Fix blocking ParameterResource.Value calls to prevent deadlocks in Aspire 9.4+

src/CommunityToolkit.Aspire.Hosting.ActiveMQ/ActiveMQBuilderExtensions.cs

@@ -177,7 +177,7 @@ private static IResourceBuilder<T> WithJolokiaHealthCheck<T>(
         {
             Uri baseUri = new Uri(endpoint.Url, UriKind.Absolute);
             string userName = (await builder.Resource.UserNameReference.GetValueAsync(ct))!;
-            string password = builder.Resource.PasswordParameter.Value;
+            string password = (await ((IValueProvider)builder.Resource.PasswordParameter).GetValueAsync(ct))!;
             basicAuthentication = "Basic " + Convert.ToBase64String(Encoding.UTF8.GetBytes($"{userName}:{password}"));
             uri = new UriBuilder(baseUri)
             {

src/CommunityToolkit.Aspire.Hosting.Minio/MinioBuilderExtensions.cs

@@ -46,8 +46,8 @@ public static IResourceBuilder<MinioContainerResource> AddMinioContainer(
             .WithImageRegistry(MinioContainerImageTags.Registry)
             .WithHttpEndpoint(targetPort: 9000, port: port, name: MinioContainerResource.PrimaryEndpointName)
             .WithHttpEndpoint(targetPort: consoleTargetPort, name: MinioContainerResource.ConsoleEndpointName)
-            .WithEnvironment(RootUserEnvVarName, resource.RootUser.Value)
-            .WithEnvironment(RootPasswordEnvVarName, resource.PasswordParameter.Value)
+            .WithEnvironment(RootUserEnvVarName, $"{resource.RootUser}")
+            .WithEnvironment(RootPasswordEnvVarName, $"{resource.PasswordParameter}")
             .WithArgs("server", "/data", "--console-address", $":{consoleTargetPort}");
 
         var endpoint = builderWithResource.Resource.GetEndpoint(MinioContainerResource.PrimaryEndpointName);

src/CommunityToolkit.Aspire.Hosting.MySql.Extensions/MySqlBuilderExtensions.cs

@@ -109,7 +109,7 @@ private static void ConfigureDbGateContainer(EnvironmentCallbackContext context,
             context.EnvironmentVariables.Add($"LABEL_mysql{counter}", mySqlServerResource.Name);
             context.EnvironmentVariables.Add($"SERVER_mysql{counter}", mySqlServerResource.Name);
             context.EnvironmentVariables.Add($"USER_mysql{counter}", "root");
-            context.EnvironmentVariables.Add($"PASSWORD_mysql{counter}", mySqlServerResource.PasswordParameter.Value);
+            context.EnvironmentVariables.Add($"PASSWORD_mysql{counter}", mySqlServerResource.PasswordParameter);
             context.EnvironmentVariables.Add($"PORT_mysql{counter}", mySqlServerResource.PrimaryEndpoint.TargetPort!.ToString()!);
             context.EnvironmentVariables.Add($"ENGINE_mysql{counter}", "mysql@dbgate-plugin-mysql");
 

src/CommunityToolkit.Aspire.Hosting.PostgreSQL.Extensions/PostgresBuilderExtensions.cs

@@ -105,14 +105,16 @@ private static void ConfigureDbGateContainer(EnvironmentCallbackContext context,
 
         foreach (var postgresServer in postgresInstances)
         {
-            var user = postgresServer.UserNameParameter?.Value ?? "postgres";
+            var userParameter = postgresServer.UserNameParameter is null 
+             ?  ReferenceExpression.Create($"postgres")
+             :  ReferenceExpression.Create($"{postgresServer.UserNameParameter}");
 
