问题
Hi I am writing ARM templates to deploy my app service. I want to create system identity in my arm template. In app service arm template section I have below code.
"identity": {
"principalId": "[reference(variables('identity_resource_id'), '2017-12-01', 'Full').identity.principalId]",
"tenantId": "[parameters('tenantId')]",
"type": "SystemAssigned"
}
Then in variable section I added
"appServiceNameFrontEnd": "[concat(variables('defaultConvention'),'03-','FrontEnd')]"
"identity_resource_id": "[concat(resourceId('Microsoft.Web/sites', variables('appServiceNameFrontEnd')), '/providers/Microsoft.ManagedIdentity/Identities/default')]"
Whenever I tried to run this I get below error
##[error]Deployment template validation failed: 'The template resource 'FrontEnd' at line '1' and column '10436' is not valid: The template function 'reference' is not expected at this location. Please see https://aka.ms/arm-template-expressions for usage details..
Can someone help me how can I get system assigned identity? Any help would be greatly appreciated. Thank you
回答1:
You can't specify the id for the system-assigned identity. The valid template is:
"identity": {
"type": "SystemAssigned"
}
The tenantId will be the tenant linked to the subscription always.
If you need that elsewhere, you can use [subscription().tenantId].
To access the objectId of the system-assigned identity elsewhere, you can use e.g.:
"objectId": "[reference(resourceId('Microsoft.Web/sites', variables('appServiceNameFrontEnd')), '2016-08-01', 'Full').identity.principalId]",
(do remember to specify the App Service as a dependency on the resource so that it is only deployed once the App Service has been deployed)
来源:https://stackoverflow.com/questions/63127813/how-to-get-principal-id-in-app-service-using-arm-template