Update Azure.Provisioning to latest version (#5592)

* Update Azure.Provisioning to latest version

Fix #5583

WIP: This first stab converts KeyVault to the new Provisioning version.

* Add AsBicepParameter

* Update more stuff to make it deployable.

* Add a location parameter so azd up works.

* Update Storage to use the new CDK

* Update PostgreSQL to use the new CDK

* Sort the bicep statements so that parameters appear at the top and outputs at the bottom

* Update Redis to use the new CDK

* Update CosmosDB to use the new CDK

* Update Sql to use the new CDK

* Update ServiceBus to use the new CDK

* Update SignalR to use the new CDK

* Update Search to use the new CDK

* Update ApplicationInsights and OperationalInsights to use the new CDK

* Update AppConfiguration to use the new CDK

* Update CognitiveServices to use the new CDK

* Update WebPubSub to use the new CDK

* Update the CDK to version 1.0.0-alpha.20240912

* Update to latest CDK version to fix CognitiveServices

* Update EventHubs to use new CDK

* Get tests building

* Fix up so azd up works

- Use resource versions in more places
- Always add a location parameter
- Can remove sorting now that the CDK has it

* Use GetTenant function

* Fix bicep tests

Also consolidate ResourceVersions into a shared file. Use defined ResourceVersions in more places.

* Update test nuget.configs

* Update the rest of the bicep in the playground apps.

* Use simpler expression to set SqlFirewallRule addresses

* Add XML docs to the new APIs.

* Remove hard-coded ResourceVersions.

The ones that still need to be specified are:

Top-level
- RedisResource
- SignalRService
- WebPubSubService

Child resources
- CognitiveServicesAccountDeployment
- CosmosDBSqlDatabase
- PostgreSqlFlexibleServerFirewallRule
- PostgreSqlFlexibleServerDatabase
- SqlFirewallRule
- SqlDatabase

* Fix up whitespace

* Use 8.x naming scheme.

* Fix deployment name in OpenAI

* Respond to PR feedback

- Default Storage AccessTier = Hot, to keep existing behavior
- Use IPAddress when setting PostgreSQL firewall rules

Directory.Packages.props

@@ -7,6 +7,7 @@
     <ManagePackageVersionsCentrally>true</ManagePackageVersionsCentrally>
     <CentralPackageTransitivePinningEnabled>true</CentralPackageTransitivePinningEnabled>
     <TestcontainersPackageVersion>3.10.0</TestcontainersPackageVersion>
+    <AzureProvisiongVersion>1.0.0-alpha.20240912.7</AzureProvisiongVersion>
   </PropertyGroup>
   <ItemGroup>
     <!-- AWS SDK for .NET dependencies -->
@@ -37,23 +38,24 @@
     <PackageVersion Include="Microsoft.Azure.SignalR" Version="1.27.0" />
     <PackageVersion Include="Microsoft.Extensions.Azure" Version="1.7.5" />
     <!-- Azure Management SDK for .NET dependencies -->
-    <PackageVersion Include="Azure.Provisioning" Version="0.3.0" />
-    <PackageVersion Include="Azure.Provisioning.AppConfiguration" Version="0.2.0" />
-    <PackageVersion Include="Azure.Provisioning.ApplicationInsights" Version="0.1.0" />
-    <PackageVersion Include="Azure.Provisioning.CognitiveServices" Version="0.2.0" />
-    <PackageVersion Include="Azure.Provisioning.CosmosDB" Version="0.1.0" />
-    <PackageVersion Include="Azure.Provisioning.EventHubs" Version="0.1.0" />
-    <PackageVersion Include="Azure.Provisioning.KeyVault" Version="0.2.0" />
-    <PackageVersion Include="Azure.Provisioning.OperationalInsights" Version="0.2.0" />
-    <PackageVersion Include="Azure.Provisioning.PostgreSql" Version="0.1.0" />
-    <PackageVersion Include="Azure.Provisioning.Redis" Version="0.2.0" />
-    <PackageVersion Include="Azure.Provisioning.Resources" Version="0.2.0" />
-    <PackageVersion Include="Azure.Provisioning.Search" Version="0.1.0" />
-    <PackageVersion Include="Azure.Provisioning.ServiceBus" Version="0.1.0" />
-    <PackageVersion Include="Azure.Provisioning.SignalR" Version="0.2.0" />
-    <PackageVersion Include="Azure.Provisioning.Sql" Version="0.1.0" />
-    <PackageVersion Include="Azure.Provisioning.Storage" Version="0.2.0" />
-    <PackageVersion Include="Azure.Provisioning.WebPubSub" Version="0.1.0-beta.1" />
+    <PackageVersion Include="Azure.Provisioning" Version="$(AzureProvisiongVersion)" />
+    <PackageVersion Include="Azure.Provisioning.AppConfiguration" Version="$(AzureProvisiongVersion)" />
+    <PackageVersion Include="Azure.Provisioning.ApplicationInsights" Version="1.0.0-alpha.20240912.1" />
+    <PackageVersion Include="Azure.Provisioning.CognitiveServices" Version="$(AzureProvisiongVersion)" />
+    <PackageVersion Include="Azure.Provisioning.CosmosDB" Version="$(AzureProvisiongVersion)" />
+    <PackageVersion Include="Azure.Provisioning.EventHubs" Version="$(AzureProvisiongVersion)" />
+    <PackageVersion Include="Azure.Provisioning.KeyVault" Version="$(AzureProvisiongVersion)" />
+    <PackageVersion Include="Azure.Provisioning.OperationalInsights" Version="1.0.0-alpha.20240912.1" />
+    <PackageVersion Include="Azure.Provisioning.PostgreSql" Version="$(AzureProvisiongVersion)" />
+    <PackageVersion Include="Azure.Provisioning.Redis" Version="$(AzureProvisiongVersion)" />
+    <PackageVersion Include="Azure.Provisioning.Search" Version="$(AzureProvisiongVersion)" />
+    <PackageVersion Include="Azure.Provisioning.ServiceBus" Version="$(AzureProvisiongVersion)" />
+    <PackageVersion Include="Azure.Provisioning.SignalR" Version="$(AzureProvisiongVersion)" />
+    <PackageVersion Include="Azure.Provisioning.Sql" Version="$(AzureProvisiongVersion)" />
+    <PackageVersion Include="Azure.Provisioning.Storage" Version="$(AzureProvisiongVersion)" />
+    <PackageVersion Include="Azure.Provisioning.WebPubSub" Version="$(AzureProvisiongVersion)" />
+    <PackageVersion Include="Azure.ResourceManager.Authorization" Version="1.1.3" />
+    <PackageVersion Include="Azure.ResourceManager.KeyVault" Version="1.3.0" />
     <!-- ASP.NET Core dependencies -->
     <PackageVersion Include="Microsoft.AspNetCore.Authentication.Certificate" Version="$(MicrosoftAspNetCoreAuthenticationCertificatePackageVersion)" />
     <PackageVersion Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="$(MicrosoftAspNetCoreAuthenticationJwtBearerPackageVersion)" />

NuGet.config

@@ -17,6 +17,7 @@
     <add key="dotnet9" value="https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet9/nuget/v3/index.json" />
     <add key="dotnet-libraries" value="https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-libraries/nuget/v3/index.json" />
     <add key="dotnet9-transport" value="https://dnceng.pkgs.visualstudio.com/public/_packaging/dotnet9-transport/nuget/v3/index.json" />
+    <add key="azure-sdk-devfeed" value="https://pkgs.dev.azure.com/azure-sdk/public/_packaging/azure-sdk-for-net/nuget/v3/index.json" />
   </packageSources>
   <packageSourceMapping>
     <packageSource key="dotnet9-transport">
@@ -35,6 +36,9 @@
     <packageSource key="dotnet-eng">
       <package pattern="*" />
     </packageSource>
+    <packageSource key="azure-sdk-devfeed">
+      <package pattern="Azure.*" />
+    </packageSource>
   </packageSourceMapping>
   <disabledPackageSources>
     <!--Begin: Package sources managed by Dependency Flow automation. Do not edit the sources below.-->

playground/AspireEventHub/EventHubs.AppHost/ehstorage.module.bicep

@@ -1,72 +1,67 @@
-targetScope = 'resourceGroup'
-
-@description('')
+@description('The location for the resource(s) to be deployed.')
 param location string = resourceGroup().location
 
