Service connector keyvaut secret (#18258)

xfz11 · web-flow · commit 6ac3fabf08d6 · 2022-03-15T16:41:21.000+08:00
diff --git a/specification/servicelinker/resource-manager/Microsoft.ServiceLinker/preview/2022-01-01-preview/examples/PutLink.json b/specification/servicelinker/resource-manager/Microsoft.ServiceLinker/preview/2022-01-01-preview/examples/PutLink.json
@@ -7,12 +7,15 @@
       "properties": {
         "targetService": {
           "type": "AzureResource",
-          "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DocumentDb/databaseAccounts/test-acc/mongodbDatabases/test-db"
+          "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DBforPostgreSQL/servers/test-pg/databases/test-db"
         },
         "authInfo": {
           "authType": "secret",
           "name": "name",
-          "secret": "secret"
+          "secret": {
+            "secretType": "rawValue",
+            "value": "secret"
+          }
         }
       }
     }
@@ -29,7 +32,7 @@
           },
           "targetService": {
             "type": "AzureResource",
-            "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DocumentDb/databaseAccounts/test-acc/mongodbDatabases/test-db"
+            "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DBforPostgreSQL/servers/test-pg/databases/test-db"
           }
         }
       }
@@ -45,7 +48,7 @@
           },
           "targetService": {
             "type": "AzureResource",
-            "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DocumentDb/databaseAccounts/test-acc/mongodbDatabases/test-db"
+            "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DBforPostgreSQL/servers/test-pg/databases/test-db"
           }
         }
       }
diff --git a/specification/servicelinker/resource-manager/Microsoft.ServiceLinker/preview/2022-01-01-preview/examples/PutLinkWithSecretStore.json b/specification/servicelinker/resource-manager/Microsoft.ServiceLinker/preview/2022-01-01-preview/examples/PutLinkWithSecretStore.json
@@ -0,0 +1,61 @@
+{
+  "parameters": {
+    "api-version": "2022-01-01-preview",
+    "resourceUri": "subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Web/sites/test-app",
+    "linkerName": "linkName",
+    "parameters": {
+      "properties": {
+        "targetService": {
+          "type": "AzureResource",
+          "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DocumentDb/databaseAccounts/test-acc/mongodbDatabases/test-db"
+        },
+        "authInfo": {
+          "authType": "secret"
+        },
+        "secretStore": {
+          "keyVaultId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.KeyVault/vaults/test-kv"
+        }
+      }
+    }
+  },
+  "responses": {
+    "200": {
+      "body": {
+        "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Web/sites/test-app/providers/Microsoft.ServiceLinker/links/linkName",
+        "type": "Microsoft.ServiceLinker/links",
+        "name": "linkName",
+        "properties": {
+          "authInfo": {
+            "authType": "secret"
+          },
+          "secretStore": {
+            "keyVaultId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.KeyVault/vaults/test-kv"
+          },
+          "targetService": {
+            "type": "AzureResource",
+            "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DocumentDb/databaseAccounts/test-acc/mongodbDatabases/test-db"
+          }
+        }
+      }
+    },
+    "201": {
+      "body": {
+        "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Web/sites/test-app/providers/Microsoft.ServiceLinker/links/linkName",
+        "type": "Microsoft.ServiceLinker/links",
+        "name": "linkName",
+        "properties": {
+          "authInfo": {
+            "authType": "secret"
+          },
+          "secretStore": {
+            "keyVaultId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.KeyVault/vaults/test-kv"
+          },
+          "targetService": {
+            "type": "AzureResource",
+            "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DocumentDb/databaseAccounts/test-acc/mongodbDatabases/test-db"
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/specification/servicelinker/resource-manager/Microsoft.ServiceLinker/preview/2022-01-01-preview/examples/PutLinkWithServiceEndpoint.json b/specification/servicelinker/resource-manager/Microsoft.ServiceLinker/preview/2022-01-01-preview/examples/PutLinkWithServiceEndpoint.json
@@ -7,18 +7,18 @@
       "properties": {
         "targetService": {
           "type": "AzureResource",
-          "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DocumentDb/databaseAccounts/test-acc/mongodbDatabases/test-db"
+          "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DBforPostgreSQL/servers/test-pg/databases/test-db"
         },
         "authInfo": {
           "authType": "secret",
           "name": "name",
-          "secret": "secret"
+          "secret": {
+            "secretType": "keyVaultSecretUri",
+            "value": "https://vault-name.vault.azure.net/secrets/secret-name/00000000000000000000000000000000"
+          }
         },
         "vNetSolution": {
           "type": "serviceEndpoint"
-        },
-        "secretStore": {
-          "keyVaultId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.KeyVault/vaults/test-kv"
         }
       }
     }
@@ -37,12 +37,9 @@
           "vNetSolution": {
             "type": "serviceEndpoint"
           },
-          "secretStore": {
-            "keyVaultId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.KeyVault/vaults/test-kv"
-          },
           "targetService": {
             "type": "AzureResource",
