Hi all! Seems that it is not possible to assign a ...
# azure
Hi all! Seems that it is not possible to assign a FunctionAppIdentity, is it true?
No, that works in our code. What are you doing?
I think that if you try to assign the PrincipalId and TenantId you also have to use “UserAssigned” as a type. It is the scenario where you already have a service princiapal and you want to use it. Try to imagine that inside the pulumi stack I create this service principal just before to be able to then use it in the Identity assignment for the functionapp
this for me doesn’t work
If I only try to assign the type as “SystemAssigned” ( => Azure create the service principal automatically) without filling also the PrincipalId and TenantId fields works…but then I have to manually retrieve the ApplicationId of the automatically created service principal
maybe with the Apply method there is a way to retrieve the automatically created service principal…anyway for me the first scenario doesn’t work…could you please share the code that as you said is working? Thanks!
this here works for us:
Copy code
const app = new azure.appservice.ArchiveFunctionApp("app", {
  resourceGroupName: resourceGroup.name,
  name: functionAppName,
  plan: appservicePlan,
  version: "~3",
  httpsOnly: true,
  osType: "linux",
  identity: {
      type: "SystemAssigned"
  archive: new pulumi.asset.FileArchive("./app"),
  appSettings: {
  siteConfig: {
    linuxFxVersion: "python|3.7",
    minTlsVersion: "1.2",

const functionPrincipalId = app.functionApp.identity.apply(principal => principal.principalId || "11111111-1111-1111-1111-111111111111");

new azure.role.Assignment("appowner", {
  scope: azure.core.getSubscription().id,
  principalId: functionPrincipalId,
  roleDefinitionName: "Contributor"
sorry David for the delay and thank you, I notice that you use the Apply, in my case the code is something like this:
Copy code
var func = new FunctionApp(funcName, new FunctionAppArgs
 Name = funcName,
 ResourceGroupName = resourceGroup.Name,
 AppServicePlanId = appServicePlan.Id,
 HttpsOnly = true,
 AppSettings =
  {"runtime", "dotnet"},
  {"AzureWebJobsStorage", storageAccount.PrimaryConnectionString },
  {"MicrosoftAppId", botAdApp.ApplicationId},
  {"MicrosoftAppPassword", botAdAppSecret.Value}
 StorageAccountName = storageAccount.Name,
 StorageAccountAccessKey = storageAccount.PrimaryAccessKey,
 Version = "~3",
 Identity = new FunctionAppIdentityArgs
  //PrincipalId = funcAdApp.ApplicationId,
  //TenantId = azureConfig.Require("tenantId"),
  Type = "SystemAssigned"
 SiteConfig = new FunctionAppSiteConfigArgs
  Use32BitWorkerProcess = false
please try to move the assignment of the service principal inside the Identity args