Improve managed identity for sql server

Aspire.sln

@@ -1,4 +1,3 @@
-
 Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio Version 17
 VisualStudioVersion = 17.0.31903.59
@@ -671,6 +670,14 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AzureAppService.ApiService"
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AzureAppService.AppHost", "playground\AzureAppService\AzureAppService.AppHost\AzureAppService.AppHost.csproj", "{2C879943-DF34-44FA-B2C3-29D97F24DD76}"
 EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "SqlServerScript", "SqlServerScript", "{02EA681E-C7D8-13C7-8484-4AC65E1B71E8}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AppHost1", "playground\SqlServerScript\AppHost1\AppHost1.csproj", "{3928CF69-B803-43A2-8AE5-5E29CB3E8D24}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "WebApplication1", "playground\SqlServerScript\WebApplication1\WebApplication1.csproj", "{E79A95EA-08D9-9947-377D-6F2213B36E1B}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "WebApplication2", "playground\SqlServerScript\WebApplication2\WebApplication2.csproj", "{554D72B3-F0B0-FB9A-67ED-BBDF55A6DE81}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -3933,6 +3940,42 @@ Global
 		{2C879943-DF34-44FA-B2C3-29D97F24DD76}.Release|x64.Build.0 = Release|Any CPU
 		{2C879943-DF34-44FA-B2C3-29D97F24DD76}.Release|x86.ActiveCfg = Release|Any CPU
 		{2C879943-DF34-44FA-B2C3-29D97F24DD76}.Release|x86.Build.0 = Release|Any CPU
+		{3928CF69-B803-43A2-8AE5-5E29CB3E8D24}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{3928CF69-B803-43A2-8AE5-5E29CB3E8D24}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{3928CF69-B803-43A2-8AE5-5E29CB3E8D24}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{3928CF69-B803-43A2-8AE5-5E29CB3E8D24}.Debug|x64.Build.0 = Debug|Any CPU
+		{3928CF69-B803-43A2-8AE5-5E29CB3E8D24}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{3928CF69-B803-43A2-8AE5-5E29CB3E8D24}.Debug|x86.Build.0 = Debug|Any CPU
+		{3928CF69-B803-43A2-8AE5-5E29CB3E8D24}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{3928CF69-B803-43A2-8AE5-5E29CB3E8D24}.Release|Any CPU.Build.0 = Release|Any CPU
+		{3928CF69-B803-43A2-8AE5-5E29CB3E8D24}.Release|x64.ActiveCfg = Release|Any CPU
+		{3928CF69-B803-43A2-8AE5-5E29CB3E8D24}.Release|x64.Build.0 = Release|Any CPU
+		{3928CF69-B803-43A2-8AE5-5E29CB3E8D24}.Release|x86.ActiveCfg = Release|Any CPU
+		{3928CF69-B803-43A2-8AE5-5E29CB3E8D24}.Release|x86.Build.0 = Release|Any CPU
+		{E79A95EA-08D9-9947-377D-6F2213B36E1B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{E79A95EA-08D9-9947-377D-6F2213B36E1B}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{E79A95EA-08D9-9947-377D-6F2213B36E1B}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{E79A95EA-08D9-9947-377D-6F2213B36E1B}.Debug|x64.Build.0 = Debug|Any CPU
+		{E79A95EA-08D9-9947-377D-6F2213B36E1B}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{E79A95EA-08D9-9947-377D-6F2213B36E1B}.Debug|x86.Build.0 = Debug|Any CPU
+		{E79A95EA-08D9-9947-377D-6F2213B36E1B}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{E79A95EA-08D9-9947-377D-6F2213B36E1B}.Release|Any CPU.Build.0 = Release|Any CPU
+		{E79A95EA-08D9-9947-377D-6F2213B36E1B}.Release|x64.ActiveCfg = Release|Any CPU
+		{E79A95EA-08D9-9947-377D-6F2213B36E1B}.Release|x64.Build.0 = Release|Any CPU
+		{E79A95EA-08D9-9947-377D-6F2213B36E1B}.Release|x86.ActiveCfg = Release|Any CPU
+		{E79A95EA-08D9-9947-377D-6F2213B36E1B}.Release|x86.Build.0 = Release|Any CPU
+		{554D72B3-F0B0-FB9A-67ED-BBDF55A6DE81}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{554D72B3-F0B0-FB9A-67ED-BBDF55A6DE81}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{554D72B3-F0B0-FB9A-67ED-BBDF55A6DE81}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{554D72B3-F0B0-FB9A-67ED-BBDF55A6DE81}.Debug|x64.Build.0 = Debug|Any CPU
+		{554D72B3-F0B0-FB9A-67ED-BBDF55A6DE81}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{554D72B3-F0B0-FB9A-67ED-BBDF55A6DE81}.Debug|x86.Build.0 = Debug|Any CPU
+		{554D72B3-F0B0-FB9A-67ED-BBDF55A6DE81}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{554D72B3-F0B0-FB9A-67ED-BBDF55A6DE81}.Release|Any CPU.Build.0 = Release|Any CPU
+		{554D72B3-F0B0-FB9A-67ED-BBDF55A6DE81}.Release|x64.ActiveCfg = Release|Any CPU
+		{554D72B3-F0B0-FB9A-67ED-BBDF55A6DE81}.Release|x64.Build.0 = Release|Any CPU
+		{554D72B3-F0B0-FB9A-67ED-BBDF55A6DE81}.Release|x86.ActiveCfg = Release|Any CPU
+		{554D72B3-F0B0-FB9A-67ED-BBDF55A6DE81}.Release|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -4255,6 +4298,10 @@ Global
 		{2D9974C2-3AB2-FBFD-5156-080508BB7449} = {D173887B-AF42-4576-B9C1-96B9E9B3D9C0}
 		{A617DC84-65DA-41B5-B378-6C2F569CEE48} = {2D9974C2-3AB2-FBFD-5156-080508BB7449}
 		{2C879943-DF34-44FA-B2C3-29D97F24DD76} = {2D9974C2-3AB2-FBFD-5156-080508BB7449}
+		{02EA681E-C7D8-13C7-8484-4AC65E1B71E8} = {D173887B-AF42-4576-B9C1-96B9E9B3D9C0}
+		{3928CF69-B803-43A2-8AE5-5E29CB3E8D24} = {02EA681E-C7D8-13C7-8484-4AC65E1B71E8}
+		{E79A95EA-08D9-9947-377D-6F2213B36E1B} = {02EA681E-C7D8-13C7-8484-4AC65E1B71E8}
+		{554D72B3-F0B0-FB9A-67ED-BBDF55A6DE81} = {02EA681E-C7D8-13C7-8484-4AC65E1B71E8}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {47DCFECF-5631-4BDE-A1EC-BE41E90F60C4}

