DEV Community

Discussion on: Azure Application Gateway for dummies

View post
Collapse
 
odenorde profile image
Odenorde

Hey Kai,

One of the possibilities in SSL profile is to add multiple trustedclientcertificates. In my bicep code I loop through multiple SSL profiles, but I'm struggling adding a child loop to add multiple trustedclientcertificates associated with a SSL profile. Is this something you are familiar with?

Collapse
 
kaiwalter profile image
Kai Walter • Edited

Hi @odenor , so basically a nested loop? Not yet. I just checked the 2 main huge repositories with Bicep templates I have at hand but did not see anything that could help.

Does this maybe help: ochzhen.com/blog/nested-loops-in-a...

Collapse
 
jayded profile image
Jayded

That page you link, solution 1 is a bit weird. He says you can't nest loops but then still does it. Must be me that doesn't understand i guess. Anyway...
With application gateway bicep implementation the real problem starts when you have multiple rewriteRuleSets, that have multiple rewriteRules, that have multiple conditions.
I have fixed this in the past by using modules. For instance to loop the creation of subnets within a bicep that creates multiple vnets.
Since rewriteRuleSets are not a subresource you can't make modules of it as far as I understand.
I'm now looking at that page's solution 2 where you make your module return an array object of the nested parameters.
If you ever figure this out, do share :)

Thread Thread
 
kaiwalter profile image
Kai Walter • Edited

@jayded Is this what you want to achieve?
Image description

I am feeding in 2 arrays:

param clientCerts array
param sslProfileNames array
Enter fullscreen mode Exit fullscreen mode

Build variables to hold the trusted client certs, their resource Ids and the SSL profiles:

var trustedClientCertificates = [for i in range(0, length(clientCerts)): {
  name: 'client${i}'
  properties: {
    data: clientCerts[i]
  }
}]

var trustedClientCertificateResourceIds = [for i in range(0, length(clientCerts)): {
  id: resourceId('Microsoft.Network/applicationGateways/trustedClientCertificates', appGwName, 'client${i}')
}]

var sslProfiles = [for name in sslProfileNames: {
  name: name
  properties: {
    trustedClientCertificates: trustedClientCertificateResourceIds
    clientAuthConfiguration: {
      verifyClientCertIssuerDN: true
    }
  }
}]
Enter fullscreen mode Exit fullscreen mode

and then later use the variables in the resource:

resource appgw 'Microsoft.Network/applicationGateways@2022-01-01' = {
  name: appGwName
  location: location
  properties: {
    sku: {
      name: 'Standard_v2'
      tier: 'Standard_v2'
    }
    autoscaleConfiguration: {
      minCapacity: appGwMinCapacity
      maxCapacity: appGwMaxCapacity
    }
    trustedClientCertificates: trustedClientCertificates
    sslProfiles: sslProfiles
...
Enter fullscreen mode Exit fullscreen mode
Thread Thread
 
jayded profile image
Jayded

Hey, thanks for posting your code.

It's very similar.
I also solved it by making a module that outputs arrays. Then looping those arrays into my rewrireRuleSets.

I realy hope at a certain point they'll allow us to nest for's. Would make our lives a lot easier.

ps: agw was by far the hardest part to put into code to be fair. Even stuff like our apim was a lot easier to implement.

Thread Thread
 
kaiwalter profile image
Kai Walter

I know - that is why I made this post