Drop support for hybrid mode Azure Container Apps (#9500)

* Drop support for hybrid mode Azure Container Apps
- Initially, azd generated the azure container app environment, but now that we've moved the logic to Aspire.Hosting.Azure.AppContainers, we can drop this hybrid mode.
- PublishAsAzureContainerApps no longer lights up the infrastructure, it just adds customization annotations.
- This change also removed support for BicepSecretOutput in the azure container apps logic (this simplifies things significantly)
- Obsoleted BicepSecretOutput APIs
- Updated tests

* Update src/Aspire.Hosting.Azure.CosmosDB/AzureCosmosDBResource.cs

Co-authored-by: Eric Erhardt <eric.erhardt@microsoft.com>

* Update AzureContainerAppsInfrastructure.cs

* Update src/Aspire.Hosting.Azure.AppContainers/AzureContainerAppsInfrastructure.cs

---------

Co-authored-by: Eric Erhardt <eric.erhardt@microsoft.com>

Author: davidfowl

src/Aspire.Hosting.Azure.AppContainers/AzdAzureContainerAppEnvironment.cs

@@ -42,8 +42,6 @@ public static IResourceBuilder<T> PublishAsAzureContainerApp<T>(this IResourceBu
             return container;
         }
 
-        container.ApplicationBuilder.AddAzureContainerAppsInfrastructureCore();
-
         container.WithAnnotation(new AzureContainerAppCustomizationAnnotation(configure));
 
         return container;

src/Aspire.Hosting.Azure.AppContainers/AzureContainerAppContainerExtensions.cs

@@ -12,50 +12,50 @@ namespace Aspire.Hosting.Azure.AppContainers;
 /// <param name="configureInfrastructure">The callback to configure the Azure infrastructure for this resource.</param>
 public class AzureContainerAppEnvironmentResource(string name, Action<AzureResourceInfrastructure> configureInfrastructure) :
 #pragma warning disable ASPIRECOMPUTE001 // Type is for evaluation purposes only and is subject to change or removal in future updates. Suppress this diagnostic to proceed.
-    AzureProvisioningResource(name, configureInfrastructure), IComputeEnvironmentResource, IAzureContainerAppEnvironment, IAzureContainerRegistry
+    AzureProvisioningResource(name, configureInfrastructure), IComputeEnvironmentResource, IAzureContainerRegistry
 #pragma warning restore ASPIRECOMPUTE001 // Type is for evaluation purposes only and is subject to change or removal in future updates. Suppress this diagnostic to proceed.
 {
     internal bool UseAzdNamingConvention { get; set; }
 
     /// <summary>
     /// Gets the unique identifier of the Container App Environment.
     /// </summary>
-    private BicepOutputReference ContainerAppEnvironmentId => new("AZURE_CONTAINER_APPS_ENVIRONMENT_ID", this);
+    internal BicepOutputReference ContainerAppEnvironmentId => new("AZURE_CONTAINER_APPS_ENVIRONMENT_ID", this);
 
     /// <summary>
     /// Gets the default domain associated with the Container App Environment.
     /// </summary>
-    private BicepOutputReference ContainerAppDomain => new("AZURE_CONTAINER_APPS_ENVIRONMENT_DEFAULT_DOMAIN", this);
+    internal BicepOutputReference ContainerAppDomain => new("AZURE_CONTAINER_APPS_ENVIRONMENT_DEFAULT_DOMAIN", this);
 
     /// <summary>
     /// Gets the URL endpoint of the associated Azure Container Registry.
     /// </summary>
-    private BicepOutputReference ContainerRegistryUrl => new("AZURE_CONTAINER_REGISTRY_ENDPOINT", this);
+    internal BicepOutputReference ContainerRegistryUrl => new("AZURE_CONTAINER_REGISTRY_ENDPOINT", this);
 
     /// <summary>
     /// Gets the managed identity ID associated with the Azure Container Registry.
     /// </summary>
-    private BicepOutputReference ContainerRegistryManagedIdentityId => new("AZURE_CONTAINER_REGISTRY_MANAGED_IDENTITY_ID", this);
+    internal BicepOutputReference ContainerRegistryManagedIdentityId => new("AZURE_CONTAINER_REGISTRY_MANAGED_IDENTITY_ID", this);
 
