https://github.com/libre-devops/terraform-azurerm-api-management
A module used to deploy API Management resources
https://github.com/libre-devops/terraform-azurerm-api-management
Last synced: 2 months ago
JSON representation
A module used to deploy API Management resources
- Host: GitHub
- URL: https://github.com/libre-devops/terraform-azurerm-api-management
- Owner: libre-devops
- License: mit
- Created: 2023-03-03T23:23:33.000Z (about 2 years ago)
- Default Branch: main
- Last Pushed: 2024-10-24T18:15:21.000Z (6 months ago)
- Last Synced: 2024-12-26T16:11:42.443Z (4 months ago)
- Language: HCL
- Size: 44.9 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
Awesome Lists containing this project
README
```hcl
resource "azurerm_api_management" "apim" {
for_each = { for instance in var.apim_instances : instance.name => instance }
name = each.value.name
resource_group_name = each.value.rg_name
location = each.value.location
tags = each.value.tags
sku_name = each.value.sku_name
publisher_name = each.value.publisher_name
publisher_email = each.value.publisher_email
client_certificate_enabled = each.value.client_cetuficate_enabled
gateway_disabled = each.value.gateway_disabled
min_api_version = each.value.min_api_version
public_ip_address_id = each.value.public_ip_address_id
public_network_access_enabled = each.value.public_network_access_enabled
virtual_network_type = each.value.virtual_network_type
dynamic "additional_location" {
for_each = each.value.additional_location != null ? each.value.additional_location : []
content {
location = additional_location.value.location
capacity = additional_location.value.capacity
zones = additional_location.value.zones
public_ip_address_id = additional_location.value.public_ip_address_id
dynamic "virtual_network_configuration" {
for_each = additional_location.value.virtual_network_configuration != null ? [additional_location.value.virtual_network_configuration] : []
content {
subnet_id = virtual_network_configuration.value.subnet_id
}
}
gateway_disabled = additional_location.value.gateway_disabled
}
}
dynamic "certificate" {
for_each = each.value.certificate != null ? each.value.certificate : []
content {
encoded_certificate = certificate.value.encoded_certificate
store_name = certificate.value.store_name
certificate_password = certificate.value.certificate_password
}
}
dynamic "hostname_configuration" {
for_each = each.value.hostname_configuration != null ? [each.value.hostname_configuration] : []
content {
dynamic "management" {
for_each = try(each.value.hostname_configuration.management, [])
content {
host_name = management.value.host_name
key_vault_id = management.value.key_vault_id
certificate = management.value.certificate
certificate_password = management.value.certificate_password
negotiate_client_certificate = management.value.negotiate_client_certificate
ssl_keyvault_identity_client_id = management.value.ssl_keyvault_identity_client_id
}
}
dynamic "portal" {
for_each = try(each.value.hostname_configuration.portal, [])
content {
host_name = portal.value.host_name
key_vault_id = portal.value.key_vault_id
certificate = portal.value.certificate
certificate_password = portal.value.certificate_password
negotiate_client_certificate = portal.value.negotiate_client_certificate
ssl_keyvault_identity_client_id = portal.value.ssl_keyvault_identity_client_id
}
}
dynamic "developer_portal" {
for_each = try(each.value.hostname_configuration.developer_portal, [])
content {
host_name = developer_portal.value.host_name
key_vault_id = developer_portal.value.key_vault_id
certificate = developer_portal.value.certificate
certificate_password = developer_portal.value.certificate_password
negotiate_client_certificate = developer_portal.value.negotiate_client_certificate
ssl_keyvault_identity_client_id = developer_portal.value.ssl_keyvault_identity_client_id
}
}
dynamic "proxy" {
for_each = try(each.value.hostname_configuration.proxy, [])
content {
default_ssl_binding = proxy.value.default_ssl_binding
host_name = proxy.value.host_name
key_vault_id = proxy.value.key_vault_id
certificate = proxy.value.certificate
certificate_password = proxy.value.certificate_password
negotiate_client_certificate = proxy.value.negotiate_client_certificate
ssl_keyvault_identity_client_id = proxy.value.ssl_keyvault_identity_client_id
}
}
dynamic "scm" {
for_each = try(each.value.hostname_configuration.scm, [])
content {
host_name = scm.value.host_name
key_vault_id = scm.value.key_vault_id
certificate = scm.value.certificate
certificate_password = scm.value.certificate_password
negotiate_client_certificate = scm.value.negotiate_client_certificate
ssl_keyvault_identity_client_id = scm.value.ssl_keyvault_identity_client_id
}
}
}
}
dynamic "delegation" {
for_each = each.value.delegation != null ? [each.value.delegation] : []
content {
subscriptions_enabled = delegation.value.subscriptions_enabled
