Added support for KeyVault Named Values (new parameter) (#523)

* Added support for KeyVault Named Values (new parameter)

* fix issue where param is false and it tries to write secret value for named value (keyvault)

Co-authored-by: Matthew Fortunka <mafortun@microsoft.com>

Author: fortunkam

src/APIM_ARMTemplate/README.md

@@ -381,10 +381,11 @@ You have two choices when specifying your settings:
 | serviceUrlParameters  | No                    | Parameterize service url in advance (you can replace serviceUrl afterwards as well, you can refer example for more information).  |
 |  paramServiceUrl | No                    |  Set to "true" will parameterize all serviceUrl for each api and generate serviceUrl parameter to api template/parameter template/master template files |
 |  paramNamedValue | No                    |  Set to "true" will parameterize all named values and add named values parameter to property template/parameter template/mastert emplate files |
-|  paramApiLoggerId | No                    |  Set to "true" will parameterize all logger ids in all apis (within api templates) |
+|  paramApiLoggerId | No                    |  Set to "true" will parameterize all logger ids in all apis (within api templates), Also includes the "All API" monitoring configuration |
 |  paramLogResourceId | No                    |  Set to "true" will parameterize all loggers' resource ids (within logger template)|
 | serviceBaseUrl | No                    | Specify the base url where you want to run your extractor |
 | notIncludeNamedValue | No                    | Set to "true" will not generate Named Value Templates|
+| paramNamedValuesKeyVaultSecrets | No | Set to true will parameterize all named values where the value is from a key vault secret |
 
 #### Note
 * Can not use "splitAPIs" and "apiName" at the same time, since using "apiName" only extract one API

src/APIM_ARMTemplate/apimtemplate/Common/Constants/GlobalConstants.cs

@@ -34,6 +34,7 @@ public static class ParameterNames
         public const string LinkedTemplatesSasToken = "LinkedTemplatesSasToken";
         public const string ApimServiceName = "ApimServiceName";
         public const string LinkedTemplatesBaseUrl = "LinkedTemplatesBaseUrl";
+        public const string NamedValueKeyVaultSecrets = "NamedValueKeyVaultSecrets";
     }
 
     public static class ParameterPrefix

src/APIM_ARMTemplate/apimtemplate/Common/TemplateModels/PropertyTemplateResource.cs

@@ -13,5 +13,11 @@ public class PropertyResourceProperties
         public bool secret { get; set; }
         public string displayName { get; set; }
         public string value { get; set; }
+        public PropertyResourceKeyVaultProperties keyVault { get; set; }
+    }
+
+    public class PropertyResourceKeyVaultProperties
+    {
+        public string secretIdentifier { get; set; }
     }
 }

src/APIM_ARMTemplate/apimtemplate/Extractor/EntityExtractors/EntityExtractor.cs

@@ -74,6 +74,14 @@ public Template GenerateEmptyPropertyTemplateWithParameters(Extractor exc)
                 };
                 armTemplate.parameters.Add(ParameterNames.NamedValues, namedValueParameterProperties);
             }
+            if (exc.paramNamedValuesKeyVaultSecrets)
+            {
+                TemplateParameterProperties keyVaultNamedValueParameterProperties = new TemplateParameterProperties()
+                {
+                    type = "object"
+                };
+                armTemplate.parameters.Add(ParameterNames.NamedValueKeyVaultSecrets, keyVaultNamedValueParameterProperties);
+            }
             return armTemplate;
         }
 

src/APIM_ARMTemplate/apimtemplate/Extractor/EntityExtractors/MasterTemplateExtractor.cs

@@ -167,6 +167,10 @@ public MasterTemplateResource CreateLinkedMasterTemplateResourceForPropertyTempl
             {
                 masterResourceTemplate.properties.parameters.Add(ParameterNames.NamedValues, new TemplateParameterProperties() { value = $"[parameters('{ParameterNames.NamedValues}')]" });
             }
+            if (exc.paramNamedValuesKeyVaultSecrets)
+            {
+                masterResourceTemplate.properties.parameters.Add(ParameterNames.NamedValueKeyVaultSecrets, new TemplateParameterProperties() { value = $"[parameters('{ParameterNames.NamedValueKeyVaultSecrets}')]" });
+            }
             return masterResourceTemplate;
         }
 
@@ -359,6 +363,18 @@ public Dictionary<string, TemplateParameterProperties> CreateMasterTemplateParam
                 };
                 parameters.Add(ParameterNames.LoggerResourceId, loggerResourceIdProperties);
             }
+            if (exc.paramNamedValuesKeyVaultSecrets)
+            {
+                TemplateParameterProperties namedValueKeyVaultSecretsProperties = new TemplateParameterProperties()
+                {
+                    metadata = new TemplateParameterMetadata()
+                    {
+                        description = "Key Vault Secrets for Named Values"
+                    },
+                    type = "object"
+                };
+                parameters.Add(ParameterNames.NamedValueKeyVaultSecrets, namedValueKeyVaultSecretsProperties);
+            }
             return parameters;
         }
 
