User assigned identities (#42768)

* Add user assigned identity resource * bicep
Azure · Mar 18, 2024 · 3e72dcb · 3e72dcb
1 parent 62df432
commit 3e72dcb
Show file tree

Hide file tree

Showing 10 changed files with 135 additions and 2 deletions.
diff --git a/eng/Packages.Data.props b/eng/Packages.Data.props
@@ -131,13 +131,16 @@
     <PackageReference Update="Azure.AI.OpenAI" Version="1.0.0-beta.9" />
     <PackageReference Update="Azure.ResourceManager" Version="1.11.0-alpha.20240310.2" />
     <PackageReference Update="Azure.ResourceManager.AppConfiguration" Version="1.3.0-alpha.20240309.1" />
+    <PackageReference Update="Azure.ResourceManager.AppContainers" Version="1.2.0-alpha.20240315.2" />
     <PackageReference Update="Azure.ResourceManager.ApplicationInsights" Version="1.0.0-alpha.20240314.2" />
     <PackageReference Update="Azure.ResourceManager.AppService" Version="1.1.0-alpha.20240310.1" />
     <PackageReference Update="Azure.ResourceManager.Authorization" Version="1.2.0-alpha.20240309.1" />
+    <PackageReference Update="Azure.ResourceManager.ContainerRegistry" Version="1.3.0-alpha.20240315.2" />
     <PackageReference Update="Azure.ResourceManager.CognitiveServices" Version="1.4.0-alpha.20240309.1" />
     <PackageReference Update="Azure.ResourceManager.CosmosDB" Version="1.4.0-alpha.20240309.1" />
     <PackageReference Update="Azure.ResourceManager.EventHubs" Version="1.1.0-alpha.20240311.3" />
     <PackageReference Update="Azure.ResourceManager.KeyVault" Version="1.3.0-alpha.20240310.2" />
+    <PackageReference Update="Azure.ResourceManager.ManagedServiceIdentities" Version="1.3.0-alpha.20240315.2" />
     <PackageReference Update="Azure.ResourceManager.OperationalInsights" Version="1.3.0-alpha.20240315.1" />
     <PackageReference Update="Azure.ResourceManager.PostgreSql" Version="1.2.0-alpha.20240309.1" />
     <PackageReference Update="Azure.ResourceManager.Redis" Version="1.4.0-alpha.20240309.1" />

diff --git a/sdk/provisioning/Azure.Provisioning/api/Azure.Provisioning.net6.0.cs b/sdk/provisioning/Azure.Provisioning/api/Azure.Provisioning.net6.0.cs
@@ -309,6 +309,15 @@ public partial class KeyVaultSecret : Azure.Provisioning.Resource<Azure.Resource
         public static Azure.Provisioning.KeyVaults.KeyVaultSecret FromExisting(Azure.Provisioning.IConstruct scope, string name, Azure.Provisioning.KeyVaults.KeyVault parent) { throw null; }
     }
 }
+namespace Azure.Provisioning.ManagedServiceIdentities
+{
+    public partial class UserAssignedIdentity : Azure.Provisioning.Resource<Azure.ResourceManager.ManagedServiceIdentities.UserAssignedIdentityData>
+    {
+        public UserAssignedIdentity(Azure.Provisioning.IConstruct scope, Azure.Provisioning.ResourceManager.ResourceGroup? parent = null, string name = "useridentity", string version = "2023-01-31", Azure.Core.AzureLocation? location = default(Azure.Core.AzureLocation?)) : base (default(Azure.Provisioning.IConstruct), default(Azure.Provisioning.Resource), default(string), default(Azure.Core.ResourceType), default(string), default(System.Func<string, Azure.ResourceManager.ManagedServiceIdentities.UserAssignedIdentityData>)) { }
+        public static Azure.Provisioning.ManagedServiceIdentities.UserAssignedIdentity FromExisting(Azure.Provisioning.IConstruct scope, string name, Azure.Provisioning.ResourceManager.ResourceGroup? parent = null) { throw null; }
+        protected override string GetAzureName(Azure.Provisioning.IConstruct scope, string resourceName) { throw null; }
+    }
+}
 namespace Azure.Provisioning.OperationalInsights
 {
     public partial class OperationalInsightsWorkspace : Azure.Provisioning.Resource<Azure.ResourceManager.OperationalInsights.OperationalInsightsWorkspaceData>

