From 295126360099fa09b2d7f69eef0e7ff153db318f Mon Sep 17 00:00:00 2001 From: xiaofanzhou Date: Tue, 15 Mar 2022 16:00:42 +0800 Subject: [PATCH] Service connector keyvaut secret --- .../2022-01-01-preview/examples/PutLink.json | 11 ++- .../examples/PutLinkWithSecretStore.json | 61 +++++++++++++ .../examples/PutLinkWithServiceEndpoint.json | 20 ++--- .../2022-01-01-preview/servicelinker.json | 86 ++++++++++++++++++- 4 files changed, 159 insertions(+), 19 deletions(-) create mode 100644 specification/servicelinker/resource-manager/Microsoft.ServiceLinker/preview/2022-01-01-preview/examples/PutLinkWithSecretStore.json diff --git a/specification/servicelinker/resource-manager/Microsoft.ServiceLinker/preview/2022-01-01-preview/examples/PutLink.json b/specification/servicelinker/resource-manager/Microsoft.ServiceLinker/preview/2022-01-01-preview/examples/PutLink.json index d590aa169029..5467b95279f6 100644 --- a/specification/servicelinker/resource-manager/Microsoft.ServiceLinker/preview/2022-01-01-preview/examples/PutLink.json +++ b/specification/servicelinker/resource-manager/Microsoft.ServiceLinker/preview/2022-01-01-preview/examples/PutLink.json @@ -7,12 +7,15 @@ "properties": { "targetService": { "type": "AzureResource", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DocumentDb/databaseAccounts/test-acc/mongodbDatabases/test-db" + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DBforPostgreSQL/servers/test-pg/databases/test-db" }, "authInfo": { "authType": "secret", "name": "name", - "secret": "secret" + "secret": { + "secretType": "rawValue", + "value": "secret" + } } } } @@ -29,7 +32,7 @@ }, "targetService": { "type": "AzureResource", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DocumentDb/databaseAccounts/test-acc/mongodbDatabases/test-db" + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DBforPostgreSQL/servers/test-pg/databases/test-db" } } } @@ -45,7 +48,7 @@ }, "targetService": { "type": "AzureResource", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DocumentDb/databaseAccounts/test-acc/mongodbDatabases/test-db" + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DBforPostgreSQL/servers/test-pg/databases/test-db" } } } diff --git a/specification/servicelinker/resource-manager/Microsoft.ServiceLinker/preview/2022-01-01-preview/examples/PutLinkWithSecretStore.json b/specification/servicelinker/resource-manager/Microsoft.ServiceLinker/preview/2022-01-01-preview/examples/PutLinkWithSecretStore.json new file mode 100644 index 000000000000..fa04c55a2f6d --- /dev/null +++ b/specification/servicelinker/resource-manager/Microsoft.ServiceLinker/preview/2022-01-01-preview/examples/PutLinkWithSecretStore.json @@ -0,0 +1,61 @@ +{ + "parameters": { + "api-version": "2022-01-01-preview", + "resourceUri": "subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Web/sites/test-app", + "linkerName": "linkName", + "parameters": { + "properties": { + "targetService": { + "type": "AzureResource", + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DocumentDb/databaseAccounts/test-acc/mongodbDatabases/test-db" + }, + "authInfo": { + "authType": "secret" + }, + "secretStore": { + "keyVaultId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.KeyVault/vaults/test-kv" + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Web/sites/test-app/providers/Microsoft.ServiceLinker/links/linkName", + "type": "Microsoft.ServiceLinker/links", + "name": "linkName", + "properties": { + "authInfo": { + "authType": "secret" + }, + "secretStore": { + "keyVaultId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.KeyVault/vaults/test-kv" + }, + "targetService": { + "type": "AzureResource", + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DocumentDb/databaseAccounts/test-acc/mongodbDatabases/test-db" + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Web/sites/test-app/providers/Microsoft.ServiceLinker/links/linkName", + "type": "Microsoft.ServiceLinker/links", + "name": "linkName", + "properties": { + "authInfo": { + "authType": "secret" + }, + "secretStore": { + "keyVaultId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.KeyVault/vaults/test-kv" + }, + "targetService": { + "type": "AzureResource", + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DocumentDb/databaseAccounts/test-acc/mongodbDatabases/test-db" + } + } + } + } + } +} diff --git a/specification/servicelinker/resource-manager/Microsoft.ServiceLinker/preview/2022-01-01-preview/examples/PutLinkWithServiceEndpoint.json b/specification/servicelinker/resource-manager/Microsoft.ServiceLinker/preview/2022-01-01-preview/examples/PutLinkWithServiceEndpoint.json index 8e915aefb1c3..9f51b32cec9c 100644 --- a/specification/servicelinker/resource-manager/Microsoft.ServiceLinker/preview/2022-01-01-preview/examples/PutLinkWithServiceEndpoint.json +++ b/specification/servicelinker/resource-manager/Microsoft.ServiceLinker/preview/2022-01-01-preview/examples/PutLinkWithServiceEndpoint.json @@ -7,18 +7,18 @@ "properties": { "targetService": { "type": "AzureResource", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DocumentDb/databaseAccounts/test-acc/mongodbDatabases/test-db" + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DBforPostgreSQL/servers/test-pg/databases/test-db" }, "authInfo": { "authType": "secret", "name": "name", - "secret": "secret" + "secret": { + "secretType": "keyVaultSecretUri", + "value": "https://vault-name.vault.azure.net/secrets/secret-name/00000000000000000000000000000000" + } }, "vNetSolution": { "type": "serviceEndpoint" - }, - "secretStore": { - "keyVaultId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.KeyVault/vaults/test-kv" } } } @@ -37,12 +37,9 @@ "vNetSolution": { "type": "serviceEndpoint" }, - "secretStore": { - "keyVaultId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.KeyVault/vaults/test-kv" - }, "targetService": { "type": "AzureResource", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DocumentDb/databaseAccounts/test-acc/mongodbDatabases/test-db" + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DBforPostgreSQL/servers/test-pg/databases/test-db" } } } @@ -60,12 +57,9 @@ "vNetSolution": { "type": "serviceEndpoint" }, - "secretStore": { - "keyVaultId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.KeyVault/vaults/test-kv" - }, "targetService": { "type": "AzureResource", - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DocumentDb/databaseAccounts/test-acc/mongodbDatabases/test-db" + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DBforPostgreSQL/servers/test-pg/databases/test-db" } } } diff --git a/specification/servicelinker/resource-manager/Microsoft.ServiceLinker/preview/2022-01-01-preview/servicelinker.json b/specification/servicelinker/resource-manager/Microsoft.ServiceLinker/preview/2022-01-01-preview/servicelinker.json index 4746f685817a..4a04551054a2 100644 --- a/specification/servicelinker/resource-manager/Microsoft.ServiceLinker/preview/2022-01-01-preview/servicelinker.json +++ b/specification/servicelinker/resource-manager/Microsoft.ServiceLinker/preview/2022-01-01-preview/servicelinker.json @@ -119,6 +119,9 @@ }, "PutLinkWithServiceEndpoint": { "$ref": "./examples/PutLinkWithServiceEndpoint.json" + }, + "PutLinkWithSecretStore": { + "$ref": "./examples/PutLinkWithSecretStore.json" } }, "parameters": [ @@ -521,6 +524,86 @@ "modelAsString": true } }, + "SecretType": { + "description": "The secret type.", + "type": "string", + "enum": [ + "rawValue", + "keyVaultSecretUri", + "keyVaultSecretReference" + ], + "x-ms-enum": { + "name": "SecretType", + "modelAsString": true + } + }, + "SecretInfoBase": { + "description": "The secret info", + "discriminator": "secretType", + "type": "object", + "properties": { + "secretType": { + "description": "The secret type.", + "$ref": "#/definitions/SecretType" + } + }, + "required": [ + "secretType" + ] + }, + "ValueSecretInfo": { + "x-ms-discriminator-value": "rawValue", + "type": "object", + "description": "The secret info when type is rawValue. It's for scenarios that user input the secret.", + "allOf": [ + { + "$ref": "#/definitions/SecretInfoBase" + } + ], + "properties": { + "value": { + "description": "The actual value of the secret.", + "type": "string", + "x-ms-secret": true + } + } + }, + "KeyVaultSecretReferenceSecretInfo": { + "x-ms-discriminator-value": "keyVaultSecretReference", + "type": "object", + "description": "The secret info when type is keyVaultSecretReference. It's for scenario that user provides a secret stored in user's keyvault and source is Azure Kubernetes. The key Vault's resource id is linked to secretStore.keyVaultId.", + "allOf": [ + { + "$ref": "#/definitions/SecretInfoBase" + } + ], + "properties": { + "name": { + "description": "Name of the Key Vault secret.", + "type": "string" + }, + "version": { + "description": "Version of the Key Vault secret.", + "type": "string" + } + } + }, + "KeyVaultSecretUriSecretInfo": { + "x-ms-discriminator-value": "keyVaultSecretUri", + "type": "object", + "description": "The secret info when type is keyVaultSecretUri. It's for scenario that user provides a secret stored in user's keyvault and source is Web App, Spring Cloud or Container App.", + "allOf": [ + { + "$ref": "#/definitions/SecretInfoBase" + } + ], + "properties": { + "value": { + "description": "URI to the keyvault secret", + "type": "string" + } + } + }, "AuthInfoBase": { "description": "The authentication info", "discriminator": "authType", @@ -551,8 +634,7 @@ }, "secret": { "description": "Password or account key for secret auth.", - "type": "string", - "x-ms-secret": true + "$ref": "#/definitions/SecretInfoBase" } } },