Add Azure App Configuration store support (#3413)

Azure · Feb 27, 2024 · 686b23b · 686b23b
1 parent 7dcdf2d
commit 686b23b
Show file tree

Hide file tree

Showing 4 changed files with 71 additions and 2 deletions.
diff --git a/cli/azd/resources/scaffold/base/abbreviations.json b/cli/azd/resources/scaffold/base/abbreviations.json
@@ -1,7 +1,7 @@
 {
     "analysisServicesServers": "as",
     "apiManagementService": "apim-",
-    "appConfigurationConfigurationStores": "appcs-",
+    "appConfigurationStores": "appcs-",
     "appManagedEnvironments": "cae-",
     "appContainerApps": "ca-",
     "authorizationPolicyDefinitions": "policy-",

diff --git a/templates/common/infra/bicep/abbreviations.json b/templates/common/infra/bicep/abbreviations.json
@@ -1,7 +1,7 @@
 {
     "analysisServicesServers": "as",
     "apiManagementService": "apim-",
-    "appConfigurationConfigurationStores": "appcs-",
+    "appConfigurationStores": "appcs-",
     "appManagedEnvironments": "cae-",
     "appContainerApps": "ca-",
     "authorizationPolicyDefinitions": "policy-",

diff --git a/templates/common/infra/bicep/core/config/configstore.bicep b/templates/common/infra/bicep/core/config/configstore.bicep
@@ -0,0 +1,48 @@
+metadata description = 'Creates an Azure App Configuration store.'
+
+@description('The name for the Azure App Configuration store')
+param name string
+
+@description('The Azure region/location for the Azure App Configuration store')
+param location string = resourceGroup().location
+
+@description('Custom tags to apply to the Azure App Configuration store')
+param tags object = {}
+
+@description('Specifies the names of the key-value resources. The name is a combination of key and label with $ as delimiter. The label is optional.')
+param keyValueNames array = []
+
+@description('Specifies the values of the key-value resources.')
+param keyValueValues array = []
+
+@description('The principal ID to grant access to the Azure App Configuration store')
+param principalId string
+
+resource configStore 'Microsoft.AppConfiguration/configurationStores@2023-03-01' = {
+  name: name
+  location: location
+  sku: {
+    name: 'standard'
+  }
+  tags: tags
+}
+
+resource configStoreKeyValue 'Microsoft.AppConfiguration/configurationStores/keyValues@2023-03-01' = [for (item, i) in keyValueNames: {
+  parent: configStore
+  name: item
+  properties: {
+    value: keyValueValues[i]
+    tags: tags
+  }
+}]
+
+module configStoreAccess '../security/configstore-access.bicep' = {
+  name: 'app-configuration-access'
+  params: {
+    configStoreName: name
+    principalId: principalId
+  }
+  dependsOn: [configStore]
+}
+
+output endpoint string = configStore.properties.endpoint
diff --git a/templates/common/infra/bicep/core/security/configstore-access.bicep b/templates/common/infra/bicep/core/security/configstore-access.bicep
@@ -0,0 +1,21 @@
+@description('Name of Azure App Configuration store')
+param configStoreName string
+
+@description('The principal ID of the service principal to assign the role to')
+param principalId string
+
+resource configStore 'Microsoft.AppConfiguration/configurationStores@2023-03-01' existing = {
+  name: configStoreName
+}
+
+var configStoreDataReaderRole = subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '516239f1-63e1-4d78-a4de-a74fb236a071')
+
+resource configStoreDataReaderRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid(subscription().id, resourceGroup().id, principalId, configStoreDataReaderRole)
+  scope: configStore
+  properties: {
+    roleDefinitionId: configStoreDataReaderRole
+    principalId: principalId
+    principalType: 'ServicePrincipal' 
+  }
+}