diff --git a/sdk/provisioning/Azure.Provisioning/api/Azure.Provisioning.netstandard2.0.cs b/sdk/provisioning/Azure.Provisioning/api/Azure.Provisioning.netstandard2.0.cs
@@ -309,6 +309,15 @@ public partial class KeyVaultSecret : Azure.Provisioning.Resource<Azure.Resource
         public static Azure.Provisioning.KeyVaults.KeyVaultSecret FromExisting(Azure.Provisioning.IConstruct scope, string name, Azure.Provisioning.KeyVaults.KeyVault parent) { throw null; }
     }
 }
+namespace Azure.Provisioning.ManagedServiceIdentities
+{
+    public partial class UserAssignedIdentity : Azure.Provisioning.Resource<Azure.ResourceManager.ManagedServiceIdentities.UserAssignedIdentityData>
+    {
+        public UserAssignedIdentity(Azure.Provisioning.IConstruct scope, Azure.Provisioning.ResourceManager.ResourceGroup? parent = null, string name = "useridentity", string version = "2023-01-31", Azure.Core.AzureLocation? location = default(Azure.Core.AzureLocation?)) : base (default(Azure.Provisioning.IConstruct), default(Azure.Provisioning.Resource), default(string), default(Azure.Core.ResourceType), default(string), default(System.Func<string, Azure.ResourceManager.ManagedServiceIdentities.UserAssignedIdentityData>)) { }
+        public static Azure.Provisioning.ManagedServiceIdentities.UserAssignedIdentity FromExisting(Azure.Provisioning.IConstruct scope, string name, Azure.Provisioning.ResourceManager.ResourceGroup? parent = null) { throw null; }
+        protected override string GetAzureName(Azure.Provisioning.IConstruct scope, string resourceName) { throw null; }
+    }
+}
 namespace Azure.Provisioning.OperationalInsights
 {
     public partial class OperationalInsightsWorkspace : Azure.Provisioning.Resource<Azure.ResourceManager.OperationalInsights.OperationalInsightsWorkspaceData>

diff --git a/sdk/provisioning/Azure.Provisioning/src/Azure.Provisioning.csproj b/sdk/provisioning/Azure.Provisioning/src/Azure.Provisioning.csproj
@@ -27,6 +27,7 @@
     <PackageReference Include="Azure.ResourceManager.SignalR" />
     <PackageReference Include="Azure.ResourceManager.ApplicationInsights" />
     <PackageReference Include="Azure.ResourceManager.OperationalInsights" />
+    <PackageReference Include="Azure.ResourceManager.ManagedServiceIdentities" />
     <PackageReference Include="System.ClientModel" />
   </ItemGroup>
 

diff --git a/sdk/provisioning/Azure.Provisioning/src/cosmosdb/CosmosDBAccount.cs b/sdk/provisioning/Azure.Provisioning/src/cosmosdb/CosmosDBAccount.cs
@@ -76,7 +76,7 @@ private CosmosDBAccount(
         /// <param name="scope">The scope.</param>
         /// <param name="name">The resource name.</param>
         /// <param name="parent">The resource group.</param>
-        /// <returns>The KeyVault instance.</returns>
+        /// <returns>The CosmosDBAccount instance.</returns>
         public static CosmosDBAccount FromExisting(IConstruct scope, string name, ResourceGroup? parent = null)
             => new CosmosDBAccount(scope, parent: parent, name: name, isExisting: true);
 

diff --git a/sdk/provisioning/Azure.Provisioning/src/managedidentities/UserAssignedIdentity.cs b/sdk/provisioning/Azure.Provisioning/src/managedidentities/UserAssignedIdentity.cs
@@ -0,0 +1,70 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+using System;
+using Azure.Core;
+using Azure.Provisioning.ResourceManager;
+using Azure.ResourceManager.ManagedServiceIdentities;
+using Azure.ResourceManager.ManagedServiceIdentities.Models;
+
+namespace Azure.Provisioning.ManagedServiceIdentities
+{
+    /// <summary>
+    /// Represents a user assigned identity.
+    /// </summary>
+    public class UserAssignedIdentity : Resource<UserAssignedIdentityData>
+    {
+        // https://learn.microsoft.com/azure/templates/microsoft.insights/2020-02-02/components?pivots=deployment-language-bicep
+        private const string ResourceTypeName = "Microsoft.ManagedIdentity/userAssignedIdentities";
+        // https://learn.microsoft.com/azure/templates/microsoft.managedidentity/2023-01-31/userassignedidentities?pivots=deployment-language-bicep
+        internal const string DefaultVersion = "2023-01-31";
+
+        private static UserAssignedIdentityData Empty(string name) => ArmManagedServiceIdentitiesModelFactory.UserAssignedIdentityData();
+
+        /// <summary>
+        /// Creates a new instance of the <see cref="UserAssignedIdentity"/> class.
+        /// </summary>
+        /// <param name="scope">The scope.</param>
+        /// <param name="parent">The parent.</param>
+        /// <param name="name">The name.</param>
+        /// <param name="version">The version.</param>
+        /// <param name="location">The location.</param>
+        public UserAssignedIdentity(
+            IConstruct scope,
+            ResourceGroup? parent = default,
+            string name = "useridentity",
+            string version = DefaultVersion,
+            AzureLocation? location = default)
+            : this(scope, parent, name, version, location, false, (name) => ArmManagedServiceIdentitiesModelFactory.UserAssignedIdentityData(
+                name: name,
+                location: location ?? Environment.GetEnvironmentVariable("AZURE_LOCATION") ?? AzureLocation.WestUS))
+        {
+            AssignProperty(data => data.Name, GetAzureName(scope, name));
+        }
+
+        private UserAssignedIdentity(
+            IConstruct scope,
+            ResourceGroup? parent,
+            string name,
+            string version = DefaultVersion,
+            AzureLocation? location = default,
+            bool isExisting = false,
+            Func<string, UserAssignedIdentityData>? creator = null)
+            : base(scope, parent, name, ResourceTypeName, version, creator ?? Empty, isExisting)
+        {
+        }
+
+        /// <summary>
+        /// Creates a new instance of the <see cref="UserAssignedIdentity"/> class referencing an existing instance.
+        /// </summary>
+        /// <param name="scope">The scope.</param>
+        /// <param name="name">The resource name.</param>
+        /// <param name="parent">The resource group.</param>
+        /// <returns>The UserAssignedIdentity instance.</returns>
+        public static UserAssignedIdentity FromExisting(IConstruct scope, string name, ResourceGroup? parent = null)
+            => new UserAssignedIdentity(scope, parent: parent, name: name, isExisting: true);
+
+        /// <inheritdoc/>
+        protected override string GetAzureName(IConstruct scope, string resourceName) => GetGloballyUniqueName(resourceName);
+    }
+}
diff --git a/sdk/provisioning/Azure.Provisioning/tests/Azure.Provisioning.Tests.csproj b/sdk/provisioning/Azure.Provisioning/tests/Azure.Provisioning.Tests.csproj
@@ -16,4 +16,14 @@
     <Compile Include="$(TestFrameworkSupportFiles)" LinkBase="Shared\TestFramework" />
   </ItemGroup>
 
