Skip to content

Azure resources are getting found transtively through a backend if the backend has a #14472

New issue
New issue
Open
Open
Azure resources are getting found transtively through a backend if the backend has a#14472
Assignees
eerhardtcopilot-swe-agent
Labels
needs-area-labelAn area label is needed to ensure this gets routed to the appropriate area owners‼️regression-from-last-releaseThis used to work in an earlier version of Aspire and we broke it!
Milestone
13.2
@eerhardt

Description

@eerhardt
eerhardt
opened on Feb 12, 2026

When I have an apphost with a webfrontend and a backend, with the backend having a WaitFor to an azure service, I'm getting a role assignment for the webfrontend to the azure service, even though there is no direct dependency.

var builder = DistributedApplication.CreateBuilder(args);

builder.AddAzureContainerAppEnvironment("env");

var cache = builder.AddAzureManagedRedis("cache")
    .RunAsContainer();

var server = builder.AddProject<Projects.ReproTransitive_Server>("server")
    .WithHttpHealthCheck("/health")
    .WithExternalHttpEndpoints()
    .WithReference(cache).WaitFor(cache);

var webfrontend = builder.AddProject<Projects.ReproTransitive_Server>("webfrontend")
    .WithReference(server)
    .WaitFor(server);

builder.Build().Run();

aspire publish that and I see:

Image

I shouldn't be getting a webfrontend-roles-cache.bicep since the webfrontend doesn't reference the cache.

I think the problem is in

aspire/src/Aspire.Hosting/ApplicationModel/ResourceExtensions.cs

Lines 1405 to 1440 in 6d4f747

private static void CollectDependenciesFromValue(object? value, HashSet<IResource> dependencies, HashSet<IResource> newDependencies, HashSet<object> visitedValues)
{
if (value is null || !visitedValues.Add(value))
{
return;
}
// Direct resource references
if (value is IResource resource)
{
if (dependencies.Add(resource))
{
newDependencies.Add(resource);
}
CollectAnnotationDependencies(resource, dependencies, newDependencies);
}
// Resource builder wrapping a resource
if (value is IResourceBuilder<IResource> resourceBuilder)
{
if (dependencies.Add(resourceBuilder.Resource))
{
newDependencies.Add(resourceBuilder.Resource);
}
CollectAnnotationDependencies(resourceBuilder.Resource, dependencies, newDependencies);
value = resourceBuilder.Resource;
}
// Recurse through IValueWithReferences
if (value is IValueWithReferences valueWithReferences)
{
foreach (var reference in valueWithReferences.References)
{
CollectDependenciesFromValue(reference, dependencies, newDependencies, visitedValues);
}
}

This shouldn't be collecting annotation dependencies on a resource when the ResourceDependencyDiscoveryMode is DirectOnly.

Metadata

Metadata

Assignees

Labels

needs-area-labelAn area label is needed to ensure this gets routed to the appropriate area owners‼️regression-from-last-releaseThis used to work in an earlier version of Aspire and we broke it!

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions