Support for .akv files to AKV variable replacement. #2957
Merged
+254
−3
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
aaronburtle
requested review from
Alekhya-Polavarapu,
Aniruddh25,
RubenCerna2079,
anushakolan,
neeraj-sharma2592,
rusamant,
sourabh1007,
souvikghosh04 and
vadeveka
as code owners
aaronburtle
changed the base branch from
main
to
dev/aaronburtle/AKVReplacement
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR refactors the configuration deserialization variable replacement mechanism and adds Azure Key Vault (AKV) variable replacement support. The changes replace boolean parameters with a structured DeserializationVariableReplacementSettings object that supports both environment variable and Azure Key Vault variable replacement, including local .akv file support.
Key changes:
- Introduced
DeserializationVariableReplacementSettingsclass to encapsulate variable replacement logic - Added
AzureKeyVaultOptionsConverterFactoryfor proper AKV configuration deserialization - Updated
AzureKeyVaultOptionswith constructor and user-provided flags for proper serialization - Replaced
replaceEnvVarboolean parameters withreplacementSettingsthroughout the codebase
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| src/Config/DeserializationVariableReplacementSettings.cs | New class implementing variable replacement logic for both environment variables and Azure Key Vault secrets |
| src/Config/RuntimeConfigLoader.cs | Updated method signatures to use new settings object; added two-pass parsing for AKV options extraction |
| src/Config/ObjectModel/AzureKeyVaultOptions.cs | Added constructor and user-provided flags to control serialization behavior |
| src/Config/Converters/StringJsonConverterFactory.cs | Refactored to use replacement settings object and apply multiple replacement strategies |
| src/Config/Converters/AzureKeyVaultOptionsConverterFactory.cs | New converter factory for proper AKV options deserialization with variable replacement |
| src/Config/FileSystemRuntimeConfigLoader.cs | Updated to use replacement settings with backward compatibility support |
| src/Core/Configurations/RuntimeConfigProvider.cs | Updated Initialize method signature to accept replacement settings |
| src/Service/Controllers/ConfigurationController.cs | Updated to instantiate replacement settings with explicit parameters |
| src/Directory.Packages.props | Added Azure.Security.KeyVault.Secrets package dependency |
| Multiple converter files | Updated to accept and use replacement settings instead of boolean flag |
| Multiple test files | Updated to use new API with explicit or default-constructed replacement settings |
| src/Service.Tests/UnitTests/RuntimeConfigLoaderJsonDeserializerTests.cs | Added new test for AKV variable replacement from local file; removed unused import |
| src/Cli/ConfigGenerator.cs | Updated AKV options construction to use new constructors with proper flag setting |
Comments suppressed due to low confidence (5)
src/Service.Tests/UnitTests/RuntimeConfigLoaderJsonDeserializerTests.cs:92
- Setting
doReplaceAkvVar: truewithout providingazureKeyVaultOptionsis inconsistent. WhenazureKeyVaultOptionsis null, AKV replacement won't occur regardless of the flag (see line 72 of DeserializationVariableReplacementSettings.cs). Consider settingdoReplaceAkvVar: falsefor clarity, or add a comment explaining why this is intentional.
GetModifiedJsonString(repKeys, @"""@env('enumVarName')"""), out RuntimeConfig actualConfig, replacementSettings: new DeserializationVariableReplacementSettings(azureKeyVaultOptions: null, doReplaceEnvVar: replaceEnvVar, doReplaceAkvVar: true)),
src/Service.Tests/UnitTests/RuntimeConfigLoaderJsonDeserializerTests.cs:132
- Setting
doReplaceAkvVar: truewithout providingazureKeyVaultOptionsis inconsistent. WhenazureKeyVaultOptionsis null, AKV replacement won't occur regardless of the flag (see line 72 of DeserializationVariableReplacementSettings.cs). Consider settingdoReplaceAkvVar: falsefor clarity.
configWithEnvVar, out RuntimeConfig runtimeConfig, replacementSettings: new DeserializationVariableReplacementSettings(azureKeyVaultOptions: null, doReplaceEnvVar: replaceEnvVar, doReplaceAkvVar: true));
src/Service.Tests/UnitTests/RuntimeConfigLoaderJsonDeserializerTests.cs:180
- Setting
doReplaceAkvVar: truewithout providingazureKeyVaultOptionsis inconsistent. WhenazureKeyVaultOptionsis null, AKV replacement won't occur regardless of the flag (see line 72 of DeserializationVariableReplacementSettings.cs). Consider settingdoReplaceAkvVar: falsefor clarity.
