Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

use setSecret for secured bicep param #3804

Merged
merged 2 commits into from
Apr 26, 2024
Merged

use setSecret for secured bicep param #3804

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
4c391a5
use setSecret for secured bicep param
vhvb1989 Apr 26, 2024
9763177
rev config.
vhvb1989 Apr 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
63 changes: 37 additions & 26 deletions cli/azd/pkg/infra/provisioning/bicep/bicep_provider.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ import (
"github.com/azure/azure-dev/cli/azd/pkg/azapi"
"github.com/azure/azure-dev/cli/azd/pkg/azure"
"github.com/azure/azure-dev/cli/azd/pkg/cmdsubst"
"github.com/azure/azure-dev/cli/azd/pkg/config"
"github.com/azure/azure-dev/cli/azd/pkg/convert"
"github.com/azure/azure-dev/cli/azd/pkg/environment"
"github.com/azure/azure-dev/cli/azd/pkg/infra"
Expand Down Expand Up @@ -2010,12 +2011,7 @@ func (p *BicepProvider) ensureParameters(
configuredParameters[key] = azure.ArmParameterValue{
Value: genValue,
}
// - save to config for next attempts
if err := p.env.Config.Set(configKey, genValue); err != nil {
// errors from config.Set are panics, so we can't recover from them
// For example, the value is not serializable to JSON
log.Panicf(fmt.Sprintf("warning: failed to set value: %v", err))
}
mustSetParamAsConfig(key, genValue, p.env.Config, param.Secure())
configModified = true
continue
}
Expand Down Expand Up @@ -2046,39 +2042,29 @@ func (p *BicepProvider) ensureParameters(
}

for _, prompt := range parameterPrompts {
configKey := fmt.Sprintf("infra.parameters.%s", prompt.key)
key := prompt.key
value := values[prompt.key]

if err := p.env.Config.Set(configKey, value); err == nil {
configModified = true
} else {
// errors from config.Set are panics, so we can't recover from them
// For example, the value is not serializable to JSON
log.Panicf(fmt.Sprintf("warning: failed to set value: %v", err))
}

configuredParameters[prompt.key] = azure.ArmParameterValue{
mustSetParamAsConfig(key, value, p.env.Config, prompt.param.Secure())
configModified = true
configuredParameters[key] = azure.ArmParameterValue{
Value: value,
}
}
} else {
for _, prompt := range parameterPrompts {
configKey := fmt.Sprintf("infra.parameters.%s", prompt.key)
key := prompt.key

// Otherwise, prompt for the value.
value, err := p.promptForParameter(ctx, prompt.key, prompt.param)
value, err := p.promptForParameter(ctx, key, prompt.param)
if err != nil {
return nil, fmt.Errorf("prompting for value: %w", err)
}

if err := p.env.Config.Set(configKey, value); err == nil {
configModified = true
} else {
// errors from config.Set are panics, so we can't recover from them
// For example, the value is not serializable to JSON
log.Panicf(fmt.Sprintf("warning: failed to set value: %v", err))
mustSetParamAsConfig(key, value, p.env.Config, prompt.param.Secure())
configModified = true
configuredParameters[key] = azure.ArmParameterValue{
Value: value,
}

configuredParameters[prompt.key] = azure.ArmParameterValue{
Value: value,
}
Expand All @@ -2095,6 +2081,31 @@ func (p *BicepProvider) ensureParameters(
return configuredParameters, nil
}

var configInfraParametersKey = "infra.parameters."

// mustSetParamAsConfig sets the specified key-value pair in the given config.Config object.
// If the isSecured flag is set to true, the value is set as a secret using config.SetSecret,
// otherwise it is set using config.Set.
// If an error occurs while setting the value, the function panics with a warning message.
func mustSetParamAsConfig(key string, value any, config config.Config, isSecured bool) {
configKey := configInfraParametersKey + key

if !isSecured {
if err := config.Set(configKey, value); err != nil {
log.Panicf("failed setting config value: %v", err)
}
return
}

secretString, castOk := value.(string)
if !castOk {
log.Panic("tried to set a non-string as secret. This is not supported.")
}
if err := config.SetSecret(configKey, secretString); err != nil {
log.Panicf("failed setting a secret in config: %v", err)
}
}

// Convert the ARM parameters file value into a value suitable for deployment
func armParameterFileValue(paramType ParameterType, value any, defaultValue any) any {
// Quick return if the value being converted is not a string
Expand Down
Loading