From 45477c39d2c15ecfdb51c41d728f5d413a63124f Mon Sep 17 00:00:00 2001
From: jolov <jolov@microsoft.com>
Date: Tue, 12 Mar 2024 08:50:28 -0700
Subject: [PATCH 1/2] Add role definition and skuname

---
 .../src/appconfiguration/AppConfigurationStore.cs    |  5 +++--
 .../src/authorization/RoleDefinition.cs              |  5 +++++
 .../resources/rg_TEST_module/rg_TEST_module.bicep    | 12 +++++++++++-
 .../Azure.Provisioning/tests/ProvisioningTests.cs    |  3 ++-
 4 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/sdk/provisioning/Azure.Provisioning/src/appconfiguration/AppConfigurationStore.cs b/sdk/provisioning/Azure.Provisioning/src/appconfiguration/AppConfigurationStore.cs
index 0b45577299ee9..5221b617f4f6c 100644
--- a/sdk/provisioning/Azure.Provisioning/src/appconfiguration/AppConfigurationStore.cs
+++ b/sdk/provisioning/Azure.Provisioning/src/appconfiguration/AppConfigurationStore.cs
@@ -21,16 +21,17 @@ public class AppConfigurationStore : Resource<AppConfigurationStoreData>
         /// Initializes a new instance of the <see cref="AppConfigurationStore"/> class.
         /// </summary>
         /// <param name="scope">The scope.</param>
+        /// <param name="skuName">The sku name.</param>
         /// <param name="parent">The parent.</param>
         /// <param name="name">The name.</param>
         /// <param name="version">The version.</param>
         /// <param name="location">The location.</param>
-        public AppConfigurationStore(IConstruct scope, ResourceGroup? parent = null, string name = "store", string version = "2023-03-01", AzureLocation? location = default)
+        public AppConfigurationStore(IConstruct scope, string skuName = "free",  ResourceGroup? parent = null, string name = "store", string version = "2023-03-01", AzureLocation? location = default)
             : this(scope, parent, name, version, false, (name) => ArmAppConfigurationModelFactory.AppConfigurationStoreData(
                 name: name,
                 resourceType: ResourceTypeName,
                 location: location ?? Environment.GetEnvironmentVariable("AZURE_LOCATION") ?? AzureLocation.WestUS,
-                skuName: "free"))
+                skuName: skuName))
         {
             AssignProperty(data => data.Name, GetAzureName(scope, name));
             AddOutput($"{Name}_endpoint", store => store.Endpoint);
diff --git a/sdk/provisioning/Azure.Provisioning/src/authorization/RoleDefinition.cs b/sdk/provisioning/Azure.Provisioning/src/authorization/RoleDefinition.cs
index 6a29759a6a1cd..7ce010ffcb499 100644
--- a/sdk/provisioning/Azure.Provisioning/src/authorization/RoleDefinition.cs
+++ b/sdk/provisioning/Azure.Provisioning/src/authorization/RoleDefinition.cs
@@ -48,6 +48,11 @@ public RoleDefinition(string value)
         /// </summary>
         public static RoleDefinition ServiceBusDataOwner { get; } = new RoleDefinition("090c5cfd-751d-490a-894a-3ce6f1109419");
 
+        /// <summary>
+        /// App configuration data owner role.
+        /// </summary>
+        public static RoleDefinition AppConfigurationDataOwner { get; } = new RoleDefinition("5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b");
+
         /// <summary> Converts a string to a <see cref="RoleDefinition"/>. </summary>
         public static implicit operator RoleDefinition(string value) => new RoleDefinition(value);
 
diff --git a/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/AppConfiguration/resources/rg_TEST_module/rg_TEST_module.bicep b/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/AppConfiguration/resources/rg_TEST_module/rg_TEST_module.bicep
index 22e21fc1ea486..bb164f3d01272 100644
--- a/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/AppConfiguration/resources/rg_TEST_module/rg_TEST_module.bicep
+++ b/sdk/provisioning/Azure.Provisioning/tests/Infrastructure/AppConfiguration/resources/rg_TEST_module/rg_TEST_module.bicep
@@ -3,10 +3,20 @@ resource appConfigurationStore_4WdTZ5u6X 'Microsoft.AppConfiguration/configurati
   name: toLower(take(concat('store', uniqueString(resourceGroup().id)), 24))
   location: 'westus'
   sku: {
-    name: 'free'
+    name: 'standard'
   }
   properties: {
   }
 }
 
