Azure · JoshLove-msft · Mar 4, 2024 · Mar 4, 2024 · Mar 4, 2024 · Mar 4, 2024
diff --git a/sdk/provisioning/Azure.Provisioning/api/Azure.Provisioning.net6.0.cs b/sdk/provisioning/Azure.Provisioning/api/Azure.Provisioning.net6.0.cs
@@ -93,6 +93,7 @@ protected Resource(Azure.Provisioning.IConstruct scope, Azure.Provisioning.Resou
         protected virtual Azure.Provisioning.Resource? FindParentInScope(Azure.Provisioning.IConstruct scope) { throw null; }
         protected virtual string GetAzureName(Azure.Provisioning.IConstruct scope, string resourceName) { throw null; }
         protected virtual string GetBicepName(Azure.Provisioning.Resource resource) { throw null; }
+        protected string GetGloballyUniqueName(string resourceName) { throw null; }
         protected virtual bool NeedsParent() { throw null; }
         protected virtual bool NeedsScope() { throw null; }
         Azure.Provisioning.Resource System.ClientModel.Primitives.IPersistableModel<Azure.Provisioning.Resource>.Create(System.BinaryData data, System.ClientModel.Primitives.ModelReaderWriterOptions options) { throw null; }
@@ -173,6 +174,7 @@ public partial class RoleAssignment : Azure.Provisioning.Resource<Azure.Resource
         private readonly object _dummy;
         private readonly int _dummyPrimitive;
         public RoleDefinition(string value) { throw null; }
+        public static Azure.Provisioning.Authorization.RoleDefinition KeyVaultAdministrator { get { throw null; } }
         public static Azure.Provisioning.Authorization.RoleDefinition StorageBlobDataContributor { get { throw null; } }
         public static Azure.Provisioning.Authorization.RoleDefinition StorageQueueDataContributor { get { throw null; } }
         public static Azure.Provisioning.Authorization.RoleDefinition StorageTableDataContributor { get { throw null; } }
@@ -192,6 +194,7 @@ public partial class KeyVault : Azure.Provisioning.Resource<Azure.ResourceManage
         public KeyVault(Azure.Provisioning.IConstruct scope, Azure.Provisioning.ResourceManager.ResourceGroup? parent = null, string name = "kv", string version = "2023-02-01", Azure.Core.AzureLocation? location = default(Azure.Core.AzureLocation?)) : base (default(Azure.Provisioning.IConstruct), default(Azure.Provisioning.Resource), default(string), default(Azure.Core.ResourceType), default(string), default(System.Func<string, Azure.ResourceManager.KeyVault.KeyVaultData>)) { }
         public void AddAccessPolicy(Azure.Provisioning.Output output) { }
         protected override Azure.Provisioning.Resource? FindParentInScope(Azure.Provisioning.IConstruct scope) { throw null; }
+        protected override string GetAzureName(Azure.Provisioning.IConstruct scope, string resourceName) { throw null; }
     }
     public static partial class KeyVaultExtensions
     {