configWithEnvVar, out RuntimeConfig runtimeConfig, replacementSettings: new DeserializationVariableReplacementSettings(azureKeyVaultOptions: null, doReplaceEnvVar: true, doReplaceAkvVar: true));
src/Config/DeserializationVariableReplacementSettings.cs:148
- Both branches of this 'if' statement return - consider using '?' to express intent better.
if (EnvFailureMode is EnvironmentVariableReplacementFailureMode.Throw)
{
return value is not null ? value :
throw new DataApiBuilderException(
message: $"Environmental Variable, {name}, not found.",
statusCode: System.Net.HttpStatusCode.ServiceUnavailable,
subStatusCode: DataApiBuilderException.SubStatusCodes.ErrorInInitialization);
}
else
{
return value ?? match.Value;
}
src/Config/DeserializationVariableReplacementSettings.cs:166
- Both branches of this 'if' statement return - consider using '?' to express intent better.
if (EnvFailureMode == EnvironmentVariableReplacementFailureMode.Throw)
{
return value is not null ? value :
throw new DataApiBuilderException(message: $"Azure Key Vault Variable, '{name}', not found.",
statusCode: System.Net.HttpStatusCode.ServiceUnavailable,
subStatusCode: DataApiBuilderException.SubStatusCodes.ErrorInInitialization);
}
else
{
return value ?? match.Value;
}
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
src/Service.Tests/UnitTests/RuntimeConfigLoaderJsonDeserializerTests.cs
Outdated
Show resolved
Hide resolved
aaronburtle
changed the title
Aniruddh25
reviewed
Nov 7, 2025
anushakolan
reviewed
Nov 7, 2025
src/Service.Tests/UnitTests/RuntimeConfigLoaderJsonDeserializerTests.cs
Outdated
Show resolved
Hide resolved
Contributor
|
/azp run |
|
Azure Pipelines successfully started running 6 pipeline(s). |
aaronburtle
dismissed
souvikghosh04’s stale review
The base branch was changed.
Contributor
Author
|
/azp run |
|
Azure Pipelines successfully started running 6 pipeline(s). |
aaronburtle
force-pushed
the
dev/aaronburtle/AKVReplacementFileSupport
branch
from
1e10826 to
64658cb
Compare
Contributor
Author
|
/azp run |
|
Azure Pipelines successfully started running 6 pipeline(s). |
Aniruddh25
reviewed
Nov 22, 2025
Contributor
Author
|
/azp run |
|
Azure Pipelines successfully started running 6 pipeline(s). |
github-project-automation
bot
moved this from Todo
to Review In Progress
in Data API builder
Aniruddh25
reviewed
Nov 26, 2025
src/Service.Tests/UnitTests/RuntimeConfigLoaderJsonDeserializerTests.cs
Outdated
Show resolved
Hide resolved
Aniruddh25
reviewed
Nov 26, 2025
Aniruddh25
reviewed
Nov 26, 2025
src/Service.Tests/UnitTests/RuntimeConfigLoaderJsonDeserializerTests.cs
Outdated
Show resolved
Hide resolved
Aniruddh25
approved these changes
Nov 26, 2025
Collaborator
Aniruddh25
left a comment
Aniruddh25
left a comment
There was a problem hiding this comment.
LGTM, left a few suggestions.
…rTests.cs Co-authored-by: Aniruddh Munde <[email protected]>
…rTests.cs Co-authored-by: Aniruddh Munde <[email protected]>
…m:Azure/data-api-builder into dev/aaronburtle/AKVReplacementFileSupport
Contributor
Author
|
/azp run |
|
Azure Pipelines successfully started running 6 pipeline(s). |
souvikghosh04
approved these changes
Nov 26, 2025
Contributor
souvikghosh04
left a comment
souvikghosh04
left a comment
There was a problem hiding this comment.
Added couple of comments but those are easily addressable. Approving this as the rest all looks good.
src/Service.Tests/UnitTests/RuntimeConfigLoaderJsonDeserializerTests.cs
Outdated
Show resolved
Hide resolved
…m:Azure/data-api-builder into dev/aaronburtle/AKVReplacementFileSupport
Contributor
Author
|
/azp run |
|
Azure Pipelines successfully started running 6 pipeline(s). |
RubenCerna2079
approved these changes
Nov 26, 2025
github-project-automation
bot
moved this from Review In Progress
to Done
in Data API builder
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Why make this change?
Closes #2748
What is this change?
Adds the option to use a local .akv file instead of Azure Key Vault for @akv('') replacement in the config file during deserialization. Similar to how we handle .env files.
How was this tested?
A new test was added that verifies we are able to do the replacement and get the correct resultant configuration.