|
38 | 38 | " PolicyFragment('AuthZ-Match-All', utils.read_policy_xml(utils.determine_shared_policy_path('pf-authz-match-all.xml')), 'Authorizes if all of the specified roles match the JWT role claims.'),\n", |
39 | 39 | " PolicyFragment('AuthZ-Match-Any', utils.read_policy_xml(utils.determine_shared_policy_path('pf-authz-match-any.xml')), 'Authorizes if any of the specified roles match the JWT role claims.'),\n", |
40 | 40 | " PolicyFragment('Http-Response-200', utils.read_policy_xml(utils.determine_shared_policy_path('pf-http-response-200.xml')), 'Returns a 200 OK response for the current HTTP method.'),\n", |
| 41 | + " PolicyFragment('Product-Match-Any', utils.read_policy_xml(utils.determine_shared_policy_path('pf-product-match-any.xml')), 'Proceeds if any of the specified products match the context product name.'),\n", |
41 | 42 | " PolicyFragment('Remove-Request-Headers', utils.read_policy_xml(utils.determine_shared_policy_path('pf-remove-request-headers.xml')), 'Removes request headers from the incoming request.')\n", |
42 | 43 | "]\n", |
43 | 44 | "\n", |
44 | 45 | "# 4) Define the APIs and their operations and policies\n", |
45 | 46 | "\n", |
46 | 47 | "# Policies\n", |
47 | | - "hello_world_policy_xml = utils.read_policy_xml(HELLO_WORLD_XML_POLICY_PATH)\n", |
| 48 | + "pol_hello_world = utils.read_policy_xml(HELLO_WORLD_XML_POLICY_PATH)\n", |
48 | 49 | "\n", |
49 | 50 | "# Hello World (Root)\n", |
50 | | - "api_hwroot_get = GET_APIOperation('This is a GET for API 1', hello_world_policy_xml)\n", |
| 51 | + "api_hwroot_get = GET_APIOperation('This is a GET for API 1', pol_hello_world)\n", |
51 | 52 | "api_hwroot = API('hello-world', 'Hello World', '', 'This is the root API for Hello World', operations = [api_hwroot_get])\n", |
52 | 53 | "\n", |
53 | 54 | "apis: List[API] = [api_hwroot]\n", |
|
56 | 57 | "if use_ACA:\n", |
57 | 58 | " utils.print_info('ACA APIs will be created.')\n", |
58 | 59 | "\n", |
59 | | - " backend_policy_xml = utils.read_policy_xml(BACKEND_XML_POLICY_PATH)\n", |
60 | | - " aca_backend_1_policy_xml = backend_policy_xml.format(backend_id = 'aca-backend-1')\n", |
61 | | - " aca_backend_2_policy_xml = backend_policy_xml.format(backend_id = 'aca-backend-2')\n", |
62 | | - " aca_backend_pool_policy_xml = backend_policy_xml.format(backend_id = 'aca-backend-pool')\n", |
| 60 | + " pol_backend = utils.read_policy_xml(BACKEND_XML_POLICY_PATH)\n", |
| 61 | + " pol_aca_backend_1 = pol_backend.format(backend_id = 'aca-backend-1')\n", |
| 62 | + " pol_aca_backend_2 = pol_backend.format(backend_id = 'aca-backend-2')\n", |
| 63 | + " pol_aca_backend_pool = pol_backend.format(backend_id = 'aca-backend-pool')\n", |
63 | 64 | "\n", |
64 | 65 | " # Hello World (ACA Backend 1)\n", |
65 | 66 | " api_hwaca_1_get = GET_APIOperation('This is a GET for Hello World on ACA Backend 1')\n", |
66 | | - " api_hwaca_1 = API('hello-world-aca-1', 'Hello World (ACA 1)', '/aca-1', 'This is the ACA API for Backend 1', policyXml = aca_backend_1_policy_xml, operations = [api_hwaca_1_get])\n", |
| 67 | + " api_hwaca_1 = API('hello-world-aca-1', 'Hello World (ACA 1)', '/aca-1', 'This is the ACA API for Backend 1', policyXml = pol_aca_backend_1, operations = [api_hwaca_1_get])\n", |
67 | 68 | "\n", |
