DevOps - Azure API Management and VSTS, better together
Visual Studio Team Services aka VSTS is a great tool when it comes to Application Lifecycle Management, Continuous Integration and Continuous Deployment. It is a must have tool in any DevOps organization working with Microsoft technologies (but not only). With that in mind, it is a surprise to no-one that most of the Azure PaaS services are natively integrated with VSTS, using either existing extensions, either ARM templates, either ARM APIs.
However, strangely enough, I couldn't find a real integration with Azure API Management other than this extension, which is a nice effort but not reflecting the real value of Azure API Management. Some getting started ARM templates are available but that's rather light for now. Moreover, while ARM templates are great, they are sometimes limited or not that easy to manipulate.
So, in an attempt to contribute, I released a free VSTS extension on the marketplace, called API Management Suite, that covers a rather broad set of features of Azure API Management. The extension helps dealing with:
- Creation/Update of Gateway APIs with and without versioning pointing to traditional backend API services
- Creation/Update of Gateway APIs with and without versioning on top of Azure Functions
- Creation/Update of Gateway Products
- Built-in support of Gateway Policies for both products & APIs
Everything is open sourced on GitHub in this repo.
Here are a few words on how it works and what business purposes it serves.
APIM offers a greater security thanks to the various techniques you can use to filter incoming requests with ad hoc policies and check whether incoming requests are eligible to be forwarded to backend services, being traditional APIs, Azure Fabric APIs or Azure Functions.
On top of the security bits, APIM is very handy to enable throttling and caching on the fly. It is particularly useful when you want to monetize APIs or share bits with external partners. Depending on your use case, you might work with a gateway that is only accessible to internal consumers, a hybrid one, or fully external.
How does the extension work?
APIM was recently brought into the typical ARM APIs. Therefore, it makes it a good candidate to be integrated into VSTS as well. Basically, the extension works with:
- an out of the box ARM service endpoint you define in VSTS and to which you must grant some permissions in order to alter APIM instances.
- a set of tasks to deal with APIs, functions and security checks.
The integration with functions was a little bit more challenging because not everything is exposed through ARM. Some endpoints, such as Azure Functions configuration, are still using a token issued for the https://management.core.windows.net resource instead of https://management.azure.com, the typical ARM resource identifier, but overall, it's a mere consumption of Azure Management APIs, right from VSTS, nothing rocket science.
A few screenshots
For instance, one of tasks allows you to create API Products on the fly:
with the possibility to define policies within VSTS. Only a few templates are brought into the UI but one can override the provided content with our own.
The following task helps in checking whether an API is secure or not, by testing all of its endpoints thanks to its swagger definition:
I let you discover the rest! Don't hesitate to propose contributions in the repo.