https://pulumi.com logo
Title
f

faint-mouse-9657

08/30/2022, 9:21 PM
I'm having difficulties assigning the Managed Identity to the Web App. I keep getting the following error
Code="InvalidRequestContent" Message="The request content was invalid and could not be deserialized: 'Error converting value \"/subscriptions/0b538061-fbd8-4498-98a5-b7fe568605a6/resourcegroups/wealthbuildapp-dev-westus/providers/Microsoft.ManagedIdentity/userAssignedIdentities/dev-wealthbuildapiappmanagedidentity\" to type 'Microsoft.WindowsAzure.Governance.PolicyService.Models.Policy.UserAssignedResourceIdentity'. Path 'identity.userAssignedIdentities['/subscriptions/0b538061-fbd8-4498-98a5-b7fe568605a6/resourceGroups/wealthbuildapp-dev-westus/providers/Microsoft.ManagedIdentity/userAssignedIdentities/dev-wealthbuildapiappmanagedidentity']'.'."
I'm not sure what to make off that. I was sure that I have the correct key value being supplied. I have done a few implementations but this is my most recent attempt.
public Output<Pulumi.AzureNative.Web.WebApp> WealthBuildAPIServicePlan(
            Pulumi.AzureNative.Resources.ResourceGroup resourceGroup,
            Pulumi.AzureNative.Web.AppServicePlan appServicePlan,
            Pulumi.AzureNative.Sql.Server server,
            Pulumi.AzureNative.Sql.Database database,
            Pulumi.AzureNative.ManagedIdentity.UserAssignedIdentity managedIdentity)
        {
            string resourceName = $"{config.EnviromentAbbreviatedLowerCaseName()}-{config.WealthBuildAppAPIName()}";
            string serverFarmId = $"/subscriptions/{config.WealthBuildAzureSubsctriptionId()}/resourceGroups/{config.WealthBuildAppResourceGroupName()}-{config.EnviromentAbbreviatedLowerCaseName()}-{config.LocationWestUS()}/providers/Microsoft.Web/serverFarms/{config.EnviromentAbbreviatedLowerCaseName()}-{config.WealthBuildAppAPIServerName()}";
            Output<string> connectionString = Output.Tuple(server.Name, database.Name, config.WealthBuildAzureSqlServerPassword()).Apply(cs => $"Server=tcp:{cs.Item1}.<http://database.windows.net|database.windows.net>,1433;Initial Catalog={cs.Item2};Persist Security Info=False;User ID={config.WealthBuildAzueSqlServerAdminName()};Password={cs.Item3};MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;");
            Output<string> userAssignedIdentiy = Output.Tuple(resourceGroup.Name, managedIdentity.Name).Apply(uai => $"/subscriptions/{config.WealthBuildAzureSubsctriptionId()}/resourceGroups/{uai.Item1}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{uai.Item2}");
            Output<Pulumi.AzureNative.Web.WebApp> output = Output.Tuple(connectionString, userAssignedIdentiy).Apply(ouputString =>
            new Pulumi.AzureNative.Web.WebApp(
                resourceName,
                new WebAppArgs()
                {
                    Name = resourceName,
                    HttpsOnly = true,
                    Kind = "api-app",
                    Location = resourceGroup.Location,
                    ResourceGroupName = resourceGroup.Name,
                    ServerFarmId = serverFarmId,
                    Identity = new ManagedServiceIdentityArgs()
                    {
                        Type = ManagedServiceIdentityType.UserAssigned,
                        UserAssignedIdentities =
                        {
                            { ouputString.Item2, managedIdentity.Id }
                        }
                    },
                    KeyVaultReferenceIdentity = managedIdentity.Id,
                    SiteConfig = new SiteConfigArgs()
                    {
                        //AcrUserManagedIdentityID = managedIdentity.Id,
                        AppSettings = new InputList<NameValuePairArgs>()
                        {
                            new NameValuePairArgs()
                            {
                                Name = "ASPNETCORE_ENVIRONMENT",
                                Value = config.EnviromentName()
                            }
                        },
                        ConnectionStrings = new InputList<ConnStringInfoArgs>()
                        {
                            new ConnStringInfoArgs()
                            {
                                Name = "AzureSqlServer",
                                ConnectionString = ouputString.Item1,
                                Type = ConnectionStringType.SQLAzure
                            }
                        },
                        AppCommandLine = "dotnet WebApi.dll"
                    }
                },
                new CustomResourceOptions()
                {
                    DependsOn = new InputList<Resource>()
                    {
                        appServicePlan,
                        server,
                        database,
                        managedIdentity
                    }
                })
            );

            Console.WriteLine($"Created API Web App: {config.WealthBuildAppAPIName()}");
            return output;
        }
This was my solution
Identity = new ManagedServiceIdentityArgs()
                    {
                        Type = ManagedServiceIdentityType.UserAssigned,
                        UserAssignedIdentities =
                        {
                            { ouputString.Item2, new Dictionary<string, object>() }
                        }
                    },
b

bored-oyster-3147

08/31/2022, 12:01 PM
Glad you got it working. FYI it doesn't look like there is no reason for you to declare your WebApp insdie of an apply like that, it looks like you already have everything you need as outputs.
f

faint-mouse-9657

09/01/2022, 7:54 PM
@bored-oyster-3147 Thank you Josh! I'll take a look. I bit of refactoring needs to take place. This is our organizations first run at infrastructure as code so it has been a learning curve.