playground/SqlServerEndToEnd/SqlServerEndToEnd.AppHost/Program.cs

@@ -1,15 +1,35 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using Azure.Provisioning.Sql;
+
 var builder = DistributedApplication.CreateBuilder(args);
 
 var sql1 = builder.AddAzureSqlServer("sql1")
-                  .RunAsContainer();
+        .ConfigureInfrastructure(c =>
+        {
+            const string FREE_DB_SKU = "GP_S_Gen5_2";
+
+            foreach (var database in c.GetProvisionableResources().OfType<SqlDatabase>())
+            {
+                database.Sku = new SqlSku() { Name = FREE_DB_SKU };
+            }
+        });
+
+//.RunAsContainer();
 
 var db1 = sql1.AddDatabase("db1");
 
-var sql2 = builder.AddSqlServer("sql2")
-                  .PublishAsContainer();
+var sql2 = builder.AddAzureSqlServer("sql2")
+        .ConfigureInfrastructure(c =>
+        {
+            const string FREE_DB_SKU = "GP_S_Gen5_2";
+
+            foreach (var database in c.GetProvisionableResources().OfType<SqlDatabase>())
+            {
+                database.Sku = new SqlSku() { Name = FREE_DB_SKU };
+            }
+        });
 
 var db2 = sql2.AddDatabase("db2");
 

playground/SqlServerEndToEnd/SqlServerEndToEnd.AppHost/Properties/launchSettings.json

