@gradientedge/cdk-utils 10.6.0 → 10.8.0

package/src/lib/azure/construct/rest-api/main.ts

@@ -0,0 +1,205 @@
+import { HostnameType, LoggerType } from '@pulumi/azure-native/apimanagement/index.js'
+import { getComponentOutput, GetComponentResult } from '@pulumi/azure-native/applicationinsights/index.js'
+import { getVaultOutput } from '@pulumi/azure-native/keyvault/index.js'
+import * as pulumi from '@pulumi/pulumi'
+import { Output } from '@pulumi/pulumi'
+import { CommonAzureConstruct } from '../../common/index.js'
+import { RoleDefinitionId } from '../../services/index.js'
+import { AzureApi, AzureRestApiProps } from './types.js'
+
+export class AzureRestApi extends CommonAzureConstruct {
+  props: AzureRestApiProps
+  api: AzureApi
+  applicationInsights: Output<GetComponentResult>
+
+  constructor(id: string, props: AzureRestApiProps) {
+    super(id, props)
+    this.props = props
+    this.id = id
+  }
+
+  public initResources() {
+    this.createResourceGroup()
+    this.resolveApiKeyVault()
+    this.resolveCommonLogAnalyticsWorkspace()
+    this.resolveApplicationInsights()
+    this.createApiManagement()
+    this.createNamespaceSecretRole()
+    this.createNamespaceSecret()
+    this.createSubscriptionKeySecret()
+    this.createApiManagementLogger()
+    this.createApiDiagnostic()
+    this.createDiagnosticLog()
+  }
+
+  protected resolveApiKeyVault() {
+    this.api.authKeyVault = getVaultOutput({
+      vaultName: this.props.apiAuthKeyVault.name,
+      resourceGroupName: this.props.apiAuthKeyVault.resourceGroupName,
+    })
+  }
+
+  protected resolveApplicationInsights() {
+    if (!this.props.commonApplicationInsights || !this.props.commonApplicationInsights.resourceName) return
+
+    this.applicationInsights = getComponentOutput({
+      resourceName: this.props.commonApplicationInsights.resourceName,
+      resourceGroupName: this.props.commonApplicationInsights.resourceGroupName,
+    })
+  }
+
+  protected createApiManagement() {
+    if (this.props.apiManagement.useExistingApiManagement) {
+      if (this.props.apiManagement.apiStackName) {
+        const apiStack = new pulumi.StackReference(this.props.apiManagement.apiStackName)
+        this.api.id = apiStack.getOutput('apiId')
+        this.api.name = apiStack.getOutput('apiName')
+        this.api.resourceGroupName = apiStack.getOutput('apiResourceGroupName')
+      }
+    } else {
+      let hostnameConfigurations
+      if (this.props.apiManagement.certificateKeyVaultId) {
+        hostnameConfigurations = [
+          {
+            hostName: `api-${this.props.locationConfig?.[this.props.location].name}.${this.props.domainName}`,
+            keyVaultId: this.props.apiManagement.certificateKeyVaultId,
+            type: HostnameType.Management,
+          },
+        ]
+      }
+
+      this.api.apim = this.apiManagementManager.createApiManagementService(
+        this.id,
+        this,
+        {
+          ...this.props.apiManagement,
+          serviceName: this.props.stackName,
+          location: this.resourceGroup.location,
+          resourceGroupName: this.resourceGroup.name,
+          hostnameConfigurations,
+        },
+        undefined,
+        undefined,
+        { protect: true }
+      )
+      this.api.id = this.api.apim.id
+      this.api.name = this.api.apim.name
+      this.api.resourceGroupName = this.resourceGroup.name
+
+      if (this.props.apiManagement.certificateKeyVaultId) {
+        this.authorisationManager.createRoleAssignment(`${this.id}-kv-role`, this, {
+          principalId: this.api.apim.identity.apply(identity => identity?.principalId ?? ''),
+          roleDefinitionId: RoleDefinitionId.KEY_VAULT_CERTIFICATE_USER,
+          scope: this.props.apiManagement.certificateKeyVaultId,
+        })
+      }
+    }
+
+    this.registerOutputs({
