I m trying to create a role assignment that gives an existin Pulumi Community #azure

I'm trying to create a role assignment that gives ...

big-sugar-92932

01/21/2022, 8:26 PM

I'm trying to create a role assignment that gives an existing app service access to a storage account. How do I get the principal id of that existing app service. #azure

clever-sunset-76585

01/21/2022, 9:21 PM

Assuming you used the managed system identity with your app service and that you are working with the Azure Native provider you should be able to access the principal ID through the

Identity

property. There should be a similar property in the Azure Classic provider too.

big-sugar-92932

01/21/2022, 9:23 PM

Identity property of what? Sorry I'm new to Pulumi could you provide a code sample?

clever-sunset-76585

01/21/2022, 9:31 PM

It would be helpful to see your code if you can share. But you can find examples in our

examples

repo at https://github.com/pulumi/examples. Try searching for

appservice

msi

. They might help you down the right path. Specifically knowing these things about what you are trying to do would be helpful • Are you trying import an existing resource that was created through some other way and trying to get its principal ID? • Does the existing app service use an identity?

big-sugar-92932

01/21/2022, 11:32 PM

Don't have any code because I don't know what to write. Yes, I'm trying to import an existing app service which has a system assigned identity.

big-sugar-92932

01/21/2022, 11:33 PM

There are examples on creating an app service but not importing one

clever-sunset-76585

01/22/2022, 12:19 AM

Got it. Are you trying to create the storage account with Pulumi and therefore want to assign the existing app service’s principal ID to it?

clever-sunset-76585

01/22/2022, 12:27 AM

In any case, you don’t need to import the existing app service if you do not want it to be managed by Pulumi. If you simply want to read the principal ID for that existing app service, you could use the provider Function called

getWebApp

(https://www.pulumi.com/registry/packages/azure-native/api-docs/web/getwebapp/). The link is for the Azure Native provider but if you are the Azure Classic provider there should be a similar one in that provider too. Lastly, I highly recommend going through the Get Started tutorial for Azure if you haven’t done that already.

clever-sunset-76585

01/22/2022, 12:28 AM

The response for

getWebApp

should have an

identity

property that will give you the managed system identity that the app service is using.

big-sugar-92932

01/22/2022, 12:47 AM

Yeah I figured out the GetWebApp thing. Works great. thx!

clever-sunset-76585

01/22/2022, 12:50 AM

You’re welcome! Glad you got it working!

23 Views

Open in Slack

Previous Next