@@ -1,44 +1,45 @@
 {
-  "$schema": "http://json.schemastore.org/launchsettings.json",
   "profiles": {
     "https": {
       "commandName": "Project",
-      "dotnetRunMessages": true,
+      "commandLineArgs": "--publish manifest",
       "launchBrowser": true,
-      "applicationUrl": "https://localhost:15887;http://localhost:15888",
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development",
         "DOTNET_ENVIRONMENT": "Development",
         "ASPIRE_DASHBOARD_OTLP_ENDPOINT_URL": "https://localhost:16175",
         "ASPIRE_RESOURCE_SERVICE_ENDPOINT_URL": "https://localhost:17037",
         "ASPIRE_SHOW_DASHBOARD_RESOURCES": "true"
-      }
+      },
+      "dotnetRunMessages": true,
+      "applicationUrl": "https://localhost:15887;http://localhost:15888"
     },
     "http": {
       "commandName": "Project",
-      "dotnetRunMessages": true,
       "launchBrowser": true,
-      "applicationUrl": "http://localhost:15888",
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development",
         "DOTNET_ENVIRONMENT": "Development",
         "ASPIRE_DASHBOARD_OTLP_ENDPOINT_URL": "http://localhost:16175",
         "ASPIRE_RESOURCE_SERVICE_ENDPOINT_URL": "http://localhost:17038",
         "ASPIRE_SHOW_DASHBOARD_RESOURCES": "true",
         "ASPIRE_ALLOW_UNSECURED_TRANSPORT": "true"
-      }
+      },
+      "dotnetRunMessages": true,
+      "applicationUrl": "http://localhost:15888"
     },
     "generate-manifest": {
       "commandName": "Project",
-      "launchBrowser": true,
-      "dotnetRunMessages": true,
       "commandLineArgs": "--publisher manifest --output-path aspire-manifest.json",
-      "applicationUrl": "http://localhost:15888",
+      "launchBrowser": true,
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development",
         "DOTNET_ENVIRONMENT": "Development",
         "ASPIRE_DASHBOARD_OTLP_ENDPOINT_URL": "http://localhost:16175"
-      }
+      },
+      "dotnetRunMessages": true,
+      "applicationUrl": "http://localhost:15888"
     }
-  }
-}
+  },
+  "$schema": "http://json.schemastore.org/launchsettings.json"
+}

playground/SqlServerEndToEnd/SqlServerEndToEnd.AppHost/aspire-manifest.json

@@ -4,36 +4,20 @@
     "sql1": {
       "type": "azure.bicep.v0",
       "connectionString": "Server=tcp:{sql1.outputs.sqlServerFqdn},1433;Encrypt=True;Authentication=\u0022Active Directory Default\u0022",
-      "path": "sql1.module.bicep",
-      "params": {
-        "principalId": "",
-        "principalName": ""
-      }
+      "path": "sql1.module.bicep"
     },
     "db1": {
       "type": "value.v0",
       "connectionString": "{sql1.connectionString};Database=db1"
     },
     "sql2": {
-      "type": "container.v0",
-      "connectionString": "Server={sql2.bindings.tcp.host},{sql2.bindings.tcp.port};User ID=sa;Password={sql2-password.value};TrustServerCertificate=true",
-      "image": "mcr.microsoft.com/mssql/server:2022-latest",
-      "env": {
-        "ACCEPT_EULA": "Y",
-        "MSSQL_SA_PASSWORD": "{sql2-password.value}"
-      },
-      "bindings": {
-        "tcp": {
-          "scheme": "tcp",
-          "protocol": "tcp",
-          "transport": "tcp",
-          "targetPort": 1433
-        }
-      }
+      "type": "azure.bicep.v0",
+      "connectionString": "Server=tcp:{sql2.outputs.sqlServerFqdn},1433;Encrypt=True;Authentication=\u0022Active Directory Default\u0022",
+      "path": "sql2.module.bicep"
     },
     "db2": {
       "type": "value.v0",
-      "connectionString": "{sql2.connectionString};Initial Catalog=db2"
+      "connectionString": "{sql2.connectionString};Database=db2"
     },
     "dbsetup": {
       "type": "project.v0",
@@ -92,26 +76,21 @@
       "path": "sql1-roles.module.bicep",
       "params": {
         "sql1_outputs_name": "{sql1.outputs.name}",
+        "sql1_outputs_sqlserveradminname": "{sql1.outputs.sqlServerAdminName}",
         "principalId": "",
-        "principalName": ""
+        "principalName": "",
+        "principalType": ""
       }
     },
-    "sql2-password": {
-      "type": "parameter.v0",
-      "value": "{sql2-password.inputs.value}",
-      "inputs": {
-        "value": {
-          "type": "string",
-          "secret": true,
-          "default": {
-            "generate": {
-              "minLength": 22,
-              "minLower": 1,
-              "minUpper": 1,
-              "minNumeric": 1
-            }
-          }
-        }
+    "sql2-roles": {
+      "type": "azure.bicep.v0",
+      "path": "sql2-roles.module.bicep",
+      "params": {
+        "sql2_outputs_name": "{sql2.outputs.name}",
+        "sql2_outputs_sqlserveradminname": "{sql2.outputs.sqlServerAdminName}",
+        "principalId": "",
+        "principalName": "",
+        "principalType": ""
       }
     }
   }

playground/SqlServerEndToEnd/SqlServerEndToEnd.AppHost/sql1.module.bicep

@@ -1,18 +1,19 @@
 @description('The location for the resource(s) to be deployed.')
 param location string = resourceGroup().location
 
