Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-ai
pulumi-cdk
pulumi-cloud
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Title
l
little-kangaroo-50941
04/27/2020, 3:30 PMHi all! Seems that it is not possible to assign a FunctionAppIdentity, is it true?
c
colossal-room-15708
04/27/2020, 9:54 PMNo, that works in our code. What are you doing?
l
little-kangaroo-50941
04/28/2020, 9:43 AMI think that if you try to assign the PrincipalId and TenantId you also have to use “UserAssigned” as a type. It is the scenario where you already have a service princiapal and you want to use it. Try to imagine that inside the pulumi stack I create this service principal just before to be able to then use it in the Identity assignment for the functionapp
this for me doesn’t work
If I only try to assign the type as “SystemAssigned” ( => Azure create the service principal automatically) without filling also the PrincipalId and TenantId fields works…but then I have to manually retrieve the ApplicationId of the automatically created service principal
maybe with the Apply method there is a way to retrieve the automatically created service principal…anyway for me the first scenario doesn’t work…could you please share the code that as you said is working? Thanks!
c
colossal-room-15708
04/28/2020, 11:20 AMthis here works for us:
const app = new azure.appservice.ArchiveFunctionApp("app", {
resourceGroupName: resourceGroup.name,
name: functionAppName,
plan: appservicePlan,
version: "~3",
httpsOnly: true,
osType: "linux",
identity: {
type: "SystemAssigned"
},
archive: new pulumi.asset.FileArchive("./app"),
appSettings: {
"FUNCTIONS_WORKER_RUNTIME": "python",
},
siteConfig: {
linuxFxVersion: "python|3.7",
minTlsVersion: "1.2",
}
});
const functionPrincipalId = app.functionApp.identity.apply(principal => principal.principalId || "11111111-1111-1111-1111-111111111111");
new azure.role.Assignment("appowner", {
scope: azure.core.getSubscription().id,
principalId: functionPrincipalId,
roleDefinitionName: "Contributor"
});l
little-kangaroo-50941
04/28/2020, 3:47 PMsorry David for the delay and thank you, I notice that you use the Apply, in my case the code is something like this:
var func = new FunctionApp(funcName, new FunctionAppArgs
{
Name = funcName,
ResourceGroupName = resourceGroup.Name,
AppServicePlanId = appServicePlan.Id,
HttpsOnly = true,
AppSettings =
{
{"runtime", "dotnet"},
{"WEBSITE_RUN_FROM_PACKAGE", codeBlobUrl},
{"AzureWebJobsStorage", storageAccount.PrimaryConnectionString },
{"MicrosoftAppId", botAdApp.ApplicationId},
{"MicrosoftAppPassword", botAdAppSecret.Value}
},
StorageAccountName = storageAccount.Name,
StorageAccountAccessKey = storageAccount.PrimaryAccessKey,
Version = "~3",
Identity = new FunctionAppIdentityArgs
{
//PrincipalId = funcAdApp.ApplicationId,
//TenantId = azureConfig.Require("tenantId"),
Type = "SystemAssigned"
},
SiteConfig = new FunctionAppSiteConfigArgs
{
Use32BitWorkerProcess = false
}
});please try to move the assignment of the service principal inside the Identity args