+      apiId: this.api.id,
+      apiName: this.api.name,
+      apiResourceGroupName: this.api.resourceGroupName,
+    })
+  }
+
+  protected createNamespaceSecretRole() {
+    if (this.props.apiManagement.useExistingApiManagement) return
+
+    this.api.namedValueRoleAssignment = this.authorisationManager.createRoleAssignment(
+      `${this.id}-key-vault-role-api-namespace`,
+      this,
+      {
+        principalId: this.api.apim.identity.apply(identity => identity?.principalId ?? ''),
+        roleDefinitionId: `/subscriptions/${this.props.subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4633458b-17de-408a-b874-0445c86b69e6`,
+        scope: this.api.authKeyVault.id,
+      }
+    )
+  }
+
+  protected createNamespaceSecret() {
+    if (this.props.apiManagement.useExistingApiManagement) return
+
+    this.api.namedValueSecret = this.keyVaultManager.createKeyVaultSecret(
+      `${this.id}-key-vault-api-namespace-secret`,
+      this,
+      {
+        vaultName: this.api.authKeyVault.name,
+        secretName: `${this.applicationInsights.name}-${this.props.stackName}-key`,
+        resourceGroupName: this.resourceGroup.name,
+        properties: {
+          value: this.applicationInsights.instrumentationKey,
+        },
+      }
+    )
+  }
+
+  protected createSubscriptionKeySecret() {
+    if (this.props.apiManagement.useExistingApiManagement) return
+
+    const apiManagementSubscription = this.apiManagementManager.createSubscription(this.id, this, {
+      serviceName: this.api.apim.name,
+      resourceGroupName: this.resourceGroup.name,
+      displayName: 'all-apis',
+      state: 'active',
+      allowTracing: false,
+      scope: '', // todo
+    })
+
+    this.keyVaultManager.createKeyVaultSecret(`${this.id}-key-vault-api-subscription-key-secret`, this, {
+      vaultName: this.api.authKeyVault.name,
+      secretName: `${this.props.stackName}-subscription-key`,
+      resourceGroupName: this.resourceGroup.name,
+      properties: {
+        value: apiManagementSubscription.primaryKey.apply(key => key ?? ''),
+      },
+    })
+  }
+
+  protected createApiManagementLogger() {
+    if (this.props.apiManagement.useExistingApiManagement) return
+
+    const apiAppNamedValue = this.apiManagementManager.createNamedValue(`${this.id}-am-nv`, this, {
+      displayName: this.applicationInsights.name,
+      resourceGroupName: this.resourceGroup.name,
+      serviceName: this.api.apim.name,
+      namedValueId: `${this.applicationInsights.name}-key`,
+      secret: true,
+      keyVault: {
+        secretIdentifier: this.api.namedValueSecret.id,
+      },
+    })
+
+    this.api.logger = this.apiManagementManager.createLogger(`${this.id}-am-logger`, this, {
+      resourceGroupName: this.resourceGroup.name,
+      serviceName: this.api.apim.name,
+      resourceId: this.applicationInsights.id,
+      loggerType: LoggerType.ApplicationInsights,
+      credentials: {
+        instrumentationKey: `{{${apiAppNamedValue.displayName}}}`,
+      },
+    })
+  }
+
+  protected createApiDiagnostic() {
+    if (this.props.apiManagement.useExistingApiManagement) return
+
+    this.apiManagementManager.createApiDiagnostic(`${this.id}-all-apis`, this, {
+      ...this.props.apiManagementDiagnostic,
+      apiId: this.api.apim.id,
+      resourceGroupName: this.resourceGroup.name,
+      serviceName: this.api.apim.name,
+      loggerId: this.api.logger.id,
+    })
+  }
+
+  protected createDiagnosticLog() {
+    if (this.props.apiManagement.useExistingApiManagement) return
+
+    this.monitorManager.createMonitorDiagnosticSettings(`${this.id}-apim-diagnostic`, this, {
+      ...this.props.apiManagementDiagnosticSettings,
+      name: `${this.props.stackName}-api-management`,
+      resourceUri: this.api.apim.id,
+      workspaceId: this.commonLogAnalyticsWorkspace.id,
+    })
+  }
+}

