Pull the connection string from key vault

2022-12-14 15:32:14 +08:00
parent 50a8268b2e
commit a4427bcbf9
5 changed files with 43 additions and 5 deletions
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -12,6 +12,9 @@
        }
    },
    "features": {
+        "ghcr.io/devcontainers/features/azure-cli:1": {
+            "version": "2.38"
+        },
        "ghcr.io/devcontainers/features/docker-from-docker:1": {
            "version": "20.10"
        },
--- a/.vscode/extensions.json
+++ b/.vscode/extensions.json
@@ -4,6 +4,7 @@
      "formulahendry.dotnet-test-explorer",
      "ms-vscode.vscode-node-azure-pack",
      "ms-kubernetes-tools.vscode-kubernetes-tools",
-      "redhat.vscode-yaml"
+      "redhat.vscode-yaml",
+      "ms-azuretools.azure-dev"
    ]
 }
--- a/infra/main.bicep
+++ b/infra/main.bicep
@@ -56,8 +56,9 @@ module web './core/host/appservice.bicep' = {
    runtimeVersion: '6.0'
    tags: union(tags, { 'azd-service-name': 'web' })
    appSettings: {
-      CATALOG_CONNECTION_STRING_VALUE: '${catalogDb.outputs.connectionString}; Password=${appUserPassword}'
-      IDENTITY_CONNECTION_STRING_VALUE: '${identityDb.outputs.connectionString}; Password=${appUserPassword}'
+      CATALOG_CONNECTION_STRING_KEY: 'AZURE-SQL-CATALOG-CONNECTION-STRING'
+      IDENTITY_CONNECTION_STRING_KEY: 'AZURE-SQL-IDENTITY-CONNECTION-STRING'
+      KEY_VAULT_ENDPOINT: keyVault.outputs.endpoint
    }
  }
 }
@@ -120,5 +121,14 @@ module appServicePlan './core/host/appserviceplan.bicep' = {
  }
 }

+// Data outputs
+output AZURE_SQL_CATALOG_CONNECTION_STRING string = catalogDb.outputs.connectionStringKey
+output AZURE_SQL_IDENTITY_CONNECTION_STRING string = identityDb.outputs.connectionStringKey
+output AZURE_SQL_CATALOG_DATABASE_NAME string = catalogDb.outputs.databaseName
+output AZURE_SQL_IDENTITY_DATABASE_NAME string = identityDb.outputs.databaseName
+
+// App outputs
 output AZURE_LOCATION string = location
 output AZURE_TENANT_ID string = tenant().tenantId
+output AZURE_KEY_VAULT_ENDPOINT string = keyVault.outputs.endpoint
+output AZURE_KEY_VAULT_NAME string = keyVault.outputs.name
--- a/src/Infrastructure/Dependencies.cs
+++ b/src/Infrastructure/Dependencies.cs
@@ -3,6 +3,9 @@ using Microsoft.eShopWeb.Infrastructure.Data;
 using Microsoft.eShopWeb.Infrastructure.Identity;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
+using Azure.Security.KeyVault.Secrets;
+using Azure.Identity;
+using System;

 namespace Microsoft.eShopWeb.Infrastructure;

@@ -11,6 +14,12 @@ public static class Dependencies
    public static void ConfigureServices(IConfiguration configuration, IServiceCollection services)
    {
        var useOnlyInMemoryDatabase = false;
+        string keyVaultUri = configuration["KEY_VAULT_ENDPOINT"];
+        string catalogConnectionStringKey = configuration["AZURE-SQL-CATALOG-CONNECTION-STRING"];
+        string identityConnectionStringKey = configuration["AZURE-SQL-IDENTITY-CONNECTION-STRING"];
+        string catalogConnectionStringValue = GetSqlConnectString(keyVaultUri, catalogConnectionStringKey);
+        string identityConnectionStringValue = GetSqlConnectString(keyVaultUri, identityConnectionStringKey);
+
        if (configuration["UseOnlyInMemoryDatabase"] != null)
        {
            useOnlyInMemoryDatabase = bool.Parse(configuration["UseOnlyInMemoryDatabase"]);
@@ -30,11 +39,24 @@ public static class Dependencies
            // Requires LocalDB which can be installed with SQL Server Express 2016
            // https://www.microsoft.com/en-us/download/details.aspx?id=54284
            services.AddDbContext<CatalogContext>(c =>
-                c.UseSqlServer(configuration["CATALOG_CONNECTION_STRING_VALUE"]));
+                c.UseSqlServer(catalogConnectionStringValue));

            // Add Identity DbContext
            services.AddDbContext<AppIdentityDbContext>(options =>
-                options.UseSqlServer(configuration["IDENTITY_CONNECTION_STRING_VALUE"]));
+                options.UseSqlServer(identityConnectionStringValue));
        }
    }
+
+    public static string GetSqlConnectString(string keyVaultUri, string connectionStringKey)
+    {
+        if (connectionStringKey == null)
+        {
+            return "";
+        }
+
+        var secretClient = new SecretClient(new Uri(keyVaultUri), new ClientSecretCredential("<tenant_id>","<client_id>","<client_secret>"));
+        KeyVaultSecret secret = secretClient.GetSecret(connectionStringKey);
+        string secretValue = secret.Value;
+        return secretValue;
+    }
 }
--- a/src/Infrastructure/Infrastructure.csproj
+++ b/src/Infrastructure/Infrastructure.csproj
@@ -8,6 +8,8 @@

 	<ItemGroup>
 		<PackageReference Include="Ardalis.Specification.EntityFrameworkCore" Version="6.1.0" />
+		<PackageReference Include="Azure.Identity" Version="1.5.0" />
+		<PackageReference Include="Azure.Security.KeyVault.Secrets" Version="4.4.0" />
 		<PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="6.0.8" />
 		<PackageReference Include="Microsoft.EntityFrameworkCore.InMemory" Version="6.0.8" />
 		<PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="6.0.8" />