Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[release/9.1] Fix Azure PostgreSQL AsExisting #7702

Merged
merged 1 commit into from
Feb 20, 2025
Merged

[release/9.1] Fix Azure PostgreSQL AsExisting #7702

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 18 additions & 10 deletions src/Aspire.Hosting.Azure.PostgreSQL/AzurePostgresExtensions.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -394,14 +394,19 @@ private static void ConfigurePostgreSqlInfrastructure(AzureResourceInfrastructur
keyVault.Name = kvNameParam;
infrastructure.Add(keyVault);

postgres.AuthConfig = new PostgreSqlFlexibleServerAuthConfig()
// bicep doesn't allow for setting properties on existing resources. So we don't set auth properties here.
// The administratorLogin and administratorLoginPassword are expected to match what is already configured on the server
if (!postgres.IsExistingResource)
{
ActiveDirectoryAuth = PostgreSqlFlexibleServerActiveDirectoryAuthEnum.Disabled,
PasswordAuth = PostgreSqlFlexibleServerPasswordAuthEnum.Enabled
};
postgres.AuthConfig = new PostgreSqlFlexibleServerAuthConfig()
{
ActiveDirectoryAuth = PostgreSqlFlexibleServerActiveDirectoryAuthEnum.Disabled,
PasswordAuth = PostgreSqlFlexibleServerPasswordAuthEnum.Enabled
};

postgres.AdministratorLogin = administratorLogin;
postgres.AdministratorLoginPassword = administratorLoginPassword;
postgres.AdministratorLogin = administratorLogin;
postgres.AdministratorLoginPassword = administratorLoginPassword;
}

var secret = new KeyVaultSecret("connectionString")
{
Expand Down Expand Up @@ -430,11 +435,14 @@ private static void ConfigurePostgreSqlInfrastructure(AzureResourceInfrastructur
}
else
{
postgres.AuthConfig = new PostgreSqlFlexibleServerAuthConfig()
if (!postgres.IsExistingResource)
{
ActiveDirectoryAuth = PostgreSqlFlexibleServerActiveDirectoryAuthEnum.Enabled,
PasswordAuth = PostgreSqlFlexibleServerPasswordAuthEnum.Disabled
};
postgres.AuthConfig = new PostgreSqlFlexibleServerAuthConfig()
{
ActiveDirectoryAuth = PostgreSqlFlexibleServerActiveDirectoryAuthEnum.Enabled,
PasswordAuth = PostgreSqlFlexibleServerPasswordAuthEnum.Disabled
};
}

var principalIdParameter = new ProvisioningParameter(AzureBicepResource.KnownParameters.PrincipalId, typeof(string));
infrastructure.Add(principalIdParameter);
Expand Down
84 changes: 78 additions & 6 deletions tests/Aspire.Hosting.Azure.Tests/ExistingAzureResourceTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -778,12 +778,6 @@ param principalName string

resource postgresSql 'Microsoft.DBforPostgreSQL/flexibleServers@2024-08-01' existing = {
name: existingResourceName
properties: {
authConfig: {
activeDirectoryAuth: 'Enabled'
passwordAuth: 'Disabled'
}
}
}

resource postgreSqlFirewallRule_AllowAllAzureIps 'Microsoft.DBforPostgreSQL/flexibleServers/firewallRules@2024-08-01' = {
Expand Down Expand Up @@ -815,6 +809,84 @@ param principalName string
Assert.Equal(expectedBicep, BicepText);
}

[Fact]
public async Task SupportsExistingPostgresSqlWithResourceGroupWithPasswordAuth()
{
using var builder = TestDistributedApplicationBuilder.Create(DistributedApplicationOperation.Publish);

var existingResourceName = builder.AddParameter("existingResourceName");
var existingResourceGroupName = builder.AddParameter("existingResourceGroupName");
var existingUserName = builder.AddParameter("existingUserName");
var existingPassword = builder.AddParameter("existingPassword");

var postgresSql = builder.AddAzurePostgresFlexibleServer("postgresSql")
.PublishAsExisting(existingResourceName, existingResourceGroupName)
.WithPasswordAuthentication(existingUserName, existingPassword);

var (ManifestNode, BicepText) = await ManifestUtils.GetManifestWithBicep(postgresSql.Resource);

var expectedManifest = """
{
"type": "azure.bicep.v1",
"connectionString": "{postgresSql.secretOutputs.connectionString}",
"path": "postgresSql.module.bicep",
"params": {
"administratorLogin": "{existingUserName.value}",
"administratorLoginPassword": "{existingPassword.value}",
"existingResourceName": "{existingResourceName.value}",
"keyVaultName": ""
},
"scope": {
"resourceGroup": "{existingResourceGroupName.value}"
}
}
""";

Assert.Equal(expectedManifest, ManifestNode.ToString());

var expectedBicep = """
@description('The location for the resource(s) to be deployed.')
param location string = resourceGroup().location

param existingResourceName string

param administratorLogin string

@secure()
param administratorLoginPassword string

param keyVaultName string

resource postgresSql 'Microsoft.DBforPostgreSQL/flexibleServers@2024-08-01' existing = {
name: existingResourceName
}

resource postgreSqlFirewallRule_AllowAllAzureIps 'Microsoft.DBforPostgreSQL/flexibleServers/firewallRules@2024-08-01' = {
name: 'AllowAllAzureIps'
properties: {
endIpAddress: '0.0.0.0'
startIpAddress: '0.0.0.0'
}
parent: postgresSql
}

resource keyVault 'Microsoft.KeyVault/vaults@2023-07-01' existing = {
name: keyVaultName
}

resource connectionString 'Microsoft.KeyVault/vaults/secrets@2023-07-01' = {
name: 'connectionString'
properties: {
value: 'Host=${postgresSql.properties.fullyQualifiedDomainName};Username=${administratorLogin};Password=${administratorLoginPassword}'
}
parent: keyVault
}
""";

output.WriteLine(BicepText);
Assert.Equal(expectedBicep, BicepText);
}

[Fact]
public async Task SupportsExistingAzureSearchWithResourceGroup()
{
Expand Down