update keyvault for aspire use cases (#42086)

* update keyvault for aspire use cases

* update api

Author: m-nash

sdk/provisioning/Azure.Provisioning/api/Azure.Provisioning.net6.0.cs

@@ -150,7 +150,7 @@ namespace Azure.Provisioning.KeyVaults
 {
     public partial class KeyVault : Azure.Provisioning.Resource<Azure.ResourceManager.KeyVault.KeyVaultData>
     {
-        public KeyVault(Azure.Provisioning.IConstruct scope, string name = "kv", string version = "2023-02-01", Azure.Core.AzureLocation? location = default(Azure.Core.AzureLocation?), Azure.Provisioning.ResourceManager.ResourceGroup? resourceGroup = null) : base (default(Azure.Provisioning.IConstruct), default(Azure.Provisioning.Resource), default(string), default(Azure.Core.ResourceType), default(string), default(System.Func<string, Azure.ResourceManager.KeyVault.KeyVaultData>)) { }
+        public KeyVault(Azure.Provisioning.IConstruct scope, Azure.Provisioning.ResourceManager.ResourceGroup? parent = null, string name = "kv", string version = "2023-02-01", Azure.Core.AzureLocation? location = default(Azure.Core.AzureLocation?)) : base (default(Azure.Provisioning.IConstruct), default(Azure.Provisioning.Resource), default(string), default(Azure.Core.ResourceType), default(string), default(System.Func<string, Azure.ResourceManager.KeyVault.KeyVaultData>)) { }
         public void AddAccessPolicy(Azure.Provisioning.Output output) { }
         protected override Azure.Provisioning.Resource? FindParentInScope(Azure.Provisioning.IConstruct scope) { throw null; }
     }

sdk/provisioning/Azure.Provisioning/api/Azure.Provisioning.netstandard2.0.cs

@@ -150,7 +150,7 @@ namespace Azure.Provisioning.KeyVaults
 {
     public partial class KeyVault : Azure.Provisioning.Resource<Azure.ResourceManager.KeyVault.KeyVaultData>
     {
-        public KeyVault(Azure.Provisioning.IConstruct scope, string name = "kv", string version = "2023-02-01", Azure.Core.AzureLocation? location = default(Azure.Core.AzureLocation?), Azure.Provisioning.ResourceManager.ResourceGroup? resourceGroup = null) : base (default(Azure.Provisioning.IConstruct), default(Azure.Provisioning.Resource), default(string), default(Azure.Core.ResourceType), default(string), default(System.Func<string, Azure.ResourceManager.KeyVault.KeyVaultData>)) { }
+        public KeyVault(Azure.Provisioning.IConstruct scope, Azure.Provisioning.ResourceManager.ResourceGroup? parent = null, string name = "kv", string version = "2023-02-01", Azure.Core.AzureLocation? location = default(Azure.Core.AzureLocation?)) : base (default(Azure.Provisioning.IConstruct), default(Azure.Provisioning.Resource), default(string), default(Azure.Core.ResourceType), default(string), default(System.Func<string, Azure.ResourceManager.KeyVault.KeyVaultData>)) { }
         public void AddAccessPolicy(Azure.Provisioning.Output output) { }
         protected override Azure.Provisioning.Resource? FindParentInScope(Azure.Provisioning.IConstruct scope) { throw null; }
     }

sdk/provisioning/Azure.Provisioning/src/keyvault/KeyVault.cs

@@ -24,9 +24,9 @@ public class KeyVault : Resource<KeyVaultData>
         /// <param name="name">The name.</param>
         /// <param name="version">The version.</param>
         /// <param name="location">The location.</param>
-        /// <param name="resourceGroup"></param>
-        public KeyVault(IConstruct scope, string name = "kv", string version = "2023-02-01", AzureLocation? location = default, ResourceGroup? resourceGroup = default)
-            : base(scope, resourceGroup, name, ResourceTypeName, version, (name) => ArmKeyVaultModelFactory.KeyVaultData(
+        /// <param name="parent"></param>
+        public KeyVault(IConstruct scope, ResourceGroup? parent = default, string name = "kv", string version = "2023-02-01", AzureLocation? location = default)
+            : base(scope, parent, name, ResourceTypeName, version, (name) => ArmKeyVaultModelFactory.KeyVaultData(
                 name: name,
                 resourceType: ResourceTypeName,
                 location: location ?? Environment.GetEnvironmentVariable("AZURE_LOCATION") ?? AzureLocation.WestUS,
@@ -43,8 +43,10 @@ public KeyVault(IConstruct scope, string name = "kv", string version = "2023-02-
                                 IdentityAccessSecretPermission.List
                             }
                         })
-                    } : default)))
+                    } : default,
+                    enableRbacAuthorization: true)))
         {
+            AddOutput(kv => kv.Properties.VaultUri, "vaultUri");
         }
 
