gifted-bird-11043
06/06/2024, 9:45 AMkeyVaultReferenceIdentity
in siteConfig
for a web app so that I can use user assigned identities to access Key Vault using Key Vault references, but it seems the azure-native
provider is not setting the value, even though it's visible in the details. The keyVaultReferenceIdentity
a level higher is set just fine, but this apparently doesn't work for Key Vault references.
These are the details of an update (creates do the same):
~ azure-native:web/v20231201:WebApp: (update)
[id=/subscriptions/xxxx/resourceGroups/rg-xxxx/providers/Microsoft.Web/sites/xxxx]
[urn=urn:pulumi:xxxx::xxxx::azure-native:web/v20231201:WebApp::xxxx]
[provider=urn:pulumi:xxxx::xxxx::pulumi:providers:azure-native::default_2_44_0::af1c16d8-44c1-4aab-9b0d-754e9e80f7bb]
~ siteConfig: {
~ keyVaultReferenceIdentity: "eae0db42-a48a-4902-af7d-f837133adc03" => "/subscriptions/xxxx/resourcegroups/rg-odin-dev4/providers/Microsoft.ManagedIdentity/userAssignedIdentities/xxxx"
}
But if I use az webapp show
after applying the update, keyVaultReferenceIdentity
is still `null`:
az webapp show -g xxxx -n xxxx --query siteConfig
{
...
"keyVaultReferenceIdentity": null,
...
}
I am using the following code to create the web app:
var args = new WebAppArgs
{
...
SiteConfig = new SiteConfigArgs
{
...
KeyVaultReferenceIdentity = keyVaultUserAssignedIdentity.Id,
...
},
KeyVaultReferenceIdentity = keyVaultUserAssignedIdentity.Id,
...,
Identity = new ManagedServiceIdentityArgs
{
Type = ManagedServiceIdentityType.UserAssigned,
UserAssignedIdentities = new List<Output<string>>
{
acrPullUserAssignedIdentityId,
keyVaultUserAssignedIdentity.Id
}
}
};
var webApp = new Pulumi.AzureNative.Web.V20231201.WebApp(configuration.Name, args);
Am I doing something wrong or should I file a bug report for this?