This message was deleted Pulumi Community #azure

Join Slack

This message was deleted.

# azure

sparse-intern-71089

04/27/2020, 3:30 PM

This message was deleted.

colossal-room-15708

04/27/2020, 9:54 PM

No, that works in our code. What are you doing?

little-kangaroo-50941

04/28/2020, 9:43 AM

I think that if you try to assign the PrincipalId and TenantId you also have to use “UserAssigned” as a type. It is the scenario where you already have a service princiapal and you want to use it. Try to imagine that inside the pulumi stack I create this service principal just before to be able to then use it in the Identity assignment for the functionapp

little-kangaroo-50941

04/28/2020, 9:43 AM

this for me doesn’t work

little-kangaroo-50941

04/28/2020, 9:46 AM

If I only try to assign the type as “SystemAssigned” ( => Azure create the service principal automatically) without filling also the PrincipalId and TenantId fields works…but then I have to manually retrieve the ApplicationId of the automatically created service principal

little-kangaroo-50941

04/28/2020, 9:48 AM

maybe with the Apply method there is a way to retrieve the automatically created service principal…anyway for me the first scenario doesn’t work…could you please share the code that as you said is working? Thanks!

colossal-room-15708

04/28/2020, 11:20 AM

this here works for us:

Copy code

const app = new azure.appservice.ArchiveFunctionApp("app", {
  resourceGroupName: resourceGroup.name,
  name: functionAppName,
  plan: appservicePlan,
  version: "~3",
  httpsOnly: true,
  osType: "linux",
  identity: {
      type: "SystemAssigned"
  },
  archive: new pulumi.asset.FileArchive("./app"),
  appSettings: {
      "FUNCTIONS_WORKER_RUNTIME": "python",
  },
  siteConfig: {
    linuxFxVersion: "python|3.7",
    minTlsVersion: "1.2",
  }
});

const functionPrincipalId = app.functionApp.identity.apply(principal => principal.principalId || "11111111-1111-1111-1111-111111111111");

new azure.role.Assignment("appowner", {
  scope: azure.core.getSubscription().id,
  principalId: functionPrincipalId,
  roleDefinitionName: "Contributor"
});

little-kangaroo-50941

04/28/2020, 3:47 PM

sorry David for the delay and thank you, I notice that you use the Apply, in my case the code is something like this:

Copy code

var func = new FunctionApp(funcName, new FunctionAppArgs
{
 Name = funcName,
 ResourceGroupName = resourceGroup.Name,
 AppServicePlanId = appServicePlan.Id,
 HttpsOnly = true,
 AppSettings =
 {
  {"runtime", "dotnet"},
  {"WEBSITE_RUN_FROM_PACKAGE", codeBlobUrl},
  {"AzureWebJobsStorage", storageAccount.PrimaryConnectionString },
  {"MicrosoftAppId", botAdApp.ApplicationId},
  {"MicrosoftAppPassword", botAdAppSecret.Value}
 },
 StorageAccountName = storageAccount.Name,
 StorageAccountAccessKey = storageAccount.PrimaryAccessKey,
 Version = "~3",
 Identity = new FunctionAppIdentityArgs
 {
  //PrincipalId = funcAdApp.ApplicationId,
  //TenantId = azureConfig.Require("tenantId"),
  Type = "SystemAssigned"
 },
 SiteConfig = new FunctionAppSiteConfigArgs
 {
  Use32BitWorkerProcess = false
 }
});

little-kangaroo-50941

04/28/2020, 3:49 PM

please try to move the assignment of the service principal inside the Identity args

7 Views

Open in Slack

Previous Next