From d4950760f21ac2cc42449a73c7101fcf5f16eb12 Mon Sep 17 00:00:00 2001
From: zedy <zedy@wicresoft.com>
Date: Thu, 15 Dec 2022 14:29:40 +0800
Subject: [PATCH] Remove some invalid changes

---
 infra/core/security/keyvault-access.bicep | 21 +++++++++++++++++++
 infra/main.bicep                          | 18 ++++++++++++----
 src/Infrastructure/Dependencies.cs        | 25 ++---------------------
 src/Infrastructure/Infrastructure.csproj  |  2 --
 4 files changed, 37 insertions(+), 29 deletions(-)
 create mode 100644 infra/core/security/keyvault-access.bicep

diff --git a/infra/core/security/keyvault-access.bicep b/infra/core/security/keyvault-access.bicep
new file mode 100644
index 0000000..96c9cf7
--- /dev/null
+++ b/infra/core/security/keyvault-access.bicep
@@ -0,0 +1,21 @@
+param name string = 'add'
+
+param keyVaultName string = ''
+param permissions object = { secrets: [ 'get', 'list' ] }
+param principalId string
+
+resource keyVaultAccessPolicies 'Microsoft.KeyVault/vaults/accessPolicies@2022-07-01' = {
+  parent: keyVault
+  name: name
+  properties: {
+    accessPolicies: [ {
+        objectId: principalId
+        tenantId: subscription().tenantId
+        permissions: permissions
+      } ]
+  }
+}
+
+resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
+  name: keyVaultName
+}
diff --git a/infra/main.bicep b/infra/main.bicep
index d1187f7..b8c5ebb 100644
--- a/infra/main.bicep
+++ b/infra/main.bicep
@@ -52,17 +52,27 @@ module web './core/host/appservice.bicep' = {
     name: !empty(webServiceName) ? webServiceName : '${abbrs.webSitesAppService}web-${resourceToken}'
     location: location
     appServicePlanId: appServicePlan.outputs.id
+    keyVaultName: keyVault.outputs.name
     runtimeName: 'dotnetcore'
     runtimeVersion: '6.0'
     tags: union(tags, { 'azd-service-name': 'web' })
     appSettings: {
-      AZURE_CATALOG_CONNECTION_STRING_KEY: 'AZURE-SQL-CATALOG-CONNECTION-STRING'
-      AZURE_IDENTITY_CONNECTION_STRING_KEY: 'AZURE-SQL-IDENTITY-CONNECTION-STRING'
+      AZURE_SQL_CATALOG_CONNECTION_STRING_KEY: 'AZURE-SQL-CATALOG-CONNECTION-STRING'
+      AZURE_SQL_IDENTITY_CONNECTION_STRING_KEY: 'AZURE-SQL-IDENTITY-CONNECTION-STRING'
       AZURE_KEY_VAULT_ENDPOINT: keyVault.outputs.endpoint
     }
   }
 }
 
+module apiKeyVaultAccess './core/security/keyvault-access.bicep' = {
+  name: 'api-keyvault-access'
+  scope: rg
+  params: {
+    keyVaultName: keyVault.outputs.name
+    principalId: web.outputs.identityPrincipalId
+  }
+}
+
 // The application database: Catalog
 module catalogDb './core/database/sqlserver/sqlserver.bicep' = {
   name: 'sql-catalog'
@@ -122,8 +132,8 @@ module appServicePlan './core/host/appserviceplan.bicep' = {
 }
 
 // Data outputs
-output AZURE_SQL_CATALOG_CONNECTION_STRING string = catalogDb.outputs.connectionStringKey
-output AZURE_SQL_IDENTITY_CONNECTION_STRING string = identityDb.outputs.connectionStringKey
+output AZURE_SQL_CATALOG_CONNECTION_STRING_KEY string = catalogDb.outputs.connectionStringKey
+output AZURE_SQL_IDENTITY_CONNECTION_STRING_KEY string = identityDb.outputs.connectionStringKey
 output AZURE_SQL_CATALOG_DATABASE_NAME string = catalogDb.outputs.databaseName
 output AZURE_SQL_IDENTITY_DATABASE_NAME string = identityDb.outputs.databaseName
 
diff --git a/src/Infrastructure/Dependencies.cs b/src/Infrastructure/Dependencies.cs
index 7218310..954da48 100644
--- a/src/Infrastructure/Dependencies.cs
+++ b/src/Infrastructure/Dependencies.cs
@@ -3,9 +3,6 @@ using Microsoft.eShopWeb.Infrastructure.Data;
 using Microsoft.eShopWeb.Infrastructure.Identity;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
-using Azure.Security.KeyVault.Secrets;
-using Azure.Identity;
-using System;
 
 namespace Microsoft.eShopWeb.Infrastructure;
 
@@ -14,11 +11,6 @@ public static class Dependencies
     public static void ConfigureServices(IConfiguration configuration, IServiceCollection services)
     {
         var useOnlyInMemoryDatabase = false;
-        string keyVaultUri = configuration["AZURE_KEY_VAULT_ENDPOINT"];
-        string catalogConnectionStringKey = configuration["AZURE_CATALOG_CONNECTION_STRING_KEY"];
-        string identityConnectionStringKey = configuration["AZURE_IDENTITY_CONNECTION_STRING_KEY"];
-        string catalogConnectionStringValue = GetSqlConnectString(keyVaultUri, catalogConnectionStringKey);
-        string identityConnectionStringValue = GetSqlConnectString(keyVaultUri, identityConnectionStringKey);
 
         if (configuration["UseOnlyInMemoryDatabase"] != null)
         {
@@ -39,24 +31,11 @@ public static class Dependencies
             // Requires LocalDB which can be installed with SQL Server Express 2016
             // https://www.microsoft.com/en-us/download/details.aspx?id=54284
             services.AddDbContext<CatalogContext>(c =>
-                c.UseSqlServer(catalogConnectionStringValue));
+                c.UseSqlServer(configuration.GetConnectionString("CatalogConnection")));
 
             // Add Identity DbContext
             services.AddDbContext<AppIdentityDbContext>(options =>
-                options.UseSqlServer(identityConnectionStringValue));
+                options.UseSqlServer(configuration.GetConnectionString("IdentityConnection")));
         }
     }
-
-    public static string GetSqlConnectString(string keyVaultUri, string connectionStringKey)
-    {
-        if (connectionStringKey == null)
-        {
-            return "";
-        }
-
-        var secretClient = new SecretClient(new Uri(keyVaultUri), new ClientSecretCredential("<tenant_id>","<client_id>","<client_secret>"));
-        KeyVaultSecret secret = secretClient.GetSecret(connectionStringKey);
-        string secretValue = secret.Value;
-        return secretValue;
-    }
 }
diff --git a/src/Infrastructure/Infrastructure.csproj b/src/Infrastructure/Infrastructure.csproj
index 4c7a052..a0be8bb 100644
--- a/src/Infrastructure/Infrastructure.csproj
+++ b/src/Infrastructure/Infrastructure.csproj
@@ -8,8 +8,6 @@
 
 	<ItemGroup>
 		<PackageReference Include="Ardalis.Specification.EntityFrameworkCore" Version="6.1.0" />
-		<PackageReference Include="Azure.Identity" Version="1.5.0" />
-		<PackageReference Include="Azure.Security.KeyVault.Secrets" Version="4.4.0" />
 		<PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="6.0.8" />
 		<PackageReference Include="Microsoft.EntityFrameworkCore.InMemory" Version="6.0.8" />
 		<PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="6.0.8" />