Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Application gateway Identity and Keyvault support #4387

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -824,9 +824,9 @@
"type": "string",
"description": "Certificate public data."
},
"keyvaultSecretId": {
"keyVaultSecretId": {
"type": "string",
"description": "KeyVault Secret Id for certificate."
"description": "Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault."
},
"provisioningState": {
"type": "string",
Expand Down Expand Up @@ -875,6 +875,10 @@
"type": "string",
"description": "Base-64 encoded Public cert data corresponding to pfx specified in data. Only applicable in GET request."
},
"keyVaultSecretId": {
"type": "string",
"description": "Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault."
},
"provisioningState": {
"type": "string",
"description": "Provisioning state of the SSL certificate resource Possible values are: 'Updating', 'Deleting', and 'Failed'."
Expand Down Expand Up @@ -1818,6 +1822,10 @@
"type": "string"
},
"description": "A list of availability zones denoting where the resource needs to come from."
},
"identity": {
"$ref": "./network.json#/definitions/ManagedServiceIdentity",
"description": "The identity of the application gateway, if configured."
}
},
"allOf": [
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,12 @@
"resourceGroupName": "rg1",
"applicationGatewayName": "appgw",
"parameters": {
"identity": {
"type":"UserAssigned",
"userAssignedIdentities": {
"/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
}
},
"properties": {
"sku": {
"name": "Standard_Medium",
Expand All @@ -28,6 +34,26 @@
"data": "****",
"password": "****"
}
},
{
"name": "sslcert2",
"properties": {
"keyVaultSecretId": "https://kv/secret"
}
}
],
"trustedRootCertificates": [
{
"name": "rootcert",
"properties": {
"data": "****"
}
},
{
"name": "rootcert1",
"properties": {
"keyVaultSecretId": "https://kv/secret"
}
}
],
"frontendIPConfigurations": [
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,54 @@
}
},
"description": "Tags object for patch operations."
},
"ManagedServiceIdentity": {
"properties": {
"principalId": {
"readOnly": true,
"type": "string",
"description": "The principal id of the system assigned identity. This property will only be provided for a system assigned identity."
},
"tenantId": {
"readOnly": true,
"type": "string",
"description": "The tenant id of the system assigned identity. This property will only be provided for a system assigned identity."
},
"type": {
"type": "string",
"description": "The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.",
"enum": [
"SystemAssigned",
"UserAssigned",
"SystemAssigned, UserAssigned",
"None"
],
"x-ms-enum": {
"name": "ResourceIdentityType",
"modelAsString": false
}
},
"userAssignedIdentities": {
"type": "object",
"additionalProperties": {
"type": "object",
"properties": {
"principalId": {
"readOnly": true,
"type": "string",
"description": "The principal id of user assigned identity."
},
"clientId": {
"readOnly": true,
"type": "string",
"description": "The client id of user assigned identity."
}
}
},
"description": "The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'."
}
},
"description": "Identity for the resource."
}
},
"parameters": {
Expand All @@ -162,4 +210,4 @@
"description": "Client API version."
}
}
}
}