Skip to content

Commit 691b057

Browse files
eriquaeriqua
committed
using fail function
1 parent 6440290 commit 691b057

File tree

2 files changed

+26
-26
lines changed

2 files changed

+26
-26
lines changed

docs/static/includes/interfaces/bicep/int.cmk.udt.schema1.bicep

Lines changed: 7 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -31,18 +31,6 @@ resource cMKKeyVault 'Microsoft.KeyVault/vaults@2024-11-01' existing = if (!isHS
3131
}
3232
}
3333

34-
resource hSMCMKKeyVault 'Microsoft.KeyVault/managedHSMs@2024-11-01' existing = if (isHSMKeyVault && !empty(customerManagedKey.?keyVaultResourceId)) {
35-
name: last(split((customerManagedKey.?keyVaultResourceId!), '/'))
36-
scope: resourceGroup(
37-
split(customerManagedKey.?keyVaultResourceId!, '/')[2],
38-
split(customerManagedKey.?keyVaultResourceId!, '/')[4]
39-
)
40-
41-
resource hSMCMKKey 'keys@2024-11-01' existing = if (!empty(customerManagedKey.?keyVaultResourceId) && !empty(customerManagedKey.?keyName)) {
42-
name: customerManagedKey.?keyName!
43-
}
44-
}
45-
4634
resource cMKUserAssignedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' existing = if (!empty(customerManagedKey.?userAssignedIdentityResourceId)) {
4735
name: last(split(customerManagedKey.?userAssignedIdentityResourceId!, '/'))
4836
scope: resourceGroup(
@@ -59,20 +47,22 @@ resource >singularMainResourceType< '>providerNamespace</>resourceType<@>apiVers
5947
? {
6048
keySource: 'Microsoft.KeyVault'
6149
keyVaultProperties: {
62-
keyVaultUri: !isHSMKeyVault ? cMKKeyVault!.properties.vaultUri : hSMCMKKeyVault!.properties.hsmUri
50+
keyVaultUri: !isHSMKeyVault
51+
? 'https://${last(split((customerManagedKey.?keyVaultResourceId!), '/'))}${environment().suffixes.keyvaultDns}/'
52+
: 'https://${last(split((customerManagedKey.?keyVaultResourceId!), '/'))}.managedhsm.azure.net/'
6353
keyName: customerManagedKey!.keyName
6454
keyVersion: !empty(customerManagedKey.?keyVersion)
6555
? customerManagedKey!.keyVersion!
6656
: !isHSMKeyVault
6757
? last(split(cMKKeyVault::cMKKey!.properties.keyUriWithVersion, '/'))
68-
: last(split(hSMCMKKeyVault::hSMCMKKey!.properties.keyUriWithVersion, '/'))
58+
: fail('Managed HSM CMK encryption requires keyVersion in input')
6959
keyIdentifier: !empty(customerManagedKey.?keyVersion)
7060
? ( !isHSMKeyVault
71-
? '${cMKKeyVault::cMKKey!.properties.keyUri}/${customerManagedKey!.keyVersion!}'
72-
: '${hSMCMKKeyVault::hSMCMKKey!.properties.keyUri}/${customerManagedKey!.keyVersion!}')
61+
? 'https://${last(split((customerManagedKey.?keyVaultResourceId!), '/'))}${environment().suffixes.keyvaultDns}/${customerManagedKey!.keyVersion!}'
62+
: 'https://${last(split((customerManagedKey.?keyVaultResourceId!), '/'))}.managedhsm.azure.net/${customerManagedKey!.keyVersion!}')
7363
: ( !isHSMKeyVault
7464
? cMKKeyVault::cMKKey!.properties.keyUriWithVersion
75-
: hSMCMKKeyVault::hSMCMKKey!.properties.keyUriWithVersion)
65+
: fail('Managed HSM CMK encryption requires keyVersion in input'))
7666
identityClientId: !empty(customerManagedKey.?userAssignedIdentityResourceId)
7767
? cMKUserAssignedIdentity!.properties.clientId
7868
: null

docs/static/includes/interfaces/bicep/int.cmk.udt.schema2.bicep

Lines changed: 19 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -37,18 +37,28 @@ resource >singularMainResourceType< '>providerNamespace</>resourceType<@>apiVers
3737
? {
3838
keySource: 'Microsoft.KeyVault'
3939
keyVaultProperties: {
40-
keyVaultUri: cMKKeyVault.properties.vaultUri
40+
keyVaultUri: !isHSMKeyVault
41+
? 'https://${last(split((customerManagedKey.?keyVaultResourceId!), '/'))}${environment().suffixes.keyvaultDns}/'
42+
: 'https://${last(split((customerManagedKey.?keyVaultResourceId!), '/'))}.managedhsm.azure.net/'
4143
keyName: customerManagedKey!.keyName
42-
keyVersion: !empty(customerManagedKey.?keyVersion)
43-
? customerManagedKey!.keyVersion
44-
: (customerManagedKey.?autoRotationEnabled ?? true)
45-
? null
46-
: last(split(cMKKeyVault::cMKKey!.properties.keyUriWithVersion, '/'))
44+
keyversion: !empty(customerManagedKey.?keyVersion)
45+
? customerManagedKey!.keyVersion!
46+
: (customerManagedKey.?autoRotationEnabled ?? true)
47+
? null
48+
: (!isHSMKeyVault
49+
? last(split(cMKKeyVault::cMKKey!.properties.keyUriWithVersion, '/'))
50+
: fail('Managed HSM CMK encryption requires either keyVersion in input or autorotation to be enabled'))
4751
keyIdentifier: !empty(customerManagedKey.?keyVersion)
48-
? '${cMKKeyVault::cMKKey.properties.keyUri}/${customerManagedKey!.keyVersion!}'
52+
? (!isHSMKeyVault
53+
? 'https://${last(split((customerManagedKey.?keyVaultResourceId!), '/'))}${environment().suffixes.keyvaultDns}/keys/${customerManagedKey!.keyName!}/${customerManagedKey!.keyVersion!}'
54+
: 'https://${last(split((customerManagedKey.?keyVaultResourceId!), '/'))}.managedhsm.azure.net/keys/${customerManagedKey!.keyName!}/${customerManagedKey!.keyVersion!}')
4955
: (customerManagedKey.?autoRotationEnabled ?? true)
50-
? cMKKeyVault::cMKKey!.properties.keyUri
51-
: cMKKeyVault::cMKKey!.properties.keyUriWithVersion
56+
? (!isHSMKeyVault
57+
? 'https://${last(split((customerManagedKey.?keyVaultResourceId!), '/'))}${environment().suffixes.keyvaultDns}/keys/${customerManagedKey!.keyName!}'
58+
: 'https://${last(split((customerManagedKey.?keyVaultResourceId!), '/'))}.managedhsm.azure.net/keys/${customerManagedKey!.keyName!}}')
59+
: (!isHSMKeyVault
60+
? cMKKeyVault::cMKKey!.properties.keyUriWithVersion
61+
: fail('Managed HSM CMK encryption requires either keyVersion in input or autorotation to be enabled'))
5262
identityClientId: !empty(customerManagedKey.?userAssignedIdentityResourceId)
5363
? cMKUserAssignedIdentity!.properties.clientId
5464
: null

0 commit comments

Comments
 (0)