diff --git a/sdk/provisioning/Azure.Provisioning/api/Azure.Provisioning.net6.0.cs b/sdk/provisioning/Azure.Provisioning/api/Azure.Provisioning.net6.0.cs index d990acc2d394..1890aa42fb90 100644 --- a/sdk/provisioning/Azure.Provisioning/api/Azure.Provisioning.net6.0.cs +++ b/sdk/provisioning/Azure.Provisioning/api/Azure.Provisioning.net6.0.cs @@ -93,6 +93,7 @@ protected Resource(Azure.Provisioning.IConstruct scope, Azure.Provisioning.Resou protected virtual Azure.Provisioning.Resource? FindParentInScope(Azure.Provisioning.IConstruct scope) { throw null; } protected virtual string GetAzureName(Azure.Provisioning.IConstruct scope, string resourceName) { throw null; } protected virtual string GetBicepName(Azure.Provisioning.Resource resource) { throw null; } + protected string GetGloballyUniqueName(string resourceName) { throw null; } protected virtual bool NeedsParent() { throw null; } protected virtual bool NeedsScope() { throw null; } Azure.Provisioning.Resource System.ClientModel.Primitives.IPersistableModel.Create(System.BinaryData data, System.ClientModel.Primitives.ModelReaderWriterOptions options) { throw null; } @@ -173,6 +174,7 @@ public partial class RoleAssignment : Azure.Provisioning.Resource)) { } public void AddAccessPolicy(Azure.Provisioning.Output output) { } protected override Azure.Provisioning.Resource? FindParentInScope(Azure.Provisioning.IConstruct scope) { throw null; } + protected override string GetAzureName(Azure.Provisioning.IConstruct scope, string resourceName) { throw null; } } public static partial class KeyVaultExtensions { diff --git a/sdk/provisioning/Azure.Provisioning/api/Azure.Provisioning.netstandard2.0.cs b/sdk/provisioning/Azure.Provisioning/api/Azure.Provisioning.netstandard2.0.cs index d990acc2d394..1890aa42fb90 100644 --- a/sdk/provisioning/Azure.Provisioning/api/Azure.Provisioning.netstandard2.0.cs +++ b/sdk/provisioning/Azure.Provisioning/api/Azure.Provisioning.netstandard2.0.cs @@ -93,6 +93,7 @@ protected Resource(Azure.Provisioning.IConstruct scope, Azure.Provisioning.Resou protected virtual Azure.Provisioning.Resource? FindParentInScope(Azure.Provisioning.IConstruct scope) { throw null; } protected virtual string GetAzureName(Azure.Provisioning.IConstruct scope, string resourceName) { throw null; } protected virtual string GetBicepName(Azure.Provisioning.Resource resource) { throw null; } + protected string GetGloballyUniqueName(string resourceName) { throw null; } protected virtual bool NeedsParent() { throw null; } protected virtual bool NeedsScope() { throw null; } Azure.Provisioning.Resource System.ClientModel.Primitives.IPersistableModel.Create(System.BinaryData data, System.ClientModel.Primitives.ModelReaderWriterOptions options) { throw null; } @@ -173,6 +174,7 @@ public partial class RoleAssignment : Azure.Provisioning.Resource)) { } public void AddAccessPolicy(Azure.Provisioning.Output output) { } protected override Azure.Provisioning.Resource? FindParentInScope(Azure.Provisioning.IConstruct scope) { throw null; } + protected override string GetAzureName(Azure.Provisioning.IConstruct scope, string resourceName) { throw null; } } public static partial class KeyVaultExtensions { diff --git a/sdk/provisioning/Azure.Provisioning/assets.json b/sdk/provisioning/Azure.Provisioning/assets.json index 959e1dddc646..e75427c5cf78 100644 --- a/sdk/provisioning/Azure.Provisioning/assets.json +++ b/sdk/provisioning/Azure.Provisioning/assets.json @@ -2,5 +2,5 @@ "AssetsRepo": "Azure/azure-sdk-assets", "AssetsRepoPrefixPath": "net", "TagPrefix": "net/provisioning/Azure.Provisioning", - "Tag": "net/provisioning/Azure.Provisioning_bd30657e9a" + "Tag": "net/provisioning/Azure.Provisioning_4946e24dc2" } \ No newline at end of file diff --git a/sdk/provisioning/Azure.Provisioning/src/Resource.cs b/sdk/provisioning/Azure.Provisioning/src/Resource.cs index 14a20d8b70b7..90ed2aa7cc23 100644 --- a/sdk/provisioning/Azure.Provisioning/src/Resource.cs +++ b/sdk/provisioning/Azure.Provisioning/src/Resource.cs @@ -6,16 +6,11 @@ using System.Collections.Generic; using System.Diagnostics; using System.IO; -using System.Linq; using System.Security.Cryptography; using System.Text; using Azure.Core; -using Azure.Provisioning.Authorization; using Azure.Provisioning.ResourceManager; -using Azure.Provisioning.Resources; using Azure.ResourceManager; -using Azure.ResourceManager.Authorization.Models; -using Azure.ResourceManager.Models; namespace Azure.Provisioning { @@ -141,6 +136,13 @@ protected virtual string GetAzureName(IConstruct scope, string resourceName) return stringBuilder.ToString(0, Math.Min(stringBuilder.Length, 24)); } + /// + /// Gets a globally unique name for the resource. + /// + /// The specified name when constructing the resource. + protected string GetGloballyUniqueName(string resourceName) + => $"toLower(take(concat('{resourceName}', uniqueString(resourceGroup().id)), 24))"; + /// /// Finds the parent resource in the scope. /// diff --git a/sdk/provisioning/Azure.Provisioning/src/authorization/RoleDefinition.cs b/sdk/provisioning/Azure.Provisioning/src/authorization/RoleDefinition.cs index d12b51ceb443..a08ce8ef8ae9 100644 --- a/sdk/provisioning/Azure.Provisioning/src/authorization/RoleDefinition.cs +++ b/sdk/provisioning/Azure.Provisioning/src/authorization/RoleDefinition.cs @@ -33,6 +33,11 @@ public RoleDefinition(string value) /// public static RoleDefinition StorageTableDataContributor { get; } = new RoleDefinition("0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3"); + /// + /// Key Vault administrator role. + /// + public static RoleDefinition KeyVaultAdministrator { get; } = new RoleDefinition("00482a5a-887f-4fb3-b363-3b7fe8e74483"); + /// Converts a string to a . public static implicit operator RoleDefinition(string value) => new RoleDefinition(value); diff --git a/sdk/provisioning/Azure.Provisioning/src/keyvault/KeyVault.cs b/sdk/provisioning/Azure.Provisioning/src/keyvault/KeyVault.cs index 8e5b53d0309e..21a584dced21 100644 --- a/sdk/provisioning/Azure.Provisioning/src/keyvault/KeyVault.cs +++ b/sdk/provisioning/Azure.Provisioning/src/keyvault/KeyVault.cs @@ -45,7 +45,8 @@ public KeyVault(IConstruct scope, ResourceGroup? parent = default, string name = } : default, enableRbacAuthorization: true))) { - AddOutput(kv => kv.Properties.VaultUri, "vaultUri"); + AssignProperty(data => data.Name, GetAzureName(scope, name)); + if (scope.Root.Properties.TenantId == Guid.Empty) { AssignProperty(kv => kv.Properties.TenantId, Tenant.TenantIdExpression); @@ -71,5 +72,8 @@ public void AddAccessPolicy(Output output) } return result; } + + /// + protected override string