             // DbGate assumes Postgres is being accessed over a default Aspire container network and hardcodes the resource address
             // This will need to be refactored once updated service discovery APIs are available
             context.EnvironmentVariables.Add($"LABEL_postgres{counter}", postgresServer.Name);
             context.EnvironmentVariables.Add($"SERVER_postgres{counter}", postgresServer.Name);
-            context.EnvironmentVariables.Add($"USER_postgres{counter}", user);
-            context.EnvironmentVariables.Add($"PASSWORD_postgres{counter}", postgresServer.PasswordParameter.Value);
+            context.EnvironmentVariables.Add($"USER_postgres{counter}", userParameter);
+            context.EnvironmentVariables.Add($"PASSWORD_postgres{counter}", postgresServer.PasswordParameter);
             context.EnvironmentVariables.Add($"PORT_postgres{counter}", postgresServer.PrimaryEndpoint.TargetPort!.ToString()!);
             context.EnvironmentVariables.Add($"ENGINE_postgres{counter}", "postgres@dbgate-plugin-postgres");
 

src/CommunityToolkit.Aspire.Hosting.Redis.Extensions/RedisBuilderExtensions.cs

@@ -65,7 +65,8 @@ private static void ConfigureDbGateContainer(EnvironmentCallbackContext context,
 
             // DbGate assumes Redis is being accessed over a default Aspire container network and hardcodes the resource address
             var redisUrl = redisResource.PasswordParameter is not null ?
-                $"redis://:{redisResource.PasswordParameter.Value}@{redisResource.Name}:{redisResource.PrimaryEndpoint.TargetPort}" : $"redis://{redisResource.Name}:{redisResource.PrimaryEndpoint.TargetPort}";
+                ReferenceExpression.Create($"redis://:{redisResource.PasswordParameter}@{redisResource.Name}:{redisResource.PrimaryEndpoint.TargetPort?.ToString()}") : 
+                ReferenceExpression.Create($"redis://{redisResource.Name}:{redisResource.PrimaryEndpoint.TargetPort?.ToString()}");
 
             context.EnvironmentVariables.Add($"LABEL_redis{counter}", redisResource.Name);
             context.EnvironmentVariables.Add($"URL_redis{counter}", redisUrl);

src/CommunityToolkit.Aspire.Hosting.SqlServer.Extensions/SqlServerBuilderExtensions.cs

@@ -109,7 +109,7 @@ private static void ConfigureDbGateContainer(EnvironmentCallbackContext context,
             context.EnvironmentVariables.Add($"LABEL_sqlserver{counter}", sqlServerResource.Name);
             context.EnvironmentVariables.Add($"SERVER_sqlserver{counter}", sqlServerResource.Name);
             context.EnvironmentVariables.Add($"USER_sqlserver{counter}", "sa");
-            context.EnvironmentVariables.Add($"PASSWORD_sqlserver{counter}", sqlServerResource.PasswordParameter.Value);
+            context.EnvironmentVariables.Add($"PASSWORD_sqlserver{counter}", sqlServerResource.PasswordParameter);
             context.EnvironmentVariables.Add($"PORT_sqlserver{counter}", sqlServerResource.PrimaryEndpoint.TargetPort!.ToString()!);
             context.EnvironmentVariables.Add($"ENGINE_sqlserver{counter}", "mssql@dbgate-plugin-mssql");
 

src/Shared/Dapr/Core/DaprComponentMetadataAnnotation.cs

@@ -1,4 +1,4 @@
 using Aspire.Hosting.ApplicationModel;
 
 namespace CommunityToolkit.Aspire.Hosting.Dapr;
-internal sealed record DaprComponentConfigurationAnnotation(Action<DaprComponentSchema> Configure) : IResourceAnnotation;
+internal sealed record DaprComponentConfigurationAnnotation(Func<DaprComponentSchema, Task> Configure) : IResourceAnnotation;

src/Shared/Dapr/Core/DaprComponentSecretAnnotation.cs

@@ -2,4 +2,4 @@
 
 namespace CommunityToolkit.Aspire.Hosting.Dapr;
 
-internal record DaprComponentSecretAnnotation(string Key, string Value) : IResourceAnnotation;
+internal record DaprComponentSecretAnnotation(string Key, ParameterResource Value) : IResourceAnnotation;

src/Shared/Dapr/Core/DaprDistributedApplicationLifecycleHook.cs

@@ -12,6 +12,7 @@
 using System.Diagnostics.CodeAnalysis;
 using System.Globalization;
 using System.Net.Sockets;
+using System.Threading.Tasks;
 using static CommunityToolkit.Aspire.Hosting.Dapr.CommandLineArgs;
 
 namespace CommunityToolkit.Aspire.Hosting.Dapr;
@@ -81,7 +82,7 @@ public async Task BeforeStartAsync(DistributedApplicationModel appModel, Cancell
                 {
                     foreach (var secretAnnotation in secretAnnotations)
                     {
-                        secrets[secretAnnotation.Key] = secretAnnotation.Value;
+                        secrets[secretAnnotation.Key] = (await ((IValueProvider)secretAnnotation).GetValueAsync(cancellationToken))!;
                     }
                     // We need to append the secret store path to the resources path
                     onDemandResourcesPaths.TryGetValue("secretstore", out var secretStorePath);
@@ -491,7 +492,7 @@ private async Task<string> GetComponentAsync(DaprComponentResource component, Fu
     {
         // We should try to read content from a known location (such as aspire root directory)
         logger.LogInformation("Unvalidated configuration {specType} for component '{ComponentName}'.", component.Type, component.Name);
-        return await contentWriter(GetDaprComponent(component, component.Type)).ConfigureAwait(false);
+        return await contentWriter(await GetDaprComponent(component, component.Type)).ConfigureAwait(false);
     }
     private async Task<string> GetBuildingBlockComponentAsync(DaprComponentResource component, Func<string, Task<string>> contentWriter, string defaultProvider, CancellationToken cancellationToken)
     {
@@ -544,19 +545,19 @@ private static async Task<string> GetDefaultContent(DaprComponentResource compon
         string defaultContent = await File.ReadAllTextAsync(defaultContentPath, cancellationToken).ConfigureAwait(false);
         string yaml = defaultContent.Replace($"name: {component.Type}", $"name: {component.Name}");
         DaprComponentSchema content = DaprComponentSchema.FromYaml(yaml);
-        ConfigureDaprComponent(component, content);
+        await ConfigureDaprComponent(component, content);
         return content.ToString();
     }
 
 
-    private static string GetDaprComponent(DaprComponentResource component, string type)
+    private static async Task<string> GetDaprComponent(DaprComponentResource component, string type)
     {
         var content = new DaprComponentSchema(component.Name, type);
-        ConfigureDaprComponent(component, content);
+        await ConfigureDaprComponent(component, content);
         return content.ToString();
     }
 
-    private static void ConfigureDaprComponent(DaprComponentResource component, DaprComponentSchema content)
+    private static async Task ConfigureDaprComponent(DaprComponentResource component, DaprComponentSchema content)
     {
         if (component.TryGetAnnotationsOfType<DaprComponentSecretAnnotation>(out var secrets) && secrets.Any())
         {
@@ -566,7 +567,7 @@ private static void ConfigureDaprComponent(DaprComponentResource component, Dapr
         {
             foreach (var annotation in annotations)
             {
-                annotation.Configure(content);
+                await annotation.Configure(content);
             }
         }
     }

src/Shared/Dapr/Core/DaprMetadataResourceBuilderExtensions.cs

@@ -28,6 +28,7 @@ public static IResourceBuilder<IDaprComponentResource> WithMetadata(this IResour
                 Name = name,
                 Value = value
             });
+            return Task.CompletedTask;
         }));
 
 
@@ -42,7 +43,7 @@ public static IResourceBuilder<IDaprComponentResource> WithMetadata(this IResour
     {
         if (parameterResource.Secret)
         {
-            return builder.WithAnnotation(new DaprComponentSecretAnnotation(parameterResource.Name, parameterResource.Value))
+            return builder.WithAnnotation(new DaprComponentSecretAnnotation(parameterResource.Name, parameterResource))
                           .WithAnnotation(new DaprComponentConfigurationAnnotation(schema =>
                           {
                               var existing = schema.Spec.Metadata.Find(m => m.Name == name);
@@ -59,9 +60,22 @@ public static IResourceBuilder<IDaprComponentResource> WithMetadata(this IResour
                                       Key = parameterResource.Name
                                   }
                               });
+                              return Task.CompletedTask;
                           }));
         }
 
