From 851d9487addfa90c2cf11e5672161176950bf77a Mon Sep 17 00:00:00 2001
From: Ben Broderick Phillips <bebroder@microsoft.com>
Date: Thu, 3 Oct 2024 16:27:59 -0400
Subject: [PATCH] Change storage account key lookup in stress bicep template

---
 .../cluster/azure/cluster/storage.bicep              |  1 -
 tools/stress-cluster/cluster/azure/main.bicep        | 12 ++++++++++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/tools/stress-cluster/cluster/azure/cluster/storage.bicep b/tools/stress-cluster/cluster/azure/cluster/storage.bicep
index afcc36ed8ae..c9d2eeb497b 100644
--- a/tools/stress-cluster/cluster/azure/cluster/storage.bicep
+++ b/tools/stress-cluster/cluster/azure/cluster/storage.bicep
@@ -17,5 +17,4 @@ resource fileshare 'Microsoft.Storage/storageAccounts/fileServices/shares@2021-0
 }
 
 output name string = storage.name
-output key string = storage.listKeys().keys[0].value
 output fileShareName string = fileShareName
diff --git a/tools/stress-cluster/cluster/azure/main.bicep b/tools/stress-cluster/cluster/azure/main.bicep
index dbd933f19ce..e4397384116 100644
--- a/tools/stress-cluster/cluster/azure/main.bicep
+++ b/tools/stress-cluster/cluster/azure/main.bicep
@@ -98,16 +98,24 @@ module containerRegistry 'cluster/acr.bicep' = {
     }
 }
 
+var storageName = 'stressdebug${resourceSuffix}'
+
 module storage 'cluster/storage.bicep' = {
   name: 'storage'
   scope: group
   params: {
-    storageName: 'stressdebug${resourceSuffix}'
+    storageName: storageName
     fileShareName: 'stressfiles${resourceSuffix}'
     location: clusterLocation
   }
 }
 
+// Get storage account reference for key lookup (avoid key as secret output from storage module)
+resource storageAccount 'Microsoft.Storage/storageAccounts@2019-06-01' existing = {
+  name: storageName
+  scope: group
+}
+
 var appInsightsInstrumentationKeySecretName = 'appInsightsInstrumentationKey-${resourceSuffix}'
 // Value is in dotenv format as it will be appended to stress test container dotenv files
 var appInsightsInstrumentationKeySecretValue = 'APPINSIGHTS_INSTRUMENTATIONKEY=${appInsights.outputs.instrumentationKey}\n'
@@ -120,9 +128,9 @@ var appInsightsConnectionStringSecretValue = 'APPLICATIONINSIGHTS_CONNECTION_STR
 // See https://docs.microsoft.com/azure/aks/azure-files-volume#create-a-kubernetes-secret
 // See https://docs.microsoft.com/azure/aks/azure-files-csi
 var debugStorageKeySecretName = 'debugStorageKey-${resourceSuffix}'
-var debugStorageKeySecretValue = storage.outputs.key
 var debugStorageAccountSecretName = 'debugStorageAccount-${resourceSuffix}'
 var debugStorageAccountSecretValue = storage.outputs.name
+var debugStorageKeySecretValue = '${storageAccount.listKeys().keys[0].value}'
 
 module keyvault 'cluster/keyvault.bicep' = {
     name: 'keyvault'