GetAzureName(IConstruct scope, string resourceName) => GetGloballyUniqueName(resourceName); } } diff --git a/sdk/provisioning/Azure.Provisioning/src/sqlmanagement/SqlServer.cs b/sdk/provisioning/Azure.Provisioning/src/sqlmanagement/SqlServer.cs index 45c9b9bb5ece..57f40c27fc1b 100644 --- a/sdk/provisioning/Azure.Provisioning/src/sqlmanagement/SqlServer.cs +++ b/sdk/provisioning/Azure.Provisioning/src/sqlmanagement/SqlServer.cs @@ -76,9 +76,6 @@ public SqlServer( } /// - protected override string GetAzureName(IConstruct scope, string resourceName) - { - return $"toLower(take(concat('{resourceName}', uniqueString(resourceGroup().id)), 24))"; - } + protected override string GetAzureName(IConstruct scope, string resourceName) => GetGloballyUniqueName(resourceName); } } diff --git a/sdk/provisioning/Azure.Provisioning/src/storage/StorageAccount.cs b/sdk/provisioning/Azure.Provisioning/src/storage/StorageAccount.cs index 8b52215a7786..16028ea8ec6a 100644 --- a/sdk/provisioning/Azure.Provisioning/src/storage/StorageAccount.cs +++ b/sdk/provisioning/Azure.Provisioning/src/storage/StorageAccount.cs @@ -50,9 +50,6 @@ public StorageAccount(IConstruct scope, StorageKind kind, StorageSkuName sku, Re } /// - protected override string GetAzureName(IConstruct scope, string resourceName) - { - return $"toLower(take(concat('{resourceName}', uniqueString(resourceGroup().id)), 24))"; - } + protected override string GetAzureName(IConstruct scope, string resourceName) => GetGloballyUniqueName(resourceName); } } diff --git a/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/OutputsSpanningModules/resources/rg1_TEST_module/rg1_TEST_module.bicep b/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/OutputsSpanningModules/resources/rg1_TEST_module/rg1_TEST_module.bicep index 42bde13a6687..4c655eae28c5 100644 --- a/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/OutputsSpanningModules/resources/rg1_TEST_module/rg1_TEST_module.bicep +++ b/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/OutputsSpanningModules/resources/rg1_TEST_module/rg1_TEST_module.bicep @@ -45,8 +45,8 @@ resource applicationSettingsResource_lzuRUWkeF 'Microsoft.Web/sites/config@2021- name: 'appsettings' } -resource keyVault_BRsYQF4qT 'Microsoft.KeyVault/vaults@2023-02-01' = { - name: 'kv-TEST' +resource keyVault_aUw0nRbmu 'Microsoft.KeyVault/vaults@2023-02-01' = { + name: toLower(take(concat('kv', uniqueString(resourceGroup().id)), 24)) location: 'westus' properties: { tenantId: tenant().tenantId @@ -59,8 +59,8 @@ resource keyVault_BRsYQF4qT 'Microsoft.KeyVault/vaults@2023-02-01' = { } } -resource keyVaultAddAccessPolicy_hv5Kg38J7 'Microsoft.KeyVault/vaults/accessPolicies@2023-02-01' = { - parent: keyVault_BRsYQF4qT +resource keyVaultAddAccessPolicy_W0akO7TQ8 'Microsoft.KeyVault/vaults/accessPolicies@2023-02-01' = { + parent: keyVault_aUw0nRbmu name: 'add' properties: { accessPolicies: [ @@ -80,4 +80,4 @@ resource keyVaultAddAccessPolicy_hv5Kg38J7 'Microsoft.KeyVault/vaults/accessPoli output STORAGE_PRINCIPAL_ID string = webSite_dOTaZfna6.identity.principalId output LOCATION string = webSite_dOTaZfna6.location -output vaultUri string = keyVault_BRsYQF4qT.properties.vaultUri +output vaultUri string = keyVault_aUw0nRbmu.properties.vaultUri diff --git