     /// <summary>
     /// Gets the unique identifier of the Log Analytics workspace.
     /// </summary>
-    private BicepOutputReference LogAnalyticsWorkspaceId => new("AZURE_LOG_ANALYTICS_WORKSPACE_ID", this);
+    internal BicepOutputReference LogAnalyticsWorkspaceId => new("AZURE_LOG_ANALYTICS_WORKSPACE_ID", this);
 
     /// <summary>
     /// Gets the principal name of the managed identity.
     /// </summary>
-    private BicepOutputReference PrincipalName => new("MANAGED_IDENTITY_NAME", this);
+    internal BicepOutputReference PrincipalName => new("MANAGED_IDENTITY_NAME", this);
 
     /// <summary>
     /// Gets the principal ID of the managed identity.
     /// </summary>
-    private BicepOutputReference PrincipalId => new("MANAGED_IDENTITY_PRINCIPAL_ID", this);
+    internal BicepOutputReference PrincipalId => new("MANAGED_IDENTITY_PRINCIPAL_ID", this);
 
     /// <summary>
     /// Gets the name of the Container App Environment.
     /// </summary>
-    private BicepOutputReference ContainerAppEnvironmentName => new("AZURE_CONTAINER_APPS_ENVIRONMENT_NAME", this);
+    internal BicepOutputReference ContainerAppEnvironmentName => new("AZURE_CONTAINER_APPS_ENVIRONMENT_NAME", this);
 
     /// <summary>
     /// Gets the container registry name.
@@ -64,35 +64,14 @@ public class AzureContainerAppEnvironmentResource(string name, Action<AzureResou
 
     internal Dictionary<string, (IResource resource, ContainerMountAnnotation volume, int index, BicepOutputReference outputReference)> VolumeNames { get; } = [];
 
-    IManifestExpressionProvider IAzureContainerAppEnvironment.ContainerAppEnvironmentId => ContainerAppEnvironmentId;
-
-    IManifestExpressionProvider IAzureContainerAppEnvironment.ContainerAppDomain => ContainerAppDomain;
-
-    IManifestExpressionProvider IAzureContainerAppEnvironment.ContainerRegistryUrl => ContainerRegistryUrl;
-
-    IManifestExpressionProvider IAzureContainerAppEnvironment.ContainerRegistryManagedIdentityId => ContainerRegistryManagedIdentityId;
-
-    IManifestExpressionProvider IAzureContainerAppEnvironment.LogAnalyticsWorkspaceId => LogAnalyticsWorkspaceId;
-
-    IManifestExpressionProvider IAzureContainerAppEnvironment.PrincipalId => PrincipalId;
-
-    IManifestExpressionProvider IAzureContainerAppEnvironment.PrincipalName => PrincipalName;
-
-    IManifestExpressionProvider IAzureContainerAppEnvironment.ContainerAppEnvironmentName => ContainerAppEnvironmentName;
-
     // Implement IAzureContainerRegistry interface
     ReferenceExpression IContainerRegistry.Name => ReferenceExpression.Create($"{ContainerRegistryName}");
 
     ReferenceExpression IContainerRegistry.Endpoint => ReferenceExpression.Create($"{ContainerRegistryUrl}");
 
     ReferenceExpression IAzureContainerRegistry.ManagedIdentityId => ReferenceExpression.Create($"{ContainerRegistryManagedIdentityId}");
 
-    IManifestExpressionProvider IAzureContainerAppEnvironment.GetSecretOutputKeyVault(AzureBicepResource resource)
-    {
-        throw new NotSupportedException("Automatic Key vault generation is not supported in this environment. Please create a key vault resource directly.");
-    }
-
-    IManifestExpressionProvider IAzureContainerAppEnvironment.GetVolumeStorage(IResource resource, ContainerMountAnnotation volume, int volumeIndex)
+    internal BicepOutputReference GetVolumeStorage(IResource resource, ContainerMountAnnotation volume, int volumeIndex)
     {
         var prefix = volume.Type switch
         {

src/Aspire.Hosting.Azure.AppContainers/AzureContainerAppEnvironmentResource.cs

@@ -42,8 +42,6 @@ public static IResourceBuilder<T> PublishAsAzureContainerApp<T>(this IResourceBu
             return executable;
         }
 
