Description
Description
Azure resources no longer have role assignments in the same bicep file / ConfigureInfrastructure.
Version
.NET Aspire 9.2
Previous behavior
Previously, when an Azure resource's bicep was generated, we generated the default role assignments into the same bicep module (file) as the Azure resource itself. This means you could customize/edit the role assignment in the resource's ConfigureInfrastructure callback. For example:
var storage = builder.AddAzureStorage("storage")
.ConfigureInfrastructure(infra =>
{
var roles = infra.GetProvisionableResources().OfType<RoleAssignment>().ToList();
foreach (var role in roles)
{
infra.Remove(role);
}
var storageAccount = infra.GetProvisionableResources().OfType<StorageAccount>().Single();
infra.Add(storageAccount.CreateRoleAssignment(StorageBuiltInRole.StorageBlobDataContributor, ...);
});New behavior
With the new WithRoleAssignments work, these role assignments are now moved into their own bicep modules. The Azure resource's ConfigureInfrastructure will no longer contain any RoleAssignment instances.
Type of breaking change
- Binary incompatible: Existing binaries might encounter a breaking change in behavior, such as failure to load or execute, and if so, require recompilation.
- Source incompatible: When recompiled using the new SDK or component or to target the new runtime, existing source code might require source changes to compile successfully.
- Behavioral change: Existing binaries might behave differently at run time.
Reason for change
This change was necessary to implement the WithRoleAssignments APIs for configuring role assignments per application.
Recommended action
To customize the role assignments in 9.2, use the WithRoleAssignments APIs
var storage = builder.AddAzureStorage("storage");
builder.AddProject<Projects.AzureContainerApps_ApiService>("api")
.WithRoleAssignments(storage, StorageBuiltInRole.StorageBlobDataContributor);Affected APIs
ConfigureInfrastructure
Metadata
Metadata
Assignees
Labels
Type
Projects
Status