From 8ee873d5b30f4242e9967ea63fa128155f0904a3 Mon Sep 17 00:00:00 2001 From: nachakra Date: Tue, 26 Feb 2019 15:52:47 -0800 Subject: [PATCH] Enable SSL on custom domains using users certificate or CDN managed certificate --- .../Microsoft.Cdn/stable/2017-10-12/cdn.json | 176 +++++++++++++++++- .../CustomDomains_EnableCustomHttps.json | 16 -- ...tomDomains_EnableCustomHttpsUsingBYOC.json | 30 +++ ...CustomHttpsUsingCDNManagedCertificate.json | 24 +++ 4 files changed, 228 insertions(+), 18 deletions(-) delete mode 100644 specification/cdn/resource-manager/Microsoft.Cdn/stable/2017-10-12/examples/CustomDomains_EnableCustomHttps.json create mode 100644 specification/cdn/resource-manager/Microsoft.Cdn/stable/2017-10-12/examples/CustomDomains_EnableCustomHttpsUsingBYOC.json create mode 100644 specification/cdn/resource-manager/Microsoft.Cdn/stable/2017-10-12/examples/CustomDomains_EnableCustomHttpsUsingCDNManagedCertificate.json diff --git a/specification/cdn/resource-manager/Microsoft.Cdn/stable/2017-10-12/cdn.json b/specification/cdn/resource-manager/Microsoft.Cdn/stable/2017-10-12/cdn.json index 580c70d4d4d0..33658e4c4fb4 100644 --- a/specification/cdn/resource-manager/Microsoft.Cdn/stable/2017-10-12/cdn.json +++ b/specification/cdn/resource-manager/Microsoft.Cdn/stable/2017-10-12/cdn.json @@ -1653,8 +1653,11 @@ "description": "Enable https delivery of the custom domain.", "operationId": "CustomDomains_EnableCustomHttps", "x-ms-examples": { - "CustomDomains_EnableCustomHttps": { - "$ref": "./examples/CustomDomains_EnableCustomHttps.json" + "CustomDomains_EnableCustomHttpsUsingYourOwnCertificate": { + "$ref": "./examples/CustomDomains_EnableCustomHttpsUsingBYOC.json" + }, + "CustomDomains_EnableCustomHttpsUsingCDNManagedCertificate" :{ + "$ref": "./examples/CustomDomains_EnableCustomHttpsUsingCDNManagedCertificate.json" } }, "parameters": [ @@ -1682,6 +1685,15 @@ "required": true, "type": "string" }, + { + "name": "customDomainHttpsParameters", + "in": "body", + "description": "The configuration specifying how to enable HTTPS for the custom domain - using CDN managed certificate or user's own certificate. If not specified, enabling ssl uses CDN managed certificate by default.", + "required": false, + "schema": { + "$ref": "#/definitions/CustomDomainHttpsParameters" + } + }, { "$ref": "#/parameters/subscriptionIdParameter" }, @@ -2765,6 +2777,166 @@ } } }, + "CustomDomainHttpsParameters": { + "description": "The JSON object that contains the properties to secure a custom domain.", + "discriminator": "certificateSource", + "required": [ + "certificateSource", + "protocolType" + ], + "properties": { + "certificateSource": { + "description": "Defines the source of the SSL certificate.", + "enum": [ + "AzureKeyVault", + "Cdn" + ], + "type": "string", + "x-ms-enum": { + "name": "CertificateSource", + "modelAsString": true + } + }, + "protocolType": { + "description": "Defines the TLS extension protocol that is used for secure delivery.", + "enum": [ + "ServerNameIndication", + "IPBased" + ], + "type": "string", + "x-ms-enum": { + "name": "ProtocolType", + "modelAsString": true + } + } + } + }, + "CdnManagedHttpsParameters": { + "description": "Defines the certificate source parameters using CDN managed certificate for enabling SSL.", + "x-ms-discriminator-value": "Cdn", + "allOf": [ + { + "$ref": "#/definitions/CustomDomainHttpsParameters" + } + ], + "required": [ + "certificateSourceParameters" + ], + "properties": { + "certificateSourceParameters": { + "description": "Defines the certificate source parameters using CDN managed certificate for enabling SSL.", + "$ref": "#/definitions/CdnCertificateSourceParameters" + } + } + }, + "CdnCertificateSourceParameters": { + "description": "Defines the parameters for using CDN managed certificate for securing custom domain.", + "required": [ + "@odata.type", + "certificateType" + ], + "properties": { + "@odata.type": { + "type": "string", + "enum": [ + "#Microsoft.Azure.Cdn.Models.CdnCertificateSourceParameters" + ] + }, + "certificateType": { + "description": "Type of certificate used", + "enum": [ + "Shared", + "Dedicated" + ], + "type": "string", + "x-ms-enum": { + "name": "CertificateType", + "modelAsString": true + } + } + } + }, + "UserManagedHttpsParameters": { + "description": "Defines the certificate source parameters using user's keyvault certificate for enabling SSL.", + "x-ms-discriminator-value": "AzureKeyVault", + "allOf": [ + { + "$ref": "#/definitions/CustomDomainHttpsParameters" + } + ], + "required": [ + "certificateSourceParameters" + ], + "properties": { + "certificateSourceParameters": { + "description": "Defines the certificate source parameters using user's keyvault certificate for enabling SSL.", + "$ref": "#/definitions/KeyVaultCertificateSourceParameters" + } + } + }, + "KeyVaultCertificateSourceParameters": { + "description": "Describes