From 8161bd4d7e70ba125348ab6cd6a1004f17f6aeb3 Mon Sep 17 00:00:00 2001 From: jolov Date: Tue, 13 Feb 2024 16:08:46 -0800 Subject: [PATCH 1/2] Fix KeyVault access policy param --- sdk/provisioning/Azure.Provisioning/src/Resource.cs | 9 ++++++++- .../src/keyvault/KeyVaultAddAccessPolicy.cs | 5 +++-- .../tests/Infrastructure/WebSiteUsingL1/main.bicep | 4 ++-- .../tests/Infrastructure/WebSiteUsingL2/main.bicep | 2 +- .../TestWebSiteWithSqlBackEnd.bicep | 2 +- .../Azure.Provisioning/tests/ProvisioningTests.cs | 2 +- 6 files changed, 16 insertions(+), 8 deletions(-) diff --git a/sdk/provisioning/Azure.Provisioning/src/Resource.cs b/sdk/provisioning/Azure.Provisioning/src/Resource.cs index 23cd2fc961d52..bd45d4ebf7d46 100644 --- a/sdk/provisioning/Azure.Provisioning/src/Resource.cs +++ b/sdk/provisioning/Azure.Provisioning/src/Resource.cs @@ -104,7 +104,14 @@ protected Resource(IConstruct scope, Resource? parent, string resourceName, Reso /// The to assign. public void AssignParameter(object instance, string propertyName, Parameter parameter) { - ParameterOverrides.Add(instance, new Dictionary { { propertyName, parameter.Name } }); + if (ParameterOverrides.TryGetValue(instance, out var overrides)) + { + overrides[propertyName] = parameter.Name; + } + else + { + ParameterOverrides.Add(instance, new Dictionary { { propertyName, parameter.Name } }); + } Parameters.Add(parameter); } diff --git a/sdk/provisioning/Azure.Provisioning/src/keyvault/KeyVaultAddAccessPolicy.cs b/sdk/provisioning/Azure.Provisioning/src/keyvault/KeyVaultAddAccessPolicy.cs index 8625e1449664d..110adaf7b382d 100644 --- a/sdk/provisioning/Azure.Provisioning/src/keyvault/KeyVaultAddAccessPolicy.cs +++ b/sdk/provisioning/Azure.Provisioning/src/keyvault/KeyVaultAddAccessPolicy.cs @@ -20,7 +20,8 @@ public KeyVaultAddAccessPolicy(IConstruct scope, Parameter principalIdParameter, { new KeyVaultAccessPolicy( scope.Root.Properties.TenantId!.Value, - GetParamValue(principalIdParameter, scope), + // this value will be replaced by the parameter reference + "dummy", new IdentityAccessPermissions() { Secrets = @@ -31,7 +32,7 @@ public KeyVaultAddAccessPolicy(IConstruct scope, Parameter principalIdParameter, }) })) { - ParameterOverrides.Add(Properties, new Dictionary { { "objectId", GetParamValue(principalIdParameter, scope) } }); + ParameterOverrides.Add(Properties.AccessPolicies[0], new Dictionary { { nameof(KeyVaultAccessPolicy.ObjectId), GetParamValue(principalIdParameter, scope) } }); } private static string GetParamValue(Parameter principalIdParameter, IConstruct scope) diff --git a/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/WebSiteUsingL1/main.bicep b/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/WebSiteUsingL1/main.bicep index fbfd9a1b2f805..e55a3c8da7b3c 100644 --- a/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/WebSiteUsingL1/main.bicep +++ b/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/WebSiteUsingL1/main.bicep @@ -83,7 +83,7 @@ resource keyVaultAddAccessPolicy_OttgS6uaT 'Microsoft.KeyVault/vaults/accessPoli accessPolicies: [ { tenantId: '00000000-0000-0000-0000-000000000000' - objectId: 'SERVICE_API_IDENTITY_PRINCIPAL_ID' + objectId: SERVICE_API_IDENTITY_PRINCIPAL_ID permissions: { secrets: [ 'get' @@ -99,7 +99,7 @@ resource keyVaultSecret_nMDmVNMVq 'Microsoft.KeyVault/vaults/secrets@2023-02-01' parent: keyVault_CRoMbemLF name: 'sqlAdminPassword' properties: { - value: '00000000-0000-0000-0000-000000000000' + value: sqlAdminPassword } } diff --git a/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/WebSiteUsingL2/main.bicep b/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/WebSiteUsingL2/main.bicep index 61edf249924ac..748389309f98d 100644 --- a/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/WebSiteUsingL2/main.bicep +++ b/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/WebSiteUsingL2/main.bicep @@ -50,7 +50,7 @@ resource keyVaultAddAccessPolicy_OttgS6uaT 