Merge pull request #1192 from solliancenet/mg-t18082

Refactoring bicep to prevent MSI role assignment errors

deploy/quick-start/infra/main.bicep

@@ -442,22 +442,28 @@ module configTopic 'shared/config-system-topic.bicep' = {
  name: 'configTopic-${timestamp}'
  params: {
  name: '${abbrs.eventGridDomainsTopics}config${resourceToken}'
+ eventGridName: eventgrid.outputs.name
+ destinationTopicName: 'configuration'
  location: location
  tags: tags
  appConfigAccountName: appConfig.outputs.name
  }
  scope: rg
+ dependsOn: [eventgrid]
 }
 
 module storageTopic 'shared/storage-system-topic.bicep' = {
  name: 'storageTopic-${timestamp}'
  params: {
  name: '${abbrs.eventGridDomainsTopics}storage${resourceToken}'
+ eventGridName: eventgrid.outputs.name
+ destinationTopicName: 'storage'
  location: location
  tags: tags
  storageAccountName: storage.outputs.name
  }
  scope: rg
+ dependsOn: [eventgrid]
 }
 
 module storageSub 'shared/system-topic-subscription.bicep' = {

deploy/quick-start/infra/shared/config-system-topic.bicep

@@ -1,4 +1,6 @@
 param name string
+param destinationTopicName string
+param eventGridName string
 param location string = resourceGroup().location
 param tags object = {}
 param appConfigAccountName string
@@ -7,6 +9,25 @@ resource appConfig 'Microsoft.AppConfiguration/configurationStores@2023-08-01-pr
  name: appConfigAccountName
 }
 
+resource eventGridNamespace 'Microsoft.EventGrid/namespaces@2023-12-15-preview' existing = {
+ name: eventGridName
+}
+
+resource destinationTopic 'Microsoft.EventGrid/namespaces/topics@2023-12-15-preview' existing = {
+ name: destinationTopicName
+ parent: eventGridNamespace
+}
+
+resource eventSendRole 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+ scope: destinationTopic
+ name: guid(subscription().id, resourceGroup().id, topic.id, 'sendEventRole')
+ properties: {
+ roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'd5a91429-5739-47e2-a06b-3470a27159e7')
+ principalType: 'ServicePrincipal'
+ principalId: topic.identity.principalId
+ }
+}
+
 resource topic 'Microsoft.EventGrid/systemTopics@2023-12-15-preview' = {
  name: name
  location: location

deploy/quick-start/infra/shared/storage-system-topic.bicep

@@ -1,4 +1,6 @@
 param name string
+param destinationTopicName string
+param eventGridName string
 param location string = resourceGroup().location
 param tags object = {}
 param storageAccountName string
@@ -7,6 +9,25 @@ resource storage 'Microsoft.Storage/storageAccounts@2023-01-01' existing = {
  name: storageAccountName
 }
 
+resource eventGridNamespace 'Microsoft.EventGrid/namespaces@2023-12-15-preview' existing = {
+ name: eventGridName
+}
+
+resource destinationTopic 'Microsoft.EventGrid/namespaces/topics@2023-12-15-preview' existing = {
+ name: destinationTopicName
+ parent: eventGridNamespace
+}
+
+resource eventSendRole 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+ scope: destinationTopic
+ name: guid(subscription().id, resourceGroup().id, topic.id, 'sendEventRole')
+ properties: {
+ roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'd5a91429-5739-47e2-a06b-3470a27159e7')
+ principalType: 'ServicePrincipal'
+ principalId: topic.identity.principalId
+ }
+}
+
 resource topic 'Microsoft.EventGrid/systemTopics@2023-12-15-preview' = {
  name: name
  location: location

deploy/quick-start/infra/shared/system-topic-subscription.bicep

@@ -19,16 +19,6 @@ resource topic 'Microsoft.EventGrid/systemTopics@2023-12-15-preview' existing =
  name: topicName
 }
 
-resource eventSendRole 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
- scope: destinationTopic
- name: guid(subscription().id, resourceGroup().id, topic.id, 'sendEventRole')
- properties: {
- roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'd5a91429-5739-47e2-a06b-3470a27159e7')
- principalType: 'ServicePrincipal'
- principalId: topic.identity.principalId
- }
-}
-
 resource resourceProviderSub 'Microsoft.EventGrid/systemTopics/eventSubscriptions@2023-12-15-preview' = {
  name: name
  parent: topic
@@ -56,5 +46,4 @@ resource resourceProviderSub 'Microsoft.EventGrid/systemTopics/eventSubscription
  eventTimeToLiveInMinutes: 1440
  }
  }
- dependsOn: [ eventSendRole ]
 }

tests/scripts/Remove-OAuthCallbackUris.ps1

@@ -68,31 +68,33 @@ $uris = @{
 }
 
 foreach ($uri in $uris.GetEnumerator()) {
- $applicationUri = "https://graph.microsoft.com/v1.0/applications/" + $uri.Value.objectId
- $redirects = @(az rest `
- --method "get" `
- --uri $applicationUri `
- --headers "{'Content-Type': 'application/json'}" `
- --query $uri.Value.query `
- -o json | ConvertFrom-Json)
-
- $redirect = ($uri.Value.endpoint | ConvertFrom-Json) + "/signin-oidc"
+ if ($uri.Value.endpoint -ne $null)
+ {
+ $applicationUri = "https://graph.microsoft.com/v1.0/applications/" + $uri.Value.objectId
+ $redirects = @(az rest `
+  --method "get" `
+  --uri $applicationUri `
+  --headers "{'Content-Type': 'application/json'}" `
+ --query $uri.Value.query `
+  -o json | ConvertFrom-Json)
 
+ $redirect = ($uri.Value.endpoint | ConvertFrom-Json) + "/signin-oidc"
 
- if ($redirects.Contains($redirect)) {
- $redirects -= $redirect
+  if ($redirects.Contains($redirect)) {
+  $redirects -= $redirect
 
- $body = @{
- spa = @{
- redirectUris = $redirects
- }
- } | ConvertTo-Json -Compress
+  $body = @{
+  spa = @{
+  redirectUris = $redirects
+  }
+  } | ConvertTo-Json -Compress
 
- Set-Content -Path "$($uri.Key)`.json" $body
- az rest `
- --method "patch" `
- --uri $applicationUri `
- --headers "{'Content-Type': 'application/json'}" `
- --body "@$($uri.Key)`.json"
+ Set-Content -Path "$($uri.Key)`.json" $body
+ az rest `
+ --method "patch" `
+ --uri $applicationUri `
+ --headers "{'Content-Type': 'application/json'}" `
+ --body "@$($uri.Key)`.json"
+ }
  }
 }