From f0c2a59fb3334d6ce67099c51136d7627f6390cc Mon Sep 17 00:00:00 2001
From: Marcus Robinson <marrobi@microsoft.com>
Date: Wed, 6 Nov 2024 19:30:16 +0000
Subject: [PATCH] Update KeyVault references (#4112)

* Update KeyVault references

* Update changelog

* Update secret name

---------

Co-authored-by: Tim Allen <tim.allen@cloudkubed.com>
Co-authored-by: Yuval Yaron <yuvalyaron@microsoft.com>
---
 CHANGELOG.md                 | 1 +
 core/terraform/api-webapp.tf | 6 +++---
 core/version.txt             | 2 +-
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4e58be4b53..4898f1f5ee 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,6 +11,7 @@ ENHANCEMENTS:
 * Update Terraform to use Azure AD authentication rather than storage account keys ([#4103](https://github.com/microsoft/AzureTRE/issues/4103))
 
 BUG FIXES:
+- Update KeyVault references in API to use the version so Terraform cascades the update ([#4112](https://github.com/microsoft/AzureTRE/pull/4112))
 
 COMPONENTS:
 
diff --git a/core/terraform/api-webapp.tf b/core/terraform/api-webapp.tf
index 807b3a4259..b07577f40a 100644
--- a/core/terraform/api-webapp.tf
+++ b/core/terraform/api-webapp.tf
@@ -47,9 +47,9 @@ resource "azurerm_linux_web_app" "api" {
     "RESOURCE_LOCATION"                              = azurerm_resource_group.core.location
     "ENABLE_SWAGGER"                                 = var.enable_swagger
     "SWAGGER_UI_CLIENT_ID"                           = var.swagger_ui_client_id
-    "AAD_TENANT_ID"                                  = "@Microsoft.KeyVault(SecretUri=${azurerm_key_vault_secret.auth_tenant_id.id})"
-    "API_CLIENT_ID"                                  = "@Microsoft.KeyVault(SecretUri=${azurerm_key_vault_secret.api_client_id.id})"
-    "API_CLIENT_SECRET"                              = "@Microsoft.KeyVault(SecretUri=${azurerm_key_vault_secret.api_client_secret.id})"
+    "AAD_TENANT_ID"                                  = "@Microsoft.KeyVault(SecretUri=${azurerm_key_vault.kv.vault_uri}secrets/${azurerm_key_vault_secret.auth_tenant_id.name}/${azurerm_key_vault_secret.auth_tenant_id.version})"
+    "API_CLIENT_ID"                                  = "@Microsoft.KeyVault(SecretUri=${azurerm_key_vault.kv.vault_uri}secrets/${azurerm_key_vault_secret.api_client_id.name}/${azurerm_key_vault_secret.api_client_id.version})"
+    "API_CLIENT_SECRET"                              = "@Microsoft.KeyVault(SecretUri=${azurerm_key_vault.kv.vault_uri}secrets/${azurerm_key_vault_secret.api_client_secret.name}/${azurerm_key_vault_secret.api_client_secret.version})"
     "RESOURCE_GROUP_NAME"                            = azurerm_resource_group.core.name
     "SUBSCRIPTION_ID"                                = data.azurerm_subscription.current.subscription_id
     CORE_ADDRESS_SPACE                               = var.core_address_space
diff --git a/core/version.txt b/core/version.txt
index 47f57bfd12..a37fec72b0 100644
--- a/core/version.txt
+++ b/core/version.txt
@@ -1 +1 @@
-__version__ = "0.10.11"
+__version__ = "0.10.12"