a/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/WebSiteUsingL1/resources/rg_TEST_module/rg_TEST_module.bicep b/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/WebSiteUsingL1/resources/rg_TEST_module/rg_TEST_module.bicep index 6a557b5825e3..464800c7bef5 100644 --- a/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/WebSiteUsingL1/resources/rg_TEST_module/rg_TEST_module.bicep +++ b/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/WebSiteUsingL1/resources/rg_TEST_module/rg_TEST_module.bicep @@ -71,8 +71,8 @@ resource webSiteConfigLogs_giqxapQs0 'Microsoft.Web/sites/config@2021-02-01' = { } } -resource keyVault_CRoMbemLF 'Microsoft.KeyVault/vaults@2023-02-01' = { - name: 'kv-TEST' +resource keyVault_nM2Vqwgtg 'Microsoft.KeyVault/vaults@2023-02-01' = { + name: toLower(take(concat('kv', uniqueString(resourceGroup().id)), 24)) location: 'westus' properties: { tenantId: tenant().tenantId @@ -84,8 +84,8 @@ resource keyVault_CRoMbemLF 'Microsoft.KeyVault/vaults@2023-02-01' = { } } -resource keyVaultAddAccessPolicy_OttgS6uaT 'Microsoft.KeyVault/vaults/accessPolicies@2023-02-01' = { - parent: keyVault_CRoMbemLF +resource keyVaultAddAccessPolicy_7ChrYtGGE 'Microsoft.KeyVault/vaults/accessPolicies@2023-02-01' = { + parent: keyVault_nM2Vqwgtg name: 'add' properties: { accessPolicies: [ @@ -103,24 +103,34 @@ resource keyVaultAddAccessPolicy_OttgS6uaT 'Microsoft.KeyVault/vaults/accessPoli } } -resource keyVaultSecret_nMDmVNMVq 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = { - parent: keyVault_CRoMbemLF +resource roleAssignment_vMr1hl6oa 'Microsoft.Authorization/roleAssignments@2022-04-01' = { + scope: keyVault_nM2Vqwgtg + name: guid(keyVault_nM2Vqwgtg.id, '00000000-0000-0000-0000-000000000000', subscriptionResourceId('00000000-0000-0000-0000-000000000000', 'Microsoft.Authorization/roleDefinitions', '00482a5a-887f-4fb3-b363-3b7fe8e74483')) + properties: { + roleDefinitionId: subscriptionResourceId('00000000-0000-0000-0000-000000000000', 'Microsoft.Authorization/roleDefinitions', '00482a5a-887f-4fb3-b363-3b7fe8e74483') + principalId: '00000000-0000-0000-0000-000000000000' + principalType: 'ServicePrincipal' + } +} + +resource keyVaultSecret_EG4xNeA1a 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = { + parent: keyVault_nM2Vqwgtg name: 'sqlAdminPassword' properties: { value: sqlAdminPassword } } -resource keyVaultSecret_PrlUnEuAz 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = { - parent: keyVault_CRoMbemLF +resource keyVaultSecret_ynz4glpCA 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = { + parent: keyVault_nM2Vqwgtg name: 'appUserPassword' properties: { value: appUserPassword } } -resource keyVaultSecret_NP8ELZpgb 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = { - parent: keyVault_CRoMbemLF +resource keyVaultSecret_YQnCy7jra 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = { + parent: keyVault_nM2Vqwgtg name: 'connectionString' properties: { value: 'Server=${sqlServer_dQT7Agxxb.properties.fullyQualifiedDomainName}; Database=${sqlDatabase_xPxoW7iwr.name}; User=appUser; Password=${appUserPassword}' @@ -238,5 +248,5 @@ resource applicationSettingsResource_Pfdqa0OdT 'Microsoft.Web/sites/config@2021- } output SERVICE_API_IDENTITY_PRINCIPAL_ID string = webSite_W5EweSXEq.identity.principalId -output vaultUri string = keyVault_CRoMbemLF.properties.vaultUri +output vaultUri