Skip to content

Commit d19350d

Browse files
arealmaasarealmaas
authored
fix(azure): revert to using connection string for IDistributedCache Redis (#526)
It seems like we need to use a connection string to connect to the Redis library used by IDistributedCache. Until we can use managed identity, that is the case. dotnet/aspnetcore#54414
1 parent 5ed55ed commit d19350d

12 files changed

+11
-55
lines changed

.azure/applications/web-api-eu/main.bicep

-17
Original file line numberDiff line numberDiff line change
@@ -14,9 +14,6 @@ param apimIp string
1414
param containerAppEnvironmentName string
1515
@minLength(3)
1616
@secure()
17-
param redisName string
18-
@minLength(3)
19-
@secure()
2017
param appInsightConnectionString string
2118
@minLength(5)
2219
@secure()
@@ -36,10 +33,6 @@ resource containerAppEnvironment 'Microsoft.App/managedEnvironments@2023-05-01'
3633
name: containerAppEnvironmentName
3734
}
3835

39-
resource redis 'Microsoft.Cache/redis@2023-08-01' existing = {
40-
name: redisName
41-
}
42-
4336
var containerAppEnvVars = [
4437
{
4538
name: 'ASPNETCORE_ENVIRONMENT'
@@ -77,16 +70,6 @@ module containerApp '../../modules/containerApp/main.bicep' = {
7770
}
7871
}
7972

80-
resource redisAccessPolicyAssignment 'Microsoft.Cache/redis/accessPolicyAssignments@2023-08-01' = {
81-
parent: redis
82-
name: containerAppName
83-
properties: {
84-
accessPolicyName: 'Data Contributor'
85-
objectId: containerApp.outputs.identityPrincipalId
86-
objectIdAlias: '${containerAppName}-access-policy-redis'
87-
}
88-
}
89-
9073
module keyVaultReaderAccessPolicy '../../modules/keyvault/addReaderRoles.bicep' = {
9174
name: 'keyVaultReaderAccessPolicy-${containerAppName}'
9275
params: {

.azure/applications/web-api-eu/staging.bicepparam

-1
Original file line numberDiff line numberDiff line change
@@ -10,4 +10,3 @@ param environmentKeyVaultName = readEnvironmentVariable('ENVIRONMENT_KEY_VAULT_N
1010
param containerAppEnvironmentName = readEnvironmentVariable('CONTAINER_APP_ENVIRONMENT_NAME')
1111
param appInsightConnectionString = readEnvironmentVariable('APP_INSIGHTS_CONNECTION_STRING')
1212
param appConfigurationName = readEnvironmentVariable('APP_CONFIGURATION_NAME')
13-
param redisName = readEnvironmentVariable('REDIS_NAME')

.azure/applications/web-api-eu/test.bicepparam

-1
Original file line numberDiff line numberDiff line change
@@ -10,4 +10,3 @@ param environmentKeyVaultName = readEnvironmentVariable('ENVIRONMENT_KEY_VAULT_N
1010
param containerAppEnvironmentName = readEnvironmentVariable('CONTAINER_APP_ENVIRONMENT_NAME')
1111
param appInsightConnectionString = readEnvironmentVariable('APP_INSIGHTS_CONNECTION_STRING')
1212
param appConfigurationName = readEnvironmentVariable('APP_CONFIGURATION_NAME')
13-
param redisName = readEnvironmentVariable('REDIS_NAME')

.azure/applications/web-api-so/main.bicep

-17
Original file line numberDiff line numberDiff line change
@@ -14,9 +14,6 @@ param apimIp string
1414
param containerAppEnvironmentName string
1515
@minLength(3)
1616
@secure()
17-
param redisName string
18-
@minLength(3)
19-
@secure()
2017
param appInsightConnectionString string
2118
@minLength(5)
2219
@secure()
@@ -36,10 +33,6 @@ resource containerAppEnvironment 'Microsoft.App/managedEnvironments@2023-05-01'
3633
name: containerAppEnvironmentName
3734
}
3835