-            "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DocumentDb/databaseAccounts/test-acc/mongodbDatabases/test-db"
+            "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DBforPostgreSQL/servers/test-pg/databases/test-db"
           }
         }
       }
@@ -60,12 +57,9 @@
           "vNetSolution": {
             "type": "serviceEndpoint"
           },
-          "secretStore": {
-            "keyVaultId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.KeyVault/vaults/test-kv"
-          },
           "targetService": {
             "type": "AzureResource",
-            "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DocumentDb/databaseAccounts/test-acc/mongodbDatabases/test-db"
+            "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DBforPostgreSQL/servers/test-pg/databases/test-db"
           }
         }
       }
diff --git a/specification/servicelinker/resource-manager/Microsoft.ServiceLinker/preview/2022-01-01-preview/servicelinker.json b/specification/servicelinker/resource-manager/Microsoft.ServiceLinker/preview/2022-01-01-preview/servicelinker.json
@@ -119,6 +119,9 @@
           },
           "PutLinkWithServiceEndpoint": {
             "$ref": "./examples/PutLinkWithServiceEndpoint.json"
+          },
+          "PutLinkWithSecretStore": {
+            "$ref": "./examples/PutLinkWithSecretStore.json"
           }
         },
         "parameters": [
@@ -521,6 +524,86 @@
         "modelAsString": true
       }
     },
+    "SecretType": {
+      "description": "The secret type.",
+      "type": "string",
+      "enum": [
+        "rawValue",
+        "keyVaultSecretUri",
+        "keyVaultSecretReference"
+      ],
+      "x-ms-enum": {
+        "name": "SecretType",
+        "modelAsString": true
+      }
+    },
+    "SecretInfoBase": {
+      "description": "The secret info",
+      "discriminator": "secretType",
+      "type": "object",
+      "properties": {
+        "secretType": {
+          "description": "The secret type.",
+          "$ref": "#/definitions/SecretType"
+        }
+      },
+      "required": [
+        "secretType"
+      ]
+    },
+    "ValueSecretInfo": {
+      "x-ms-discriminator-value": "rawValue",
+      "type": "object",
+      "description": "The secret info when type is rawValue. It's for scenarios that user input the secret.",
+      "allOf": [
+        {
+          "$ref": "#/definitions/SecretInfoBase"
+        }
+      ],
+      "properties": {
+        "value": {
+          "description": "The actual value of the secret.",
+          "type": "string",
+          "x-ms-secret": true
+        }
+      }
+    },
+    "KeyVaultSecretReferenceSecretInfo": {
+      "x-ms-discriminator-value": "keyVaultSecretReference",
+      "type": "object",
+      "description": "The secret info when type is keyVaultSecretReference. It's for scenario that user provides a secret stored in user's keyvault and source is Azure Kubernetes. The key Vault's resource id is linked to secretStore.keyVaultId.",
+      "allOf": [
+        {
+          "$ref": "#/definitions/SecretInfoBase"
+        }
+      ],
+      "properties": {
+        "name": {
+          "description": "Name of the Key Vault secret.",
+          "type": "string"
+        },
+        "version": {
+          "description": "Version of the Key Vault secret.",
+          "type": "string"
+        }
+      }
+    },
+    "KeyVaultSecretUriSecretInfo": {
+      "x-ms-discriminator-value": "keyVaultSecretUri",
+      "type": "object",
+      "description": "The secret info when type is keyVaultSecretUri. It's for scenario that user provides a secret stored in user's keyvault and source is Web App, Spring Cloud or Container App.",
+      "allOf": [
+        {
+          "$ref": "#/definitions/SecretInfoBase"
+        }
+      ],
+      "properties": {
+        "value": {
+          "description": "URI to the keyvault secret",
+          "type": "string"
+        }
+      }
+    },
     "AuthInfoBase": {
       "description": "The authentication info",
       "discriminator": "authType",
@@ -551,8 +634,7 @@
         },
         "secret": {
           "description": "Password or account key for secret auth.",
-          "type": "string",
-          "x-ms-secret": true
+          "$ref": "#/definitions/SecretInfoBase"
         }
       }
     },

Original file line number	Diff line number	Diff line change
`@@ -7,12 +7,15 @@`
`7`	`7`	`"properties": {`
`8`	`8`	`"targetService": {`
`9`	`9`	`"type": "AzureResource",`
`10`		`- "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DocumentDb/databaseAccounts/test-acc/mongodbDatabases/test-db"`
	`10`	`+ "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DBforPostgreSQL/servers/test-pg/databases/test-db"`
`11`	`11`	`},`
`12`	`12`	`"authInfo": {`
`13`	`13`	`"authType": "secret",`
`14`	`14`	`"name": "name",`
`15`		`- "secret": "secret"`
	`15`	`+ "secret": {`
	`16`	`+ "secretType": "rawValue",`
	`17`	`+ "value": "secret"`
	`18`	`+ }`
`16`	`19`	`}`
`17`	`20`	`}`
`18`	`21`	`}`
`@@ -29,7 +32,7 @@`
`29`	`32`	`},`
`30`	`33`	`"targetService": {`
`31`	`34`	`"type": "AzureResource",`
`32`		`- "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DocumentDb/databaseAccounts/test-acc/mongodbDatabases/test-db"`
	`35`	`+ "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DBforPostgreSQL/servers/test-pg/databases/test-db"`
`33`	`36`	`}`
`34`	`37`	`}`
`35`	`38`	`}`
`@@ -45,7 +48,7 @@`
`45`	`48`	`},`
`46`	`49`	`"targetService": {`
`47`	`50`	`"type": "AzureResource",`
`48`		`- "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DocumentDb/databaseAccounts/test-acc/mongodbDatabases/test-db"`
	`51`	`+ "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.DBforPostgreSQL/servers/test-pg/databases/test-db"`
`49`	`52`	`}`
`50`	`53`	`}`
`51`	`54`	`}`