feat: Update avm/res/event-hubs/namespace -Add support for AKV secrets export

[weikanglim]

Description

Closes #3638

Pipeline Reference

Verified locally:

Type of Change

• Update to CI Environment or utilities (Non-module affecting changes)
• Azure Verified Module updates:
  • Bugfix containing backwards-compatible bug fixes, and I have NOT bumped the MAJOR or MINOR version in version.json:
    • Someone has opened a bug report issue, and I have included "Closes #{bug_report_issue_number}" in the PR description.
    • The bug was found by the module author, and no one has opened an issue to report it yet.
  • Feature update backwards compatible feature updates, and I have bumped the MINOR version in version.json.
  • Breaking changes and I have bumped the MAJOR version in version.json.
  • Update to documentation

Checklist

• I'm sure there are no other open Pull Requests for the same update/change
• I have run Set-AVMModule locally to generate the supporting module files.
• My corresponding pipelines / checks run clean and green without any errors or warnings

[microsoft-github-policy-service]

Important

The "Needs: Triage 🔍" label must be removed once the triage process is complete!

Tip

For additional guidance on how to triage this issue/PR, see the BRM Issue Triage documentation.

[microsoft-github-policy-service]

Important

If this is a module-related PR, being submitted by the sole owner of the module, the AVM core team must review and approve it (as module owners can't approve their own PRs).

To indicate this PR needs the core team''s attention, apply the "Needs: Core Team 🧞" label!

The core team will only review and approve PRs that have this label applied!

[AlexanderSehr]

Please also add the secrets output to the bottom of the list of current outputs:

import { secretsOutputType } from 'br/public:avm/utl/types/avm-common-types:0.5.1'
@description('A hashtable of references to the secrets exported to the provided Key Vault. The key of each reference is each secret\'s name.')
output exportedSecrets secretsOutputType = (secretsExportConfiguration != null)
  ? toObject(secretsExport.outputs.secretsSet, secret => last(split(secret.secretResourceId, '/')), secret => secret)
  : {}

Ref: https://azure.github.io/Azure-Verified-Modules/specs/bcp/res/interfaces/#user-defined-type-parameter--resource-example

[AlexanderSehr]

Suggested change

	rootPrimaryConnectionString: string?
	@description('Optional. The rootSecondaryConnectionString secret name to create.')
	rootSecondaryConnectionString: string?
	@description('Optional. The rootPrimaryKey secret name to create.')
	rootPrimaryKey: string?
	@description('Optional. The rootSecondaryKey secret name to create.')
	rootSecondaryKey: string?
	rootPrimaryConnectionStringName: string?
	@description('Optional. The rootSecondaryConnectionString secret name to create.')
	rootSecondaryConnectionStringName: string?
	@description('Optional. The rootPrimaryKey secret name to create.')
	rootPrimaryKeyName: string?
	@description('Optional. The rootSecondaryKey secret name to create.')
	rootSecondaryKeyName: string?

[AlexanderSehr]

Suggested change

	contains(secretsExportConfiguration!, 'rootPrimaryConnectionString')
	? [
	{
	name: secretsExportConfiguration!.rootPrimaryConnectionString
	value: listkeys('${eventHubNamespace.id}/AuthorizationRules/RootManageSharedAccessKey', '2024-01-01').primaryConnectionString
	}
	]
	: [],
	contains(secretsExportConfiguration!, 'rootSecondaryConnectionString')
	? [
	{
	name: secretsExportConfiguration!.rootSecondaryConnectionString
	value: listkeys('${eventHubNamespace.id}/AuthorizationRules/RootManageSharedAccessKey', '2024-01-01').secondaryConnectionString
	}
	]
	: [],
	contains(secretsExportConfiguration!, 'rootPrimaryKey')
	? [
	{
	name: secretsExportConfiguration!.rootPrimaryKey
	value: listkeys('${eventHubNamespace.id}/AuthorizationRules/RootManageSharedAccessKey', '2024-01-01').primaryKey
	}
	]
	: [],
	contains(secretsExportConfiguration!, 'rootSecondaryKey')
	? [
	{
	name: secretsExportConfiguration!.rootSecondaryKey
	contains(secretsExportConfiguration!, 'rootPrimaryConnectionStringName')
	? [
	{
	name: secretsExportConfiguration!.?rootPrimaryConnectionStringName
	value: listkeys('${eventHubNamespace.id}/AuthorizationRules/RootManageSharedAccessKey', '2024-01-01').primaryConnectionString
	}
	]
	: [],
	contains(secretsExportConfiguration!, 'rootSecondaryConnectionStringName')
	? [
	{
	name: secretsExportConfiguration!.?rootSecondaryConnectionStringName
	value: listkeys('${eventHubNamespace.id}/AuthorizationRules/RootManageSharedAccessKey', '2024-01-01').secondaryConnectionString
	}
	]
	: [],
	contains(secretsExportConfiguration!, 'rootPrimaryKeyName')
	? [
	{
	name: secretsExportConfiguration!.?rootPrimaryKeyName
	value: listkeys('${eventHubNamespace.id}/AuthorizationRules/RootManageSharedAccessKey', '2024-01-01').primaryKey
	}
	]
	: [],
	contains(secretsExportConfiguration!, 'rootSecondaryKeyName')
	? [
	{
	name: secretsExportConfiguration!.?rootSecondaryKeyName