-        return builder.WithMetadata(name, parameterResource.Value);
+        return builder.WithAnnotation(new DaprComponentConfigurationAnnotation(async schema =>
+        {
+            var existing = schema.Spec.Metadata.Find(m => m.Name == name);
+            if (existing is not null)
+            {
+                schema.Spec.Metadata.Remove(existing);
+            }
+            schema.Spec.Metadata.Add(new DaprComponentSpecMetadataValue
+            {
+                Name = name,
+                Value = (await ((IValueProvider)parameterResource).GetValueAsync(default))!
+            });
+        }));
     }
 }

tests/CommunityToolkit.Aspire.Hosting.DbGate.Tests/AddDbGateTests.cs

@@ -1,9 +1,11 @@
 using System.Net.Sockets;
 using Aspire.Components.Common.Tests;
 using Aspire.Hosting;
+using Aspire.Hosting.ApplicationModel;
 using Aspire.Hosting.Utils;
 
 namespace CommunityToolkit.Aspire.Hosting.DbGate.Tests;
+
 public class AddDbGateTests
 {
     [Fact]
@@ -226,7 +228,7 @@ public async Task WithDbGateShouldAddAnnotationsForMultipleDatabaseTypes()
 
         var mysqlResource1 = mysqlResourceBuilder1.Resource;
 
-        var mysqlResourceBuilder2 =builder.AddMySql("mysql2")
+        var mysqlResourceBuilder2 = builder.AddMySql("mysql2")
             .WithDbGate();
 
