Application gateway Identity and Keyvault support (#4387)

akshaysngupta · MikhailTryakhov · commit e58229772d0b · 2018-11-20T14:31:20.000-08:00
* identity and keyvault

* Capitalization comment
diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2018-10-01/applicationGateway.json b/specification/network/resource-manager/Microsoft.Network/stable/2018-10-01/applicationGateway.json
@@ -824,9 +824,9 @@
           "type": "string",
           "description": "Certificate public data."
         },
-        "keyvaultSecretId": {
+        "keyVaultSecretId": {
           "type": "string",
-          "description": "KeyVault Secret Id for certificate."
+          "description": "Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault."
         },
         "provisioningState": {
           "type": "string",
@@ -875,6 +875,10 @@
           "type": "string",
           "description": "Base-64 encoded Public cert data corresponding to pfx specified in data. Only applicable in GET request."
         },
+        "keyVaultSecretId": {
+          "type": "string",
+          "description": "Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault."
+        },
         "provisioningState": {
           "type": "string",
           "description": "Provisioning state of the SSL certificate resource Possible values are: 'Updating', 'Deleting', and 'Failed'."
@@ -1818,6 +1822,10 @@
             "type": "string"
           },
           "description": "A list of availability zones denoting where the resource needs to come from."
+        },
+        "identity": {
+          "$ref": "./network.json#/definitions/ManagedServiceIdentity",
+          "description": "The identity of the application gateway, if configured."
         }
       },
       "allOf": [
diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2018-10-01/examples/ApplicationGatewayCreate.json b/specification/network/resource-manager/Microsoft.Network/stable/2018-10-01/examples/ApplicationGatewayCreate.json
@@ -5,6 +5,12 @@
     "resourceGroupName": "rg1",
     "applicationGatewayName": "appgw",
     "parameters": {
+      "identity": {
+        "type":"UserAssigned",
+        "userAssignedIdentities": {
+          "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
+        }
+      },
       "properties": {
         "sku": {
           "name": "Standard_Medium",
@@ -28,6 +34,26 @@
               "data": "****",
               "password": "****"
             }
+          },
+          {
+            "name": "sslcert2",
+            "properties": {
+              "keyVaultSecretId": "https://kv/secret"
+            }
+          }
+        ],
+        "trustedRootCertificates": [
+          {
+            "name": "rootcert",
+            "properties": {
+              "data": "****"
+            }
+          },
+          {
+            "name": "rootcert1",
+            "properties": {
+              "keyVaultSecretId": "https://kv/secret"
+            }
           }
         ],
         "frontendIPConfigurations": [
diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2018-10-01/network.json b/specification/network/resource-manager/Microsoft.Network/stable/2018-10-01/network.json
@@ -144,6 +144,54 @@
         }
       },
       "description": "Tags object for patch operations."
+    },
+    "ManagedServiceIdentity": {
+      "properties": {
+        "principalId": {
+          "readOnly": true,
+          "type": "string",
+          "description": "The principal id of the system assigned identity. This property will only be provided for a system assigned identity."
+        },
+        "tenantId": {
+          "readOnly": true,
+          "type": "string",
+          "description": "The tenant id of the system assigned identity. This property will only be provided for a system assigned identity."
+        },
+        "type": {
+          "type": "string",
+          "description": "The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.",
+          "enum": [
+            "SystemAssigned",
+            "UserAssigned",
+            "SystemAssigned, UserAssigned",
+            "None"
+          ],
+          "x-ms-enum": {
+            "name": "ResourceIdentityType",
+            "modelAsString": false
+          }
+        },
+        "userAssignedIdentities": {
+          "type": "object",
+          "additionalProperties": {
+            "type": "object",
+            "properties": {
+              "principalId": {
+                "readOnly": true,
+                "type": "string",
+                "description": "The principal id of user assigned identity."
+              },
+              "clientId": {
+                "readOnly": true,
+                "type": "string",
+                "description": "The client id of user assigned identity."
+              }
+            }
+          },
+          "description": "The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'."
+        }
+      },
+      "description": "Identity for the resource."
     }
   },
   "parameters": {
@@ -162,4 +210,4 @@
       "description": "Client API version."
     }
   }
-}
+}