diff --git a/sdk/provisioning/Azure.Provisioning/api/Azure.Provisioning.netstandard2.0.cs b/sdk/provisioning/Azure.Provisioning/api/Azure.Provisioning.netstandard2.0.cs
@@ -93,6 +93,7 @@ protected Resource(Azure.Provisioning.IConstruct scope, Azure.Provisioning.Resou
         protected virtual Azure.Provisioning.Resource? FindParentInScope(Azure.Provisioning.IConstruct scope) { throw null; }
         protected virtual string GetAzureName(Azure.Provisioning.IConstruct scope, string resourceName) { throw null; }
         protected virtual string GetBicepName(Azure.Provisioning.Resource resource) { throw null; }
+        protected string GetGloballyUniqueName(string resourceName) { throw null; }
         protected virtual bool NeedsParent() { throw null; }
         protected virtual bool NeedsScope() { throw null; }
         Azure.Provisioning.Resource System.ClientModel.Primitives.IPersistableModel<Azure.Provisioning.Resource>.Create(System.BinaryData data, System.ClientModel.Primitives.ModelReaderWriterOptions options) { throw null; }
@@ -173,6 +174,7 @@ public partial class RoleAssignment : Azure.Provisioning.Resource<Azure.Resource
         private readonly object _dummy;
         private readonly int _dummyPrimitive;
         public RoleDefinition(string value) { throw null; }
+        public static Azure.Provisioning.Authorization.RoleDefinition KeyVaultAdministrator { get { throw null; } }
         public static Azure.Provisioning.Authorization.RoleDefinition StorageBlobDataContributor { get { throw null; } }
         public static Azure.Provisioning.Authorization.RoleDefinition StorageQueueDataContributor { get { throw null; } }
         public static Azure.Provisioning.Authorization.RoleDefinition StorageTableDataContributor { get { throw null; } }
@@ -192,6 +194,7 @@ public partial class KeyVault : Azure.Provisioning.Resource<Azure.ResourceManage
         public KeyVault(Azure.Provisioning.IConstruct scope, Azure.Provisioning.ResourceManager.ResourceGroup? parent = null, string name = "kv", string version = "2023-02-01", Azure.Core.AzureLocation? location = default(Azure.Core.AzureLocation?)) : base (default(Azure.Provisioning.IConstruct), default(Azure.Provisioning.Resource), default(string), default(Azure.Core.ResourceType), default(string), default(System.Func<string, Azure.ResourceManager.KeyVault.KeyVaultData>)) { }
         public void AddAccessPolicy(Azure.Provisioning.Output output) { }
         protected override Azure.Provisioning.Resource? FindParentInScope(Azure.Provisioning.IConstruct scope) { throw null; }
+        protected override string GetAzureName(Azure.Provisioning.IConstruct scope, string resourceName) { throw null; }
     }
     public static partial class KeyVaultExtensions
     {

diff --git a/sdk/provisioning/Azure.Provisioning/src/Resource.cs b/sdk/provisioning/Azure.Provisioning/src/Resource.cs
@@ -6,16 +6,11 @@
 using System.Collections.Generic;
 using System.Diagnostics;
 using System.IO;
-using System.Linq;
 using System.Security.Cryptography;
 using System.Text;
 using Azure.Core;
-using Azure.Provisioning.Authorization;
 using Azure.Provisioning.ResourceManager;
-using Azure.Provisioning.Resources;
 using Azure.ResourceManager;
-using Azure.ResourceManager.Authorization.Models;
-using Azure.ResourceManager.Models;
 
 namespace Azure.Provisioning
 {
@@ -141,6 +136,13 @@ protected virtual string GetAzureName(IConstruct scope, string resourceName)
             return stringBuilder.ToString(0, Math.Min(stringBuilder.Length, 24));
         }
 
+        /// <summary>
+        /// Gets a globally unique name for the resource.
+        /// </summary>
+        /// <param name="resourceName">The specified name when constructing the resource.</param>
+        protected string GetGloballyUniqueName(string resourceName)
+            => $"toLower(take(concat('{resourceName}', uniqueString(resourceGroup().id)), 24))";
+
         /// <summary>
         /// Finds the parent resource in the scope.
         /// </summary>

diff --git a/sdk/provisioning/Azure.Provisioning/src/authorization/RoleDefinition.cs b/sdk/provisioning/Azure.Provisioning/src/authorization/RoleDefinition.cs
@@ -33,6 +33,11 @@ public RoleDefinition(string value)
         /// </summary>
         public static RoleDefinition StorageTableDataContributor { get; } = new RoleDefinition("0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3");
 
