Export secrets only when there's a service to bind to (#4692)

Azure · Jan 15, 2025 · 7a302d7 · 7a302d7
1 parent d55637a
commit 7a302d7
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 4 deletions.
diff --git a/cli/azd/internal/scaffold/scaffold.go b/cli/azd/internal/scaffold/scaffold.go
@@ -68,11 +68,10 @@ func Execute(
 func supportingFiles(spec InfraSpec) []string {
 	files := []string{"/abbreviations.json"}
 
-	if spec.DbRedis != nil {
-		files = append(files, "/modules/set-redis-conn.bicep")
-	}
-
 	if len(spec.Services) > 0 {
+		if spec.DbRedis != nil {
+			files = append(files, "/modules/set-redis-conn.bicep")
+		}
 		files = append(files, "/modules/fetch-container-image.bicep")
 	}
 

diff --git a/cli/azd/resources/scaffold/templates/resources.bicept b/cli/azd/resources/scaffold/templates/resources.bicept
@@ -91,10 +91,12 @@ module cosmos 'br/public:avm/res/document-db/database-account:0.8.1' = {
       }
     ]
     {{- end}}
+    {{- if .Services}}
     secretsExportConfiguration: {
       keyVaultResourceId: keyVault.outputs.resourceId
       primaryWriteConnectionStringSecretName: 'MONGODB-URL'
     }
+    {{- end}}
     capabilitiesToAdd: [ 'EnableServerless' ]
   }
 }
@@ -398,6 +400,7 @@ module redis 'br/public:avm/res/cache/redis:0.3.2' = {
   }
 }
 
+{{- if .Services}}
 module redisConn './modules/set-redis-conn.bicep' = {
   name: 'redisConn'
   params: {
@@ -408,6 +411,7 @@ module redisConn './modules/set-redis-conn.bicep' = {
   }
 }
 {{- end}}
+{{- end}}
 
 {{- if .Services}}
 // Create a keyvault to store secrets