Azure / azure-dev

A developer CLI that reduces the time it takes for you to get started on Azure. The Azure Developer CLI (azd) provides a set of developer-friendly commands that map to key stages in your workflow - code, build, deploy, monitor, repeat.

Home Page:https://aka.ms/azd

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Projects depending on initial config are broken on 1.9.0

vhvb1989 opened this issue · comments

The azd environment-config api: ResolvedRaw() is used to create the initial config for a CI/CD pipeline. It resolves all the secret references into their actual value.
During the resolution, the config object was not aware of removing the vault reference, as it was expecting that when azd loads a configuration in CI/CD, if the vault reference does not exists, it would be just ignored. However, when azd tries to load a configuration which contains a vault reference, an error os.ErrNotExist is returned from trying to load the configuration if the vault does not exists (even if the configuration does exits).

This means that, an initial configuration for CI/CD like:

{
  "infra": {
    "parameters": {
      "outputcache": "value"
    }
  },
  "vault": "3b065682-234a-4354-b336-d55c68feb0ee"
}

returns an error if the vault is not found. Regardless of the fact that the vault is not going to be used because there are no secret references to the vault.

Ways to fix this:

  1. Update the config load() API to ignore when a vault reference is not found and return the configuration including the vault. Then, return an error when someone tries to use the vault (lazy error)

  2. Update the ResolvedRaw() api from config to remove the reference to a vault as part of the resolution. This means that the configuration is totally disconnected from the vault.