package/src/lib/azure/construct/rest-api/types.ts

@@ -0,0 +1,33 @@
+import { ApiManagementService, Logger } from '@pulumi/azure-native/apimanagement/index.js'
+import { RoleAssignment } from '@pulumi/azure-native/authorization/index.js'
+import { GetVaultResult, Secret } from '@pulumi/azure-native/keyvault/index.js'
+import { Input, Output } from '@pulumi/pulumi'
+import {
+  ApiDiagnosticProps,
+  ApiManagementProps,
+  CommonAzureStackProps,
+  MonitorDiagnosticSettingProps,
+} from '../../index.js'
+
+export interface ApiAuthKeyVault {
+  name: string
+  resourceGroupName: string
+}
+
+export interface AzureRestApiProps extends CommonAzureStackProps {
+  apiAuthKeyVault: ApiAuthKeyVault
+  apiManagement: ApiManagementProps
+  apiManagementDiagnostic: ApiDiagnosticProps
+  apiManagementDiagnosticSettings: MonitorDiagnosticSettingProps
+}
+
+export interface AzureApi {
+  id: Input<string>
+  name: Input<string>
+  resourceGroupName: Input<string>
+  authKeyVault: Output<GetVaultResult>
+  apim: ApiManagementService
+  namedValueSecret: Secret
+  namedValueRoleAssignment: RoleAssignment
+  logger: Logger
+}

package/src/lib/azure/construct/rest-api-function/index.ts

@@ -0,0 +1,2 @@
+export * from './main.js'
+export * from './types.js'

package/src/lib/azure/construct/rest-api-function/main.ts

@@ -0,0 +1,297 @@
+import { HostnameType, NamedValue } from '@pulumi/azure-native/apimanagement/index.js'
+import { getVaultOutput } from '@pulumi/azure-native/keyvault/index.js'
+import { listWebAppHostKeysOutput } from '@pulumi/azure-native/web/index.js'
+import * as pulumi from '@pulumi/pulumi'
+import _ from 'lodash'
+import { ApiManagementApiOperationProps, RoleDefinitionId } from '../../services/index.js'
+import { AzureFunctionApp } from '../function-app/index.js'
+import { AzureApiFunction, AzureRestApiFunctionProps } from './types.js'
+
+export class AzureRestApiFunction extends AzureFunctionApp {
+  props: AzureRestApiFunctionProps
+  api: AzureApiFunction
+
+  constructor(id: string, props: AzureRestApiFunctionProps) {
+    super(id, props)
+    this.props = props
+    this.id = id
+  }
+
+  public initResources() {
+    this.createResourceGroup()
+    this.resolveCommonLogAnalyticsWorkspace()
+    this.resolveApplicationInsights()
+    this.createAppServicePlan()
+    this.createdParsedAppConfigurations()
+    this.createAppConfiguration()
+    this.createAppConfigurations()
+    this.createStorageAccount()
+    this.createStorageDeploymentContainer()
+    this.createStorageContainer()
+    this.createDataStorageAccount()
+    this.createDataStorageContainer()
+    this.generateStorageContainerSas()
+    this.createFunctionHosts()
+    this.createCodePackage()
+    this.createFunctionAppSiteConfig()
+    this.createFunctionApp()
+    this.createRoleAssignments()
+    this.resolveApiKeyVault()
+    this.createNamespaceSecret()
+    this.createApiManagement()
+    this.createApiManagementNamespace()
+    this.createApiManagementRoutes()
+    this.createCorsPolicy()
+    this.createFunctionDashboard()
+  }
+
+  protected resolveApiKeyVault() {
+    this.api.authKeyVault = getVaultOutput({
+      vaultName: this.props.apiAuthKeyVault.name,
+      resourceGroupName: this.props.apiAuthKeyVault.resourceGroupName,
+    })
+  }
+
+  protected createNamespaceSecret() {
+    if (!this.props.apiManagement.useExistingApiManagement) return
+
+    const functionDefaultKey = listWebAppHostKeysOutput({
+      name: this.app.name,
+      resourceGroupName: this.resourceGroup.name,
+    })
+
+    this.api.namedValueSecret = this.keyVaultManager.createKeyVaultSecret(
+      `${this.id}-key-vault-api-namespace-secret`,
+      this,
+      {
+        vaultName: this.api.authKeyVault.name,
+        secretName: pulumi.interpolate`${this.app.name}key`,
+        resourceGroupName: this.resourceGroup.name,
+        properties: {
+          value: functionDefaultKey.functionKeys?.apply(keys => keys?.['default'] ?? ''),
+        },
+      }
+    )
+  }
+
+  protected createApiManagement() {
+    if (this.props.apiManagement.useExistingApiManagement) {
+      if (this.props.apiManagement.apiStackName) {
+        const apiStack = new pulumi.StackReference(this.props.apiManagement.apiStackName)
+        this.api.id = apiStack.getOutput('apiId')
+        this.api.name = apiStack.getOutput('apiName')
+        this.api.resourceGroupName = apiStack.getOutput('apiResourceGroupName')
+      }
+    } else {
+      let hostnameConfigurations
+      if (this.props.apiManagement.certificateKeyVaultId) {
+        hostnameConfigurations = [
+          {
+            hostName: `api-${this.props.locationConfig?.[this.props.location].name}.${this.props.domainName}`,
+            keyVaultId: this.props.apiManagement.certificateKeyVaultId,
+            type: HostnameType.Management,
+          },
+        ]
+      }
+
+      this.api.apim = this.apiManagementManager.createApiManagementService(
+        this.id,
+        this,
+        {
+          ...this.props.apiManagement,
+          serviceName: this.props.stackName,
+          location: this.resourceGroup.location,
+          resourceGroupName: this.resourceGroup.name,
+          hostnameConfigurations,
+        },
+        undefined,
+        undefined,
+        { protect: true }
+      )
+      this.api.id = this.api.apim.id
+      this.api.name = this.api.apim.name
+      this.api.resourceGroupName = this.resourceGroup.name
+
+      if (this.props.apiManagement.certificateKeyVaultId) {
+        this.authorisationManager.createRoleAssignment(`${this.id}-kv-role`, this, {
+          principalId: this.api.apim.identity.apply(identity => identity?.principalId ?? ''),
+          roleDefinitionId: RoleDefinitionId.KEY_VAULT_CERTIFICATE_USER,
+          scope: this.props.apiManagement.certificateKeyVaultId,
+        })
+      }
+    }
+  }
+
+  protected createApiManagementNamespace() {
+    this.api.namedValue = new NamedValue(`${this.id}-am-nv`, {
+      displayName: this.app.name,
+      keyVault: {
+        secretIdentifier: this.api.namedValueSecret.id,
+      },
+      resourceGroupName: this.api.resourceGroupName,
+      secret: true,
+      serviceName: this.api.name,
+    })
+
+    this.api.backend = this.apiManagementManager.createBackend(this.id, this, {
+      ...this.props.apiManagementBackend,
+      title: this.props.stackName,
+      resourceGroupName: this.api.resourceGroupName,
+      serviceName: this.api.name,
+      url: pulumi.interpolate`https://${this.app.name}.azurewebsites.net/${this.props.apiManagementBackend.backendUrlPath}`,
+      resourceId: pulumi.interpolate`https://management.azure.com/subscriptions/${this.props.subscriptionId}/resourceGroups/${this.resourceGroup.name}/providers/Microsoft.Web/sites/${this.app.name}`,
+      credentials: {
+        header: {
+          'x-functions-key': [`{{${this.api.namedValue.name}}}`],
+        },
+      },
+    })
+  }
+
+  protected createApiManagementRoutes() {
+    this.api.managementApi = this.apiManagementManager.createApi(`${this.id}-apim-api`, this, {
+      ...this.props.apiManagementApi,
+      displayName: this.props.apiManagementApi.displayName ?? this.props.stackName,
+      serviceName: this.api.name,
+      resourceGroupName: this.api.resourceGroupName,
+      isCurrent: this.props.apiManagementApi.isCurrent ?? true,
+      protocols: this.props.apiManagementApi.protocols ?? ['https'],
+    })
+
+    _.forEach(this.props.apiManagementApi.operations, operation => {
+      this.createApiOperation(operation)
+      this.createApiOperationCachePolicy(operation)
+    })
+  }
+
+  protected createApiOperation(operation: ApiManagementApiOperationProps) {
+    this.api.apiOperations[operation.displayName.toString()] = this.apiManagementManager.createOperation(
+      `${this.id}-apim-api-apim-api-operation-${operation.displayName}-${operation.method}`,
+      this,
+      {
+        operationId: `${operation.displayName}-${operation.method}`,
+        method: operation.method.toString().toUpperCase(),
+        serviceName: this.api.name,
+        resourceGroupName: this.api.resourceGroupName,
+        apiId: this.api.id,
+        displayName: operation.displayName,
+        urlTemplate: operation.urlTemplate,
+        templateParameters: operation.templateParameters,
+      }
+    )
+  }
+
+  protected createApiOperationCachePolicy(operation: ApiManagementApiOperationProps) {
+    if (!operation.caching || !operation.caching.enableCacheSet) return
+
+    this.apiManagementManager.createOperationPolicy(
+      `${this.id}-apim-api-operation-policy-${operation.displayName}-${operation.method}`,
+      this,
+      {
+        apiId: this.api.id,
+        resourceGroupName: this.api.resourceGroupName,
+        serviceName: this.api.name,
+        operationId: `${operation.displayName}-${operation.method}`,
+        value: `
+        <policies>
+          <policies>
+            <inbound>
+              <base />
+                ${this.props.apiManagementApi.cacheSetInboundPolicy}
+            </inbound>
+            <backend>
+              <base />
+            </backend>
+            <outbound>
+              <base />
+                ${this.props.apiManagementApi.cacheSetOutboundPolicy}
+            </outbound>
+            <on-error>
+              <base />
+            </on-error>
+        </policies>`.replace(/\n[ \t]*\n/g, '\n'), // move to utils
+      }
+    )
+  }
+
+  protected createCorsPolicy() {
+    if (!this.props.apiManagementCors?.enableCors) return
+
+    const allowedOrigins: string[] = []
+    if (this.props.apiManagementCors.allowedOrigins) {
+      _.forEach(this.props.apiManagementCors.allowedOrigins, (origin: string) => {
+        allowedOrigins.push(`<origin>${origin}</origin>`)
+      })
+    } else if (this.props.apiManagementCors.originSubdomain) {
+      _.forEach(this.props.locales, (locale: string) => {
+        allowedOrigins.push(
+          `<origin>https://${this.props.apiManagementCors?.originSubdomain}-${locale}.${this.props.domainName}</origin>`
+        )
+      })
+    }
+
+    const allowedHeaders: string[] = []
+    _.forEach(this.props.apiManagementCors.allowedHeaders, (header: string) => {
+      allowedHeaders.push(`<header>${header}</header>`)
+    })
+
+    const allowedMethods: string[] = []
+    _.forEach(this.props.apiManagementCors.allowedMethods, (method: string) => {
+      allowedMethods.push(`<method>${method}</method>`)
+    })
+
+    this.api.corsPolicyXmlContent = `
+        <cors allow-credentials="${this.props.apiManagementCors.allowCredentials}">
+          <allowed-origins>
+            ${allowedOrigins.toString().replaceAll(',', '')}
+          </allowed-origins>
+          <allowed-methods>
+            ${allowedMethods.toString().replaceAll(',', '')}
+          </allowed-methods>
+          <allowed-headers>
+            ${allowedHeaders.toString().replaceAll(',', '')}
+          </allowed-headers>
+        </cors>`.replace(/\n[ \t]*\n/g, '\n') // move to utils
+  }
+
+  protected createApiPolicy() {
+    const policyXmlContent = pulumi.interpolate`
+      <policies>
+        <inbound>
+          <base />
+          ${this.api.corsPolicyXmlContent ?? ''}
+          <set-backend-service backend-id="${this.api.backend.name}" />
+          <set-header name="traceparent" exists-action="override">
+            <value>@(context.Request.Headers.GetValueOrDefault("traceparent", ""))</value>
+          </set-header>
+        </inbound>
+        <backend>
+            <base />
+        </backend>
+        <outbound>
+          <base />
+          <set-header name="traceparent" exists-action="override">
+            <value>@(context.Request.Headers.GetValueOrDefault("traceparent", ""))</value>
+          </set-header>
+        </outbound>
+        <on-error>
+            <base />
+        </on-error>
+      </policies>`
+
+    this.apiManagementManager.createPolicy(`${this.id}-apim-api-policy`, this, {
+      serviceName: this.api.name,
+      apiId: this.api.id,
+      resourceGroupName: this.api.resourceGroupName,
+      value: policyXmlContent.apply(xml => xml.replace(/\n[ \t]*\n/g, '\n')),
+    })
+  }
+
+  protected dashboardVariables(): Record<string, any> {
+    const variables = super.dashboardVariables()
+    return {
+      ...variables,
+      apimName: this.api.name,
+    }
+  }
+}

