added apim standard v2

main.tf

@@ -24,6 +24,7 @@ locals {
   sql_name                        = "${var.sql_name}-${local.name_sufix}"
   postgresql_name                 = "${var.postgresql_name}-${local.name_sufix}"
   postgresql_flexible_server_name = "${var.postgresql_name}-fs-${local.name_sufix}"
+  apim_name                       = "${var.apim_name}-${local.name_sufix}"
 }
 
 resource "azurerm_resource_group" "rg" {
@@ -57,6 +58,7 @@ module "vnet" {
   contoso_address_prefixes                    = var.contoso_address_prefixes
   contoso_tests_address_prefixes              = var.contoso_tests_address_prefixes
   flexible_server_address_prefixes            = var.flexible_server_address_prefixes
+  apim_address_prefixes                       = var.apim_address_prefixes
   tags                                        = var.tags
 }
 
@@ -91,6 +93,7 @@ module "nsg" {
     module.vnet.subnet_jumpbox_id,
     module.vnet.subnet_hub_jumpbox_id,
     module.vnet.subnet_contoso_id,
+    module.vnet.subnet_apim_id,
   ]
   aci_subnet_ids = [
     module.vnet.subnet_dns_id,
@@ -150,7 +153,7 @@ module "firewall" {
   firewall_subnet_id       = module.vnet.subnet_firewall_id
   gateway_address_prefixes = module.vnet.subnet_gateway_address_prefixes
   dns_address_prefixes     = module.vnet.subnet_dns_address_prefixes
-  contoso_address_prefixes = module.vnet.vnet_contoso_address_space
+  contoso_address_prefixes = concat(module.vnet.vnet_contoso_address_space, module.vnet.subnet_apim_address_prefixes)
   tags                     = var.tags
   depends_on = [
     module.nsg,
@@ -172,6 +175,7 @@ module "udr" {
   contoso_address_prefixes         = module.vnet.vnet_contoso_address_space
   gateway_subnet_id                = module.vnet.subnet_gateway_id
   spoke_address_prefixes           = module.vnet.vnet_spoke_address_space
+  apim_subnet_id                   = module.vnet.subnet_apim_id
   enable_gateway_route_to_firewall = var.enable_gateway_route_to_firewall
   tags                             = var.tags
 }
@@ -486,3 +490,24 @@ module "onpremises_tests" {
     module.udr
   ]
 }
+
+module "apim" {
+  count                    = var.enable_apim ? 1 : 0
+  source                   = "./modules/apim"
+  location                 = azurerm_resource_group.rg.location
+  resource_group_id        = azurerm_resource_group.rg.id
+  resource_group_name      = azurerm_resource_group.rg.name
+  apim_name                = local.apim_name
+  apim_subnet_id           = module.vnet.subnet_apim_id
+  publisher_name           = var.publisher_name
+  publisher_email          = var.publisher_email
+  appi_resource_id         = var.enable_apim ? module.function[0].appi_id : ""
+  appi_instrumentation_key = var.enable_apim ? module.function[0].appi_key : ""
+  function_fqdn            = var.deploy_function ? module.function[0].fqdn : ""
+
+  depends_on = [
+    module.app_gateway,
+    module.app_gateway_tcp,
+    module.udr
+  ]
+}

modules/apim/external_api.tf

@@ -0,0 +1,60 @@
+
+resource "azurerm_api_management_backend" "backend" {
+  name                = "me"
+  resource_group_name = var.resource_group_name
+  api_management_name = azapi_resource.apim.name
+  protocol            = "http"
+  url                 = "https://carlos.mendible.com"
+}
+
+resource "azurerm_api_management_api" "me" {
+  name                = "me"
+  resource_group_name = var.resource_group_name
+  api_management_name = azapi_resource.apim.name
+  revision            = "1"
+  display_name        = "me"
+  path                = "me"
+  protocols           = ["https"]
+
+  subscription_required = false
+}
+
+resource "azurerm_api_management_api_operation" "me_operation" {
+  operation_id        = "me"
+  api_name            = azurerm_api_management_api.me.name
+  api_management_name = azapi_resource.apim.name
+  resource_group_name = var.resource_group_name
+  display_name        = "GET"
+  method              = "GET"
+  url_template        = "/"
+  description         = "me"
+
+  response {
+    status_code = 200
+  }
+}
+
+resource "azurerm_api_management_api_operation_policy" "me_policy" {
+  api_name            = azurerm_api_management_api_operation.me_operation.api_name
+  api_management_name = azurerm_api_management_api_operation.me_operation.api_management_name
+  resource_group_name = azurerm_api_management_api_operation.me_operation.resource_group_name
+  operation_id        = azurerm_api_management_api_operation.me_operation.operation_id
+
+  xml_content = <<XML
+<policies>
+  <inbound>
+        <set-backend-service backend-id="${azurerm_api_management_backend.backend.name}" />
+        <base />
+    </inbound>
+    <outbound>
+        <base />
+    </outbound>
+    <backend>
+        <forward-request timeout="60" />
+    </backend>
+    <on-error>
+        <base />
+    </on-error>
+</policies>
+XML
+}