'Microsoft.KeyVault/vaults/accessPoli accessPolicies: [ { tenantId: '00000000-0000-0000-0000-000000000000' - objectId: 'TestFrontEndWebSite.outputs.SERVICE_API_IDENTITY_PRINCIPAL_ID' + objectId: TestFrontEndWebSite.outputs.SERVICE_API_IDENTITY_PRINCIPAL_ID permissions: { secrets: [ 'get' diff --git a/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/WebSiteUsingL3/resources/TestWebSiteWithSqlBackEnd/TestWebSiteWithSqlBackEnd.bicep b/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/WebSiteUsingL3/resources/TestWebSiteWithSqlBackEnd/TestWebSiteWithSqlBackEnd.bicep index 2a750056d2b73..26593965a6196 100644 --- a/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/WebSiteUsingL3/resources/TestWebSiteWithSqlBackEnd/TestWebSiteWithSqlBackEnd.bicep +++ b/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/WebSiteUsingL3/resources/TestWebSiteWithSqlBackEnd/TestWebSiteWithSqlBackEnd.bicep @@ -40,7 +40,7 @@ resource keyVaultAddAccessPolicy_OttgS6uaT 'Microsoft.KeyVault/vaults/accessPoli accessPolicies: [ { tenantId: '00000000-0000-0000-0000-000000000000' - objectId: 'TestFrontEndWebSite.outputs.SERVICE_API_IDENTITY_PRINCIPAL_ID' + objectId: TestFrontEndWebSite.outputs.SERVICE_API_IDENTITY_PRINCIPAL_ID permissions: { secrets: [ 'get' diff --git a/sdk/provisioning/Azure.Provisioning/tests/ProvisioningTests.cs b/sdk/provisioning/Azure.Provisioning/tests/ProvisioningTests.cs index dce93230936ce..3f86d7c686d7a 100644 --- a/sdk/provisioning/Azure.Provisioning/tests/ProvisioningTests.cs +++ b/sdk/provisioning/Azure.Provisioning/tests/ProvisioningTests.cs @@ -39,7 +39,7 @@ public void WebSiteUsingL1() .AddAccessPolicy(frontEndPrincipalId); // frontEnd.properties.identity.principalId KeyVaultSecret sqlAdminSecret = new KeyVaultSecret(infra, "sqlAdminPassword"); - sqlAdminSecret.AssignParameter(sqlAdminSecret.Properties.Properties, sqlAdminSecret.Properties.Properties.Value, sqlAdminPasswordParam); + sqlAdminSecret.AssignParameter(sqlAdminSecret.Properties.Properties, nameof(sqlAdminSecret.Properties.Properties.Value), sqlAdminPasswordParam); KeyVaultSecret appUserSecret = new KeyVaultSecret(infra, "appUserPassword"); appUserSecret.AssignParameter(appUserSecret.Properties.Properties, nameof(appUserSecret.Properties.Properties.Value), appUserPasswordParam); From 83bb4a9c6181e94fe7b55be36272c67796df2f61 Mon Sep 17 00:00:00 2001 From: jolov Date: Tue, 13 Feb 2024 16:21:06 -0800 Subject: [PATCH 2/2] Fix --- .../Azure.Provisioning/src/keyvault/KeyVaultAddAccessPolicy.cs | 2 +- .../tests/Infrastructure/WebSiteUsingL1/main.bicep | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sdk/provisioning/Azure.Provisioning/src/keyvault/KeyVaultAddAccessPolicy.cs b/sdk/provisioning/Azure.Provisioning/src/keyvault/KeyVaultAddAccessPolicy.cs index 110adaf7b382d..31999e92eed64 100644 --- a/sdk/provisioning/Azure.Provisioning/src/keyvault/KeyVaultAddAccessPolicy.cs +++ b/sdk/provisioning/Azure.Provisioning/src/keyvault/KeyVaultAddAccessPolicy.cs @@ -39,7 +39,7 @@ private static string GetParamValue(Parameter principalIdParameter, IConstruct s { if (principalIdParameter.Source is null || ReferenceEquals(principalIdParameter.Source, scope)) { - return principalIdParameter.Name; + return principalIdParameter.Value!; } else { diff --git a/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/WebSiteUsingL1/main.bicep b/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/WebSiteUsingL1/main.bicep index e55a3c8da7b3c..d43f5d9ffa9b1 100644 --- a/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/WebSiteUsingL1/main.bicep +++ b/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/WebSiteUsingL1/main.bicep @@ -83,7 +83,7 @@ resource keyVaultAddAccessPolicy_OttgS6uaT 'Microsoft.KeyVault/vaults/accessPoli accessPolicies: [ { tenantId: '00000000-0000-0000-0000-000000000000' - objectId: SERVICE_API_IDENTITY_PRINCIPAL_ID + objectId: webSite_W5EweSXEq.identity.principalId permissions: { secrets: [ 'get'