Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Application gateway Identity and Keyvault support #4387

Conversation

akshaysngupta
Copy link
Member

@akshaysngupta akshaysngupta commented Nov 2, 2018

This PR adds support for identity and keyvault on Application Gateway.

  1. Managed Identity is top-level property defined by the MSI team which is supported by ARM and NRP (release 110).
  2. For Keyvault support, SslCertificate and TrustedRootCertificate sub resource in AppGW have keyVaultSecretId field which will have secretId (url) to a secret or certificate object in keyvault. The above mentioned identity will be used to authenticate to keyvault.

Reference code:
CRP: https://github.com/Azure/azure-rest-api-specs/pull/3183/files
Datalake:

This checklist is used to make sure that common issues in a pull request are addressed. This will expedite the process of getting your pull request merged and avoid extra work on your part to fix issues discovered during the review process.

PR information

  • The title of the PR is clear and informative.
  • There are a small number of commits, each of which have an informative message. This means that previously merged commits do not appear in the history of the PR. For information on cleaning up the commits in your pull request, see this page.
  • Except for special cases involving multiple contributors, the PR is started from a fork of the main repository, not a branch.
  • If applicable, the PR references the bug/issue that it fixes.
  • Swagger files are correctly named (e.g. the api-version in the path should match the api-version in the spec).

Quality of Swagger

@azuresdkci
Copy link
Contributor

Can one of the admins verify this patch?

@AutorestCI
Copy link

AutorestCI commented Nov 2, 2018

Automation for azure-sdk-for-js

A PR has been created for you:
Azure/azure-sdk-for-js#527

@AutorestCI
Copy link

AutorestCI commented Nov 2, 2018

Automation for azure-sdk-for-ruby

Nothing to generate for azure-sdk-for-ruby

@AutorestCI
Copy link

AutorestCI commented Nov 2, 2018

Automation for azure-sdk-for-python

A PR has been created for you:
Azure/azure-sdk-for-python#3842

@akshaysngupta akshaysngupta changed the title Application gateway Identity and Keyvault support [DoNotMerge] Application gateway Identity and Keyvault support Nov 2, 2018
@AutorestCI
Copy link

AutorestCI commented Nov 2, 2018

Automation for azure-sdk-for-java

Nothing to generate for azure-sdk-for-java

@AutorestCI
Copy link

AutorestCI commented Nov 2, 2018

Automation for azure-sdk-for-go

A PR has been created for you:
Azure/azure-sdk-for-go#3354

@AutorestCI
Copy link

AutorestCI commented Nov 2, 2018

Automation for azure-sdk-for-node

A PR has been created for you:
Azure/azure-sdk-for-node#4133

@jianghaolu
Copy link
Contributor

@akshaysngupta You didn't add 386 files, did you? :)

I think the api version should be 2018-10-01? Can you please double check?

@jianghaolu
Copy link
Contributor

You might want to sync with upstream/network-november-release.

Also, in the future, if you are the first one to create a new API version, please do so from here https://portal.azure-devex-tools.com/app/branch/create and create 2 commits. The first commit for copying the old API version without modifying anything and the additions in the second commit. Thank you!

@hassanbabaie
Copy link

@akshaysngupta Just checking as I noticed your commit, is this to add authenticated access for Application Gateway protected/fronted applications? We've been waiting for this feature so it would be good to know if it might be coming.

Thanks

hass

Copy link
Contributor

@MikhailTryakhov MikhailTryakhov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@akshaysngupta as I mentioned before offline, november branch is for 2018-10-01 api version, not for 2018-11-01, so you have NOT to add 2018-11-01 for november branch. please wait for december :)
I see [do not merge], but not sure why to create this PR now? You'll have tens of merge conflicts in a month with this PR

@akshaysngupta akshaysngupta force-pushed the network-november-release branch from 5bdaf2a to 964c3d5 Compare November 20, 2018 00:36
@akshaysngupta akshaysngupta changed the title [DoNotMerge] Application gateway Identity and Keyvault support Application gateway Identity and Keyvault support Nov 20, 2018
@akshaysngupta
Copy link
Member Author

akshaysngupta commented Nov 20, 2018

@MikhailTryakhov I have updated the PR.
@hassanbabaie this is allow to Application Gateway to obtain/rotate certificates from keyvault.

@akshaysngupta
Copy link
Member Author

@ravbhatnagar Can you take a look ?

@ravbhatnagar ravbhatnagar added the WaitForARMFeedback <valid label in PR review process> add this label when ARM review is required label Nov 20, 2018
@MikhailTryakhov MikhailTryakhov merged commit e582297 into Azure:network-november-release Nov 20, 2018
jianghaolu pushed a commit that referenced this pull request Nov 27, 2018
* Adds base for updating Microsoft.Network from version stable/2018-08-01 to version 2018-10-01

* Updates readme

* Updates API version in new specs and examples

* [Networkwatcer] add FlowLogFormatParameters (#4374)

* Update specification/network/resource-manager/Microsoft.Network/stable/2018-08-01/networkWatcher.json

[Networkwatcher] add a new field "Format" with new type"FlowLogFormat" to FlowLogProperties

* Revert "Update specification/network/resource-manager/Microsoft.Network/stable/2018-08-01/networkWatcher.json"

This reverts commit f4f438a.