the parameters for using a user's KeyVault certificate for securing custom domain.", + "required": [ + "@odata.type", + "subscriptionId", + "resourceGroupName", + "vaultName", + "secretName", + "secretVersion", + "updateRule", + "deleteRule" + ], + "properties": { + "@odata.type": { + "type": "string", + "enum": [ + "#Microsoft.Azure.Cdn.Models.KeyVaultCertificateSourceParameters" + ] + }, + "subscriptionId": { + "description": "Subscription Id of the user's Key Vault containing the SSL certificate", + "type": "string" + }, + "resourceGroupName": { + "description": "Resource group of the user's Key Vault containing the SSL certificate", + "type": "string" + }, + "vaultName": { + "description": "The name of the user's Key Vault containing the SSL certificate", + "type": "string" + }, + "secretName": { + "description": "The name of Key Vault Secret (representing the full certificate PFX) in Key Vault.", + "type": "string" + }, + "secretVersion": { + "description": "The version(GUID) of Key Vault Secret in Key Vault.", + "type": "string" + }, + "updateRule": { + "description": "Describes the action that shall be taken when the certificate is updated in Key Vault.", + "type": "string", + "enum": [ + "NoAction" + ], + "x-ms-enum": { + "name": "UpdateRule", + "modelAsString": true + } + }, + "deleteRule": { + "description": "Describes the action that shall be taken when the certificate is removed from Key Vault.", + "type": "string", + "enum": [ + "NoAction" + ], + "x-ms-enum": { + "name": "DeleteRule", + "modelAsString": true + } + } + } + }, "CustomDomainListResult": { "description": "Result of the request to list custom domains. It contains a list of custom domain objects and a URL link to get the next set of results.", "properties": { diff --git a/specification/cdn/resource-manager/Microsoft.Cdn/stable/2017-10-12/examples/CustomDomains_EnableCustomHttps.json b/specification/cdn/resource-manager/Microsoft.Cdn/stable/2017-10-12/examples/CustomDomains_EnableCustomHttps.json deleted file mode 100644 index 02f0185444a3..000000000000 --- a/specification/cdn/resource-manager/Microsoft.Cdn/stable/2017-10-12/examples/CustomDomains_EnableCustomHttps.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "parameters": { - "api-version": "2017-10-12", - "subscriptionId": "subid", - "resourceGroupName": "RG", - "profileName": "profile1", - "endpointName": "endpoint1", - "customDomainName": "www-someDomain-net" - }, - "responses": { - "200": { - "body": { - } - } - } -} \ No newline at end of file diff --git a/specification/cdn/resource-manager/Microsoft.Cdn/stable/2017-10-12/examples/CustomDomains_EnableCustomHttpsUsingBYOC.json b/specification/cdn/resource-manager/Microsoft.Cdn/stable/2017-10-12/examples/CustomDomains_EnableCustomHttpsUsingBYOC.json new file mode 100644 index 000000000000..db2bc8a4a9d0 --- /dev/null +++ b/specification/cdn/resource-manager/Microsoft.Cdn/stable/2017-10-12/examples/CustomDomains_EnableCustomHttpsUsingBYOC.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "api-version": "2017-10-12", + "subscriptionId": "subid", + "resourceGroupName": "RG", + "profileName": "profile1", + "endpointName": "endpoint1", + "customDomainName": "www-someDomain-net", + "customHttpsParameters": { + "certificateSource": "AzureKeyVault", + "protocolType": "ServerNameIndication", + "certificateSourceParameters": { + "OData.type":"#Microsoft.Azure.Cdn.Models.KeyVaultCertificateSourceParameters", + "subscriptionId":"subid", + "resourceGroupName":"RG", + "vaultName":"kv", + "secretName" : "secret1", + "secretVersion" :"00000000-0000-0000-0000-000000000000", + "updateRule": "NoAction", + "deleteRule": "NoAction" + } + } + }, + "responses": { + "200": { + "body": { + } + } + } +} \ No newline at end of file diff --git a/specification/cdn/resource-manager/Microsoft.Cdn/stable/2017-10-12/examples/CustomDomains_EnableCustomHttpsUsingCDNManagedCertificate.json b/specification/cdn/resource-manager/Microsoft.Cdn/stable/2017-10-12/examples/CustomDomains_EnableCustomHttpsUsingCDNManagedCertificate.json new file mode 100644 index 000000000000..518f58899340 --- /dev/null +++ b/specification/cdn/resource-manager/Microsoft.Cdn/stable/2017-10-12/examples/CustomDomains_EnableCustomHttpsUsingCDNManagedCertificate.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "api-version": "2017-10-12", + "subscriptionId": "subid", + "resourceGroupName": "RG", + "profileName": "profile1", + "endpointName": "endpoint1", + "customDomainName": "www-someDomain-net", + "customHttpsParameters": { + "certificateSource": "Cdn", + "protocolType": "ServerNameIndication", + "certificateSourceParameters": { + "OData.type":"#Microsoft.Azure.Cdn.Models.CdnCertificateSourceParameters", + "certificateType":"Shared" + } + } + }, + "responses": { + "200": { + "body": { + } + } + } + } \ No newline at end of file