AsExisting to a Redis resource doesn't create a unique access policy name #8142
Description
When trying to use an existing Redis resource that was created by another Aspire app, I'm getting an error during deployment:
ERROR: error executing step command 'provision': deployment failed: error deploying infrastructure: deploying to subscription:
Deployment Error Details:
InvalidAccessPolicyAssignment: An invalid access policy assignment was detected due to duplicate entries. Please review and ensure that each assignment has a unique combination of assignmentName, policyName, and objectId to avoid such duplicates. For more information, please refer to the following link: https://aka.ms/redis/MicrosoftEntraAuthenticationPrerequisites.
RequestID=6caf2145-4221-4133-83de-108cb45a447f
TraceID: 34acc9d60e6a16bca27d9cf689f07607
The error message is a little misleading (the objectId is different between the 2 deployments), but the issue is that we aren't creating a unique name for the role assignment:
aspire/src/Aspire.Hosting.Azure.Redis/AzureRedisExtensions.cs
Lines 264 to 270 in 60acd67
Since we aren't setting the Name property, it is getting defaulted:
aspire/playground/bicep/BicepSample.AppHost/redis.module.bicep
Lines 29 to 30 in 624e7a4
When this runs inside the same resource group (since it needs to run in the existing Redis's resource group), the same name is being generated, causing the duplicate error.
To fix this, we should generate a unique name based on principalId, like we do for other role assignments:
Repro
Deploy Redis resource via an Aspire app.
In another Aspire app, try to attach to that Redis resource as existing:
var redis = builder.AddAzureRedis("redis")
.PublishAsExisting("redis-name", "rg-name-redis");