user_registration_enabled = delegation.value.user_registration_enabled
url = delegation.value.url
validation_key = delegation.value.validation_key
}
}
dynamic "sign_in" {
for_each = each.value.sign_in != null ? [each.value.sign_in] : []
content {
enabled = sign_in.value.enabled
}
}
dynamic "sign_up" {
for_each = each.value.sign_up != null ? [each.value.sign_up] : []
content {
enabled = sign_up.value.enabled
dynamic "terms_of_service" {
for_each = sign_up.value.terms_of_service != null ? [sign_up.value.terms_of_service] : []
content {
enabled = terms_of_service.value.enabled
consent_required = terms_of_service.value.consent_required
text = terms_of_service.value.text
}
}
}
}
dynamic "security" {
for_each = each.value.security != null ? [each.value.security] : []
content {
enable_backend_ssl30 = security.value.enable_backend_ssl30
enable_backend_tls10 = security.value.enable_backend_tls10
enable_backend_tls11 = security.value.enable_backend_tls11
enable_frontend_ssl30 = security.value.enable_frontend_ssl30
enable_frontend_tls10 = security.value.enable_frontend_tls10
enable_frontend_tls11 = security.value.enable_frontend_tls11
tls_ecdhe_ecdsa_with_aes128_cbc_sha_ciphers_enabled = security.value.tls_ecdhe_ecdsa_with_aes128_cbc_sha_ciphers_enabled
tls_ecdhe_ecdsa_with_aes256_cbc_sha_ciphers_enabled = security.value.tls_ecdhe_ecdsa_with_aes256_cbc_sha_ciphers_enabled
tls_ecdhe_rsa_with_aes128_cbc_sha_ciphers_enabled = security.value.tls_ecdhe_rsa_with_aes128_cbc_sha_ciphers_enabled
tls_ecdhe_rsa_with_aes256_cbc_sha_ciphers_enabled = security.value.tls_ecdhe_rsa_with_aes256_cbc_sha_ciphers_enabled
tls_rsa_with_aes128_cbc_sha256_ciphers_enabled = security.value.tls_rsa_with_aes128_cbc_sha256_ciphers_enabled
tls_rsa_with_aes128_cbc_sha_ciphers_enabled = security.value.tls_rsa_with_aes128_cbc_sha_ciphers_enabled
tls_rsa_with_aes128_gcm_sha256_ciphers_enabled = security.value.tls_rsa_with_aes128_gcm_sha256_ciphers_enabled
tls_rsa_with_aes256_gcm_sha384_ciphers_enabled = security.value.tls_rsa_with_aes256_gcm_sha384_ciphers_enabled
tls_rsa_with_aes256_cbc_sha256_ciphers_enabled = security.value.tls_rsa_with_aes256_cbc_sha256_ciphers_enabled
tls_rsa_with_aes256_cbc_sha_ciphers_enabled = security.value.tls_rsa_with_aes256_cbc_sha_ciphers_enabled
triple_des_ciphers_enabled = security.value.triple_des_ciphers_enabled
}
}
dynamic "identity" {
for_each = each.value.identity_type == "SystemAssigned" ? [each.value.identity_type] : []
content {
type = each.value.identity_type
}
}
dynamic "identity" {
for_each = each.value.identity_type == "SystemAssigned, UserAssigned" ? [each.value.identity_type] : []
content {
type = each.value.identity_type
identity_ids = try(each.value.identity_ids, [])
}
}
dynamic "identity" {
for_each = each.value.identity_type == "UserAssigned" ? [each.value.identity_type] : []
content {
type = each.value.identity_type
identity_ids = length(try(each.value.identity_ids, [])) > 0 ? each.value.identity_ids : []
}
}
}
```
## Requirements
No requirements.
## Providers
| Name | Version |
|------|---------|
| [azurerm](#provider\_azurerm) | n/a |
## Modules
No modules.
## Resources
| Name | Type |
|------|------|
| [azurerm_api_management.apim](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management) | resource |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [apim\_instances](#input\_apim\_instances) | The APIM instances to make |
list(object({
name = string
rg_name = string
location = optional(string, "uksouth")
tags = map(string)
publisher_name = string
publisher_email = string
sku_name = string
client_cetuficate_enabled = optional(bool)
gateway_disabled = optional(bool)
min_api_version = optional(string)
zones = optional(list(string))
identity_ids = optional(list(string))
identity_type = optional(string)
additional_location = optional(list(object({
location = string
capacity = optional(string)
zones = optional(list(string))
public_ip_address_id = optional(string)
virtual_network_configuration = optional(object({
subnet_id = string
}))
gateway_disabled = optional(bool)
})))
certificate = optional(list(object({
encoded_certificate = string
store_name = string
certificate_password = optional(string)
})))
delegation = optional(object({
subscriptions_enabled = optional(bool)
user_registration_enabled = optional(bool)
url = optional(string)
validation_key = optional(string)
}))
hostname_configuration = optional(object({
management = optional(list(object({
host_name = string
key_vault_id = optional(string)
certificate = optional(string)
certificate_password = optional(string)
negotiate_client_certificate = optional(bool)
ssl_keyvault_identity_client_id = optional(string)
})))
portal = optional(list(object({
host_name = string
key_vault_id = optional(string)
certificate = optional(string)
certificate_password = optional(string)
negotiate_client_certificate = optional(bool)
