Azure · JoshLove-msft · Feb 14, 2024 · Feb 14, 2024 · Feb 14, 2024
diff --git a/sdk/provisioning/Azure.Provisioning/src/Resource.cs b/sdk/provisioning/Azure.Provisioning/src/Resource.cs
@@ -104,7 +104,14 @@ protected Resource(IConstruct scope, Resource? parent, string resourceName, Reso
         /// <param name="parameter">The <see cref="Parameter"/> to assign.</param>
         public void AssignParameter(object instance, string propertyName, Parameter parameter)
         {
-            ParameterOverrides.Add(instance, new Dictionary<string, string> {  { propertyName, parameter.Name } });
+            if (ParameterOverrides.TryGetValue(instance, out var overrides))
+            {
+                overrides[propertyName] = parameter.Name;
+            }
+            else
+            {
+                ParameterOverrides.Add(instance, new Dictionary<string, string> {  { propertyName, parameter.Name } });
+            }
             Parameters.Add(parameter);
         }
 

diff --git a/sdk/provisioning/Azure.Provisioning/src/keyvault/KeyVaultAddAccessPolicy.cs b/sdk/provisioning/Azure.Provisioning/src/keyvault/KeyVaultAddAccessPolicy.cs
@@ -20,7 +20,8 @@ public KeyVaultAddAccessPolicy(IConstruct scope, Parameter principalIdParameter,
                 {
                     new KeyVaultAccessPolicy(
                         scope.Root.Properties.TenantId!.Value,
-                        GetParamValue(principalIdParameter, scope),
+                        // this value will be replaced by the parameter reference
+                        "dummy",
                         new IdentityAccessPermissions()
                         {
                             Secrets =
@@ -31,14 +32,14 @@ public KeyVaultAddAccessPolicy(IConstruct scope, Parameter principalIdParameter,
                         })
                 }))
         {
-            ParameterOverrides.Add(Properties, new Dictionary<string, string> { { "objectId", GetParamValue(principalIdParameter, scope) } });
+            ParameterOverrides.Add(Properties.AccessPolicies[0], new Dictionary<string, string> { { nameof(KeyVaultAccessPolicy.ObjectId), GetParamValue(principalIdParameter, scope) } });
         }
 
         private static string GetParamValue(Parameter principalIdParameter, IConstruct scope)
         {
             if (principalIdParameter.Source is null || ReferenceEquals(principalIdParameter.Source, scope))
             {
-                return principalIdParameter.Name;
+                return principalIdParameter.Value!;
             }
             else
             {

diff --git a/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/WebSiteUsingL1/main.bicep b/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/WebSiteUsingL1/main.bicep
@@ -83,7 +83,7 @@ resource keyVaultAddAccessPolicy_OttgS6uaT 'Microsoft.KeyVault/vaults/accessPoli
     accessPolicies: [
       {
         tenantId: '00000000-0000-0000-0000-000000000000'
-        objectId: 'SERVICE_API_IDENTITY_PRINCIPAL_ID'
+        objectId: webSite_W5EweSXEq.identity.principalId
         permissions: {
           secrets: [
             'get'
@@ -99,7 +99,7 @@ resource keyVaultSecret_nMDmVNMVq 'Microsoft.KeyVault/vaults/secrets@2023-02-01'
   parent: keyVault_CRoMbemLF
   name: 'sqlAdminPassword'
   properties: {
-    value: '00000000-0000-0000-0000-000000000000'
+    value: sqlAdminPassword
   }
 }
 

diff --git a/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/WebSiteUsingL2/main.bicep b/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/WebSiteUsingL2/main.bicep
@@ -50,7 +50,7 @@ resource keyVaultAddAccessPolicy_OttgS6uaT 'Microsoft.KeyVault/vaults/accessPoli
     accessPolicies: [
       {
         tenantId: '00000000-0000-0000-0000-000000000000'
-        objectId: 'TestFrontEndWebSite.outputs.SERVICE_API_IDENTITY_PRINCIPAL_ID'
+        objectId: TestFrontEndWebSite.outputs.SERVICE_API_IDENTITY_PRINCIPAL_ID
         permissions: {
           secrets: [
             'get'

diff --git a/...ucture/WebSiteUsingL3/resources/TestWebSiteWithSqlBackEnd/TestWebSiteWithSqlBackEnd.bicep b/...ucture/WebSiteUsingL3/resources/TestWebSiteWithSqlBackEnd/TestWebSiteWithSqlBackEnd.bicep
@@ -40,7 +40,7 @@ resource keyVaultAddAccessPolicy_OttgS6uaT 'Microsoft.KeyVault/vaults/accessPoli
     accessPolicies: [
       {
         tenantId: '00000000-0000-0000-0000-000000000000'
-        objectId: 'TestFrontEndWebSite.outputs.SERVICE_API_IDENTITY_PRINCIPAL_ID'
+        objectId: TestFrontEndWebSite.outputs.SERVICE_API_IDENTITY_PRINCIPAL_ID
         permissions: {
           secrets: [
             'get'

diff --git a/sdk/provisioning/Azure.Provisioning/tests/ProvisioningTests.cs b/sdk/provisioning/Azure.Provisioning/tests/ProvisioningTests.cs
@@ -39,7 +39,7 @@ public void WebSiteUsingL1()
                 .AddAccessPolicy(frontEndPrincipalId); // frontEnd.properties.identity.principalId
 
             KeyVaultSecret sqlAdminSecret = new KeyVaultSecret(infra, "sqlAdminPassword");
-            sqlAdminSecret.AssignParameter(sqlAdminSecret.Properties.Properties, sqlAdminSecret.Properties.Properties.Value, sqlAdminPasswordParam);
+            sqlAdminSecret.AssignParameter(sqlAdminSecret.Properties.Properties, nameof(sqlAdminSecret.Properties.Properties.Value), sqlAdminPasswordParam);
 
             KeyVaultSecret appUserSecret = new KeyVaultSecret(infra, "appUserPassword");
             appUserSecret.AssignParameter(appUserSecret.Properties.Properties, nameof(appUserSecret.Properties.Properties.Value), appUserPasswordParam);