Follow-up fixes to RunAsExisting flow (#7494)

* Follow-up fixes to RunAsExisting flow

* Update src/Aspire.Hosting.Azure/Provisioning/Provisioners/BicepProvisioner.cs

Co-authored-by: David Fowler <[email protected]>

* Update Azure Key Vault snapshot test

---------

Co-authored-by: David Fowler <[email protected]>

src/Aspire.Hosting.Azure.KeyVault/AzureKeyVaultResourceExtensions.cs

@@ -43,17 +43,16 @@ public static IResourceBuilder<AzureKeyVaultResource> AddAzureKeyVault(this IDis
                         Family = KeyVaultSkuFamily.A,
                         Name = KeyVaultSkuName.Standard
                     },
-                    EnableRbacAuthorization = true
-                }
+                    EnableRbacAuthorization = true,
+                },
+                Tags = { { "aspire-resource-name", infrastructure.AspireResource.Name } }
             });
 
             infrastructure.Add(new ProvisioningOutput("vaultUri", typeof(string))
             {
                 Value = keyVault.Properties.VaultUri
             });
 
-            keyVault.Tags["aspire-resource-name"] = infrastructure.AspireResource.Name;
-
             var principalTypeParameter = new ProvisioningParameter(AzureBicepResource.KnownParameters.PrincipalType, typeof(string));
             infrastructure.Add(principalTypeParameter);
             var principalIdParameter = new ProvisioningParameter(AzureBicepResource.KnownParameters.PrincipalId, typeof(string));

src/Aspire.Hosting.Azure/Provisioning/Provisioners/AzureResourceProvisionerOfT.cs

@@ -10,7 +10,6 @@
 using Azure.ResourceManager.Authorization;
 using Azure;
 using Aspire.Hosting.ApplicationModel;
-using Microsoft.Extensions.Logging;
 
 namespace Aspire.Hosting.Azure.Provisioning;
 
@@ -36,20 +35,6 @@ internal sealed class ProvisioningContext(
     public AzureLocation Location => location;
     public UserPrincipal Principal => principal;
     public JsonObject UserSecrets => userSecrets;
-
-    public async Task<ResourceGroupResource> GetResourceGroup(string resourceGroupName, ILogger resourceLogger, CancellationToken cancellationToken)
-    {
-        var targetResourceGroup = ResourceGroup;
-        try
-        {
-            targetResourceGroup = await Subscription.GetResourceGroupAsync(resourceGroupName, cancellationToken).ConfigureAwait(false);
-        }
-        catch (RequestFailedException ex) when (ex.Status == 404)
-        {
-            resourceLogger.LogWarning("Resource group {ResourceGroupName} not found. Using default resource group.", resourceGroupName);
-        }
-        return targetResourceGroup;
-    }
 }
 
 internal interface IAzureResourceProvisioner

src/Aspire.Hosting.Azure/Provisioning/Provisioners/BicepProvisioner.cs

@@ -114,9 +114,9 @@ public override async Task GetOrCreateResourceAsync(AzureBicepResource resource,
             existingResource.ResourceGroup is { } existingResourceGroup)
         {
             var existingResourceGroupName = existingResourceGroup is ParameterResource parameterResource
-                ? parameterResource.Name
+                ? parameterResource.Value
                 : (string)existingResourceGroup;
-            resourceGroup = await context.GetResourceGroup(existingResourceGroupName, resourceLogger, cancellationToken).ConfigureAwait(false);
+            resourceGroup = await context.Subscription.GetResourceGroupAsync(existingResourceGroupName, cancellationToken).ConfigureAwait(false);
         }
 
         await notificationService.PublishUpdateAsync(resource, state => state with
@@ -312,6 +312,12 @@ await notificationService.PublishUpdateAsync(resource, state =>
             resourceConfig["Outputs"] = outputObj.ToJsonString();
         }
 
+        // Write resource scope to config for consistent checksums
+        if (scope is not null)
+        {
+            resourceConfig["Scope"] = scope.ToJsonString();
+        }
+
         // Save the checksum to the configuration
         resourceConfig["CheckSum"] = GetChecksum(resource, parameters, scope);
 
@@ -535,12 +541,22 @@ internal static async Task SetParametersAsync(JsonObject parameters, AzureBicepR
 
     internal static async Task SetScopeAsync(JsonObject scope, AzureBicepResource resource, CancellationToken cancellationToken = default)
     {
-        scope["resourceGroup"] = resource.Scope?.ResourceGroup switch
+        // Resolve the scope from the AzureBicepResource if it has already been set
+        // via the ConfigureInfrastructure callback. If not, fallback to the ExistingAzureResourceAnnotation.
+        var targetScope = resource.Scope;
+        if (targetScope is null
+            && resource.TryGetLastAnnotation<ExistingAzureResourceAnnotation>(out var existingResource)
+            && existingResource.ResourceGroup is { } existingResourceGroup)
+        {
+            targetScope = new AzureBicepResourceScope(existingResourceGroup);
+        }
+
+        scope["resourceGroup"] = targetScope?.ResourceGroup switch
         {
             string s => s,
             IValueProvider v => await v.GetValueAsync(cancellationToken).ConfigureAwait(false),
             null => null,
-            _ => throw new NotSupportedException($"The scope value type {resource.Scope.ResourceGroup.GetType()} is not supported.")
+            _ => throw new NotSupportedException($"The scope value type {targetScope.ResourceGroup.GetType()} is not supported.")
         };
     }
 

tests/Aspire.Hosting.Azure.Tests/ExistingAzureResourceTests.cs

@@ -659,9 +659,6 @@ param principalId string
 
             resource keyVault 'Microsoft.KeyVault/vaults@2023-07-01' existing = {
               name: existingResourceName
-              tags: {
-                'aspire-resource-name': 'keyVault'
-              }
             }
 
             resource keyVault_KeyVaultAdministrator 'Microsoft.Authorization/roleAssignments@2022-04-01' = {