Service connector keyvaut secret (#18258)

Azure · Mar 15, 2022 · 6ac3fab · 6ac3fab
1 parent 8281222
commit 6ac3fab
Show file tree

Hide file tree

Showing 4 changed files with 159 additions and 19 deletions.
diff --git a/...resource-manager/Microsoft.ServiceLinker/preview/2022-01-01-preview/examples/PutLink.json b/...resource-manager/Microsoft.ServiceLinker/preview/2022-01-01-preview/examples/PutLink.json
@@ -7,12 +7,15 @@
       "properties": {
         "targetService": {
           "type": "AzureResource",
-          "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DocumentDb/databaseAccounts/test-acc/mongodbDatabases/test-db"
+          "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DBforPostgreSQL/servers/test-pg/databases/test-db"
         },
         "authInfo": {
           "authType": "secret",
           "name": "name",
-          "secret": "secret"
+          "secret": {
+            "secretType": "rawValue",
+            "value": "secret"
+          }
         }
       }
     }
@@ -29,7 +32,7 @@
           },
           "targetService": {
             "type": "AzureResource",
-            "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DocumentDb/databaseAccounts/test-acc/mongodbDatabases/test-db"
+            "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DBforPostgreSQL/servers/test-pg/databases/test-db"
           }
         }
       }
@@ -45,7 +48,7 @@
           },
           "targetService": {
             "type": "AzureResource",
-            "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DocumentDb/databaseAccounts/test-acc/mongodbDatabases/test-db"
+            "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DBforPostgreSQL/servers/test-pg/databases/test-db"
           }
         }
       }

diff --git a/...r/Microsoft.ServiceLinker/preview/2022-01-01-preview/examples/PutLinkWithSecretStore.json b/...r/Microsoft.ServiceLinker/preview/2022-01-01-preview/examples/PutLinkWithSecretStore.json
@@ -0,0 +1,61 @@
+{
+  "parameters": {
+    "api-version": "2022-01-01-preview",
+    "resourceUri": "subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Web/sites/test-app",
+    "linkerName": "linkName",
+    "parameters": {
+      "properties": {
+        "targetService": {
+          "type": "AzureResource",
+          "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DocumentDb/databaseAccounts/test-acc/mongodbDatabases/test-db"
+        },
+        "authInfo": {
+          "authType": "secret"
+        },
+        "secretStore": {
+          "keyVaultId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.KeyVault/vaults/test-kv"
+        }
+      }
+    }
+  },
+  "responses": {
+    "200": {
+      "body": {
+        "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Web/sites/test-app/providers/Microsoft.ServiceLinker/links/linkName",
+        "type": "Microsoft.ServiceLinker/links",
+        "name": "linkName",
+        "properties": {
+          "authInfo": {
+            "authType": "secret"
+          },
+          "secretStore": {
+            "keyVaultId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.KeyVault/vaults/test-kv"
+          },
+          "targetService": {
+            "type": "AzureResource",
+            "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DocumentDb/databaseAccounts/test-acc/mongodbDatabases/test-db"
+          }
+        }
+      }
+    },
+    "201": {
+      "body": {
+        "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Web/sites/test-app/providers/Microsoft.ServiceLinker/links/linkName",
+        "type": "Microsoft.ServiceLinker/links",
+        "name": "linkName",
+        "properties": {
+          "authInfo": {
+            "authType": "secret"
+          },
+          "secretStore": {
+            "keyVaultId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.KeyVault/vaults/test-kv"
+          },
+          "targetService": {
+            "type": "AzureResource",
+            "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DocumentDb/databaseAccounts/test-acc/mongodbDatabases/test-db"
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/...crosoft.ServiceLinker/preview/2022-01-01-preview/examples/PutLinkWithServiceEndpoint.json b/...crosoft.ServiceLinker/preview/2022-01-01-preview/examples/PutLinkWithServiceEndpoint.json
@@ -7,18 +7,18 @@
       "properties": {
         "targetService": {
           "type": "AzureResource",
-          "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DocumentDb/databaseAccounts/test-acc/mongodbDatabases/test-db"
+          "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DBforPostgreSQL/servers/test-pg/databases/test-db"
         },
         "authInfo": {
           "authType": "secret",
           "name": "name",
-          "secret": "secret"
+          "secret": {
+            "secretType": "keyVaultSecretUri",
+            "value": "https://vault-name.vault.azure.net/secrets/secret-name/00000000000000000000000000000000"
+          }
         },
         "vNetSolution": {
           "type": "serviceEndpoint"
-        },
-        "secretStore": {
-          "keyVaultId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.KeyVault/vaults/test-kv"
         }
       }
     }
@@ -37,12 +37,9 @@
           "vNetSolution": {
             "type": "serviceEndpoint"
           },
-          "secretStore": {
-            "keyVaultId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.KeyVault/vaults/test-kv"
-          },
           "targetService": {
             "type": "AzureResource",
-            "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DocumentDb/databaseAccounts/test-acc/mongodbDatabases/test-db"
+            "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DBforPostgreSQL/servers/test-pg/databases/test-db"
           }
         }
       }
@@ -60,12 +57,9 @@
           "vNetSolution": {
             "type": "serviceEndpoint"
           },
-          "secretStore": {
-            "keyVaultId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.KeyVault/vaults/test-kv"
-          },
           "targetService": {
             "type": "AzureResource",
-            "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DocumentDb/databaseAccounts/test-acc/mongodbDatabases/test-db"
+            "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DBforPostgreSQL/servers/test-pg/databases/test-db"
           }
         }
       }

