Introduction: This article is a continuation of the series of articles starting with the description of SignalR service. We followed up with a discussion of Azure Gateway service, Azure Private Link, and Azure Private Endpoint and the benefit of diverting traffic to the Azure Backbone network. Then we started reviewing a more public internet-facing service such as the Bing API. We now focus internally with infrastructure API such as Provider API and ARM resources.
Description:
Azure Provider API is probably the single most comprehensive reference API for almost all Azure resources. It is called Provider API because it has the added advantage of referring to individual Azure resource definitions categorized by their providers such as Microsoft.Cache, Microsoft.Compute, Microsoft.DocumentDB and others.
With its support for REST API, Powershell, Azure CLI just like any other Azure cloud service, it becomes a one-stop shop to query and compare resources by their providers. For example, to know whether an Azure resoure can be provisioned with zone-redundancy, one can attempt the following:
function Get-AzReadyByProviderAndLocation() {
[CmdletBinding(SupportsShouldProcess)]
param (
[Parameter(Mandatory=$true, HelpMessage="The subscription with which to lookup if availability zones exist.")][string]$SubscriptionId,
[Parameter(Mandatory=$true, HelpMessage="For example: West US 2")][string]$Location,
[Parameter(Mandatory=$true, HelpMessage="For example: Microsoft.Cache")][string]$Provider,
[Parameter(Mandatory=$true, HelpMessage="For example: Redis")][string]$ProviderType,
[string]$ResourceAccountWithType = "$($Provider)/$($ProviderType)",
:
)
:
$ApiUri = "https://management.azure.com/subscriptions/$SubscriptionId/providers/$($Provider)?api-version=$ApiVersion"
$Headers = @{}
$Headers.Add("Authorization","$($TokenType) "+ " " + "$($TokenStr)")
:
$ApiUri = "https://management.azure.com/subscriptions/$SubscriptionId/providers/$Provider?api-version=$ApiVersion"
$azReadiness = Invoke-RestMethod -Method Get -Uri $ApiUri -Headers $Headers -ErrorAction Stop
$azReadinessForResource = $azReadiness.resourceTypes | Where-Object -filterscript { (($_.resourceType -eq $providerType) -and ($_.locations -contains $Location) -and ($_.zoneMappings.location -eq $location)) }
:
This service differs from Azure Resource Graph Provider API in that it is more concerned with resource providers and resource types, their permissions and management plane registration rather than a service that deploys the resources on the resource management plane. It is also certainly not to be confused with ProviderHub APIs.
Other than getting a wide variety of information on the providers by name, or organized within a subscription or tenant scope, the provider API is used to register a subscription or a management group with a resource provider. Registering is an important step and a prerequisite before a resource can be instantiated by that resource provider for a specific type of resource because a public access by default could invite malicious usages. That said, some resource providers are registered by default. For example, Microsoft.ADHybridHealthService, Microsoft.Authorization, Microsoft.Billing, Microsoft.ClassicSubscription, Microsoft.Commerce, Microsoft.Consumption, Microsoft.Features, Microsoft.MarketplaceOrdering, Microsoft.Portal, Microsoft.ResourceGraph, Microsoft.Resources, Microsoft.SerialConsole, and Microsoft.Support are already registered for all end-users.
If an Azure Resource Manager Template is used to deploy a resource, any required resource providers are also registered.
The registration status for all resource providers for a given subscription can be found using:
Get-AzResourceProvider -ListAvailable | Select-Object ProviderNamespace, RegistrationState.
Provider permissions for a resource list permission by role. Access policies and compliance can be managed effectively with a management group that spans multiple Azure subscriptions. Registration of a management group with a resource provider is just as easy as the registration of a single subscription.
Finally, resource providers are supported in all regions unlike the resources that may be supported only in some regions.
Conclusion: These are the ways in which the Provider API can be used, and it is available as just another cloud resource along with the benefits that come with a cloud service.
No comments:
Post a Comment