+        /// <summary>
+        /// Key Vault administrator role.
+        /// </summary>
+        public static RoleDefinition KeyVaultAdministrator { get; } = new RoleDefinition("00482a5a-887f-4fb3-b363-3b7fe8e74483");
+
         /// <summary> Converts a string to a <see cref="RoleDefinition"/>. </summary>
         public static implicit operator RoleDefinition(string value) => new RoleDefinition(value);
 

diff --git a/sdk/provisioning/Azure.Provisioning/src/keyvault/KeyVault.cs b/sdk/provisioning/Azure.Provisioning/src/keyvault/KeyVault.cs
@@ -45,7 +45,8 @@ public KeyVault(IConstruct scope, ResourceGroup? parent = default, string name =
                     } : default,
                     enableRbacAuthorization: true)))
         {
-            AddOutput(kv => kv.Properties.VaultUri, "vaultUri");
+            AssignProperty(data => data.Name, GetAzureName(scope, name));
+
             if (scope.Root.Properties.TenantId == Guid.Empty)
             {
                 AssignProperty(kv => kv.Properties.TenantId, Tenant.TenantIdExpression);
@@ -71,5 +72,8 @@ public void AddAccessPolicy(Output output)
             }
             return result;
         }
+
+        /// <inheritdoc/>
+        protected override string GetAzureName(IConstruct scope, string resourceName) => GetGloballyUniqueName(resourceName);
     }
 }
diff --git a/sdk/provisioning/Azure.Provisioning/src/sqlmanagement/SqlServer.cs b/sdk/provisioning/Azure.Provisioning/src/sqlmanagement/SqlServer.cs
@@ -76,9 +76,6 @@ public SqlServer(
         }
 
         /// <inheritdoc/>
-        protected override string GetAzureName(IConstruct scope, string resourceName)
-        {
-            return $"toLower(take(concat('{resourceName}', uniqueString(resourceGroup().id)), 24))";
-        }
+        protected override string GetAzureName(IConstruct scope, string resourceName) => GetGloballyUniqueName(resourceName);
     }
 }
diff --git a/sdk/provisioning/Azure.Provisioning/src/storage/StorageAccount.cs b/sdk/provisioning/Azure.Provisioning/src/storage/StorageAccount.cs
@@ -50,9 +50,6 @@ public StorageAccount(IConstruct scope, StorageKind kind, StorageSkuName sku, Re
         }
 
         /// <inheritdoc/>
-        protected override string GetAzureName(IConstruct scope, string resourceName)
-        {
-            return $"toLower(take(concat('{resourceName}', uniqueString(resourceGroup().id)), 24))";
-        }
+        protected override string GetAzureName(IConstruct scope, string resourceName) => GetGloballyUniqueName(resourceName);
     }
 }
diff --git a/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/OutputsSpanningModules/main.bicep b/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/OutputsSpanningModules/main.bicep
@@ -52,5 +52,4 @@ module rg3_TEST_module './resources/rg3_TEST_module/rg3_TEST_module.bicep' = {
 
 output STORAGE_PRINCIPAL_ID string = rg1_TEST_module.outputs.STORAGE_PRINCIPAL_ID
 output LOCATION string = rg1_TEST_module.outputs.LOCATION
-output vaultUri string = rg1_TEST_module.outputs.vaultUri
 output SERVICE_API_IDENTITY_PRINCIPAL_ID string = rg3_TEST_module.outputs.SERVICE_API_IDENTITY_PRINCIPAL_ID
diff --git a/...sts/Infrastructure/OutputsSpanningModules/resources/rg1_TEST_module/rg1_TEST_module.bicep b/...sts/Infrastructure/OutputsSpanningModules/resources/rg1_TEST_module/rg1_TEST_module.bicep
@@ -45,8 +45,8 @@ resource applicationSettingsResource_lzuRUWkeF 'Microsoft.Web/sites/config@2021-
   name: 'appsettings'
 }
 
-resource keyVault_BRsYQF4qT 'Microsoft.KeyVault/vaults@2023-02-01' = {
-  name: 'kv-TEST'
+resource keyVault_aUw0nRbmu 'Microsoft.KeyVault/vaults@2023-02-01' = {
+  name: toLower(take(concat('kv', uniqueString(resourceGroup().id)), 24))
   location: 'westus'
   properties: {
     tenantId: tenant().tenantId
@@ -59,8 +59,8 @@ resource keyVault_BRsYQF4qT 'Microsoft.KeyVault/vaults@2023-02-01' = {
   }
 }
 