ssl_keyvault_identity_client_id = optional(string)
})))
developer_portal = optional(list(object({
host_name = string
key_vault_id = optional(string)
certificate = optional(string)
certificate_password = optional(string)
negotiate_client_certificate = optional(bool)
ssl_keyvault_identity_client_id = optional(string)
})))
proxy = optional(list(object({
default_ssl_binding = optional(bool)
host_name = string
key_vault_id = optional(string)
certificate = optional(string)
certificate_password = optional(string)
negotiate_client_certificate = optional(bool)
ssl_keyvault_identity_client_id = optional(string)
})))
scm = optional(list(object({
host_name = string
key_vault_id = optional(string)
certificate = optional(string)
certificate_password = optional(string)
negotiate_client_certificate = optional(bool)
ssl_keyvault_identity_client_id = optional(string)
})))
}))
notification_sender_email = optional(string)
protocols = optional(object({
enable_http2 = optional(bool)
}))
security = optional(object({
enable_backend_ssl30 = optional(bool)
enable_backend_tls10 = optional(bool)
enable_backend_tls11 = optional(bool)
enable_frontend_ssl30 = optional(bool)
enable_frontend_tls10 = optional(bool)
enable_frontend_tls11 = optional(bool)
tls_ecdhe_ecdsa_with_aes128_cbc_sha_ciphers_enabled = optional(bool)
tls_ecdhe_ecdsa_with_aes256_cbc_sha_ciphers_enabled = optional(bool)
tls_ecdhe_rsa_with_aes128_cbc_sha_ciphers_enabled = optional(bool)
tls_ecdhe_rsa_with_aes256_cbc_sha_ciphers_enabled = optional(bool)
tls_rsa_with_aes128_cbc_sha256_ciphers_enabled = optional(bool)
tls_rsa_with_aes128_cbc_sha_ciphers_enabled = optional(bool)
tls_rsa_with_aes128_gcm_sha256_ciphers_enabled = optional(bool)
tls_rsa_with_aes256_gcm_sha384_ciphers_enabled = optional(bool)
tls_rsa_with_aes256_cbc_sha256_ciphers_enabled = optional(bool)
tls_rsa_with_aes256_cbc_sha_ciphers_enabled = optional(bool)
triple_des_ciphers_enabled = optional(bool)
}))
sign_in = optional(object({
enabled = bool
}))
sign_up = optional(object({
enabled = bool
terms_of_service = optional(object({
enabled = bool
consent_required = bool
text = optional(string)
}))
}))
tenant_access = optional(object({
enabled = bool
}))
public_ip_address_id = optional(string)
public_network_access_enabled = optional(bool, true)
virtual_network_type = optional(string)
virtual_network_configuration = optional(object({
subnet_id = string
}))
})) | n/a | yes |
## Outputs
| Name | Description |
|------|-------------|
| [apim\_certificate\_expiries](#output\_apim\_certificate\_expiries) | The expiration dates of the certificates for all the API Management instances. |
| [apim\_certificate\_subjects](#output\_apim\_certificate\_subjects) | The subjects of the certificates for all the API Management instances. |
| [apim\_certificate\_thumbprints](#output\_apim\_certificate\_thumbprints) | The thumbprints of the certificates for all the API Management instances. |
| [apim\_developer\_portal\_urls](#output\_apim\_developer\_portal\_urls) | The Developer Portal URLs of all the API Management instances. |
| [apim\_gateway\_regional\_urls](#output\_apim\_gateway\_regional\_urls) | The Regional Gateway URLs of all the API Management instances. |
| [apim\_gateway\_urls](#output\_apim\_gateway\_urls) | The Gateway URLs of all the API Management instances. |
| [apim\_hostname\_configuration\_proxy\_certificate\_sources](#output\_apim\_hostname\_configuration\_proxy\_certificate\_sources) | The certificate sources for proxy hostname configurations in all the API Management instances. |
| [apim\_hostname\_configuration\_proxy\_certificate\_statuses](#output\_apim\_hostname\_configuration\_proxy\_certificate\_statuses) | The certificate statuses for proxy hostname configurations in all the API Management instances. |
| [apim\_hostname\_configurations](#output\_apim\_hostname\_configurations) | The hostname configurations for all the API Management instances. |
| [apim\_identities](#output\_apim\_identities) | The identity blocks for all the API Management instances. |
| [apim\_ids](#output\_apim\_ids) | The IDs of all the API Management instances. |
| [apim\_management\_api\_urls](#output\_apim\_management\_api\_urls) | The Management API URLs of all the API Management instances. |
| [apim\_portal\_urls](#output\_apim\_portal\_urls) | The Publisher Portal URLs of all the API Management instances. |
| [apim\_private\_ip\_addresses](#output\_apim\_private\_ip\_addresses) | The Private IP addresses of all the API Management instances. |
| [apim\_public\_ip\_addresses](#output\_apim\_public\_ip\_addresses) | The Public IP addresses of all the API Management instances. |
| [apim\_scm\_urls](#output\_apim\_scm\_urls) | The SCM URLs of all the API Management instances. |
| [apim\_tenant\_accesses](#output\_apim\_tenant\_accesses) | The tenant access blocks for all the API Management instances. |