diff --git a/cli/azd/resources/scaffold/base/abbreviations.json b/cli/azd/resources/scaffold/base/abbreviations.json index e0bcbf3c3b1..dc62141f9da 100644 --- a/cli/azd/resources/scaffold/base/abbreviations.json +++ b/cli/azd/resources/scaffold/base/abbreviations.json @@ -1,7 +1,7 @@ { "analysisServicesServers": "as", "apiManagementService": "apim-", - "appConfigurationConfigurationStores": "appcs-", + "appConfigurationStores": "appcs-", "appManagedEnvironments": "cae-", "appContainerApps": "ca-", "authorizationPolicyDefinitions": "policy-", diff --git a/templates/common/infra/bicep/abbreviations.json b/templates/common/infra/bicep/abbreviations.json index 289a08aa03f..292beefbe28 100644 --- a/templates/common/infra/bicep/abbreviations.json +++ b/templates/common/infra/bicep/abbreviations.json @@ -1,7 +1,7 @@ { "analysisServicesServers": "as", "apiManagementService": "apim-", - "appConfigurationConfigurationStores": "appcs-", + "appConfigurationStores": "appcs-", "appManagedEnvironments": "cae-", "appContainerApps": "ca-", "authorizationPolicyDefinitions": "policy-", diff --git a/templates/common/infra/bicep/core/config/configstore.bicep b/templates/common/infra/bicep/core/config/configstore.bicep new file mode 100644 index 00000000000..96818f1fb2f --- /dev/null +++ b/templates/common/infra/bicep/core/config/configstore.bicep @@ -0,0 +1,48 @@ +metadata description = 'Creates an Azure App Configuration store.' + +@description('The name for the Azure App Configuration store') +param name string + +@description('The Azure region/location for the Azure App Configuration store') +param location string = resourceGroup().location + +@description('Custom tags to apply to the Azure App Configuration store') +param tags object = {} + +@description('Specifies the names of the key-value resources. The name is a combination of key and label with $ as delimiter. The label is optional.') +param keyValueNames array = [] + +@description('Specifies the values of the key-value resources.') +param keyValueValues array = [] + +@description('The principal ID to grant access to the Azure App Configuration store') +param principalId string + +resource configStore 'Microsoft.AppConfiguration/configurationStores@2023-03-01' = { + name: name + location: location + sku: { + name: 'standard' + } + tags: tags +} + +resource configStoreKeyValue 'Microsoft.AppConfiguration/configurationStores/keyValues@2023-03-01' = [for (item, i) in keyValueNames: { + parent: configStore + name: item + properties: { + value: keyValueValues[i] + tags: tags + } +}] + +module configStoreAccess '../security/configstore-access.bicep' = { + name: 'app-configuration-access' + params: { + configStoreName: name + principalId: principalId + } + dependsOn: [configStore] +} + +output endpoint string = configStore.properties.endpoint diff --git a/templates/common/infra/bicep/core/security/configstore-access.bicep b/templates/common/infra/bicep/core/security/configstore-access.bicep new file mode 100644 index 00000000000..de72b94b49b --- /dev/null +++ b/templates/common/infra/bicep/core/security/configstore-access.bicep @@ -0,0 +1,21 @@ +@description('Name of Azure App Configuration store') +param configStoreName string + +@description('The principal ID of the service principal to assign the role to') +param principalId string + +resource configStore 'Microsoft.AppConfiguration/configurationStores@2023-03-01' existing = { + name: configStoreName +} + +var configStoreDataReaderRole = subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '516239f1-63e1-4d78-a4de-a74fb236a071') + +resource configStoreDataReaderRoleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = { + name: guid(subscription().id, resourceGroup().id, principalId, configStoreDataReaderRole) + scope: configStore + properties: { + roleDefinitionId: configStoreDataReaderRole + principalId: principalId + principalType: 'ServicePrincipal' + } +}