modules/apim/internal_api.tf

@@ -0,0 +1,60 @@
+
+resource "azurerm_api_management_backend" "fucntion_backend" {
+  name                = "function"
+  resource_group_name = var.resource_group_name
+  api_management_name = azapi_resource.apim.name
+  protocol            = "http"
+  url                 = "https://${var.function_fqdn}"
+}
+
+resource "azurerm_api_management_api" "function" {
+  name                = "function"
+  resource_group_name = var.resource_group_name
+  api_management_name = azapi_resource.apim.name
+  revision            = "1"
+  display_name        = "function"
+  path                = "function"
+  protocols           = ["https"]
+
+  subscription_required = false
+}
+
+resource "azurerm_api_management_api_operation" "function_operation" {
+  operation_id        = "function"
+  api_name            = azurerm_api_management_api.function.name
+  api_management_name = azapi_resource.apim.name
+  resource_group_name = var.resource_group_name
+  display_name        = "GET"
+  method              = "GET"
+  url_template        = "/"
+  description         = "function"
+
+  response {
+    status_code = 200
+  }
+}
+
+resource "azurerm_api_management_api_operation_policy" "function_policy" {
+  api_name            = azurerm_api_management_api_operation.function_operation.api_name
+  api_management_name = azurerm_api_management_api_operation.function_operation.api_management_name
+  resource_group_name = azurerm_api_management_api_operation.function_operation.resource_group_name
+  operation_id        = azurerm_api_management_api_operation.function_operation.operation_id
+
+  xml_content = <<XML
+<policies>
+  <inbound>
+        <set-backend-service backend-id="${azurerm_api_management_backend.fucntion_backend.name}" />
+        <base />
+    </inbound>
+    <outbound>
+        <base />
+    </outbound>
+    <backend>
+        <forward-request timeout="60" />
+    </backend>
+    <on-error>
+        <base />
+    </on-error>
+</policies>
+XML
+}

modules/apim/main.tf

@@ -0,0 +1,46 @@
+locals {
+  logger_name = "openai-appi-logger"
+}
+
+resource "azapi_resource" "apim" {
+  type      = "Microsoft.ApiManagement/service@2023-03-01-preview"
+  name      = var.apim_name
+  parent_id = var.resource_group_id
+  location  = var.location
+  identity {
+    type = "SystemAssigned"
+  }
+  schema_validation_enabled = false # requiered for now
+  body = {
+    sku = {
+      name     = "StandardV2"
+      capacity = 1
+    }
+    zones = []
+    properties = {
+      publisherEmail        = var.publisher_email
+      publisherName         = var.publisher_name
+      apiVersionConstraint  = {}
+      developerPortalStatus = "Disabled"
+      virtualNetworkType    = "External"
+      virtualNetworkConfiguration = {
+        subnetResourceId = var.apim_subnet_id
+      }
+    }
+  }
+  response_export_values = [
+    "identity.principalId",
+    "properties.gatewayUrl"
+  ]
+}
+
+resource "azurerm_api_management_logger" "appi_logger" {
+  name                = local.logger_name
+  api_management_name = azapi_resource.apim.name
+  resource_group_name = var.resource_group_name
+  resource_id         = var.appi_resource_id
+
+  application_insights {
+    instrumentation_key = var.appi_instrumentation_key
+  }
+}

modules/apim/providers.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_providers {
+    azurerm = {
+      source = "hashicorp/azurerm"
+    }
+    azapi = {
+      source = "azure/azapi"
+    }
+  }
+}

modules/apim/variables.tf

@@ -0,0 +1,10 @@
+variable "resource_group_name" {}
+variable "resource_group_id" {}
+variable "location" {}
+variable "apim_name" {}
+variable "publisher_name" {}
+variable "publisher_email" {}
+variable "apim_subnet_id" {}
+variable "appi_resource_id" {}
+variable "appi_instrumentation_key" {}
+variable "function_fqdn" {}

modules/nsg/main.tf

@@ -17,7 +17,7 @@ resource "azurerm_network_security_group" "nsg" {
     protocol                   = "*"
     source_port_range          = "*"
     destination_port_range     = "*"
-    source_address_prefix      = "10.6.2.0/24"
+    source_address_prefixes    = ["10.6.2.0/24", "10.6.6.0/24"]
     destination_address_prefix = "10.6.3.0/24"
   }