Azure FrontDoor FrontEndpoint Enable HTTPS - Certificates

Azure / bicep-types-az

Bicep type definitions for ARM resources

MIT License

81 stars 26 forks source link

Azure FrontDoor FrontEndpoint Enable HTTPS - Certificates #1408

Open cmptscpeacock opened 1 year ago

cmptscpeacock commented 1 year ago

In Az Cli (probably PowerShell too) we can enable HTTPS on a frontendpoint in Azure FrontDoor. We can select a certificate installation via FrontDoor or Key Vault.

However, I don't see any equivalent bicep to configure this.

Az Cli:

https://learn.microsoft.com/en-us/cli/azure/network/front-door/frontend-endpoint?view=azure-cli-latest#az-network-front-door-frontend-endpoint-enable-https

az network front-door frontend-endpoint enable-https --front-door-name --name --resource-group [--certificate-source {AzureKeyVault, FrontDoor}] [--minimum-tls-version {1.0, 1.2}] [--secret-name] [--secret-version] [--vault-id]

Can the above be added into bicep so we can select the certificate during deployment

TIA

anthony-c-martin commented 1 year ago

This is currently implemented as a POST API (docs here), which we have no ability to invoke directly in Bicep.

The best current workaround is to use a deploymentScripts resource to invoke the AzCLI command - here's an example of someone using deploymentScripts to accomplish a similar scenario: https://github.com/mattias-fjellstrom/azure-bicep-custom-domains/blob/dfc08080e91f13e5244fabacd35013ad070abd21/azure-cdn-endpoint/modules/cdn.bicep#L84.

Tagging Microsoft.Network who own this API - the long run solution would be to represent this as a setting in the resource PUT body.

cmptscpeacock commented 1 year ago

Thanks, I have a bicep to run a PS or Az Cli out-of-band so I'll use that. Was hoping for native bicep so would be good to see it introduced in bicep soon if poss.

ghost commented 1 year ago

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @cdnfdsuppgithub. Please see https://aka.ms/biceptypesinfo for troubleshooting help.

Issue Details

In Az Cli (probably PowerShell too) we can enable HTTPS on a frontendpoint in Azure FrontDoor. We can select a certificate installation via FrontDoor or Key Vault. However, I don't see any equivalent bicep to configure this. Az Cli: https://learn.microsoft.com/en-us/cli/azure/network/front-door/frontend-endpoint?view=azure-cli-latest#az-network-front-door-frontend-endpoint-enable-https ` az network front-door frontend-endpoint enable-https --front-door-name --name --resource-group [--certificate-source {AzureKeyVault, FrontDoor}] [--minimum-tls-version {1.0, 1.2}] [--secret-name] [--secret-version] [--vault-id] ` Can the above be added into bicep so we can select the certificate during deployment TIA

Author:	cmptscpeacock
Assignees:	-
Labels:	`enhancement`, `RP: Microsoft.Network`, `Service Attention`, `Network - Front Door`
Milestone:	-