Allow ACA to configure secrets with identity and keyvaultUrl properties

tonybaloney · tonybaloney · commit e7af503f222b · 2024-04-12T18:55:12.000+10:00
diff --git a/tests/test_cookiecutter_generation.py b/tests/test_cookiecutter_generation.py
@@ -64,7 +64,7 @@ def tests_valid_bicep(bakery):
         )
     )
     result = subprocess.run(commands, capture_output=True, text=True)
-    assert result.returncode == 0
+    assert result.returncode == 0, result.stderr
 
 @pytest.mark.skip(reason="not implmented yet")
 def tests_mongo_builds_use_mongo_db_vars(bakery, default_context):
diff --git a/{{cookiecutter.__src_folder_name}}/infra/aca.bicep b/{{cookiecutter.__src_folder_name}}/infra/aca.bicep
@@ -100,23 +100,21 @@ module app 'core/host/container-app-upsert.bicep' = {
       ]
     secrets: {
         {% if cookiecutter.db_resource in ("postgres-flexible", "cosmos-postgres") %}
-        {
-          'dbserver-password': dbserverPassword
-        }
+          'dbserver-password': {
+            value: dbserverPassword
+          }
         {% endif %}
         {% if cookiecutter.project_backend in ("django", "flask") %}
-        {
-          name: 'secret-key'
-          keyVaultUrl: '${keyVault.properties.vaultUri}secrets/SECRETKEY'
-          identity: webIdentity.id
-        }
+          'secret-key': {
+            keyVaultUrl: '${keyVault.properties.vaultUri}secrets/SECRETKEY'
+            identity: webIdentity.id
+          }
         {% endif %}
         {% if "mongodb" in cookiecutter.db_resource %}
-        {
-          name: 'azure-cosmos-connection-string'
-          keyVaultUrl: '${keyVault.properties.vaultUri}secrets/AZURE-COSMOS-CONNECTION-STRING'
-          identity: webIdentity.id
-        }
+          'azure-cosmos-connection-string': {
+            keyVaultUrl: '${keyVault.properties.vaultUri}secrets/AZURE-COSMOS-CONNECTION-STRING'
+            identity: webIdentity.id
+          }
         {% endif %}
      }
     {% if cookiecutter.db_resource == "postgres-addon" %}
diff --git a/{{cookiecutter.__src_folder_name}}/infra/core/host/container-app.bicep b/{{cookiecutter.__src_folder_name}}/infra/core/host/container-app.bicep
@@ -130,7 +130,9 @@ resource app 'Microsoft.App/containerApps@2023-05-02-preview' = {
       } : { enabled: false }
       secrets: [for secret in items(secrets): {
         name: secret.key
-        value: secret.value
+        value: secret.value.value
+        keyVaultUrl: secret.value.keyVault
+        identity: secret.value.identity
       }]
       service: !empty(serviceType) ? { type: serviceType } : null
       registries: usePrivateRegistry ? [

Original file line number	Diff line number	Diff line change
`@@ -64,7 +64,7 @@ def tests_valid_bicep(bakery):`
`64`	`64`	`)`
`65`	`65`	`)`
`66`	`66`	`result = subprocess.run(commands, capture_output=True, text=True)`
`67`		`- assert result.returncode == 0`
	`67`	`+ assert result.returncode == 0, result.stderr`
`68`	`68`
`69`	`69`	`@pytest.mark.skip(reason="not implmented yet")`
`70`	`70`	`def tests_mongo_builds_use_mongo_db_vars(bakery, default_context):`