Skip to content

Latest commit

 

History

History
54 lines (35 loc) · 2.76 KB

challenge3.md

File metadata and controls

54 lines (35 loc) · 2.76 KB
Raw

Challenge 3: Use Bicep for deployment to APIM.

In this challenge you will use Bicep to deploy the Starwars API. The swagger definition for this API is in your storage account. Instead of adding a request header you will remove sensitive information from the outgoing call to the backend service using a Policy fragment. Policy fragments is a feature that let you create policies centrally and then reference them in your API's.

The following image illustrates the steps in this challenge

Azure services


Main objectives

  • Deploy the Starwars API using Bicep from VS Code.
  • Add a Policy fragment that removes the request header "Ocp-Apim-Subscription-Key" in the call to the backend service.

Activities

  • Use Azure CLI to upload the swapi-swagger.json file that is in the root folder to your storage account in the container "swapi".
az storage blob upload -f .\swapi-swagger.json --account-name stg[POSTFIX]hack -c swapi
  • Create a Bicep file in VS Code and place it in the infrastructure folder. Use the "existing" keyword to reference your APIM instance.
  • Create a new API using Bicep, import the Starwars API from https://stg[YOUR POSTFIX]hack.blob.core.windows.net/swapi/swapi-swagger.json
  • Add a subscription using Bicep and connect it to the SWAPI API.
  • Use the portal to create a Policy fragment that removes the request header "Ocp-Apim-Subscription-Key" from the outgoing call to the backend service.
  • Validate that the outgoing call doesn't expose the "Ocp-Apim-Subscription-Key" that is being used to authenticate against APIM. Use the test functionality in APIM and validate this by looking at the trace logs.

Definition of done

  • Starwars API imported and subscription created using Bicep.
  • "Ocp-Apim-Subscription-Key" header removed from outgoing call to backend service.

Helpful links

Solution

The challenges