-param principalId string
-
-param principalName string
+resource sqlServerAdminManagedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
+  name: take('sql1-admin-${uniqueString(resourceGroup().id)}', 63)
+  location: location
+}
 
 resource sql1 'Microsoft.Sql/servers@2021-11-01' = {
   name: take('sql1-${uniqueString(resourceGroup().id)}', 63)
   location: location
   properties: {
     administrators: {
       administratorType: 'ActiveDirectory'
-      login: principalName
-      sid: principalId
+      login: sqlServerAdminManagedIdentity.name
+      sid: sqlServerAdminManagedIdentity.properties.principalId
       tenantId: subscription().tenantId
       azureADOnlyAuthentication: true
     }
@@ -37,9 +38,14 @@ resource sqlFirewallRule_AllowAllAzureIps 'Microsoft.Sql/servers/firewallRules@2
 resource db1 'Microsoft.Sql/servers/databases@2021-11-01' = {
   name: 'db1'
   location: location
+  sku: {
+    name: 'GP_S_Gen5_2'
+  }
   parent: sql1
 }
 
 output sqlServerFqdn string = sql1.properties.fullyQualifiedDomainName
 
-output name string = sql1.name
+output name string = sql1.name
+
+output sqlServerAdminName string = sqlServerAdminManagedIdentity.name

playground/SqlServerEndToEnd/SqlServerEndToEnd.AppHost/sql2.module.bicep

@@ -0,0 +1,51 @@
+@description('The location for the resource(s) to be deployed.')
+param location string = resourceGroup().location
+
+resource sqlServerAdminManagedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
+  name: take('sql2-admin-${uniqueString(resourceGroup().id)}', 63)
+  location: location
+}
+
+resource sql2 'Microsoft.Sql/servers@2021-11-01' = {
+  name: take('sql2-${uniqueString(resourceGroup().id)}', 63)
+  location: location
+  properties: {
+    administrators: {
+      administratorType: 'ActiveDirectory'
+      login: sqlServerAdminManagedIdentity.name
+      sid: sqlServerAdminManagedIdentity.properties.principalId
+      tenantId: subscription().tenantId
+      azureADOnlyAuthentication: true
+    }
+    minimalTlsVersion: '1.2'
+    publicNetworkAccess: 'Enabled'
+    version: '12.0'
+  }
+  tags: {
+    'aspire-resource-name': 'sql2'
+  }
+}
+
+resource sqlFirewallRule_AllowAllAzureIps 'Microsoft.Sql/servers/firewallRules@2021-11-01' = {
+  name: 'AllowAllAzureIps'
+  properties: {
+    endIpAddress: '0.0.0.0'
+    startIpAddress: '0.0.0.0'
+  }
+  parent: sql2
+}
+
+resource db2 'Microsoft.Sql/servers/databases@2021-11-01' = {
+  name: 'db2'
+  location: location
+  sku: {
+    name: 'GP_S_Gen5_2'
+  }
+  parent: sql2
+}
+
+output sqlServerFqdn string = sql2.properties.fullyQualifiedDomainName
+
+output name string = sql2.name
+
+output sqlServerAdminName string = sqlServerAdminManagedIdentity.name

playground/SqlServerScript/AppHost1/AppHost1.csproj

@@ -0,0 +1,24 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <OutputType>Exe</OutputType>
+    <TargetFramework>$(DefaultTargetFramework)</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+    <IsAspireHost>true</IsAspireHost>
+    <UserSecretsId>f6d0abe5-33e8-4825-861a-35b3767a490b</UserSecretsId>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <AspireProjectOrPackageReference Include="Aspire.Hosting.Azure" />
+    <AspireProjectOrPackageReference Include="Aspire.Hosting.Azure.Sql" />
+    <AspireProjectOrPackageReference Include="Aspire.Hosting.AppHost" />
+    <AspireProjectOrPackageReference Include="Aspire.Hosting.Azure.AppContainers" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\WebApplication1\WebApplication1.csproj" />
+    <ProjectReference Include="..\WebApplication2\WebApplication2.csproj" />
+  </ItemGroup>
+
+</Project>