Remove some invalid changes

2022-12-15 14:29:40 +08:00
parent 9e821608a1
commit d4950760f2
4 changed files with 37 additions and 29 deletions
--- a/infra/core/security/keyvault-access.bicep
+++ b/infra/core/security/keyvault-access.bicep
@@ -0,0 +1,21 @@
+param name string = 'add'
+
+param keyVaultName string = ''
+param permissions object = { secrets: [ 'get', 'list' ] }
+param principalId string
+
+resource keyVaultAccessPolicies 'Microsoft.KeyVault/vaults/accessPolicies@2022-07-01' = {
+  parent: keyVault
+  name: name
+  properties: {
+    accessPolicies: [ {
+        objectId: principalId
+        tenantId: subscription().tenantId
+        permissions: permissions
+      } ]
+  }
+}
+
+resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
+  name: keyVaultName
+}
--- a/infra/main.bicep
+++ b/infra/main.bicep
@@ -52,17 +52,27 @@ module web './core/host/appservice.bicep' = {
    name: !empty(webServiceName) ? webServiceName : '${abbrs.webSitesAppService}web-${resourceToken}'
    location: location
    appServicePlanId: appServicePlan.outputs.id
+    keyVaultName: keyVault.outputs.name
    runtimeName: 'dotnetcore'
    runtimeVersion: '6.0'
    tags: union(tags, { 'azd-service-name': 'web' })
    appSettings: {
-      AZURE_CATALOG_CONNECTION_STRING_KEY: 'AZURE-SQL-CATALOG-CONNECTION-STRING'
-      AZURE_IDENTITY_CONNECTION_STRING_KEY: 'AZURE-SQL-IDENTITY-CONNECTION-STRING'
+      AZURE_SQL_CATALOG_CONNECTION_STRING_KEY: 'AZURE-SQL-CATALOG-CONNECTION-STRING'
+      AZURE_SQL_IDENTITY_CONNECTION_STRING_KEY: 'AZURE-SQL-IDENTITY-CONNECTION-STRING'
      AZURE_KEY_VAULT_ENDPOINT: keyVault.outputs.endpoint
    }
  }
 }

+module apiKeyVaultAccess './core/security/keyvault-access.bicep' = {
+  name: 'api-keyvault-access'
+  scope: rg
+  params: {
+    keyVaultName: keyVault.outputs.name
+    principalId: web.outputs.identityPrincipalId
+  }
+}
+
 // The application database: Catalog
 module catalogDb './core/database/sqlserver/sqlserver.bicep' = {
  name: 'sql-catalog'
@@ -122,8 +132,8 @@ module appServicePlan './core/host/appserviceplan.bicep' = {
 }

 // Data outputs
-output AZURE_SQL_CATALOG_CONNECTION_STRING string = catalogDb.outputs.connectionStringKey
-output AZURE_SQL_IDENTITY_CONNECTION_STRING string = identityDb.outputs.connectionStringKey
+output AZURE_SQL_CATALOG_CONNECTION_STRING_KEY string = catalogDb.outputs.connectionStringKey
+output AZURE_SQL_IDENTITY_CONNECTION_STRING_KEY string = identityDb.outputs.connectionStringKey
 output AZURE_SQL_CATALOG_DATABASE_NAME string = catalogDb.outputs.databaseName
 output AZURE_SQL_IDENTITY_DATABASE_NAME string = identityDb.outputs.databaseName

--- a/src/Infrastructure/Dependencies.cs
+++ b/src/Infrastructure/Dependencies.cs
@@ -3,9 +3,6 @@ using Microsoft.eShopWeb.Infrastructure.Data;
 using Microsoft.eShopWeb.Infrastructure.Identity;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
-using Azure.Security.KeyVault.Secrets;
-using Azure.Identity;
-using System;

 namespace Microsoft.eShopWeb.Infrastructure;

@@ -14,11 +11,6 @@ public static class Dependencies
    public static void ConfigureServices(IConfiguration configuration, IServiceCollection services)
    {
        var useOnlyInMemoryDatabase = false;
-        string keyVaultUri = configuration["AZURE_KEY_VAULT_ENDPOINT"];
-        string catalogConnectionStringKey = configuration["AZURE_CATALOG_CONNECTION_STRING_KEY"];
-        string identityConnectionStringKey = configuration["AZURE_IDENTITY_CONNECTION_STRING_KEY"];
-        string catalogConnectionStringValue = GetSqlConnectString(keyVaultUri, catalogConnectionStringKey);
-        string identityConnectionStringValue = GetSqlConnectString(keyVaultUri, identityConnectionStringKey);

        if (configuration["UseOnlyInMemoryDatabase"] != null)
        {
@@ -39,24 +31,11 @@ public static class Dependencies
            // Requires LocalDB which can be installed with SQL Server Express 2016
            // https://www.microsoft.com/en-us/download/details.aspx?id=54284
            services.AddDbContext<CatalogContext>(c =>
-                c.UseSqlServer(catalogConnectionStringValue));
+                c.UseSqlServer(configuration.GetConnectionString("CatalogConnection")));

            // Add Identity DbContext
            services.AddDbContext<AppIdentityDbContext>(options =>
-                options.UseSqlServer(identityConnectionStringValue));
+                options.UseSqlServer(configuration.GetConnectionString("IdentityConnection")));
        }
    }
-
-    public static string GetSqlConnectString(string keyVaultUri, string connectionStringKey)
-    {
-        if (connectionStringKey == null)
-        {
-            return "";
-        }
-
-        var secretClient = new SecretClient(new Uri(keyVaultUri), new ClientSecretCredential("<tenant_id>","<client_id>","<client_secret>"));
-        KeyVaultSecret secret = secretClient.GetSecret(connectionStringKey);
-        string secretValue = secret.Value;
-        return secretValue;
-    }
 }
--- a/src/Infrastructure/Infrastructure.csproj
+++ b/src/Infrastructure/Infrastructure.csproj
@@ -8,8 +8,6 @@

 	<ItemGroup>
 		<PackageReference Include="Ardalis.Specification.EntityFrameworkCore" Version="6.1.0" />
-		<PackageReference Include="Azure.Identity" Version="1.5.0" />
-		<PackageReference Include="Azure.Security.KeyVault.Secrets" Version="4.4.0" />
 		<PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="6.0.8" />
 		<PackageReference Include="Microsoft.EntityFrameworkCore.InMemory" Version="6.0.8" />
 		<PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="6.0.8" />