-resource keyVaultAddAccessPolicy_hv5Kg38J7 'Microsoft.KeyVault/vaults/accessPolicies@2023-02-01' = {
-  parent: keyVault_BRsYQF4qT
+resource keyVaultAddAccessPolicy_W0akO7TQ8 'Microsoft.KeyVault/vaults/accessPolicies@2023-02-01' = {
+  parent: keyVault_aUw0nRbmu
   name: 'add'
   properties: {
     accessPolicies: [
@@ -80,4 +80,3 @@ resource keyVaultAddAccessPolicy_hv5Kg38J7 'Microsoft.KeyVault/vaults/accessPoli
 
 output STORAGE_PRINCIPAL_ID string = webSite_dOTaZfna6.identity.principalId
 output LOCATION string = webSite_dOTaZfna6.location
-output vaultUri string = keyVault_BRsYQF4qT.properties.vaultUri
diff --git a/...sioning/tests/Infrastructure/WebSiteUsingL1/resources/rg_TEST_module/rg_TEST_module.bicep b/...sioning/tests/Infrastructure/WebSiteUsingL1/resources/rg_TEST_module/rg_TEST_module.bicep
@@ -71,8 +71,8 @@ resource webSiteConfigLogs_giqxapQs0 'Microsoft.Web/sites/config@2021-02-01' = {
   }
 }
 
-resource keyVault_CRoMbemLF 'Microsoft.KeyVault/vaults@2023-02-01' = {
-  name: 'kv-TEST'
+resource keyVault_nM2Vqwgtg 'Microsoft.KeyVault/vaults@2023-02-01' = {
+  name: toLower(take(concat('kv', uniqueString(resourceGroup().id)), 24))
   location: 'westus'
   properties: {
     tenantId: tenant().tenantId
@@ -84,8 +84,8 @@ resource keyVault_CRoMbemLF 'Microsoft.KeyVault/vaults@2023-02-01' = {
   }
 }
 
-resource keyVaultAddAccessPolicy_OttgS6uaT 'Microsoft.KeyVault/vaults/accessPolicies@2023-02-01' = {
-  parent: keyVault_CRoMbemLF
+resource keyVaultAddAccessPolicy_7ChrYtGGE 'Microsoft.KeyVault/vaults/accessPolicies@2023-02-01' = {
+  parent: keyVault_nM2Vqwgtg
   name: 'add'
   properties: {
     accessPolicies: [
@@ -103,24 +103,34 @@ resource keyVaultAddAccessPolicy_OttgS6uaT 'Microsoft.KeyVault/vaults/accessPoli
   }
 }
 
-resource keyVaultSecret_nMDmVNMVq 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = {
-  parent: keyVault_CRoMbemLF
+resource roleAssignment_vMr1hl6oa 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  scope: keyVault_nM2Vqwgtg
+  name: guid(keyVault_nM2Vqwgtg.id, '00000000-0000-0000-0000-000000000000', subscriptionResourceId('00000000-0000-0000-0000-000000000000', 'Microsoft.Authorization/roleDefinitions', '00482a5a-887f-4fb3-b363-3b7fe8e74483'))
+  properties: {
+    roleDefinitionId: subscriptionResourceId('00000000-0000-0000-0000-000000000000', 'Microsoft.Authorization/roleDefinitions', '00482a5a-887f-4fb3-b363-3b7fe8e74483')
+    principalId: '00000000-0000-0000-0000-000000000000'
+    principalType: 'ServicePrincipal'
+  }
+}
+
+resource keyVaultSecret_EG4xNeA1a 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = {
+  parent: keyVault_nM2Vqwgtg
   name: 'sqlAdminPassword'
   properties: {
     value: sqlAdminPassword
   }
 }
 
-resource keyVaultSecret_PrlUnEuAz 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = {
-  parent: keyVault_CRoMbemLF
+resource keyVaultSecret_ynz4glpCA 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = {
+  parent: keyVault_nM2Vqwgtg
   name: 'appUserPassword'
   properties: {
     value: appUserPassword
   }
 }
 