+  <ItemGroup>
+    <Folder Include="Infrastructure\ContainerApps\" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <None Remove="Infrastructure\ContainerApps\main.bicep" />
+    <None Remove="Infrastructure\CanAssignParameterToMultipleResources\main.json" />
+    <None Remove="Infrastructure\AppConfiguration\main.json" />
+  </ItemGroup>
+
 </Project>
diff --git a/...ning/tests/Infrastructure/ExistingResources/resources/rg_TEST_module/rg_TEST_module.bicep b/...ning/tests/Infrastructure/ExistingResources/resources/rg_TEST_module/rg_TEST_module.bicep
@@ -113,10 +113,14 @@ resource applicationInsightsComponent_OdiSCimF0 'Microsoft.Insights/components@2
   name: 'existingAppInsights'
 }
 
-resource operationalInsightsWorkspace_8Dwma7cn9 'Microsoft.Insights/components@2022-10-01' existing = {
+resource operationalInsightsWorkspace_8Dwma7cn9 'Microsoft.OperationalInsights/workspaces@2022-10-01' existing = {
   name: 'existingOpInsights'
 }
 
+resource userAssignedIdentity_AHWXCnFeG 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' existing = {
+  name: 'existingUserAssignedIdentity'
+}
+
 resource applicationSettingsResource_6DtpuGITF 'Microsoft.Web/sites/config@2021-02-01' = {
   parent: webSite_C2Aq73IJb
   name: 'appsettings'

diff --git a/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/UserAssignedIdentities/main.bicep b/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/UserAssignedIdentities/main.bicep
@@ -0,0 +1,12 @@
+targetScope = 'resourceGroup'
+
+@description('')
+param location string = resourceGroup().location
+
+
+resource userAssignedIdentity_aEVqJOqFO 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
+  name: toLower(take(concat('useridentity', uniqueString(resourceGroup().id)), 24))
+  location: location
+  properties: {
+  }
+}
diff --git a/sdk/provisioning/Azure.Provisioning/tests/ProvisioningTests.cs b/sdk/provisioning/Azure.Provisioning/tests/ProvisioningTests.cs
@@ -7,6 +7,7 @@
 using System.IO;
 using System.Diagnostics;
 using System.Linq;
+using System.Reflection;
 using System.Threading.Tasks;
 using Azure.Core;
 using Azure.Core.TestFramework;
@@ -39,6 +40,7 @@
 using Azure.ResourceManager.Storage.Models;
 using Azure.ResourceManager.TestFramework;
 using CoreTestEnvironment = Azure.Core.TestFramework.TestEnvironment;
+using UserAssignedIdentity = Azure.Provisioning.ManagedServiceIdentities.UserAssignedIdentity;
 
 namespace Azure.Provisioning.Tests
 {
@@ -449,6 +451,17 @@ public async Task AppInsights()
             await ValidateBicepAsync(interactiveMode: true);
         }
 
+        [RecordedTest]
+        public async Task UserAssignedIdentities()
+        {
+            TestInfrastructure infrastructure = new TestInfrastructure(configuration: new Configuration { UseInteractiveMode = true });
+            _ = new UserAssignedIdentity(infrastructure);
+
+            infrastructure.Build(GetOutputPath());
+
+            await ValidateBicepAsync(interactiveMode: true);
+        }
+
         [RecordedTest]
         public async Task WebSiteUsingL2()
         {
@@ -787,6 +800,8 @@ public async Task ExistingResources()
 
             infra.AddResource(OperationalInsightsWorkspace.FromExisting(infra, "'existingOpInsights'", rg));
 
+            infra.AddResource(UserAssignedIdentity.FromExisting(infra, "'existingUserAssignedIdentity'", rg));
+
             infra.Build(GetOutputPath());
 
             await ValidateBicepAsync(BinaryData.FromObjectAsJson(