+resource roleAssignment_S9dOTzUjk 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  scope: appConfigurationStore_4WdTZ5u6X
+  name: guid(appConfigurationStore_4WdTZ5u6X.id, '00000000-0000-0000-0000-000000000000', subscriptionResourceId('00000000-0000-0000-0000-000000000000', 'Microsoft.Authorization/roleDefinitions', '5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b'))
+  properties: {
+    roleDefinitionId: subscriptionResourceId('00000000-0000-0000-0000-000000000000', 'Microsoft.Authorization/roleDefinitions', '5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b')
+    principalId: '00000000-0000-0000-0000-000000000000'
+    principalType: 'ServicePrincipal'
+  }
+}
+
 output appConfigurationStore_4WdTZ5u6X_endpoint string = appConfigurationStore_4WdTZ5u6X.properties.endpoint
diff --git a/sdk/provisioning/Azure.Provisioning/tests/ProvisioningTests.cs b/sdk/provisioning/Azure.Provisioning/tests/ProvisioningTests.cs
index 9360f38c3bf39..c308ab47e6a5c 100644
--- a/sdk/provisioning/Azure.Provisioning/tests/ProvisioningTests.cs
+++ b/sdk/provisioning/Azure.Provisioning/tests/ProvisioningTests.cs
@@ -618,7 +618,8 @@ public async Task StorageBlobDropDown()
         public async Task AppConfiguration()
         {
             var infra = new TestInfrastructure();
-            infra.AddAppConfigurationStore();
+            var appConfig = new AppConfigurationStore(infra, "standard");
+            appConfig.AssignRole(RoleDefinition.AppConfigurationDataOwner, Guid.Empty);
             infra.Build(GetOutputPath());
 
             await ValidateBicepAsync();

From 587ead8a691b9b6fb18331d6302e953f189a8a4b Mon Sep 17 00:00:00 2001
From: jolov <jolov@microsoft.com>
Date: Tue, 12 Mar 2024 09:10:03 -0700
Subject: [PATCH 2/2] api