         /// <summary>

sdk/provisioning/Azure.Provisioning/src/keyvault/KeyVaultAddAccessPolicy.cs

@@ -51,7 +51,7 @@ private static string GetParamValue(Parameter principalIdParameter, IConstruct s
             var result = base.FindParentInScope(scope);
             if (result is null)
             {
-                result = scope.GetSingleResource<KeyVault>() ?? new KeyVault(scope, "kv");
+                result = scope.GetSingleResource<KeyVault>() ?? new KeyVault(scope, name: "kv");
             }
             return result;
         }

sdk/provisioning/Azure.Provisioning/src/keyvault/KeyVaultExtensions.cs

@@ -20,7 +20,7 @@ public static class KeyVaultExtensions
         /// <returns></returns>
         public static KeyVault AddKeyVault(this IConstruct construct, ResourceGroup? resourceGroup = null, string name = "kv")
         {
-            return new KeyVault(construct, name, resourceGroup: resourceGroup);
+            return new KeyVault(construct, name: name, parent: resourceGroup);
         }
 
         /// <summary>

sdk/provisioning/Azure.Provisioning/tests/ConstructTests.cs

@@ -144,7 +144,7 @@ public void GetOutputsChildConstructs(bool recursive)
             rg2.AddOutput(r => r.Location, "location");
 
             // front end website has an output
-            var expected = recursive ? 3 : 1;
+            var expected = recursive ? 4 : 2;
             var outputs = infra.GetOutputs(recursive);
 
             Assert.AreEqual(expected, outputs.Count());

sdk/provisioning/Azure.Provisioning/tests/Infrastructure/OutputsSpanningModules/main.bicep

@@ -49,4 +49,5 @@ module rg3_TEST './resources/rg3_TEST/rg3_TEST.bicep' = {
 
 output STORAGE_PRINCIPAL_ID string = rg1_TEST.outputs.STORAGE_PRINCIPAL_ID
 output LOCATION string = rg1_TEST.outputs.LOCATION
+output vaultUri string = rg1_TEST.outputs.vaultUri
 output SERVICE_API_IDENTITY_PRINCIPAL_ID string = rg3_TEST.outputs.SERVICE_API_IDENTITY_PRINCIPAL_ID

sdk/provisioning/Azure.Provisioning/tests/Infrastructure/OutputsSpanningModules/resources/rg1_TEST/rg1_TEST.bicep

@@ -55,6 +55,7 @@ resource keyVault_BRsYQF4qT 'Microsoft.KeyVault/vaults@2023-02-01' = {
       name: 'standard'
       family: 'A'
     }
+    enableRbacAuthorization: true
   }
 }
 
@@ -79,3 +80,4 @@ resource keyVaultAddAccessPolicy_lQ2z7dHpX 'Microsoft.KeyVault/vaults/accessPoli
 
 output STORAGE_PRINCIPAL_ID string = webSite_dOTaZfna6.identity.principalId
 output LOCATION string = webSite_dOTaZfna6.location
+output vaultUri string = keyVault_BRsYQF4qT.properties.vaultUri

sdk/provisioning/Azure.Provisioning/tests/Infrastructure/WebSiteUsingL1/main.bicep

@@ -28,3 +28,4 @@ module rg_TEST './resources/rg_TEST/rg_TEST.bicep' = {
 }
 
 output SERVICE_API_IDENTITY_PRINCIPAL_ID string = rg_TEST.outputs.SERVICE_API_IDENTITY_PRINCIPAL_ID
+output vaultUri string = rg_TEST.outputs.vaultUri

sdk/provisioning/Azure.Provisioning/tests/Infrastructure/WebSiteUsingL1/resources/rg_TEST/rg_TEST.bicep

@@ -84,6 +84,7 @@ resource keyVault_CRoMbemLF 'Microsoft.KeyVault/vaults@2023-02-01' = {
       name: 'standard'
       family: 'A'
     }
+    enableRbacAuthorization: true
   }
 }
 
@@ -246,3 +247,4 @@ resource applicationSettingsResource_vEe46o8Zn 'Microsoft.Web/sites/config@2021-
 }
 
 output SERVICE_API_IDENTITY_PRINCIPAL_ID string = webSite_W5EweSXEq.identity.principalId
+output vaultUri string = keyVault_CRoMbemLF.properties.vaultUri