         var mysqlResource2 = mysqlResourceBuilder2.Resource;
@@ -295,10 +297,11 @@ public async Task WithDbGateShouldAddAnnotationsForMultipleDatabaseTypes()
                 Assert.Equal("USER_postgres1", item.Key);
                 Assert.Equal("postgres", item.Value);
             },
-            item =>
+            async item =>
             {
                 Assert.Equal("PASSWORD_postgres1", item.Key);
-                Assert.Equal(postgresResource1.PasswordParameter.Value, item.Value);
+                var expectedPassword = await ((IValueProvider)postgresResource1.PasswordParameter).GetValueAsync(default);
+                Assert.Equal(expectedPassword, item.Value);
             },
             item =>
             {
@@ -325,10 +328,11 @@ public async Task WithDbGateShouldAddAnnotationsForMultipleDatabaseTypes()
                 Assert.Equal("USER_postgres2", item.Key);
                 Assert.Equal("postgres", item.Value);
             },
-            item =>
+            async item =>
             {
                 Assert.Equal("PASSWORD_postgres2", item.Key);
-                Assert.Equal(postgresResource2.PasswordParameter.Value, item.Value);
+                var expectedPassword = await ((IValueProvider)postgresResource2.PasswordParameter).GetValueAsync(default);
+                Assert.Equal(expectedPassword, item.Value);
             },
             item =>
             {
@@ -345,12 +349,15 @@ public async Task WithDbGateShouldAddAnnotationsForMultipleDatabaseTypes()
                 Assert.Equal("LABEL_redis1", item.Key);
                 Assert.Equal(redisResource1.Name, item.Value);
             },
-            item =>
+            async item =>
             {
-                var redisUrl = redisResource1.PasswordParameter is not null ?
-                $"redis://:{redisResource1.PasswordParameter.Value}@{redisResource1.Name}:{redisResource1.PrimaryEndpoint.TargetPort}" : $"redis://{redisResource1.Name}:{redisResource1.PrimaryEndpoint.TargetPort}";
+                var expectedRedisUrl = redisResource1.PasswordParameter switch
+                {
+                    IValueProvider parameter => $"redis://:{await parameter.GetValueAsync(default)}@{redisResource1.Name}:{redisResource1.PrimaryEndpoint.TargetPort}",
+                    _ => $"redis://{redisResource1.Name}:{redisResource1.PrimaryEndpoint.TargetPort}"
+                };
                 Assert.Equal("URL_redis1", item.Key);
-                Assert.Equal(redisUrl, item.Value);
+                Assert.Equal(expectedRedisUrl, item.Value);
             },
             item =>
             {
@@ -362,12 +369,15 @@ public async Task WithDbGateShouldAddAnnotationsForMultipleDatabaseTypes()
                 Assert.Equal("LABEL_redis2", item.Key);
                 Assert.Equal(redisResource2.Name, item.Value);
             },
-            item =>
+            async item =>
             {
-                var redisUrl = redisResource2.PasswordParameter is not null ?
-                $"redis://:{redisResource2.PasswordParameter.Value}@{redisResource2.Name}:{redisResource2.PrimaryEndpoint.TargetPort}" : $"redis://{redisResource2.Name}:{redisResource2.PrimaryEndpoint.TargetPort}";
+                var expectedRedisUrl = redisResource2.PasswordParameter switch
+                {
+                    IValueProvider parameter => $"redis://:{await parameter.GetValueAsync(default)}@{redisResource2.Name}:{redisResource2.PrimaryEndpoint.TargetPort}",
+                    _ => $"redis://{redisResource2.Name}:{redisResource2.PrimaryEndpoint.TargetPort}"
+                };
                 Assert.Equal("URL_redis2", item.Key);
-                Assert.Equal(redisUrl, item.Value);
+                Assert.Equal(expectedRedisUrl, item.Value);
             },
             item =>
             {
@@ -389,10 +399,11 @@ public async Task WithDbGateShouldAddAnnotationsForMultipleDatabaseTypes()
                 Assert.Equal("USER_sqlserver1", item.Key);
                 Assert.Equal("sa", item.Value);
             },
-            item =>
+            async item =>
             {
                 Assert.Equal("PASSWORD_sqlserver1", item.Key);
-                Assert.Equal(sqlserverResource1.PasswordParameter.Value, item.Value);
+                var expectedPassword = await ((IValueProvider)sqlserverResource1.PasswordParameter).GetValueAsync(default);
+                Assert.Equal(expectedPassword, item.Value);
             },
             item =>
             {
@@ -419,10 +430,11 @@ public async Task WithDbGateShouldAddAnnotationsForMultipleDatabaseTypes()
                 Assert.Equal("USER_sqlserver2", item.Key);
                 Assert.Equal("sa", item.Value);
             },
-            item =>
+            async item =>
             {
                 Assert.Equal("PASSWORD_sqlserver2", item.Key);
-                Assert.Equal(sqlserverResource2.PasswordParameter.Value, item.Value);
+                var expectedPassword = await ((IValueProvider)sqlserverResource2.PasswordParameter).GetValueAsync(default);
+                Assert.Equal(expectedPassword, item.Value);
             },
             item =>
             {
@@ -449,10 +461,11 @@ public async Task WithDbGateShouldAddAnnotationsForMultipleDatabaseTypes()
                 Assert.Equal("USER_mysql1", item.Key);
                 Assert.Equal("root", item.Value);
             },
-            item =>
+            async item =>
             {
                 Assert.Equal("PASSWORD_mysql1", item.Key);
-                Assert.Equal(mysqlResource1.PasswordParameter.Value, item.Value);
+                var expectedPassword = await ((IValueProvider)mysqlResource1.PasswordParameter).GetValueAsync(default);
+                Assert.Equal(expectedPassword, item.Value);
             },
             item =>
             {
@@ -479,10 +492,11 @@ public async Task WithDbGateShouldAddAnnotationsForMultipleDatabaseTypes()
                 Assert.Equal("USER_mysql2", item.Key);
                 Assert.Equal("root", item.Value);
             },
-            item =>
+            async item =>
             {
                 Assert.Equal("PASSWORD_mysql2", item.Key);
-                Assert.Equal(mysqlResource2.PasswordParameter.Value, item.Value);
+                var expectedPassword = await ((IValueProvider)mysqlResource2.PasswordParameter).GetValueAsync(default);
+                Assert.Equal(expectedPassword, item.Value);
             },
             item =>
             {

tests/CommunityToolkit.Aspire.Hosting.Ngrok.Tests/WithAuthTokenTests.cs

@@ -44,7 +44,10 @@ public void WithAuthTokenStringParameterEnvironmentVariable()
         var context = new EnvironmentCallbackContext(new DistributedApplicationExecutionContext(new DistributedApplicationExecutionContextOptions(DistributedApplicationOperation.Run)));
         environment.Callback(context);
 
-        Assert.Equal("your-ngrok-auth-token", ((ParameterResource)context.EnvironmentVariables["NGROK_AUTHTOKEN"]).Value);
+        var parameterResource = (ParameterResource)context.EnvironmentVariables["NGROK_AUTHTOKEN"];
+        Assert.NotNull(parameterResource);
+        // Verify it's the expected parameter resource without calling .Value
+        Assert.Equal("ngrok-authtoken", parameterResource.Name);
     }
 
     [Fact]