package/src/lib/azure/construct/rest-api-function/types.ts

@@ -0,0 +1,39 @@
+import { Api, ApiOperation, Backend, NamedValue } from '@pulumi/azure-native/apimanagement/index.js'
+import {
+  ApiManagementApiProps,
+  ApiManagementBackendProps,
+  ApiManagementProps,
+  ApplicationInsightsProps,
+  AzureApi,
+  AzureFunctionAppProps,
+  AzureRestApiProps,
+} from '../../index.js'
+
+export interface ApiManagementRestApiProps extends ApiManagementProps {
+  useExistingApiManagement: boolean
+}
+
+export interface ApiManagementCors {
+  enableCors: boolean
+  allowCredentials: boolean
+  allowedMethods: string[]
+  allowedHeaders: string[]
+  allowedOrigins?: string[]
+  originSubdomain?: string
+}
+
+export interface AzureRestApiFunctionProps extends AzureRestApiProps, AzureFunctionAppProps {
+  apiManagementBackend: ApiManagementBackendProps
+  apiManagementApi: ApiManagementApiProps
+  apiManagementApplicationInsights?: ApplicationInsightsProps
+  apiManagement: ApiManagementRestApiProps
+  apiManagementCors?: ApiManagementCors
+}
+
+export interface AzureApiFunction extends AzureApi {
+  corsPolicyXmlContent?: string
+  apiOperations: { [operation: string]: ApiOperation }
+  managementApi: Api
+  backend: Backend
+  namedValue: NamedValue
+}

package/src/lib/azure/construct/rest-api-with-cache/index.ts

@@ -0,0 +1,2 @@
+export * from './main.js'
+export * from './types.js'