... to address a new Bicep warning (even try get technically should not be needed here)...

[AlexanderSehr]

Suggested change

	rootPrimaryKey: 'primaryKey-name'
	rootSecondaryKey: 'secondaryKey-name'
	rootPrimaryConnectionString: 'primaryConnectionString-name'
	rootSecondaryConnectionString: 'secondaryConnectionString-name'
	rootPrimaryKeyName: 'primaryKey-name'
	rootSecondaryKeyName: 'secondaryKey-name'
	rootPrimaryConnectionStringName: 'primaryConnectionString-name'
	rootSecondaryConnectionStringName: 'secondaryConnectionString-name'

[AlexanderSehr]

Suggested change

	// ============== //
	// Parameters //
	// ============== //
	@description('Required. The name of the Key Vault to set the secrets in.')
	param keyVaultName string
	import { secretToSetType } from 'br/public:avm/utl/types/avm-common-types:0.4.1'
	@description('Required. The secrets to set in the Key Vault.')
	param secretsToSet secretToSetType[]
	// ============= //
	// Resources //
	// ============= //
	resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
	name: keyVaultName
	}
	resource secrets 'Microsoft.KeyVault/vaults/secrets@2023-07-01' = [
	for secret in secretsToSet: {
	name: secret.name
	parent: keyVault
	properties: {
	value: secret.value
	}
	}
	]
	// =========== //
	// Outputs //
	// =========== //
	import { secretSetOutputType } from 'br/public:avm/utl/types/avm-common-types:0.4.1'
	@description('The references to the secrets exported to the provided Key Vault.')
	output secretsSet secretSetOutputType[] = [
	#disable-next-line outputs-should-not-contain-secrets // Only returning the references, not a secret value
	for index in range(0, length(secretsToSet ?? [])): {
	secretResourceId: secrets[index].id
	secretUri: secrets[index].properties.secretUri
	secretUriWithVersion: secrets[index].properties.secretUriWithVersion
	}
	]
	@description('Required. The name of the Key Vault to set the secrets in.')
	param keyVaultName string
	import { secretToSetType } from 'br/public:avm/utl/types/avm-common-types:0.5.1'
	@description('Required. The secrets to set in the Key Vault.')
	param secretsToSet secretToSetType[]
	resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
	name: keyVaultName
	}
	resource secrets 'Microsoft.KeyVault/vaults/secrets@2023-07-01' = [
	for secret in secretsToSet: {
	name: secret.name
	parent: keyVault
	properties: {
	value: secret.value
	}
	}
	]
	import { secretSetOutputType } from 'br/public:avm/utl/types/avm-common-types:0.5.1'
	@description('The references to the secrets exported to the provided Key Vault.')
	output secretsSet secretSetOutputType[] = [
	#disable-next-line outputs-should-not-contain-secrets // Only returning the references, not a secret value
	for index in range(0, length(secretsToSet ?? [])): {
	secretResourceId: secrets[index].id
	secretUri: secrets[index].properties.secretUri
	secretUriWithVersion: secrets[index].properties.secretUriWithVersion
	}
	]

[AlexanderSehr]

Great work @weikanglim - content-wise nothing to complain about at all. The suggestions I added were all just minor details to align with the spec, address a very new bicep warning & format the export file 💪

Please note: After commiting the changes (which you can do via the GitHub UI) you'll have to re-run the Set-AVMModule --Path '(...)' Recurse function to regenerate the readme & json files. Thank you