Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CDK new KeyVault(...) should not automatically define output. #42357

Closed
Tracked by #42349
mitchdenny opened this issue Mar 4, 2024 · 0 comments
Closed
Tracked by #42349

CDK new KeyVault(...) should not automatically define output. #42357

mitchdenny opened this issue Mar 4, 2024 · 0 comments
Labels
Client This issue points to a problem in the data-plane of the library. Provisioning

Comments

@mitchdenny
Copy link
Contributor

mitchdenny commented Mar 4, 2024
edited
Loading

The code for the KeyVault type in Azure.Provisioning includes a call to AddOutput. CDK resources should not automatically add outputs because you may not necessarily want to output the vaultUri in a given deployment.

    public KeyVault(IConstruct scope, ResourceGroup? parent = null, string name = "kv", string version = "2023-02-01", AzureLocation? location = null)
    {
        IConstruct scope2 = scope;
        base._002Ector(scope2, (Resource?)parent, name, (ResourceType)"Microsoft.KeyVault/vaults", version, (Func<string, KeyVaultData>)delegate (string name)
        {
            ResourceType resourceType = "Microsoft.KeyVault/vaults";
            AzureLocation location2 = location ?? ((AzureLocation)(Environment.GetEnvironmentVariable("AZURE_LOCATION") ?? ((string)AzureLocation.WestUS)));
            KeyVaultSku sku = new KeyVaultSku(KeyVaultSkuFamily.A, KeyVaultSkuName.Standard);
            IEnumerable<KeyVaultAccessPolicy> accessPolicies = ((Environment.GetEnvironmentVariable("AZURE_PRINCIPAL_ID") != null) ? new List<KeyVaultAccessPolicy>
            {
                new KeyVaultAccessPolicy(scope2.Root.Properties.TenantId.Value, Environment.GetEnvironmentVariable("AZURE_PRINCIPAL_ID"), new IdentityAccessPermissions
                {
                    Secrets =
                    {
                        IdentityAccessSecretPermission.Get,
                        IdentityAccessSecretPermission.List
                    }
                })
            } : null);
            bool? enableRbacAuthorization = true;
            return ArmKeyVaultModelFactory.KeyVaultData(null, name, resourceType, null, null, location2, ArmKeyVaultModelFactory.KeyVaultProperties(default(Guid), sku, accessPolicies, null, null, null, null, null, null, null, enableRbacAuthorization));
        });

        // Remove this :)
        AddOutput((KeyVaultData kv) => kv.Properties.VaultUri, "vaultUri");

        // This is OK.
        if (scope2.Root.Properties.TenantId == Guid.Empty)
        {
            AssignProperty((KeyVaultData kv) => kv.Properties.TenantId, "tenant().tenantId");
        }
    }
@mitchdenny mitchdenny mentioned this issue Mar 4, 2024
Closed
3 tasks
@github-actions github-actions bot added the needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. label Mar 4, 2024
@jsquire jsquire added Client This issue points to a problem in the data-plane of the library. Provisioning and removed needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. labels Mar 4, 2024
@github-actions github-actions bot locked and limited conversation to collaborators Jun 2, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Client This issue points to a problem in the data-plane of the library. Provisioning
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mitchdenny @jsquire