-resource keyVaultSecret_NP8ELZpgb 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = {
-  parent: keyVault_CRoMbemLF
+resource keyVaultSecret_YQnCy7jra 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = {
+  parent: keyVault_nM2Vqwgtg
   name: 'connectionString'
   properties: {
     value: 'Server=${sqlServer_dQT7Agxxb.properties.fullyQualifiedDomainName}; Database=${sqlDatabase_xPxoW7iwr.name}; User=appUser; Password=${appUserPassword}'
@@ -238,5 +248,5 @@ resource applicationSettingsResource_Pfdqa0OdT 'Microsoft.Web/sites/config@2021-
 }
 
 output SERVICE_API_IDENTITY_PRINCIPAL_ID string = webSite_W5EweSXEq.identity.principalId
-output vaultUri string = keyVault_CRoMbemLF.properties.vaultUri
+output vaultUri string = keyVault_nM2Vqwgtg.properties.vaultUri
 output sqlServerName string = sqlServer_dQT7Agxxb.properties.fullyQualifiedDomainName
diff --git a/...sioning/tests/Infrastructure/WebSiteUsingL2/resources/rg_TEST_module/rg_TEST_module.bicep b/...sioning/tests/Infrastructure/WebSiteUsingL2/resources/rg_TEST_module/rg_TEST_module.bicep
@@ -18,8 +18,8 @@ resource appServicePlan_kjMZSF1FP 'Microsoft.Web/serverfarms@2021-02-01' = {
   }
 }
 
-resource keyVault_CRoMbemLF 'Microsoft.KeyVault/vaults@2023-02-01' = {
-  name: 'kv-TEST'
+resource keyVault_nM2Vqwgtg 'Microsoft.KeyVault/vaults@2023-02-01' = {
+  name: toLower(take(concat('kv', uniqueString(resourceGroup().id)), 24))
   location: 'westus'
   properties: {
     tenantId: tenant().tenantId
@@ -31,8 +31,8 @@ resource keyVault_CRoMbemLF 'Microsoft.KeyVault/vaults@2023-02-01' = {
   }
 }
 
-resource keyVaultAddAccessPolicy_OttgS6uaT 'Microsoft.KeyVault/vaults/accessPolicies@2023-02-01' = {
-  parent: keyVault_CRoMbemLF
+resource keyVaultAddAccessPolicy_7ChrYtGGE 'Microsoft.KeyVault/vaults/accessPolicies@2023-02-01' = {
+  parent: keyVault_nM2Vqwgtg
   name: 'add'
   properties: {
     accessPolicies: [
@@ -50,24 +50,24 @@ resource keyVaultAddAccessPolicy_OttgS6uaT 'Microsoft.KeyVault/vaults/accessPoli
   }
 }
 
-resource keyVaultSecret_nMDmVNMVq 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = {
-  parent: keyVault_CRoMbemLF
+resource keyVaultSecret_EG4xNeA1a 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = {
+  parent: keyVault_nM2Vqwgtg
   name: 'sqlAdminPassword'
   properties: {
     value: sqlAdminPassword
   }
 }
 
-resource keyVaultSecret_PrlUnEuAz 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = {
-  parent: keyVault_CRoMbemLF
+resource keyVaultSecret_ynz4glpCA 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = {
+  parent: keyVault_nM2Vqwgtg
   name: 'appUserPassword'
   properties: {
     value: appUserPassword
   }
 }
 