39-
resource redis 'Microsoft.Cache/redis@2023-08-01' existing = {
40-
name: redisName
41-
}
42-
4336
var containerAppEnvVars = [
4437
{
4538
name: 'ASPNETCORE_ENVIRONMENT'
@@ -81,16 +74,6 @@ module containerApp '../../modules/containerApp/main.bicep' = {
8174
}
8275
}
8376

84-
resource redisAccessPolicyAssignment 'Microsoft.Cache/redis/accessPolicyAssignments@2023-08-01' = {
85-
parent: redis
86-
name: containerAppName
87-
properties: {
88-
accessPolicyName: 'Data Contributor'
89-
objectId: containerApp.outputs.identityPrincipalId
90-
objectIdAlias: '${containerAppName}-access-policy-redis'
91-
}
92-
}
93-
9477
module keyVaultReaderAccessPolicy '../../modules/keyvault/addReaderRoles.bicep' = {
9578
name: 'keyVaultReaderAccessPolicy-${containerAppName}'
9679
params: {

.azure/applications/web-api-so/staging.bicepparam

-1
Original file line numberDiff line numberDiff line change
@@ -10,4 +10,3 @@ param environmentKeyVaultName = readEnvironmentVariable('ENVIRONMENT_KEY_VAULT_N
1010
param containerAppEnvironmentName = readEnvironmentVariable('CONTAINER_APP_ENVIRONMENT_NAME')
1111
param appInsightConnectionString = readEnvironmentVariable('APP_INSIGHTS_CONNECTION_STRING')
1212
param appConfigurationName = readEnvironmentVariable('APP_CONFIGURATION_NAME')
13-
param redisName = readEnvironmentVariable('REDIS_NAME')

.azure/applications/web-api-so/test.bicepparam

-1
Original file line numberDiff line numberDiff line change
@@ -10,4 +10,3 @@ param environmentKeyVaultName = readEnvironmentVariable('ENVIRONMENT_KEY_VAULT_N
1010
param containerAppEnvironmentName = readEnvironmentVariable('CONTAINER_APP_ENVIRONMENT_NAME')
1111
param appInsightConnectionString = readEnvironmentVariable('APP_INSIGHTS_CONNECTION_STRING')
1212
param appConfigurationName = readEnvironmentVariable('APP_CONFIGURATION_NAME')
13-
param redisName = readEnvironmentVariable('REDIS_NAME')

.azure/infrastructure/main.bicep

+4-4
Original file line numberDiff line numberDiff line change
@@ -196,13 +196,13 @@ module postgresConnectionStringAppConfig '../modules/appConfiguration/upsertKeyV
196196
}
197197
}
198198

199-
module redisHostNameAppConfig '../modules/appConfiguration/upsertKeyValue.bicep' = {
199+
module redisConnectionStringAppConfig '../modules/appConfiguration/upsertKeyValue.bicep' = {
200200
scope: resourceGroup
201-
name: 'AppConfig_Add_RedisHostName'
201+
name: 'AppConfig_Add_DialogRedisConnectionString'
202202
params: {
203203
configStoreName: appConfiguration.outputs.name
204-
key: 'Infrastructure:RedisHostName'
205-
value: redis.outputs.hostNameKeyVaultUri
204+
key: 'Infrastructure:DialogRedisConnectionString'
205+
value: redis.outputs.connectionStringSecretUri
206206
keyValueType: 'keyVaultReference'
207207
}
208208
}

.azure/modules/redis/main.bicep

+7-5
Original file line numberDiff line numberDiff line change
@@ -32,14 +32,16 @@ resource redis 'Microsoft.Cache/Redis@2023-08-01' = {
3232
}
3333
}
3434

35-
module redisHostName '../keyvault/upsertSecret.bicep' = {
36-
name: 'redisHostName'
35+
// Until managed identity is supported in the Redis for IDistributedCache, we need to use a connection string
36+
// https://github.com/dotnet/aspnetcore/issues/54414
37+
module redisConnectionString '../keyvault/upsertSecret.bicep' = {
38+
name: 'redisConnectionString'
3739
params: {
3840
destKeyVaultName: environmentKeyVaultName
39-
secretName: 'dialogportenRedisHostName'
41+
secretName: 'dialogportenRedisConnectionString'
4042
// disable public access? Use vnet here maybe?
41-
secretValue: redis.properties.hostName
43+
secretValue: 'redis://${redis.properties.hostName}:${redis.properties.port},password=${redis.properties.accessKeys.primaryKey},ssl=True,abortConnect=False'
4244
}
4345
}
4446