-@description('')
 param principalId string
 
-@description('')
 param principalType string
 
-
-resource storageAccount_59pNEh4K4 'Microsoft.Storage/storageAccounts@2022-09-01' = {
-  name: toLower(take('ehstorage${uniqueString(resourceGroup().id)}', 24))
-  location: location
-  tags: {
-    'aspire-resource-name': 'ehstorage'
-  }
-  sku: {
-    name: 'Standard_GRS'
-  }
-  kind: 'StorageV2'
-  properties: {
-    accessTier: 'Hot'
-    networkAcls: {
-      defaultAction: 'Allow'
+resource ehstorage 'Microsoft.Storage/storageAccounts@2023-01-01' = {
+    name: toLower(take('ehstorage${uniqueString(resourceGroup().id)}', 24))
+    kind: 'StorageV2'
+    location: location
+    sku: {
+        name: 'Standard_GRS'
+    }
+    properties: {
+        accessTier: 'Hot'
+        allowSharedKeyAccess: false
+        minimumTlsVersion: 'TLS1_2'
+        networkAcls: {
+            defaultAction: 'Allow'
+        }
+    }
+    tags: {
+        'aspire-resource-name': 'ehstorage'
     }
-    minimumTlsVersion: 'TLS1_2'
-    allowSharedKeyAccess: false
-  }
 }
 
-resource blobService_5WQ0wIU09 'Microsoft.Storage/storageAccounts/blobServices@2022-09-01' = {
-  parent: storageAccount_59pNEh4K4
-  name: 'default'
-  properties: {
-  }
+resource blobs 'Microsoft.Storage/storageAccounts/blobServices@2023-01-01' = {
+    name: 'default'
+    parent: ehstorage
 }
 
-resource roleAssignment_LrhalXYOv 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
-  scope: storageAccount_59pNEh4K4
-  name: guid(storageAccount_59pNEh4K4.id, principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe'))
-  properties: {
-    roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe')
-    principalId: principalId
-    principalType: principalType
-  }
+resource ehstorage_StorageBlobDataContributor 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+    name: guid(ehstorage.id, principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe'))
+    properties: {
+        principalId: principalId
+        roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe')
+        principalType: principalType
+    }
+    scope: ehstorage
 }
 
-resource roleAssignment_DDmC2vNE8 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
-  scope: storageAccount_59pNEh4K4
-  name: guid(storageAccount_59pNEh4K4.id, principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3'))
-  properties: {
-    roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3')
-    principalId: principalId
-    principalType: principalType
-  }
+resource ehstorage_StorageTableDataContributor 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+    name: guid(ehstorage.id, principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3'))
+    properties: {
+        principalId: principalId
+        roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3')
+        principalType: principalType
+    }
+    scope: ehstorage
 }
 
-resource roleAssignment_4tZWfnMZF 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
-  scope: storageAccount_59pNEh4K4
-  name: guid(storageAccount_59pNEh4K4.id, principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '974c5e8b-45b9-4653-ba55-5f855dd0fb88'))
-  properties: {
-    roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '974c5e8b-45b9-4653-ba55-5f855dd0fb88')
-    principalId: principalId
-    principalType: principalType
-  }
+resource ehstorage_StorageQueueDataContributor 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+    name: guid(ehstorage.id, principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '974c5e8b-45b9-4653-ba55-5f855dd0fb88'))
+    properties: {
+        principalId: principalId
+        roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '974c5e8b-45b9-4653-ba55-5f855dd0fb88')
+        principalType: principalType
+    }
+    scope: ehstorage
 }
 
-output blobEndpoint string = storageAccount_59pNEh4K4.properties.primaryEndpoints.blob
-output queueEndpoint string = storageAccount_59pNEh4K4.properties.primaryEndpoints.queue
-output tableEndpoint string = storageAccount_59pNEh4K4.properties.primaryEndpoints.table
+output blobEndpoint string = ehstorage.properties.primaryEndpoints.blob
+
+output queueEndpoint string = ehstorage.properties.primaryEndpoints.queue
+
+output tableEndpoint string = ehstorage.properties.primaryEndpoints.table

playground/AspireEventHub/EventHubs.AppHost/eventhubns.module.bicep

@@ -1,47 +1,36 @@
-targetScope = 'resourceGroup'
-
-@description('')
+@description('The location for the resource(s) to be deployed.')
 param location string = resourceGroup().location
 
-@description('')
 param sku string = 'Standard'
 
-@description('')
 param principalId string
 
-@description('')
 param principalType string
 
-
-resource eventHubsNamespace_wORIGuvCQ 'Microsoft.EventHub/namespaces@2021-11-01' = {
-  name: toLower(take('eventhubns${uniqueString(resourceGroup().id)}', 24))
-  location: location
-  tags: {
-    'aspire-resource-name': 'eventhubns'
-  }
-  sku: {
-    name: sku
-  }
-  properties: {
-  }
+resource eventhubns 'Microsoft.EventHub/namespaces@2017-04-01' = {
+    name: toLower(take('eventhubns${uniqueString(resourceGroup().id)}', 24))
+    location: location
+    sku: {
+        name: sku
+    }
+    tags: {
+        'aspire-resource-name': 'eventhubns'
+    }
 }
 