-resource keyVaultSecret_NP8ELZpgb 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = {
-  parent: keyVault_CRoMbemLF
+resource keyVaultSecret_YQnCy7jra 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = {
+  parent: keyVault_nM2Vqwgtg
   name: 'connectionString'
   properties: {
     value: 'Server=${sqlServer_dQT7Agxxb.properties.fullyQualifiedDomainName}; Database=${sqlDatabase_xPxoW7iwr.name}; User=appUser; Password=${appUserPassword}'
@@ -239,4 +239,4 @@ resource applicationSettingsResource_Pfdqa0OdT 'Microsoft.Web/sites/config@2021-
 
 output SERVICE_API_IDENTITY_PRINCIPAL_ID string = webSite_W5EweSXEq.identity.principalId
 output sqlServerName string = sqlServer_dQT7Agxxb.properties.fullyQualifiedDomainName
-output vaultUri string = keyVault_CRoMbemLF.properties.vaultUri
+output vaultUri string = keyVault_nM2Vqwgtg.properties.vaultUri
diff --git a/...sioning/tests/Infrastructure/WebSiteUsingL3/resources/rg_TEST_module/rg_TEST_module.bicep b/...sioning/tests/Infrastructure/WebSiteUsingL3/resources/rg_TEST_module/rg_TEST_module.bicep
@@ -18,8 +18,8 @@ resource appServicePlan_kjMZSF1FP 'Microsoft.Web/serverfarms@2021-02-01' = {
   }
 }
 
-resource keyVault_CRoMbemLF 'Microsoft.KeyVault/vaults@2023-02-01' = {
-  name: 'kv-TEST'
+resource keyVault_nM2Vqwgtg 'Microsoft.KeyVault/vaults@2023-02-01' = {
+  name: toLower(take(concat('kv', uniqueString(resourceGroup().id)), 24))
   location: 'westus'
   tags: {
     'key': 'value'
@@ -34,8 +34,8 @@ resource keyVault_CRoMbemLF 'Microsoft.KeyVault/vaults@2023-02-01' = {
   }
 }
 
-resource keyVaultAddAccessPolicy_OttgS6uaT 'Microsoft.KeyVault/vaults/accessPolicies@2023-02-01' = {
-  parent: keyVault_CRoMbemLF
+resource keyVaultAddAccessPolicy_7ChrYtGGE 'Microsoft.KeyVault/vaults/accessPolicies@2023-02-01' = {
+  parent: keyVault_nM2Vqwgtg
   name: 'add'
   properties: {
     accessPolicies: [
@@ -53,24 +53,24 @@ resource keyVaultAddAccessPolicy_OttgS6uaT 'Microsoft.KeyVault/vaults/accessPoli
   }
 }
 
-resource keyVaultSecret_nMDmVNMVq 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = {
-  parent: keyVault_CRoMbemLF
+resource keyVaultSecret_EG4xNeA1a 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = {
+  parent: keyVault_nM2Vqwgtg
   name: 'sqlAdminPassword'
   properties: {
     value: sqlAdminPassword
   }
 }
 
-resource keyVaultSecret_PrlUnEuAz 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = {
-  parent: keyVault_CRoMbemLF
+resource keyVaultSecret_ynz4glpCA 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = {
+  parent: keyVault_nM2Vqwgtg
   name: 'appUserPassword'
   properties: {
     value: appUserPassword
   }
 }
 
-resource keyVaultSecret_NP8ELZpgb 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = {
-  parent: keyVault_CRoMbemLF
+resource keyVaultSecret_YQnCy7jra 'Microsoft.KeyVault/vaults/secrets@2023-02-01' = {
+  parent: keyVault_nM2Vqwgtg
   name: 'connectionString'
   properties: {
     value: 'Server=${sqlServer_dQT7Agxxb.properties.fullyQualifiedDomainName}; Database=${sqlDatabase_xPxoW7iwr.name}; User=appUser; Password=${appUserPassword}'
@@ -240,6 +240,6 @@ resource applicationSettingsResource_Pfdqa0OdT 'Microsoft.Web/sites/config@2021-
   }
 }
 
-output vaultUri string = keyVault_CRoMbemLF.properties.vaultUri
+output vaultUri string = keyVault_nM2Vqwgtg.properties.vaultUri
 output SERVICE_API_IDENTITY_PRINCIPAL_ID string = webSite_W5EweSXEq.identity.principalId
 output sqlServerName string = sqlServer_dQT7Agxxb.properties.fullyQualifiedDomainName