@@ -488,16 +504,45 @@ public async Task<Template> CreateMasterTemplateParameterValues(List<string> api
                     string propertyName = ((JValue)oProperty["name"]).Value.ToString();
                     string fullPropertyResource = await pExc.GetPropertyDetailsAsync(exc.sourceApimName, exc.resourceGroup, propertyName);
                     PropertyTemplateResource propertyTemplateResource = JsonConvert.DeserializeObject<PropertyTemplateResource>(fullPropertyResource);
-                    string propertyValue = propertyTemplateResource.properties.value;
-                    string validPName = ExtractorUtils.GenValidParamName(propertyName, ParameterPrefix.Property);
-                    namedValues.Add(validPName, propertyValue);
+                    //Only add the property if it is not controlled by keyvault
+                    if (propertyTemplateResource?.properties.keyVault == null)
+                    {
+                        string propertyValue = propertyTemplateResource.properties.value;
+                        string validPName = ExtractorUtils.GenValidParamName(propertyName, ParameterPrefix.Property);
+                        namedValues.Add(validPName, propertyValue);
+                    }
                 }
                 TemplateObjectParameterProperties namedValueProperties = new TemplateObjectParameterProperties()
                 {
                     value = namedValues
                 };
                 parameters.Add(ParameterNames.NamedValues, namedValueProperties);
             }
+            if (exc.paramNamedValuesKeyVaultSecrets)
+            {
+                Dictionary<string, string> keyVaultNamedValues = new Dictionary<string, string>();
+                PropertyExtractor pExc = new PropertyExtractor();
+                string[] properties = await pExc.GetPropertiesAsync(exc.sourceApimName, exc.resourceGroup);
+
+                foreach (var extractedProperty in properties)
+                {
+                    JToken oProperty = JObject.Parse(extractedProperty);
+                    string propertyName = ((JValue)oProperty["name"]).Value.ToString();
+                    string fullPropertyResource = await pExc.GetPropertyDetailsAsync(exc.sourceApimName, exc.resourceGroup, propertyName);
+                    PropertyTemplateResource propertyTemplateResource = JsonConvert.DeserializeObject<PropertyTemplateResource>(fullPropertyResource);
+                    if (propertyTemplateResource?.properties.keyVault != null)
+                    {
+                        string propertyValue = propertyTemplateResource.properties.keyVault.secretIdentifier;
+                        string validPName = ExtractorUtils.GenValidParamName(propertyName, ParameterPrefix.Property);
+                        keyVaultNamedValues.Add(validPName, propertyValue);
+                    }
+                }
+                TemplateObjectParameterProperties keyVaultNamedValueProperties = new TemplateObjectParameterProperties()
+                {
+                    value = keyVaultNamedValues
+                };
+                parameters.Add(ParameterNames.NamedValueKeyVaultSecrets, keyVaultNamedValueProperties);
+            }
             if (exc.paramApiLoggerId)
             {
                 TemplateObjectParameterProperties loggerIdProperties = new TemplateObjectParameterProperties()

src/APIM_ARMTemplate/apimtemplate/Extractor/EntityExtractors/PropertyExtractor.cs

@@ -83,6 +83,17 @@ public async Task<Template> GenerateNamedValuesTemplateAsync(string singleApiNam
                     propertyTemplateResource.properties.value = $"[parameters('{ParameterNames.NamedValues}').{ExtractorUtils.GenValidParamName(propertyName, ParameterPrefix.Property)}]";
                 }
 
+                //Hide the value field if it is a keyvault named value
+                if (propertyTemplateResource.properties.keyVault != null)
+                {
+                    propertyTemplateResource.properties.value = null;
+                }
+
+                if (propertyTemplateResource.properties.keyVault != null && exc.paramNamedValuesKeyVaultSecrets )
+                {
+                    propertyTemplateResource.properties.keyVault.secretIdentifier = $"[parameters('{ParameterNames.NamedValueKeyVaultSecrets}').{ExtractorUtils.GenValidParamName(propertyName, ParameterPrefix.Property)}]";
+                }
+
                 if (singleApiName == null)
                 {
                     // if the user is executing a full extraction, extract all the loggers

src/APIM_ARMTemplate/apimtemplate/Extractor/Models/ExtractorConfiguration.cs

@@ -49,6 +49,9 @@ public class ExtractorConfig
         [Description("Should not include named values template")]
         public string notIncludeNamedValue { get; set; }
 
+        [Description("Parameterize named values where value is retrieved from a Key Vault secret")]
+        public bool paramNamedValuesKeyVaultSecrets { get; set; }
+
         [Description("Group the operations into batches of x?")]
         public int operationBatchSize {get;set;}
         public void Validate()
@@ -110,6 +113,7 @@ public class Extractor
         public bool paramApiLoggerId { get; private set; }
         public bool paramLogResourceId { get; private set; }
         public bool notIncludeNamedValue { get; private set; }
+        public bool paramNamedValuesKeyVaultSecrets { get; private set; }
 
         public int operationBatchSize { get; private set;} 
 
@@ -133,6 +137,7 @@ public Extractor(ExtractorConfig exc, string dirName)
             this.paramLogResourceId = exc.paramLogResourceId != null && exc.paramLogResourceId.Equals("true");
             this.notIncludeNamedValue = exc.notIncludeNamedValue != null && exc.notIncludeNamedValue.Equals("true");
             this.operationBatchSize  = exc.operationBatchSize;
+            this.paramNamedValuesKeyVaultSecrets = exc.paramNamedValuesKeyVaultSecrets;
         }
 
         public Extractor(ExtractorConfig exc) : this(exc, exc.fileFolder)