68 | 69 | " # Hello World (ACA Backend 2)\n", |
69 | 70 | " api_hwaca_2_get = GET_APIOperation('This is a GET for Hello World on ACA Backend 2')\n", |
70 | | - " api_hwaca_2 = API('hello-world-aca-2', 'Hello World (ACA 2)', '/aca-2', 'This is the ACA API for Backend 2', policyXml = aca_backend_2_policy_xml, operations = [api_hwaca_2_get])\n", |
| 71 | + " api_hwaca_2 = API('hello-world-aca-2', 'Hello World (ACA 2)', '/aca-2', 'This is the ACA API for Backend 2', policyXml = pol_aca_backend_2, operations = [api_hwaca_2_get])\n", |
71 | 72 | "\n", |
72 | 73 | " # Hello World (ACA Backend Pool)\n", |
73 | 74 | " api_hwaca_pool_get = GET_APIOperation('This is a GET for Hello World on ACA Backend Pool')\n", |
74 | | - " api_hwaca_pool = API('hello-world-aca-pool', 'Hello World (ACA Pool)', '/aca-pool', 'This is the ACA API for Backend Pool', policyXml = aca_backend_pool_policy_xml, operations = [api_hwaca_pool_get])\n", |
| 75 | + " api_hwaca_pool = API('hello-world-aca-pool', 'Hello World (ACA Pool)', '/aca-pool', 'This is the ACA API for Backend Pool', policyXml = pol_aca_backend_pool, operations = [api_hwaca_pool_get])\n", |
75 | 76 | "\n", |
76 | 77 | " # Add ACA APIs to the existing apis array\n", |
77 | 78 | " apis += [api_hwaca_1, api_hwaca_2, api_hwaca_pool]\n", |
|
117 | 118 | " apim_service_id = output.get('apimServiceId', 'APIM Service Id')\n", |
118 | 119 | " apim_gateway_url = output.get('apimResourceGatewayURL', 'APIM API Gateway URL')\n", |
119 | 120 | " afd_endpoint_url = output.get('fdeSecureUrl', 'Front Door Endpoint URL')\n", |
| 121 | + " apim_apis = output.getJson('apiOutputs', 'APIs')\n", |
120 | 122 | "\n", |
121 | 123 | "utils.print_ok('Deployment completed')\n" |
122 | 124 | ] |
|
186 | 188 | "from apimrequests import ApimRequests\n", |
187 | 189 | "from apimtesting import ApimTesting\n", |
188 | 190 | "\n", |
189 | | - "reqs = ApimRequests(apim_gateway_url)\n", |
190 | 191 | "tests = ApimTesting(\"AFD-APIM-PE Tests (Pre-Lockdown)\", deployment, deployment)\n", |
191 | 192 | "\n", |
| 193 | + "api_subscription_key = apim_apis[0]['subscriptionPrimaryKey']\n", |
| 194 | + "reqs = ApimRequests(apim_gateway_url, api_subscription_key)\n", |
| 195 | + "\n", |
192 | 196 | "utils.print_message('Calling Hello World (Root) API via API Management Gateway URL. Expect 200 (if run before disabling API Management public network access).')\n", |
193 | 197 | "output = reqs.singleGet('/')\n", |
194 | 198 | "tests.verify(output, 'Hello World from API Management!')\n", |
|
227 | 231 | " raise SystemExit('Deployment failed')\n", |
228 | 232 | " \n", |
229 | 233 | "if output.success and output.json_data:\n", |
230 | | - " apim_gateway_url = output.get('apimResourceGatewayURL', 'APIM API Gateway URL')\n", |
231 | 234 | " afd_endpoint_url = output.get('fdeSecureUrl', 'Front Door Endpoint URL')\n", |
| 235 | + " apim_gateway_url = output.get('apimResourceGatewayURL', 'APIM API Gateway URL')\n", |
| 236 | + " apim_apis = output.getJson('apiOutputs', 'APIs')\n", |
232 | 237 | "\n", |
233 | 238 | "utils.print_ok('Deployment completed')\n" |
234 | 239 | ] |
|
249 | 254 | "outputs": [], |
250 | 255 | "source": [ |
251 | 256 | "import utils\n", |
252 | | - "import json\n", |
253 | 257 | "from apimrequests import ApimRequests\n", |