-        executable.ApplicationBuilder.AddAzureContainerAppsInfrastructureCore();
-
         return executable.WithAnnotation(new AzureContainerAppCustomizationAnnotation(configure));
     }
 }

src/Aspire.Hosting.Azure.AppContainers/AzureContainerAppExecutableExtensions.cs

@@ -31,7 +31,7 @@ public static class AzureContainerAppExtensions
     public static IDistributedApplicationBuilder AddAzureContainerAppsInfrastructure(this IDistributedApplicationBuilder builder) =>
         AddAzureContainerAppsInfrastructureCore(builder);
 
-    internal static IDistributedApplicationBuilder AddAzureContainerAppsInfrastructureCore(this IDistributedApplicationBuilder builder)
+    private static IDistributedApplicationBuilder AddAzureContainerAppsInfrastructureCore(this IDistributedApplicationBuilder builder)
     {
         ArgumentNullException.ThrowIfNull(builder);
 

src/Aspire.Hosting.Azure.AppContainers/AzureContainerAppExtensions.cs

@@ -42,8 +42,6 @@ public static IResourceBuilder<T> PublishAsAzureContainerApp<T>(this IResourceBu
             return project;
         }
 
-        project.ApplicationBuilder.AddAzureContainerAppsInfrastructureCore();
-
         project.WithAnnotation(new AzureContainerAppCustomizationAnnotation(configure));
 
         return project;

src/Aspire.Hosting.Azure.AppContainers/AzureContainerAppProjectExtensions.cs

@@ -38,7 +38,12 @@ public async Task BeforeStartAsync(DistributedApplicationModel appModel, Cancell
             throw new NotSupportedException("Multiple container app environments are not supported.");
         }
 
-        var environment = caes.FirstOrDefault() as IAzureContainerAppEnvironment ?? new AzdAzureContainerAppEnvironment();
+        var environment = caes.FirstOrDefault();
+
+        if (environment is null)
+        {
+            return;
+        }
 
         var containerAppEnvironmentContext = new ContainerAppEnvironmentContext(
             logger,
@@ -64,8 +69,8 @@ public async Task BeforeStartAsync(DistributedApplicationModel appModel, Cancell
             // associated with each compute resource that needs an image
             r.Annotations.Add(new DeploymentTargetAnnotation(containerApp)
             {
-                ContainerRegistry = caes.FirstOrDefault(),
-                ComputeEnvironment = environment as IComputeEnvironmentResource // will be null if azd
+                ContainerRegistry = environment,
+                ComputeEnvironment = environment
             });
         }
 
@@ -79,12 +84,6 @@ static void SetKnownParameterValue(AzureBicepResource r, string key, Func<AzureB
             }
         }
 
-        if (environment is AzdAzureContainerAppEnvironment)
-        {
-            // We avoid setting known values if azd is used, it will be resolved by azd at publish time.
-            return;
-        }
-
         // Resolve the known parameters for the container app environment
         foreach (var r in appModel.Resources.OfType<AzureBicepResource>())
         {
@@ -93,7 +92,7 @@ static void SetKnownParameterValue(AzureBicepResource r, string key, Func<AzureB
 
             // This will throw an exception if there's no value specified, in this new mode, we don't no longer support
             // automagic secret key vault references.
-            SetKnownParameterValue(r, AzureBicepResource.KnownParameters.KeyVaultName, environment.GetSecretOutputKeyVault);
+            SetKnownParameterValue(r, AzureBicepResource.KnownParameters.KeyVaultName, _ => throw new NotSupportedException("Automatic Key vault generation is not supported in this environment. Please create a key vault resource directly."));
 
             // Set the known parameters for the container app environment
             SetKnownParameterValue(r, AzureBicepResource.KnownParameters.PrincipalId, _ => environment.PrincipalId);

src/Aspire.Hosting.Azure.AppContainers/AzureContainerAppsInfrastructure.cs

@@ -6,7 +6,6 @@
 using Azure.Provisioning;
 using Azure.Provisioning.AppContainers;
 using Azure.Provisioning.Expressions;
-using Azure.Provisioning.KeyVault;
 using Azure.Provisioning.Resources;
 using Microsoft.Extensions.Logging;
 