package/src/lib/azure/construct/rest-api-with-cache/main.ts

@@ -0,0 +1,75 @@
+import { AzureRestApi } from '../rest-api/main.js'
+import { AzureApiWithCache, AzureRestApiWithCacheProps } from './types.js'
+
+export class AzureRestApiWithCache extends AzureRestApi {
+  props: AzureRestApiWithCacheProps
+  declare api: AzureApiWithCache
+
+  constructor(id: string, props: AzureRestApiWithCacheProps) {
+    super(id, props)
+    this.props = props
+    this.id = id
+  }
+
+  public initResources() {
+    super.initResources()
+    this.createRedisCache()
+    this.createRedisCacheSecret()
+    this.createRedisCacheNamespace()
+    this.createRedisCacheApiManagement()
+  }
+
+  protected createRedisCache() {
+    this.api.redis = this.redisManager.createManagedRedis(
+      this.id,
+      this,
+      {
+        ...this.props.apiManagementManagedRedis,
+        name: this.props.stackName,
+        location: this.resourceGroup.location,
+        resourceGroupName: this.resourceGroup.name,
+      },
+      { ignoreChanges: ['location'] }
+    )
+  }
+
+  protected createRedisCacheSecret() {
+    this.api.redisNamedValueSecret = this.keyVaultManager.createKeyVaultSecret(
+      `${this.id}-key-vault-redis-namespace-secret`,
+      this,
+      {
+        vaultName: this.api.authKeyVault.name,
+        secretName: `${this.api.redis.name}key`,
+        resourceGroupName: this.resourceGroup.name,
+        properties: {
+          value: `${this.api.redis.name}:10000,password=${this.api.redis.accessKeys.primaryKey},ssl=True,abortConnect=False`,
+        },
+      },
+      { dependsOn: [this.api.redis, this.api.namedValueRoleAssignment] }
+    )
+  }
+
+  protected createRedisCacheNamespace() {
+    this.api.redisNamedValue = this.apiManagementManager.createNamedValue(`${this.id}-redis-nv`, this, {
+      displayName: `${this.api.redis.name}key`,
+      resourceGroupName: this.resourceGroup.name,
+      serviceName: this.api.apim.name,
+      namedValueId: `${this.api.redis.name}key`,
+      secret: true,
+      keyVault: {
+        secretIdentifier: this.api.redisNamedValueSecret.id,
+      },
+    })
+  }
+
+  protected createRedisCacheApiManagement() {
+    this.apiManagementManager.createCache(`${this.id}-am-redis-cache`, this, {
+      serviceName: this.api.apim.name,
+      connectionString: `{{${this.api.redisNamedValue.name}}}`,
+      cacheId: this.api.redis.id,
+      resourceGroupName: this.resourceGroup.name,
+      useFromLocation: this.api.redis.location,
+      description: `Redis cache for ${this.api.apim.name}`,
+    })
+  }
+}

package/src/lib/azure/construct/rest-api-with-cache/types.ts

@@ -0,0 +1,15 @@
+import { NamedValue } from '@pulumi/azure-native/apimanagement/index.js'
+import { Secret } from '@pulumi/azure-native/keyvault/index.js'
+import { Redis } from '@pulumi/azure-native/redis/index.js'
+import { RedisProps } from '../../index.js'
+import { AzureApi, AzureRestApiProps } from '../index.js'
+
+export interface AzureRestApiWithCacheProps extends AzureRestApiProps {
+  apiManagementManagedRedis: RedisProps
+}
+
+export interface AzureApiWithCache extends AzureApi {
+  redis: Redis
+  redisNamedValueSecret: Secret
+  redisNamedValue: NamedValue
+}

package/src/lib/azure/construct/site-with-webapp/index.ts

@@ -0,0 +1,2 @@
+export * from './main.js'
+export * from './types.js'