diff --git a/...er/resource-manager/Microsoft.ServiceLinker/preview/2022-01-01-preview/servicelinker.json b/...er/resource-manager/Microsoft.ServiceLinker/preview/2022-01-01-preview/servicelinker.json
@@ -119,6 +119,9 @@
           },
           "PutLinkWithServiceEndpoint": {
             "$ref": "./examples/PutLinkWithServiceEndpoint.json"
+          },
+          "PutLinkWithSecretStore": {
+            "$ref": "./examples/PutLinkWithSecretStore.json"
           }
         },
         "parameters": [
@@ -521,6 +524,86 @@
         "modelAsString": true
       }
     },
+    "SecretType": {
+      "description": "The secret type.",
+      "type": "string",
+      "enum": [
+        "rawValue",
+        "keyVaultSecretUri",
+        "keyVaultSecretReference"
+      ],
+      "x-ms-enum": {
+        "name": "SecretType",
+        "modelAsString": true
+      }
+    },
+    "SecretInfoBase": {
+      "description": "The secret info",
+      "discriminator": "secretType",
+      "type": "object",
+      "properties": {
+        "secretType": {
+          "description": "The secret type.",
+          "$ref": "#/definitions/SecretType"
+        }
+      },
+      "required": [
+        "secretType"
+      ]
+    },
+    "ValueSecretInfo": {
+      "x-ms-discriminator-value": "rawValue",
+      "type": "object",
+      "description": "The secret info when type is rawValue. It's for scenarios that user input the secret.",
+      "allOf": [
+        {
+          "$ref": "#/definitions/SecretInfoBase"
+        }
+      ],
+      "properties": {
+        "value": {
+          "description": "The actual value of the secret.",
+          "type": "string",
+          "x-ms-secret": true
+        }
+      }
+    },
+    "KeyVaultSecretReferenceSecretInfo": {
+      "x-ms-discriminator-value": "keyVaultSecretReference",
+      "type": "object",
+      "description": "The secret info when type is keyVaultSecretReference. It's for scenario that user provides a secret stored in user's keyvault and source is Azure Kubernetes. The key Vault's resource id is linked to secretStore.keyVaultId.",
+      "allOf": [
+        {
+          "$ref": "#/definitions/SecretInfoBase"
+        }
+      ],
+      "properties": {
+        "name": {
+          "description": "Name of the Key Vault secret.",
+          "type": "string"
+        },
+        "version": {
+          "description": "Version of the Key Vault secret.",
+          "type": "string"
+        }
+      }
+    },
+    "KeyVaultSecretUriSecretInfo": {
+      "x-ms-discriminator-value": "keyVaultSecretUri",
+      "type": "object",
+      "description": "The secret info when type is keyVaultSecretUri. It's for scenario that user provides a secret stored in user's keyvault and source is Web App, Spring Cloud or Container App.",
+      "allOf": [
+        {
+          "$ref": "#/definitions/SecretInfoBase"
+        }
+      ],
+      "properties": {
+        "value": {
+          "description": "URI to the keyvault secret",
+          "type": "string"
+        }
+      }
+    },
     "AuthInfoBase": {
       "description": "The authentication info",
       "discriminator": "authType",
@@ -551,8 +634,7 @@
         },
         "secret": {
           "description": "Password or account key for secret auth.",
-          "type": "string",
-          "x-ms-secret": true
+          "$ref": "#/definitions/SecretInfoBase"
         }
       }
     },