Add role assignments with .NET Aspire #2891
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
adegeo
approved these changes
Mar 25, 2025
Co-authored-by: Andy (Steve) De George <[email protected]>
eerhardt
reviewed
Apr 1, 2025
| .WithReference(search); | ||
| ``` | ||
|
|
||
| When you use the `WithRoleAssignments` method, it replaces the default role assignments with the specified ones. This method requires two parameters: the resource to which the role assignment applies and the built-in role to assign. In the preceding example, the `search` resource is assigned the <xref:Azure.Provisioning.Search.SearchBuiltInRole.SearchIndexDataReader?displayProperty=nameWithType> role. |
Member
There was a problem hiding this comment.
In the preceding example, the
searchresource is assigned the xref:Azure.Provisioning.Search.SearchBuiltInRole.SearchIndexDataReader?displayProperty=nameWithType role.
I would flip this wording. It isn't the search resource that is assigned that role. Instead, the api project is assigned that role to the search resource.
eerhardt
reviewed
Apr 1, 2025
| For more information, see [.NET Aspire Azure App Container integration](../hosting/azure-app-container-integration.md). | ||
| --> | ||
|
|
||
| ### Azure Application Insights |
Member
There was a problem hiding this comment.
We don't support App Insights role assignments. We actually don't grant any right now, even by default.
Member
There was a problem hiding this comment.
eerhardt
reviewed
Apr 1, 2025
|
|
||
| For more information, see [Azure built-in roles](/azure/role-based-access-control/built-in-roles). | ||
|
|
||
| ## Built-in role assignment reference |
Member
There was a problem hiding this comment.
Is there not somewhere in Azure we could put these? This doesn't seem like our list to maintain.
eerhardt
reviewed
Apr 1, 2025
| To override the default role assignment, use the `WithRoleAssignments` API and assign built-in roles as shown in the following example: | ||
|
|
||
| ```csharp | ||
| var builder = DistributedApplication.CreateBuilder(args); |
Member
There was a problem hiding this comment.
Your app needs to use a compute environment that supports role assignments. In 9.2 the only one we support is Azure Container Apps. So you need to call either:
- Aspire.Hosting.AzureContainerAppExtensions.AddAzureContainerAppEnvironment
- Aspire.Hosting.AzureContainerAppExtensions.AddAzureContainerAppsInfrastructure
In order for role assignments to work. If you don't enable ACA infrastructure, an exception is thrown when your app starts if you call .WithRoleAssignments.
IEvangelist
added a commit
that referenced
this pull request
Apr 10, 2025
* Remove IsAspireHost bits. Fixes #2847 * New dashboard config to disable resource graph (#2874) * Fixes #2842 * Update configuration.md Co-authored-by: James Newton-King <[email protected]> --------- Co-authored-by: James Newton-King <[email protected]> * Position VS Code first * Add clarifying details about updates to `AddDatabase` APIs (#2878) * Contributes to #2789 * Added PostgreSQL and links to eventing * Quick edit pass * Apply suggestions from code review Co-authored-by: Andy (Steve) De George <[email protected]> --------- Co-authored-by: Andy (Steve) De George <[email protected]> * Adding GitHub Copilot prompts (#2896) * Initial prompts * Update prompts * Adding content for `WithHttpCommand` (#2875) * Initial setup * Rework HTTP command content with an example * Add images and more details. * Edit pass * Added playground sample * Update HTTP command content with updated source * Remove duplicated code snippet * Correct member over parameter * Fix name * Correct postgres connection command * Update kafka-integration.md (#2712) Change links von provectuslabs to Kafbat * Add role assignments with .NET Aspire (#2891) * Getting closer on adding roles details * Apply suggestions from code review Co-authored-by: Andy (Steve) De George <[email protected]> * Address feedback and update content * Add to TOC * Edit pass * Add link * Fix a few issues * Remove absolute URL --------- Co-authored-by: Andy (Steve) De George <[email protected]> * Breaking changes for .NET Aspire 9.2 (#2892) * Added breaking changes for 9.2, fixes #2888 and fixes #2889 * Correct TOC * Add clarifying type name * Fixes #2899 * Added new breaking changes docs * Remove link * Correct MD lint error/warnings * Bump bicep bits (#2930) * Update docs to use `EndpointProperty.HostAndPort` where appropriate (#2934) Fixes #2646 * Reorganize the order of the Azure storage content (#2937) * Fixes #2935 * Tweak table style * Apply suggestions from code review Co-authored-by: Genevieve Warren <[email protected]> --------- Co-authored-by: Genevieve Warren <[email protected]> * Add content on customizing resource URLs (#2940) * Fixes #2936 * Correct TOC * Minor tweaks * Apply suggestions from code review Co-authored-by: Genevieve Warren <[email protected]> * Apply suggestions from code review Co-authored-by: Damian Edwards <[email protected]> * Apply suggestions from code review * Apply suggestions from code review * Apply suggestions from code review * Apply suggestions from code review --------- Co-authored-by: Genevieve Warren <[email protected]> Co-authored-by: Damian Edwards <[email protected]> * Add CosmosDB parent-child relationship bits. (#2912) * Add CosmosDB parent-child relationship bits. Part of #2907 * A few fixes * Update docs/database/azure-cosmos-db-integration.md Co-authored-by: Safia Abdalla <[email protected]> * Update docs/database/azure-cosmos-db-integration.md Co-authored-by: Safia Abdalla <[email protected]> * A few updates based on feedback * Add a few more bits * Add more details about the web pubsub. * Apply suggestions from code review Co-authored-by: Safia Abdalla <[email protected]> --------- Co-authored-by: Safia Abdalla <[email protected]> * Add new Azure PostgreSQL client integrations. (#2905) * Replace manual identity code with new package. Fixes #2883 * Add xref reminders. * Replace standard clients * Correct leading para * Apply suggestions from code review * Adjustment from peer reviews * Correct terminology * .NET Aspire 💜 Playwright (#2904) * WIP * Initial bits in place * Yeah, now we're cookin'! * OMG, I'm having too much fun! * Add a few more bits * Encapsulate selector. * Even more images automated, and better coverage. * More coverage... * Added more coverage. * More images and coverage. * A bit more clean up * Added a few more bits and updated. * Fixed link issue * Fix last issue * Tracing and structured log pages * Apply suggestions from code review * Update docs/fundamentals/dashboard/automation/aspire-dashboard/Aspire.Dashboard.ScreenCapture/README.md * Add "Configure Azure Container App environments" article (#3058) * Yuck, too rough of a draft but need to context switch. * Tweaks * Let's go, this fixes #2938 * Apply suggestions from code review Co-authored-by: Genevieve Warren <[email protected]> --------- Co-authored-by: Genevieve Warren <[email protected]> * What's new in .NET Aspire 9.2 (#2877) * Add initial bits for #2869. What's new in .NET Aspire 9.2 * Add a few more what's new bits * Add dashboard config * Add initial details about HTTP commands * Apply suggestions from code review Co-authored-by: Andy (Steve) De George <[email protected]> * Edit pass * Add link to breaking changes * Removed MS-collected telemetry * Try toying with TOC * Expand product updates * Apply suggestions from code review Co-authored-by: Maddy Montaquila (Leger) <[email protected]> * Delete section * Update .NET Aspire 9.2 documentation * Update docs/whats-new/dotnet-aspire-9.2.md * Update connection string and deployment section * Added testing updates * Update docs/whats-new/dotnet-aspire-9.2.md Co-authored-by: James Newton-King <[email protected]> * Clean up * Minor updates * Apply suggestions from code review Co-authored-by: David Fowler <[email protected]> * Apply suggestions from code review Co-authored-by: David Fowler <[email protected]> * Apply suggestions from code review Co-authored-by: David Fowler <[email protected]> * Apply suggestions from code review Co-authored-by: David Fowler <[email protected]> * Add images * Final tweaks before release branch --------- Co-authored-by: Andy (Steve) De George <[email protected]> Co-authored-by: Maddy Montaquila (Leger) <[email protected]> Co-authored-by: David Fowler <[email protected]> Co-authored-by: Mitch Denny <[email protected]> Co-authored-by: James Newton-King <[email protected]> * Bump versions * nits (#3064) * Fix build issues * More fixes * Move things * Move even more things * Point to 9.2 * Fix bookmakrs --------- Co-authored-by: James Newton-King <[email protected]> Co-authored-by: Andy (Steve) De George <[email protected]> Co-authored-by: Stefan Nikolei <[email protected]> Co-authored-by: Alex Crome <[email protected]> Co-authored-by: Genevieve Warren <[email protected]> Co-authored-by: Damian Edwards <[email protected]> Co-authored-by: Safia Abdalla <[email protected]> Co-authored-by: Maddy Montaquila (Leger) <[email protected]> Co-authored-by: David Fowler <[email protected]> Co-authored-by: Mitch Denny <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Add role assignments with .NET Aspire
Fixes #2788
Internal previews