Skip to content

Use enums for polyglot role assignment in Azure resources#14656

Merged
sebastienros merged 5 commits intorelease/13.2from
sebros/storagerole
Feb 25, 2026
Merged

Use enums for polyglot role assignment in Azure resources#14656
sebastienros merged 5 commits intorelease/13.2from
sebros/storagerole

Conversation

@sebastienros
Copy link
Copy Markdown
Contributor

@sebastienros sebastienros commented Feb 24, 2026
edited
Loading

Complete and refactor role assignment exports for Azure resources

@sebastienros sebastienros requested review from Copilot and davidfowl and removed request for Copilot February 24, 2026 18:55
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Feb 24, 2026
edited
Loading

🚀 Dogfood this PR with:

⚠️ WARNING: Do not do this without first carefully reviewing the code of this PR to satisfy yourself it is safe.

curl -fsSL https://raw.githubusercontent.com/dotnet/aspire/main/eng/scripts/get-aspire-cli-pr.sh | bash -s -- 14656

Or

  • Run remotely in PowerShell:
iex "& { $(irm https://raw.githubusercontent.com/dotnet/aspire/main/eng/scripts/get-aspire-cli-pr.ps1) } 14656"

@davidfowl
Copy link
Copy Markdown
Contributor

davidfowl commented Feb 24, 2026

Can we expose an open ended "enum"?

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Feb 24, 2026
edited
Loading

🎬 CLI E2E Test Recordings

The following terminal recordings are available for commit 3b1a2b7:

Test Recording
AddPackageInteractiveWhileAppHostRunningDetached ▶️ View Recording
AddPackageWhileAppHostRunningDetached ▶️ View Recording
AgentCommands_AllHelpOutputs_AreCorrect ▶️ View Recording
AgentInitCommand_MigratesDeprecatedConfig ▶️ View Recording
AgentInitCommand_WithMalformedMcpJson_ShowsErrorAndExitsNonZero ▶️ View Recording
AspireUpdateRemovesAppHostPackageVersionFromDirectoryPackagesProps ▶️ View Recording
Banner_DisplayedOnFirstRun ▶️ View Recording
Banner_DisplayedWithExplicitFlag ▶️ View Recording
CreateAndDeployToDockerCompose ▶️ View Recording
CreateAndDeployToDockerComposeInteractive ▶️ View Recording
CreateAndPublishToKubernetes ▶️ View Recording
CreateAndRunAspireStarterProject ▶️ View Recording
CreateAndRunAspireStarterProjectWithBundle ▶️ View Recording
CreateAndRunJsReactProject ▶️ View Recording
CreateAndRunPythonReactProject ▶️ View Recording
CreateEmptyAppHostProject ▶️ View Recording
CreateStartAndStopAspireProject ▶️ View Recording
CreateStartWaitAndStopAspireProject ▶️ View Recording
CreateTypeScriptAppHostWithViteApp ▶️ View Recording
DescribeCommandShowsRunningResources ▶️ View Recording
DetachFormatJsonProducesValidJson ▶️ View Recording
DoctorCommand_DetectsDeprecatedAgentConfig ▶️ View Recording
DoctorCommand_WithSslCertDir_ShowsTrusted ▶️ View Recording
DoctorCommand_WithoutSslCertDir_ShowsPartiallyTrusted ▶️ View Recording
LogsCommandShowsResourceLogs ▶️ View Recording
PsCommandListsRunningAppHost ▶️ View Recording
StagingChannel_ConfigureAndVerifySettings_ThenSwitchChannels ▶️ View Recording
StopAllAppHostsFromAppHostDirectory ▶️ View Recording
StopAllAppHostsFromUnrelatedDirectory ▶️ View Recording
StopNonInteractiveMultipleAppHostsShowsError ▶️ View Recording
StopNonInteractiveSingleAppHost ▶️ View Recording
StopWithNoRunningAppHostExitsSuccessfully ▶️ View Recording

📹 Recordings uploaded automatically from CI run #22414466394

@sebastienros
Copy link
Copy Markdown
Contributor Author

sebastienros commented Feb 24, 2026

@davidfowl we had this discussion about the enum, we didn't really agreed on what's best at that time. My argument was that these values already existed in the different SDKs, but I looked again and I don't think the typescript sdk actually supports provisioning and exposes these. I am not sure anymore there would be duplication if we created an enum. We'd still need to map it to our C# SDK one. However how should it be open-ended? The only thing open we could try to also accept a role definition (id, rolename) from the guest app. But I think a direct mapping to the SDK we support is fine.

@davidfowl
Copy link
Copy Markdown
Contributor

davidfowl commented Feb 24, 2026
edited
Loading

We can make a new type in ATS to enable this though right? Much like we support for github models and foundry.

@github-actions github-actions bot mentioned this pull request Feb 25, 2026
Closed
Copilot AI reviewed Feb 25, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR extends the Azure Hosting libraries’ polyglot (ATS) role-assignment surface by introducing ATS-compatible role enums and updating exported withRoleAssignments shims to use those enums (rather than role-name strings / Azure.Provisioning role types), with accompanying validation apphosts and a couple of new tests.

