fix(azure): use built-in policy for redis (#521)

arealmaas · web-flow · commit 2a8fa76761a9 · 2024-03-06T10:50:42.000+01:00
We used a custom access policy which is not required as Data Contributor
meets our needs.
diff --git a/.azure/applications/web-api-eu/main.bicep b/.azure/applications/web-api-eu/main.bicep
@@ -77,23 +77,14 @@ module containerApp '../../modules/containerApp/main.bicep' = {
   }
 }
 
-resource redisCustomAccessPolicy 'Microsoft.Cache/redis/accessPolicies@2023-08-01' = {
+resource redisAccessPolicyAssignment 'Microsoft.Cache/redis/accessPolicyAssignments@2023-08-01' = {
   parent: redis
   name: containerAppName
   properties: {
-    permissions: 'Contributor'
-  }
-}
-
-resource redisCustomAccessPolicyAssignment 'Microsoft.Cache/redis/accessPolicyAssignments@2023-08-01' = {
-  parent: redis
-  name: containerAppName
-  properties: {
-    accessPolicyName: containerAppName
+    accessPolicyName: 'Data Contributor'
     objectId: containerApp.outputs.identityPrincipalId
     objectIdAlias: '${containerAppName}-access-policy-redis'
   }
-  dependsOn: [redisCustomAccessPolicy]
 }
 
 module keyVaultReaderAccessPolicy '../../modules/keyvault/addReaderRoles.bicep' = {
diff --git a/.azure/applications/web-api-so/main.bicep b/.azure/applications/web-api-so/main.bicep
@@ -81,23 +81,14 @@ module containerApp '../../modules/containerApp/main.bicep' = {
   }
 }
 
-resource redisCustomAccessPolicy 'Microsoft.Cache/redis/accessPolicies@2023-08-01' = {
+resource redisAccessPolicyAssignment 'Microsoft.Cache/redis/accessPolicyAssignments@2023-08-01' = {
   parent: redis
   name: containerAppName
   properties: {
-    permissions: 'Contributor'
-  }
-}
-
-resource redisCustomAccessPolicyAssignment 'Microsoft.Cache/redis/accessPolicyAssignments@2023-08-01' = {
-  parent: redis
-  name: containerAppName
-  properties: {
-    accessPolicyName: containerAppName
+    accessPolicyName: 'Data Contributor'
     objectId: containerApp.outputs.identityPrincipalId
     objectIdAlias: '${containerAppName}-access-policy-redis'
   }
-  dependsOn: [redisCustomAccessPolicy]
 }
 
 module keyVaultReaderAccessPolicy '../../modules/keyvault/addReaderRoles.bicep' = {

Original file line number	Diff line number	Diff line change
`@@ -77,23 +77,14 @@ module containerApp '../../modules/containerApp/main.bicep' = {`
`77`	`77`	`}`
`78`	`78`	`}`
`79`	`79`
`80`		`-resource redisCustomAccessPolicy 'Microsoft.Cache/redis/accessPolicies@2023-08-01' = {`
	`80`	`+resource redisAccessPolicyAssignment 'Microsoft.Cache/redis/accessPolicyAssignments@2023-08-01' = {`
`81`	`81`	`parent: redis`
`82`	`82`	`name: containerAppName`
`83`	`83`	`properties: {`
`84`		`- permissions: 'Contributor'`
`85`		`- }`
`86`		`-}`
`87`		`-`
`88`		`-resource redisCustomAccessPolicyAssignment 'Microsoft.Cache/redis/accessPolicyAssignments@2023-08-01' = {`
`89`		`- parent: redis`
`90`		`- name: containerAppName`
`91`		`- properties: {`
`92`		`- accessPolicyName: containerAppName`
	`84`	`+ accessPolicyName: 'Data Contributor'`
`93`	`85`	`objectId: containerApp.outputs.identityPrincipalId`
`94`	`86`	`objectIdAlias: '${containerAppName}-access-policy-redis'`
`95`	`87`	`}`
`96`		`- dependsOn: [redisCustomAccessPolicy]`
`97`	`88`	`}`
`98`	`89`
`99`	`90`	`module keyVaultReaderAccessPolicy '../../modules/keyvault/addReaderRoles.bicep' = {`
Original file line number	Diff line number	Diff line change
`@@ -81,23 +81,14 @@ module containerApp '../../modules/containerApp/main.bicep' = {`
`81`	`81`	`}`
`82`	`82`	`}`
`83`	`83`
`84`		`-resource redisCustomAccessPolicy 'Microsoft.Cache/redis/accessPolicies@2023-08-01' = {`
	`84`	`+resource redisAccessPolicyAssignment 'Microsoft.Cache/redis/accessPolicyAssignments@2023-08-01' = {`
`85`	`85`	`parent: redis`
`86`	`86`	`name: containerAppName`
`87`	`87`	`properties: {`
`88`		`- permissions: 'Contributor'`
`89`		`- }`
`90`		`-}`
`91`		`-`
`92`		`-resource redisCustomAccessPolicyAssignment 'Microsoft.Cache/redis/accessPolicyAssignments@2023-08-01' = {`
`93`		`- parent: redis`
`94`		`- name: containerAppName`
`95`		`- properties: {`
`96`		`- accessPolicyName: containerAppName`
	`88`	`+ accessPolicyName: 'Data Contributor'`
`97`	`89`	`objectId: containerApp.outputs.identityPrincipalId`
`98`	`90`	`objectIdAlias: '${containerAppName}-access-policy-redis'`
`99`	`91`	`}`
`100`		`- dependsOn: [redisCustomAccessPolicy]`
`101`	`92`	`}`
`102`	`93`
`103`	`94`	`module keyVaultReaderAccessPolicy '../../modules/keyvault/addReaderRoles.bicep' = {`