From fd0e6f5cb74bed284668d3329da264274fe550bd Mon Sep 17 00:00:00 2001
From: Are Almaas <arealmaas@gmail.com>
Date: Wed, 6 Mar 2024 10:37:54 +0100
Subject: [PATCH] fix(azure): use built-in policy for redis

---
 .azure/applications/web-api-eu/main.bicep | 13 ++-----------
 .azure/applications/web-api-so/main.bicep | 13 ++-----------
 2 files changed, 4 insertions(+), 22 deletions(-)

diff --git a/.azure/applications/web-api-eu/main.bicep b/.azure/applications/web-api-eu/main.bicep
index 6d2962964..b076b91e9 100644
--- a/.azure/applications/web-api-eu/main.bicep
+++ b/.azure/applications/web-api-eu/main.bicep
@@ -77,23 +77,14 @@ module containerApp '../../modules/containerApp/main.bicep' = {
   }
 }
 
-resource redisCustomAccessPolicy 'Microsoft.Cache/redis/accessPolicies@2023-08-01' = {
+resource redisAccessPolicyAssignment 'Microsoft.Cache/redis/accessPolicyAssignments@2023-08-01' = {
   parent: redis
   name: containerAppName
   properties: {
-    permissions: 'Contributor'
-  }
-}
-
-resource redisCustomAccessPolicyAssignment 'Microsoft.Cache/redis/accessPolicyAssignments@2023-08-01' = {
-  parent: redis
-  name: containerAppName
-  properties: {
-    accessPolicyName: containerAppName
+    accessPolicyName: 'Data Contributor'
     objectId: containerApp.outputs.identityPrincipalId
     objectIdAlias: '${containerAppName}-access-policy-redis'
   }
-  dependsOn: [redisCustomAccessPolicy]
 }
 
 module keyVaultReaderAccessPolicy '../../modules/keyvault/addReaderRoles.bicep' = {
diff --git a/.azure/applications/web-api-so/main.bicep b/.azure/applications/web-api-so/main.bicep
index 0a6b9e399..8480f056e 100644
--- a/.azure/applications/web-api-so/main.bicep
+++ b/.azure/applications/web-api-so/main.bicep
@@ -81,23 +81,14 @@ module containerApp '../../modules/containerApp/main.bicep' = {
   }
 }
 
-resource redisCustomAccessPolicy 'Microsoft.Cache/redis/accessPolicies@2023-08-01' = {
+resource redisAccessPolicyAssignment 'Microsoft.Cache/redis/accessPolicyAssignments@2023-08-01' = {
   parent: redis
   name: containerAppName
   properties: {
-    permissions: 'Contributor'
-  }
-}
-
-resource redisCustomAccessPolicyAssignment 'Microsoft.Cache/redis/accessPolicyAssignments@2023-08-01' = {
-  parent: redis
-  name: containerAppName
-  properties: {
-    accessPolicyName: containerAppName
+    accessPolicyName: 'Data Contributor'
     objectId: containerApp.outputs.identityPrincipalId
     objectIdAlias: '${containerAppName}-access-policy-redis'
   }
-  dependsOn: [redisCustomAccessPolicy]
 }
 
 module keyVaultReaderAccessPolicy '../../modules/keyvault/addReaderRoles.bicep' = {