Changes:

  • Added internal ATS-compatible role enums (AzureStorageRole, AzureServiceBusRole, AzureKeyVaultRole) and updated exported withRoleAssignments overloads to accept them.
  • Updated TypeScript polyglot validation apphosts to use the new enum-based APIs, and added a new Key Vault TS validation apphost scaffold.
  • Added tests for null/empty role arrays (Storage + Key Vault).

Reviewed changes

Copilot reviewed 15 out of 16 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
tests/Aspire.Hosting.Azure.Tests/AzureStorageExtensionsTests.cs Adds null/empty role-array regression coverage for Storage role assignment.
tests/Aspire.Hosting.Azure.Tests/AzureKeyVaultTests.cs Adds a null-roles test for Key Vault role assignment (but currently targets the removed string overload).
src/Aspire.Hosting.Azure.Storage/AzureStorageRole.cs Introduces ATS-compatible enum for Azure Storage roles.
src/Aspire.Hosting.Azure.Storage/AzureStorageExtensions.cs Adds enum-based exported withRoleAssignments overload and updates ignore reason for the Azure.Provisioning overload.
src/Aspire.Hosting.Azure.ServiceBus/AzureServiceBusRole.cs Introduces ATS-compatible enum for Service Bus roles.
src/Aspire.Hosting.Azure.ServiceBus/AzureServiceBusExtensions.cs Switches exported polyglot role assignment to enum-based overload and removes string-role validation dictionary.
src/Aspire.Hosting.Azure.KeyVault/AzureKeyVaultRole.cs Introduces ATS-compatible enum for Key Vault roles.
src/Aspire.Hosting.Azure.KeyVault/AzureKeyVaultResourceExtensions.cs Switches exported polyglot role assignment to enum-based overload and removes string-role validation dictionary.
playground/polyglot/TypeScript/Aspire.Hosting.Azure.Storage/ValidationAppHost/apphost.ts Updates TS validation apphost to use AzureStorageRole enum when calling withRoleAssignments.
playground/polyglot/TypeScript/Aspire.Hosting.Azure.ServiceBus/ValidationAppHost/apphost.ts Updates TS validation apphost to use AzureServiceBusRole enum instead of role-name strings.
playground/polyglot/TypeScript/Aspire.Hosting.Azure.KeyVault/ValidationAppHost/tsconfig.json Adds TS config for the new Key Vault validation apphost.
playground/polyglot/TypeScript/Aspire.Hosting.Azure.KeyVault/ValidationAppHost/package.json Adds Node/TS package manifest for the new Key Vault validation apphost.
playground/polyglot/TypeScript/Aspire.Hosting.Azure.KeyVault/ValidationAppHost/package-lock.json Adds lockfile for the new Key Vault validation apphost.
playground/polyglot/TypeScript/Aspire.Hosting.Azure.KeyVault/ValidationAppHost/apphost.ts Adds Key Vault TS validation apphost that exercises exported members and enum-based role assignment.
playground/polyglot/TypeScript/Aspire.Hosting.Azure.KeyVault/ValidationAppHost/apphost.run.json Adds run profile for the new Key Vault validation apphost.
playground/polyglot/TypeScript/Aspire.Hosting.Azure.KeyVault/ValidationAppHost/.aspire/settings.json Adds Aspire polyglot settings pointing to the new Key Vault TS apphost.
Files not reviewed (1)
  • playground/polyglot/TypeScript/Aspire.Hosting.Azure.KeyVault/ValidationAppHost/package-lock.json: Language not supported

@sebastienros sebastienros changed the title Add role assignent for storage polyglot Add role assignment for storage polyglot Feb 25, 2026
@sebastienros sebastienros changed the title Add role assignment for storage polyglot Use enums for polyglot role assignment in Azure resources Feb 25, 2026
@sebastienros sebastienros merged commit da9955c into release/13.2 Feb 25, 2026
676 of 679 checks passed
@sebastienros sebastienros deleted the sebros/storagerole branch February 25, 2026 23:55
@dotnet-policy-service dotnet-policy-service bot added this to the 13.2 milestone Feb 25, 2026
@github-actions github-actions bot mentioned this pull request Feb 26, 2026
Closed
Copilot AI pushed a commit that referenced this pull request Mar 10, 2026
@sebastienros
Use enums for polyglot role assignment in Azure resources (#14656)
d1c7be8 
* Add role assignent for storage polyglot

* Create enums for built in Azure roles

* Improve testing
@github-actions github-actions bot locked and limited conversation to collaborators Mar 28, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

Copilot code review Copilot Copilot left review comments

@davidfowl davidfowl Awaiting requested review from davidfowl

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

13.2

Development

Successfully merging this pull request may close these issues.

3 participants

@sebastienros @davidfowl