* Update specification/network/resource-manager/Microsoft.Network/stable/2018-10-01/networkWatcher.json

[networkwatcer] add FlowLogFormatParameters

* [Network wathcer] add a new field trafficAnalyticsInterval for TA (#4420)

* Make NIC VM ref readonly (#4443)

* Mark private IP address read-only (#4447)

* change container nics property type on container nic config to resourceid (#4459)

* Port fix from PR 4459 to 2018-10-01 (#4463)

* Application Gateway - Adds Rewrite rule set for Header CRUD (#4331)

* Adds base for updating Microsoft.Network from version stable/2018-08-01 to version 2018-10-01

* Updates readme

* Updates API version in new specs and examples

* Adds Rewrite rule set for Header CRUD

Adds the structure of rewriteRuleSets in the applicationGatewayProperties.
Adds recursively the sub structures in the rewriteRuleSet.
Adds the reference to rewriteRuleSet in the requestRoutingRule for both Basic rule and Path based rule.

* Adds examples for the Header CRUD in application gateway

* Fix the examples; replacing rules with rewriteRules.

* Fixing the properties of application Gateway rewriteRule

* Revert "Fixing the properties of application Gateway rewriteRule"

This reverts commit 05c9c91.

* Fixing the properties of application Gateway rewriteRule

* Mark the provisioning state as readOnly

* Mark etag as readOnly

* Revert "Model ContainerNic refs under ContainerNicConfig as sub resources" (#4467)

* Revert "Application Gateway - Adds Rewrite rule set for Header CRUD (#4331)"

This reverts commit 633d12d.

* Revert "Port fix from PR 4459 to 2018-10-01 (#4463)"

This reverts commit 5ea0c7b.

* Revert "change container nics property type on container nic config to resourceid (#4459)"

This reverts commit baf31d9.

* Fixes the missing array for the header actions (#4497)

* Network py 2018-10

* add package-2018-10 to Go SDK codegen

* Application gateway Identity and Keyvault support (#4387)

* identity and keyvault

* Capitalization comment

* Ported fix from master branch (#4547)
jianghaolu pushed a commit that referenced this pull request Nov 27, 2018
* Adds base for updating Microsoft.Network from version stable/2018-08-01 to version 2018-10-01

* Updates readme

* Updates API version in new specs and examples

* [Networkwatcer] add FlowLogFormatParameters (#4374)

* Update specification/network/resource-manager/Microsoft.Network/stable/2018-08-01/networkWatcher.json

[Networkwatcher] add a new field "Format" with new type"FlowLogFormat" to FlowLogProperties

* Revert "Update specification/network/resource-manager/Microsoft.Network/stable/2018-08-01/networkWatcher.json"

This reverts commit f4f438a.

* Update specification/network/resource-manager/Microsoft.Network/stable/2018-10-01/networkWatcher.json

[networkwatcer] add FlowLogFormatParameters

* [Network wathcer] add a new field trafficAnalyticsInterval for TA (#4420)

* Make NIC VM ref readonly (#4443)

* Mark private IP address read-only (#4447)

* change container nics property type on container nic config to resourceid (#4459)

* Port fix from PR 4459 to 2018-10-01 (#4463)

* Application Gateway - Adds Rewrite rule set for Header CRUD (#4331)

* Adds base for updating Microsoft.Network from version stable/2018-08-01 to version 2018-10-01

* Updates readme

* Updates API version in new specs and examples

* Adds Rewrite rule set for Header CRUD

Adds the structure of rewriteRuleSets in the applicationGatewayProperties.
Adds recursively the sub structures in the rewriteRuleSet.
Adds the reference to rewriteRuleSet in the requestRoutingRule for both Basic rule and Path based rule.

* Adds examples for the Header CRUD in application gateway

* Fix the examples; replacing rules with rewriteRules.

* Fixing the properties of application Gateway rewriteRule

* Revert "Fixing the properties of application Gateway rewriteRule"

This reverts commit 05c9c91.

* Fixing the properties of application Gateway rewriteRule

* Mark the provisioning state as readOnly

* Mark etag as readOnly

* Revert "Model ContainerNic refs under ContainerNicConfig as sub resources" (#4467)

* Revert "Application Gateway - Adds Rewrite rule set for Header CRUD (#4331)"

This reverts commit 633d12d.

* Revert "Port fix from PR 4459 to 2018-10-01 (#4463)"

This reverts commit 5ea0c7b.

* Revert "change container nics property type on container nic config to resourceid (#4459)"

This reverts commit baf31d9.

* Fixes the missing array for the header actions (#4497)

* Network py 2018-10

* add package-2018-10 to Go SDK codegen

* Application gateway Identity and Keyvault support (#4387)

* identity and keyvault

* Capitalization comment

* Ported fix from master branch (#4547)

* Add support for list api for global reach connections

* address farhan comment
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Reassign WaitForARMFeedback <valid label in PR review process> add this label when ARM review is required
Projects
None yet
Development

Successfully merging this pull request may close these issues.

8 participants