-resource roleAssignment_2so8CKuFt 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
-  scope: eventHubsNamespace_wORIGuvCQ
-  name: guid(eventHubsNamespace_wORIGuvCQ.id, principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f526a384-b230-433a-b45c-95f59c4a2dec'))
-  properties: {
-    roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f526a384-b230-433a-b45c-95f59c4a2dec')
-    principalId: principalId
-    principalType: principalType
-  }
+resource eventhubns_AzureEventHubsDataOwner 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+    name: guid(eventhubns.id, principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f526a384-b230-433a-b45c-95f59c4a2dec'))
+    properties: {
+        principalId: principalId
+        roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f526a384-b230-433a-b45c-95f59c4a2dec')
+        principalType: principalType
+    }
+    scope: eventhubns
 }
 
-resource eventHub_4BpPMTltx 'Microsoft.EventHub/namespaces/eventhubs@2021-11-01' = {
-  parent: eventHubsNamespace_wORIGuvCQ
-  name: 'hub'
-  location: location
-  properties: {
-  }
+resource hub 'Microsoft.EventHub/namespaces/eventhubs@2024-01-01' = {
+    name: 'hub'
+    parent: eventhubns
 }
 
-output eventHubsEndpoint string = eventHubsNamespace_wORIGuvCQ.properties.serviceBusEndpoint
+output eventHubsEndpoint string = eventhubns.properties.serviceBusEndpoint

playground/AzureSearchEndToEnd/AzureSearch.AppHost/search.module.bicep

@@ -1,50 +1,45 @@
-targetScope = 'resourceGroup'
-
-@description('')
+@description('The location for the resource(s) to be deployed.')
 param location string = resourceGroup().location
 
-@description('')
 param principalId string
 
-@description('')
 param principalType string
 
-
-resource searchService_j3umigYGT 'Microsoft.Search/searchServices@2023-11-01' = {
-  name: toLower(take('search${uniqueString(resourceGroup().id)}', 24))
-  location: location
-  tags: {
-    'aspire-resource-name': 'search'
-  }
-  sku: {
-    name: 'basic'
-  }
-  properties: {
-    replicaCount: 1
-    partitionCount: 1
-    hostingMode: 'default'
-    disableLocalAuth: true
-  }
+resource search 'Microsoft.Search/searchServices@2023-11-01' = {
+    name: toLower(take('search${uniqueString(resourceGroup().id)}', 24))
+    location: location
+    properties: {
+        hostingMode: 'default'
+        disableLocalAuth: true
+        partitionCount: 1
+        replicaCount: 1
+    }
+    sku: {
+        name: 'basic'
+    }
+    tags: {
+        'aspire-resource-name': 'search'
+    }
 }
 
-resource roleAssignment_f77ijNEYF 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
-  scope: searchService_j3umigYGT
-  name: guid(searchService_j3umigYGT.id, principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8ebe5a00-799e-43f5-93ac-243d3dce84a7'))
-  properties: {
-    roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8ebe5a00-799e-43f5-93ac-243d3dce84a7')
-    principalId: principalId
-    principalType: principalType
-  }
+resource search_SearchIndexDataContributor 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+    name: guid(search.id, principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8ebe5a00-799e-43f5-93ac-243d3dce84a7'))
+    properties: {
+        principalId: principalId
+        roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8ebe5a00-799e-43f5-93ac-243d3dce84a7')
+        principalType: principalType
+    }
+    scope: search
 }
 
-resource roleAssignment_s0J7B4aGN 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
-  scope: searchService_j3umigYGT
-  name: guid(searchService_j3umigYGT.id, principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7ca78c08-252a-4471-8644-bb5ff32d4ba0'))
-  properties: {
-    roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7ca78c08-252a-4471-8644-bb5ff32d4ba0')
-    principalId: principalId
-    principalType: principalType
-  }
+resource search_SearchServiceContributor 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+    name: guid(search.id, principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7ca78c08-252a-4471-8644-bb5ff32d4ba0'))
+    properties: {
+        principalId: principalId
+        roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7ca78c08-252a-4471-8644-bb5ff32d4ba0')
+        principalType: principalType
+    }
+    scope: search
 }
 
-output connectionString string = 'Endpoint=https://${searchService_j3umigYGT.name}.search.windows.net'
+output connectionString string = 'Endpoint=https://${search.name}.search.windows.net'