45-
output hostNameKeyVaultUri string = redisHostName.outputs.secretUri
47+
output connectionStringSecretUri string = redisConnectionString.outputs.secretUri

.github/workflows/action-deploy-apps.yml

-5
Original file line numberDiff line numberDiff line change
@@ -22,8 +22,6 @@ on:
2222
required: true
2323
AZURE_ADO_CONNECTION_STRING_SECRET_URI:
2424
required: true
25-
AZURE_REDIS_NAME:
26-
required: true
2725

2826
inputs:
2927
region:
@@ -119,8 +117,6 @@ jobs:
119117
# needs: deploy-migration-job
120118
strategy:
121119
fail-fast: true
122-
# to ensure that the bicep commands doesn't conflict with eachother, we need to set the max-parallel to 1
123-
max-parallel: 1
124120
matrix:
125121
include:
126122
- name: web-api-eu
@@ -151,7 +147,6 @@ jobs:
151147
APP_INSIGHTS_CONNECTION_STRING: ${{ secrets.AZURE_APP_INSIGHTS_CONNECTION_STRING }}
152148
APP_CONFIGURATION_NAME: ${{ secrets.AZURE_APP_CONFIGURATION_NAME }}
153149
ENVIRONMENT_KEY_VAULT_NAME: ${{ secrets.AZURE_ENVIRONMENT_KEY_VAULT_NAME }}
154-
REDIS_NAME: ${{ secrets.AZURE_REDIS_NAME }}
155150
with:
156151
scope: resourcegroup
157152
template: ./.azure/applications/${{ matrix.name }}/main.bicep

.github/workflows/ci-cd-main.yml

-1
Original file line numberDiff line numberDiff line change
@@ -103,7 +103,6 @@ jobs:
103103
AZURE_CONTAINER_APP_ENVIRONMENT_NAME: ${{ secrets.AZURE_CONTAINER_APP_ENVIRONMENT_NAME }}
104104
AZURE_APP_INSIGHTS_CONNECTION_STRING: ${{ secrets.AZURE_APP_INSIGHTS_CONNECTION_STRING }}
105105
AZURE_APP_CONFIGURATION_NAME: ${{ secrets.AZURE_APP_CONFIGURATION_NAME }}
106-
AZURE_REDIS_NAME: ${{ secrets.AZURE_REDIS_NAME }}
107106
with:
108107
environment: test
109108
region: norwayeast

.github/workflows/ci-cd-pull-request-release-please.yml

-1
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,6 @@ jobs:
5858
AZURE_CONTAINER_APP_ENVIRONMENT_NAME: ${{ secrets.AZURE_CONTAINER_APP_ENVIRONMENT_NAME }}
5959
AZURE_APP_INSIGHTS_CONNECTION_STRING: ${{ secrets.AZURE_APP_INSIGHTS_CONNECTION_STRING }}
6060
AZURE_APP_CONFIGURATION_NAME: ${{ secrets.AZURE_APP_CONFIGURATION_NAME }}
61-
AZURE_REDIS_NAME: ${{ secrets.AZURE_REDIS_NAME }}
6261
with:
6362
environment: staging
6463
region: norwayeast

.github/workflows/ci-cd-staging.yml

-1
Original file line numberDiff line numberDiff line change
@@ -64,7 +64,6 @@ jobs:
6464
AZURE_CONTAINER_APP_ENVIRONMENT_NAME: ${{ secrets.AZURE_CONTAINER_APP_ENVIRONMENT_NAME }}
6565
AZURE_APP_INSIGHTS_CONNECTION_STRING: ${{ secrets.AZURE_APP_INSIGHTS_CONNECTION_STRING }}
6666
AZURE_APP_CONFIGURATION_NAME: ${{ secrets.AZURE_APP_CONFIGURATION_NAME }}
67-
AZURE_REDIS_NAME: ${{ secrets.AZURE_REDIS_NAME }}
6867
with:
6968
environment: staging
7069
region: norwayeast

0 commit comments

Comments
 (0)