---
 .../Azure.Provisioning/api/Azure.Provisioning.net6.0.cs        | 3 ++-
 .../api/Azure.Provisioning.netstandard2.0.cs                   | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/sdk/provisioning/Azure.Provisioning/api/Azure.Provisioning.net6.0.cs b/sdk/provisioning/Azure.Provisioning/api/Azure.Provisioning.net6.0.cs
index d0f06bfb11f99..2ad9b2f4463a3 100644
--- a/sdk/provisioning/Azure.Provisioning/api/Azure.Provisioning.net6.0.cs
+++ b/sdk/provisioning/Azure.Provisioning/api/Azure.Provisioning.net6.0.cs
@@ -124,7 +124,7 @@ public static partial class AppConfigurationExtensions
     }
     public partial class AppConfigurationStore : Azure.Provisioning.Resource<Azure.ResourceManager.AppConfiguration.AppConfigurationStoreData>
     {
-        public AppConfigurationStore(Azure.Provisioning.IConstruct scope, Azure.Provisioning.ResourceManager.ResourceGroup? parent = null, string name = "store", string version = "2023-03-01", Azure.Core.AzureLocation? location = default(Azure.Core.AzureLocation?)) : base (default(Azure.Provisioning.IConstruct), default(Azure.Provisioning.Resource), default(string), default(Azure.Core.ResourceType), default(string), default(System.Func<string, Azure.ResourceManager.AppConfiguration.AppConfigurationStoreData>)) { }
+        public AppConfigurationStore(Azure.Provisioning.IConstruct scope, string skuName = "free", Azure.Provisioning.ResourceManager.ResourceGroup? parent = null, string name = "store", string version = "2023-03-01", Azure.Core.AzureLocation? location = default(Azure.Core.AzureLocation?)) : base (default(Azure.Provisioning.IConstruct), default(Azure.Provisioning.Resource), default(string), default(Azure.Core.ResourceType), default(string), default(System.Func<string, Azure.ResourceManager.AppConfiguration.AppConfigurationStoreData>)) { }
         public static Azure.Provisioning.AppConfiguration.AppConfigurationStore FromExisting(Azure.Provisioning.IConstruct scope, string name, Azure.Provisioning.ResourceManager.ResourceGroup? parent = null) { throw null; }
         protected override string GetAzureName(Azure.Provisioning.IConstruct scope, string resourceName) { throw null; }
     }
@@ -184,6 +184,7 @@ public partial class RoleAssignment : Azure.Provisioning.Resource<Azure.Resource
         private readonly object _dummy;
         private readonly int _dummyPrimitive;
         public RoleDefinition(string value) { throw null; }
+        public static Azure.Provisioning.Authorization.RoleDefinition AppConfigurationDataOwner { get { throw null; } }
         public static Azure.Provisioning.Authorization.RoleDefinition CognitiveServicesOpenAIContributor { get { throw null; } }
         public static Azure.Provisioning.Authorization.RoleDefinition KeyVaultAdministrator { get { throw null; } }
         public static Azure.Provisioning.Authorization.RoleDefinition ServiceBusDataOwner { get { throw null; } }
diff --git a/sdk/provisioning/Azure.Provisioning/api/Azure.Provisioning.netstandard2.0.cs b/sdk/provisioning/Azure.Provisioning/api/Azure.Provisioning.netstandard2.0.cs
index d0f06bfb11f99..2ad9b2f4463a3 100644
--- a/sdk/provisioning/Azure.Provisioning/api/Azure.Provisioning.netstandard2.0.cs
+++ b/sdk/provisioning/Azure.Provisioning/api/Azure.Provisioning.netstandard2.0.cs
@@ -124,7 +124,7 @@ public static partial class AppConfigurationExtensions
     }
     public partial class AppConfigurationStore : Azure.Provisioning.Resource<Azure.ResourceManager.AppConfiguration.AppConfigurationStoreData>
     {
-        public AppConfigurationStore(Azure.Provisioning.IConstruct scope, Azure.Provisioning.ResourceManager.ResourceGroup? parent = null, string name = "store", string version = "2023-03-01", Azure.Core.AzureLocation? location = default(Azure.Core.AzureLocation?)) : base (default(Azure.Provisioning.IConstruct), default(Azure.Provisioning.Resource), default(string), default(Azure.Core.ResourceType), default(string), default(System.Func<string, Azure.ResourceManager.AppConfiguration.AppConfigurationStoreData>)) { }
+        public AppConfigurationStore(Azure.Provisioning.IConstruct scope, string skuName = "free", Azure.Provisioning.ResourceManager.ResourceGroup? parent = null, string name = "store", string version = "2023-03-01", Azure.Core.AzureLocation? location = default(Azure.Core.AzureLocation?)) : base (default(Azure.Provisioning.IConstruct), default(Azure.Provisioning.Resource), default(string), default(Azure.Core.ResourceType), default(string), default(System.Func<string, Azure.ResourceManager.AppConfiguration.AppConfigurationStoreData>)) { }
         public static Azure.Provisioning.AppConfiguration.AppConfigurationStore FromExisting(Azure.Provisioning.IConstruct scope, string name, Azure.Provisioning.ResourceManager.ResourceGroup? parent = null) { throw null; }
         protected override string GetAzureName(Azure.Provisioning.IConstruct scope, string resourceName) { throw null; }
     }
@@ -184,6 +184,7 @@ public partial class RoleAssignment : Azure.Provisioning.Resource<Azure.Resource
         private readonly object _dummy;
         private readonly int _dummyPrimitive;
         public RoleDefinition(string value) { throw null; }
+        public static Azure.Provisioning.Authorization.RoleDefinition AppConfigurationDataOwner { get { throw null; } }
         public static Azure.Provisioning.Authorization.RoleDefinition CognitiveServicesOpenAIContributor { get { throw null; } }
         public static Azure.Provisioning.Authorization.RoleDefinition KeyVaultAdministrator { get { throw null; } }
         public static Azure.Provisioning.Authorization.RoleDefinition ServiceBusDataOwner { get { throw null; } }