string = keyVault_nM2Vqwgtg.properties.vaultUri output sqlServerName string = sqlServer_dQT7Agxxb.properties.fullyQualifiedDomainName diff --git a/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/WebSiteUsingL2/resources/rg_TEST_module/rg_TEST_module.bicep b/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/WebSiteUsingL2/resources/rg_TEST_module/rg_TEST_module.bicep index 1a6e1ec23027..740d113963c2 100644 --- a/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/WebSiteUsingL2/resources/rg_TEST_module/rg_TEST_module.bicep +++ b/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/WebSiteUsingL2/resources/rg_TEST_module/rg_TEST_module.bicep @@ -18,8 +18,8 @@ resource appServicePlan_kjMZSF1FP 'Microsoft.Web/serverfarms@2021-02-01' = { } } -resource keyVault_CRoMbemLF 'Microsoft.KeyVault/vaults@2023-02-01' = { - name: 'kv-TEST' +resource keyVault_nM2Vqwgtg 'Microsoft.KeyVault/vaults@2023-02-01' = { + name: toLower(take(concat('kv', uniqueString(resourceGroup().id)), 24)) location: 'westus' properties: { tenantId: tenant().tenantId @@ -31,8 +31,8 @@ resource keyVault_CRoMbemLF 'Microsoft.KeyVault/vaults@2023-02-01' = { } } -resource keyVaultAddAccessPolicy_OttgS6uaT 'Microsoft.KeyVault/vaults/accessPolicies@2023-02-01' = { - parent: keyVault_CRoMbemLF +resource keyVaultAddAccessPolicy_7ChrYtGGE 'Microsoft.KeyVault/vaults/accessPolicies@2023-02-01' = { + parent: keyVault_nM2Vqwgtg name: 'add' properties: { accessPolicies: [ @@ -50,24 +50,24 @@ resource keyVaultAddAccessPolicy_OttgS6uaT 'Microsoft.KeyVault/vaults/accessPoli } } -resource keyVaultSecret_nMDmVNMVq 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = { - parent: keyVault_CRoMbemLF +resource keyVaultSecret_EG4xNeA1a 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = { + parent: keyVault_nM2Vqwgtg name: 'sqlAdminPassword' properties: { value: sqlAdminPassword } } -resource keyVaultSecret_PrlUnEuAz 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = { - parent: keyVault_CRoMbemLF +resource keyVaultSecret_ynz4glpCA 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = { + parent: keyVault_nM2Vqwgtg name: 'appUserPassword' properties: { value: appUserPassword } } -resource keyVaultSecret_NP8ELZpgb 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = { - parent: keyVault_CRoMbemLF +resource keyVaultSecret_YQnCy7jra 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = { + parent: keyVault_nM2Vqwgtg name: 'connectionString' properties: { value: 'Server=${sqlServer_dQT7Agxxb.properties.fullyQualifiedDomainName}; Database=${sqlDatabase_xPxoW7iwr.name}; User=appUser; Password=${appUserPassword}' @@ -239,4 +239,4 @@ resource applicationSettingsResource_Pfdqa0OdT 'Microsoft.Web/sites/config@2021- output SERVICE_API_IDENTITY_PRINCIPAL_ID string = webSite_W5EweSXEq.identity.principalId output sqlServerName string = sqlServer_dQT7Agxxb.properties.fullyQualifiedDomainName -output vaultUri string = keyVault_CRoMbemLF.properties.vaultUri +output vaultUri string = keyVault_nM2Vqwgtg.properties.vaultUri diff --git a/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/WebSiteUsingL3/resources/rg_TEST_module/rg_TEST_module.bicep b/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/WebSiteUsingL3/resources/rg_TEST_module/rg_TEST_module.bicep index ecf9becc519e..b0e06035b42f 100644 --- a/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/WebSiteUsingL3/resources/rg_TEST_module/rg_TEST_module.bicep +++ b/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/WebSiteUsingL3/resources/rg_TEST_module/rg_TEST_module.bicep @@ -18,8 +18,8 @@ resource appServicePlan_kjMZSF1FP 'Microsoft.Web/serverfarms@2021-02-01' = { } } -resource keyVault_CRoMbemLF 'Microsoft.KeyVault/vaults@2023-02-01' = { - name: 'kv-TEST' +resource keyVault_nM2Vqwgtg 'Microsoft.KeyVault/vaults@2023-02-01' = { + name: toLower(take(concat('kv', uniqueString(resourceGroup().id)), 24)) location: 'westus' tags: { 'key': 'value' @@ -34,8 +34,8 @@ resource keyVault_CRoMbemLF 'Microsoft.KeyVault/vaults@2023-02-01' = { } } -resource keyVaultAddAccessPolicy_OttgS6uaT 'Microsoft.KeyVault/vaults/accessPolicies@2023-02-01' = { - parent: keyVault_CRoMbemLF +resource keyVaultAddAccessPolicy_7ChrYtGGE 'Microsoft.KeyVault/vaults/accessPolicies@2023-02-01' = { + parent: keyVault_nM2Vqwgtg name: 'add' properties: { accessPolicies: [ @@ -53,24 +53,24 @@ resource keyVaultAddAccessPolicy_OttgS6uaT 'Microsoft.KeyVault/vaults/accessPoli } } -resource keyVaultSecret_nMDmVNMVq 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = { - parent: keyVault_CRoMbemLF +resource keyVaultSecret_EG4xNeA1a 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = { + parent: keyVault_nM2Vqwgtg name: 'sqlAdminPassword' properties: { value: sqlAdminPassword } } -resource keyVaultSecret_PrlUnEuAz 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = { - parent: keyVault_CRoMbemLF +resource keyVaultSecret_ynz4glpCA 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = { + parent: keyVault_nM2Vqwgtg name: 'appUserPassword' properties: { value: appUserPassword } } -resource keyVaultSecret_NP8ELZpgb 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = { - parent: keyVault_CRoMbemLF +resource keyVaultSecret_YQnCy7jra 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = { + parent: keyVault_nM2Vqwgtg name: 'connectionString' properties: { value: 'Server=${sqlServer_dQT7Agxxb.properties.fullyQualifiedDomainName}; Database=${sqlDatabase_xPxoW7iwr.name}; User=appUser; Password=${appUserPassword}' @@ -240,6 +240,6 @@ resource applicationSettingsResource_Pfdqa0OdT 'Microsoft.Web/sites/config@2021- } } -output vaultUri string = keyVault_CRoMbemLF.properties.vaultUri +output vaultUri string = keyVault_nM2Vqwgtg.properties.vaultUri output SERVICE_API_IDENTITY_PRINCIPAL_ID string = webSite_W5EweSXEq.identity.principalId output sqlServerName string = sqlServer_dQT7Agxxb.properties.fullyQualifiedDomainName diff --git a/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/WebSiteUsingL3ResourceGroupScope/main.bicep b/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/WebSiteUsingL3ResourceGroupScope/main.bicep index 52bed914b617..59f3becb0ee6 100644 --- a/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/WebSiteUsingL3ResourceGroupScope/main.bicep +++ b/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/WebSiteUsingL3ResourceGroupScope/main.bicep @@ -23,8 +23,8 @@ resource appServicePlan_PxkuWnuWL 'Microsoft.Web/serverfarms@2021-02-01' = { } } -resource keyVault_zomsD2kWf 'Microsoft.KeyVault/vaults@2023-02-01' = { - name: 'kv-TEST' +resource keyVault_GLHqcGjrx 'Microsoft.KeyVault/vaults@2023-02-01' = { + name: toLower(take(concat('kv', uniqueString(resourceGroup().id)), 24)) location: location tags: { 'key': 'value' @@ -39,8 +39,8 @@ resource keyVault_zomsD2kWf 'Microsoft.KeyVault/vaults@2023-02-01' = { } } -resource keyVaultAddAccessPolicy_P5xc7PJ0z 'Microsoft.KeyVault/vaults/accessPolicies@2023-02-01' = { - parent: keyVault_zomsD2kWf +resource keyVaultAddAccessPolicy_7TZqao49e 'Microsoft.KeyVault/vaults/accessPolicies@2023-02-01' = { + parent: keyVault_GLHqcGjrx name: 'add' location: location properties: { @@ -59,8 +59,8 @@ resource keyVaultAddAccessPolicy_P5xc7PJ0z 'Microsoft.KeyVault/vaults/accessPoli } } -resource keyVaultSecret_i5d2MB0md 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = { - parent: keyVault_zomsD2kWf +resource keyVaultSecret_oru652GQm 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = { + parent: keyVault_GLHqcGjrx name: 'sqlAdminPassword' location: location properties: { @@ -68,8 +68,8 @@ resource keyVaultSecret_i5d2MB0md 'Microsoft.KeyVault/vaults/secrets@2023-02-01' } } -resource keyVaultSecret_LNzTHfBsZ 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = { - parent: keyVault_zomsD2kWf +resource keyVaultSecret_Y0cNQsqRD 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = { + parent: keyVault_GLHqcGjrx name: 'appUserPassword' location: location properties: { @@ -77,8 +77,8 @@ resource keyVaultSecret_LNzTHfBsZ 'Microsoft.KeyVault/vaults/secrets@2023-02-01' } } -resource keyVaultSecret_67mSbXkng 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = { - parent: keyVault_zomsD2kWf +resource keyVaultSecret_zxjawLUWb 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = { + parent: keyVault_GLHqcGjrx name: 'connectionString' location: location properties: { @@ -250,6 +250,6 @@ resource applicationSettingsResource_EFVSysO15 'Microsoft.Web/sites/config@2021- } } -output vaultUri string = keyVault_zomsD2kWf.properties.vaultUri +output vaultUri string = keyVault_GLHqcGjrx.properties.vaultUri output SERVICE_API_IDENTITY_PRINCIPAL_ID string = webSite_IGuzwfciS.identity.principalId output sqlServerName string = sqlServer_9wIHMU1zj.properties.fullyQualifiedDomainName diff --git a/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/WebSiteUsingL3SpecificSubscription/resources/rg_TEST_module/rg_TEST_module.bicep b/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/WebSiteUsingL3SpecificSubscription/resources/rg_TEST_module/rg_TEST_module.bicep index ecf9becc519e..b0e06035b42f 100644 --- a/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/WebSiteUsingL3SpecificSubscription/resources/rg_TEST_module/rg_TEST_module.bicep +++ b/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/WebSiteUsingL3SpecificSubscription/resources/rg_TEST_module/rg_TEST_module.bicep @@ -18,8 +18,8 @@ resource appServicePlan_kjMZSF1FP 'Microsoft.Web/serverfarms@2021-02-01' = { } } -resource keyVault_CRoMbemLF 'Microsoft.KeyVault/vaults@2023-02-01' = { - name: 'kv-TEST' +resource keyVault_nM2Vqwgtg 'Microsoft.KeyVault/vaults@2023-02-01' = { + name: toLower(take(concat('kv', uniqueString(resourceGroup().id)), 24)) location: 'westus' tags: { 'key': 'value' @@ -34,8 +34,8 @@ resource keyVault_CRoMbemLF 'Microsoft.KeyVault/vaults@2023-02-01' = { } } -resource keyVaultAddAccessPolicy_OttgS6uaT 'Microsoft.KeyVault/vaults/accessPolicies@2023-02-01' = { - parent: keyVault_CRoMbemLF +resource keyVaultAddAccessPolicy_7ChrYtGGE 'Microsoft.KeyVault/vaults/accessPolicies@2023-02-01' = { + parent: keyVault_nM2Vqwgtg name: 'add' properties: { accessPolicies: [ @@ -53,24 +53,24 @@ resource keyVaultAddAccessPolicy_OttgS6uaT 'Microsoft.KeyVault/vaults/accessPoli } } -resource keyVaultSecret_nMDmVNMVq 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = { - parent: keyVault_CRoMbemLF +resource keyVaultSecret_EG4xNeA1a 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = { + parent: keyVault_nM2Vqwgtg name: 'sqlAdminPassword' properties: { value: sqlAdminPassword } } -resource keyVaultSecret_PrlUnEuAz 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = { - parent: keyVault_CRoMbemLF +resource keyVaultSecret_ynz4glpCA 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = { + parent: keyVault_nM2Vqwgtg name: 'appUserPassword' properties: { value: appUserPassword } } -resource keyVaultSecret_NP8ELZpgb 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = { - parent: keyVault_CRoMbemLF +resource keyVaultSecret_YQnCy7jra 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = { + parent: keyVault_nM2Vqwgtg name: 'connectionString' properties: { value: 'Server=${sqlServer_dQT7Agxxb.properties.fullyQualifiedDomainName}; Database=${sqlDatabase_xPxoW7iwr.name}; User=appUser; Password=${appUserPassword}' @@ -240,6 +240,6 @@ resource applicationSettingsResource_Pfdqa0OdT 'Microsoft.Web/sites/config@2021- } } -output vaultUri string = keyVault_CRoMbemLF.properties.vaultUri +output vaultUri string = keyVault_nM2Vqwgtg.properties.vaultUri output SERVICE_API_IDENTITY_PRINCIPAL_ID string = webSite_W5EweSXEq.identity.principalId output sqlServerName string = sqlServer_dQT7Agxxb.properties.fullyQualifiedDomainName diff --git a/sdk/provisioning/Azure.Provisioning/tests/ProvisioningTests.cs b/sdk/provisioning/Azure.Provisioning/tests/ProvisioningTests.cs index 8c2d91ab0b1b..86775952e78f 100644 --- a/sdk/provisioning/Azure.Provisioning/tests/ProvisioningTests.cs +++ b/sdk/provisioning/Azure.Provisioning/tests/ProvisioningTests.cs @@ -64,8 +64,10 @@ public async Task WebSiteUsingL1() "SERVICE_API_IDENTITY_PRINCIPAL_ID", isSecure: true); - infra.AddKeyVault() - .AddAccessPolicy(frontEndPrincipalId); // frontEnd.properties.identity.principalId + var kv = infra.AddKeyVault(); + kv.AddAccessPolicy(frontEndPrincipalId); // frontEnd.properties.identity.principalId + kv.AssignRole(RoleDefinition.KeyVaultAdministrator, Guid.Empty); + kv.AddOutput(data => data.Properties.VaultUri, "vaultUri"); KeyVaultSecret sqlAdminSecret = new KeyVaultSecret(infra, "sqlAdminPassword"); Assert.False(sqlAdminSecret.Properties.Name.EndsWith(infra.EnvironmentName)); diff --git a/sdk/provisioning/Azure.Provisioning/tests/TestFrontEndWebSite.cs b/sdk/provisioning/Azure.Provisioning/tests/TestFrontEndWebSite.cs index 903ebf211be9..b87aa7167819 100644 --- a/sdk/provisioning/Azure.Provisioning/tests/TestFrontEndWebSite.cs +++ b/sdk/provisioning/Azure.Provisioning/tests/TestFrontEndWebSite.cs @@ -23,6 +23,7 @@ public TestFrontEndWebSite(IConstruct scope, KeyVault? keyVault = null, AppServi isSecure: true); keyVault.AddAccessPolicy(frontEndPrincipalId); + keyVault.AddOutput(data => data.Properties.VaultUri, "vaultUri"); WebSiteConfigLogs logs = new WebSiteConfigLogs(this, "logs", frontEnd); }