@@ -29,13 +28,12 @@ record struct EndpointMapping(string Scheme, string Host, int Port, int? TargetP
     // bicep compatible values
     public Dictionary<string, object> EnvironmentVariables { get; } = [];
     public List<object> Args { get; } = [];
-    public Dictionary<string, (ContainerMountAnnotation, IManifestExpressionProvider)> Volumes { get; } = [];
+    public Dictionary<string, (ContainerMountAnnotation, BicepOutputReference)> Volumes { get; } = [];
 
     // Bicep build state
     private ProvisioningParameter? _containerRegistryUrlParameter;
     private ProvisioningParameter? _containerRegistryManagedIdentityIdParameter;
-    public Dictionary<string, KeyVaultService> KeyVaultRefs { get; } = [];
-    public Dictionary<string, KeyVaultSecret> KeyVaultSecretRefs { get; } = [];
+
     private AzureResourceInfrastructure? _infrastructure;
     public AzureResourceInfrastructure Infra => _infrastructure ?? throw new InvalidOperationException("Infra is not set");
 
@@ -113,17 +111,6 @@ public void BuildContainerApp(AzureResourceInfrastructure infra)
         AddAzureClientId(appIdentityAnnotation?.IdentityResource, containerAppContainer);
         AddVolumes(template, containerAppContainer);
 
-        // Keyvault
-        foreach (var (_, v) in KeyVaultRefs)
-        {
-            infra.Add(v);
-        }
-
-        foreach (var (_, v) in KeyVaultSecretRefs)
-        {
-            infra.Add(v);
-        }
-
         infra.Add(containerAppResource);
 
         if (resource.TryGetAnnotationsOfType<AzureContainerAppCustomizationAnnotation>(out var annotations))
@@ -535,15 +522,12 @@ BicepValue<string> GetHostValue(string? prefix = null, string? suffix = null)
             return (AllocateParameter(output, secretType: secretType), secretType);
         }
 
-        if (value is BicepSecretOutputReference secretOutputReference)
+#pragma warning disable CS0618 // Type or member is obsolete
+        if (value is BicepSecretOutputReference)
         {
-            if (parent is null)
-            {
-                return (AllocateKeyVaultSecretUriReference(secretOutputReference), SecretType.KeyVault);
-            }
-
-            return (AllocateParameter(secretOutputReference, secretType: SecretType.KeyVault), SecretType.KeyVault);
+            throw new NotSupportedException("Automatic Key vault generation is not supported in this environment. Please create a key vault resource directly.");
         }
+#pragma warning restore CS0618 // Type or member is obsolete
 
         if (value is IAzureKeyVaultSecretReference vaultSecretReference)
         {
@@ -599,32 +583,6 @@ BicepValue<string> GetHostValue(string? prefix = null, string? suffix = null)
         throw new NotSupportedException("Unsupported value type " + value.GetType());
     }
 
-    private BicepValue<string> AllocateKeyVaultSecretUriReference(BicepSecretOutputReference secretOutputReference)
-    {
-        if (!KeyVaultRefs.TryGetValue(secretOutputReference.Resource.Name, out var kv))
-        {
-            // We resolve the keyvault that represents the storage for secret outputs
-            var parameter = AllocateParameter(_containerAppEnvironmentContext.Environment.GetSecretOutputKeyVault(secretOutputReference.Resource));
-            kv = KeyVaultService.FromExisting($"{parameter.BicepIdentifier}_kv");
-            kv.Name = parameter;
-
-            KeyVaultRefs[secretOutputReference.Resource.Name] = kv;
-        }
-
-        if (!KeyVaultSecretRefs.TryGetValue(secretOutputReference.ValueExpression, out var secret))
-        {
-            // Now we resolve the secret
-            var secretBicepIdentifier = Infrastructure.NormalizeBicepIdentifier($"{kv.BicepIdentifier}_{secretOutputReference.Name}");
-            secret = KeyVaultSecret.FromExisting(secretBicepIdentifier);
-            secret.Name = secretOutputReference.Name;
-            secret.Parent = kv;
-
-            KeyVaultSecretRefs[secretOutputReference.ValueExpression] = secret;
-        }
-
-        return secret.Properties.SecretUri;
-    }
-
     private BicepValue<string> AllocateKeyVaultSecretUriReference(IAzureKeyVaultSecretReference secretOutputReference)
     {
         var secret = secretOutputReference.AsKeyVaultSecret(Infra);