254 | 258 | "from apimtesting import ApimTesting\n", |
255 | 259 | "\n", |
256 | | - "reqsApim = ApimRequests(apim_gateway_url)\n", |
257 | | - "reqsAfd = ApimRequests(afd_endpoint_url)\n", |
258 | 260 | "tests = ApimTesting(\"AFD-APIM-PE Tests (Post-Lockdown)\", deployment, deployment)\n", |
259 | 261 | "\n", |
| 262 | + "api_subscription_key = apim_apis[0]['subscriptionPrimaryKey']\n", |
| 263 | + "reqsApim = ApimRequests(apim_gateway_url, api_subscription_key)\n", |
| 264 | + "reqsAfd = ApimRequests(afd_endpoint_url, api_subscription_key)\n", |
| 265 | + "\n", |
260 | 266 | "# 1) Unsuccessful call to APIM Gateway URL (should fail with 403 Forbidden)\n", |
261 | 267 | "output = reqsApim.singleGet('/', msg = '1) Calling Hello World (Root) API via API Management Gateway URL. Expect 403 as APIM public access is disabled now.')\n", |
262 | | - "tests.verify(json.loads(output)['statusCode'], 403)\n", |
| 268 | + "outputJson = utils.get_json(output)\n", |
| 269 | + "tests.verify(outputJson['statusCode'], 403)\n", |
263 | 270 | "\n", |
264 | 271 | "# 2) Successful call to Front Door (200)\n", |
265 | 272 | "output = reqsAfd.singleGet('/', msg = '2) Calling Hello World (Root) API via Azure Front Door. Expect 200.')\n", |
266 | 273 | "tests.verify(output, 'Hello World from API Management!')\n", |
267 | 274 | "\n", |
268 | 275 | "# 3) Successful calls to Front Door -> APIM -> ACA (200)\n", |
269 | 276 | "if use_ACA:\n", |
| 277 | + " reqsAfd = ApimRequests(afd_endpoint_url, apim_apis[1]['subscriptionPrimaryKey'])\n", |
270 | 278 | " output = reqsAfd.singleGet('/aca-1', msg = '3) Calling Hello World (ACA 1) API via Azure Front Door. Expect 200.')\n", |
271 | 279 | " tests.verify(output, 'Hello World!')\n", |
272 | 280 | "\n", |
| 281 | + " reqsAfd = ApimRequests(afd_endpoint_url, apim_apis[2]['subscriptionPrimaryKey'])\n", |
273 | 282 | " output = reqsAfd.singleGet('/aca-2', msg = '4) Calling Hello World (ACA 2) API via Azure Front Door. Expect 200.')\n", |
274 | 283 | " tests.verify(output, 'Hello World!')\n", |
275 | 284 | "\n", |
| 285 | + " reqsAfd = ApimRequests(afd_endpoint_url, apim_apis[3]['subscriptionPrimaryKey'])\n", |
276 | 286 | " output = reqsAfd.singleGet('/aca-pool', msg = '5) Calling Hello World (ACA Pool) API via Azure Front Door. Expect 200.')\n", |
277 | 287 | " tests.verify(output, 'Hello World!')\n", |
278 | 288 | "else:\n", |
279 | 289 | " utils.print_message('ACA APIs were not created. Skipping ACA API calls.', blank_above = True)\n", |
280 | 290 | "\n", |
| 291 | + "# 4) Unsuccessful call to Front Door without API subscription key (should fail with 401 Unauthorized)\n", |
| 292 | + "reqsNoApiSubscription = ApimRequests(afd_endpoint_url)\n", |
| 293 | + "output = reqsNoApiSubscription.singleGet('/', msg = 'Calling Hello World (Root) API without API subscription key. Expect 401.')\n", |
| 294 | + "outputJson = utils.get_json(output)\n", |
| 295 | + "tests.verify(outputJson['statusCode'], 401)\n", |
| 296 | + "tests.verify(outputJson['message'], 'Access denied due to missing subscription key. Make sure to include subscription key when making requests to an API.')\n", |
| 297 | + "\n", |
281 | 298 | "tests.print_summary()\n", |
282 | 299 | "\n", |
283 | 300 | "utils.print_ok('All done!')" |
|
0 commit comments