Terraform-provider-azurerm: Don't Create Default API and Products When Creating API Management

Created on 20 Aug 2019  路  11Comments  路  Source: terraform-providers/terraform-provider-azurerm

Community Note

  • Please vote on this issue by adding a 馃憤 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

When creating an API Management instance it adds the default "Echo API" API and the default "Starter" and "Unlimited" products.

There needs to be a flag to either not create these or have them deleted after the API Management is created.

New or Affected Resource(s)

  • azurerm_api_management
  • azurerm_api_management_api

References

bug enhancement good first issue servicapi-management
Source
picture opticyclic
👍11

All 11 comments

Is this really a bug? The example API and products are created by the Azure Resource Manager by default, the only thing you currently can do is remove them afterwards. I'd say at this point in time it behaviour by design?
https://feedback.azure.com/forums/248703-api-management/suggestions/31826548-do-not-deploy-echo-api-when-deploying-via-the-sdk

jeanpaulsmit picture jeanpaulsmit on 9 Oct 2019

Maybe.
However, I would _think_ that the majority of people don't want those in a production system.

The issue you have linked is over two years old which doesn't look good for an SDK fix.

Maybe a workaround is for terraform to provide an option that specifies that you want these items deleted after the APIM is created.

opticyclic picture opticyclic on 9 Oct 2019

I totally agree with you that this Echo API and products shouldn't be there. The thing I'm trying to point out is that when you create an APIM resource, Microsoft decides to add them by default.
So this is not a Terraform bug.
Easiest solution would be when Microsoft would listen to the community by picking up this rather old feedback issue.

jeanpaulsmit picture jeanpaulsmit on 10 Oct 2019

@opticyclic @jeanpaulsmit In the meantime do you have any workaround?
You remove them by Powershell maybe?

molinch picture molinch on 24 Oct 2019

Actually I haven't spent time on it, but you could use Powershell to remove it.
I use Powershell to set a custom the subscription key, so this should be rather easy.
https://docs.microsoft.com/en-us/powershell/module/az.apimanagement/Remove-AzApiManagementApi?view=azps-2.8.0

jeanpaulsmit picture jeanpaulsmit on 24 Oct 2019

Thanks @jeanpaulsmit

molinch picture molinch on 24 Oct 2019

By any chance @jeanpaulsmit would you have an example on how you would proceed?

molinch picture molinch on 24 Oct 2019

Sure. I have this in Terraform to run the Powershell for setting the custom subscription key, you probably can rewrite it to use the remove-api cmdlet.
@molinch Hope this helps.

resource "null_resource" "apimSubscriptionKey" { provisioner "local-exec" { command = "./Scripts/SetApimSubscriptionKey.ps1 -resourceGroupName ${azurerm_resource_group.rg.name} -apimServiceName ${azurerm_api_management.apim.name} -productId ${var.product.productId} -userId ${azurerm_api_management_user.user.user_id} -subscriptionKey ${var.product.subscriptionKey}" interpreter = ["PowerShell", "-Command"] } depends_on = ["azurerm_api_management_subscription.subscription"] }

and in the Powershell script itself

param
(
    [string] $resourceGroupName,
    [string] $apimServiceName,
    [string] $productId,
    [string] $userId,
    [string] $subscriptionKey
)

# Allow cmdlets to be used
Install-Module -Name Az -AllowClobber -Scope CurrentUser -force

$subscriptionId = $env:ARM_SUBSCRIPTION_ID
$tenantId = $env:ARM_TENANT_ID
$clientId = $env:ARM_CLIENT_ID
$secret = $env:ARM_CLIENT_SECRET

$securesecret = ConvertTo-SecureString -String $secret -AsPlainText -Force
$Credential = New-Object pscredential($clientId,$securesecret)
Connect-AzAccount -Credential $Credential -Tenant $tenantId -ServicePrincipal
Select-AzSubscription $subscriptionId

# Get reference to APIM instance
$apimContext = New-AzApiManagementContext -ResourceGroupName $resourceGroupName -ServiceName $apimServiceName

# Retrieve the subscription to modify
$subscription = Get-AzApiManagementSubscription -Context $apimContext -ProductId $productId -UserId $userId

# Set custom subscription key
Set-AzApiManagementSubscription -Context $apimContext -SubscriptionId $subscription.SubscriptionId -PrimaryKey $subscriptionKey -SecondaryKey $subscription.SecondaryKey -State $subscription.State
jeanpaulsmit picture jeanpaulsmit on 24 Oct 2019
🎉1

That's really awesome, thanks for the help it really helps new joiners like me

molinch picture molinch on 24 Oct 2019

I delete them using the az cli wrapped in a null resource:

#The following 3 resources are required to delete demo products from the APIM using the AZ CLI
resource "null_resource" "clean-apim-api" {
  provisioner "local-exec" {
    command = "az rest -m delete -u \"https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/${var.resource_group_name}/providers/Microsoft.ApiManagement/service/${azurerm_api_management.apim.name}/apis/echo-api?api-version=2019-01-01\""
  }
  depends_on = ["azurerm_api_management.apim"]
}

resource "null_resource" "clean-apim-product-starter" {
  provisioner "local-exec" {
    command = "az rest -m delete -u \"https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/${var.resource_group_name}/providers/Microsoft.ApiManagement/service/${azurerm_api_management.apim.name}/products/Starter?deleteSubscriptions=true&api-version=2019-01-01\""
  }
  depends_on = ["azurerm_api_management.apim"]
}

resource "null_resource" "clean-apim-product-unlimited" {
  provisioner "local-exec" {
    command = "az rest -m delete -u \"https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/${var.resource_group_name}/providers/Microsoft.ApiManagement/service/${azurerm_api_management.apim.name}/products/Unlimited?deleteSubscriptions=true&api-version=2019-01-01\""
  }
  depends_on = ["azurerm_api_management.apim"]
}
opticyclic picture opticyclic on 5 Nov 2019
👍1

thanks a lot @opticyclic ! that works great for me. Unfortunately only under Linux. In Terraform for Windows I get:

null_resource.clean-apim-product-unlimited (local-exec): Executing: ["cmd" "/C" "az rest -m delete -u \"https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/apim-shared/providers/Microsoft.ApiManagement/service/genericapi/products/Unlimited?deleteSubscriptions=true&api-version=2019-01-01\""] null_resource.clean-apim-product-unlimited (local-exec): ERROR: No connection adapters were found for '"https://management.azure.com/subscriptions/*****/resourceGroups/apim-shared/providers/Microsoft.ApiManagement/service/genericapi/products/Unlimited?deleteSubscriptions=true&api-version=2019-01-01"'

sebader picture sebader on 14 Jul 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

alant94 picture alant94  路  3Comments
hashibot picture hashibot  路  3Comments
Lachlan-White picture Lachlan-White  路  3Comments
jansepke picture jansepke  路  3Comments
Kanikamiglani31 picture Kanikamiglani31  路  3Comments