.CdnCertificateSourceParameters",
+         "certificateType":"Shared"
+        }
+      }
+    },
+    "responses": {
+      "200": {
+        "body": {  
+        }
+      }
+    }
+  }