https://pulumi.com logo
Powered by
Title
b

big-sugar-92932

01/21/2022, 8:26 PM
I'm trying to create a role assignment that gives an existing app service access to a storage account. How do I get the principal id of that existing app service. #azure
c

clever-sunset-76585

01/21/2022, 9:21 PM
Assuming you used the managed system identity with your app service and that you are working with the Azure Native provider you should be able to access the principal ID through the 
Identity
property. There should be a similar property in the Azure Classic provider too.
b

big-sugar-92932

01/21/2022, 9:23 PM
Identity property of what? Sorry I'm new to Pulumi could you provide a code sample?
c

clever-sunset-76585

01/21/2022, 9:31 PM
It would be helpful to see your code if you can share. But you can find examples in our 
examples
repo at https://github.com/pulumi/examples. Try searching for 
appservice
or 
msi
. They might help you down the right path. Specifically knowing these things about what you are trying to do would be helpful • Are you trying import an existing resource that was created through some other way and trying to get its principal ID? • Does the existing app service use an identity?
b

big-sugar-92932

01/21/2022, 11:32 PM
Don't have any code because I don't know what to write. Yes, I'm trying to import an existing app service which has a system assigned identity.
There are examples on creating an app service but not importing one
c

clever-sunset-76585

01/22/2022, 12:19 AM
Got it. Are you trying to create the storage account with Pulumi and therefore want to assign the existing app service’s principal ID to it?
In any case, you don’t need to import the existing app service if you do not want it to be managed by Pulumi. If you simply want to read the principal ID for that existing app service, you could use the provider Function called 
getWebApp
(https://www.pulumi.com/registry/packages/azure-native/api-docs/web/getwebapp/). The link is for the Azure Native provider but if you are the Azure Classic provider there should be a similar one in that provider too. Lastly, I highly recommend going through the Get Started tutorial for Azure if you haven’t done that already.
The response for 
getWebApp
should have an 
identity
property that will give you the managed system identity that the app service is using.
b

big-sugar-92932

01/22/2022, 12:47 AM
Yeah I figured out the GetWebApp thing. Works great. thx!
c

clever-sunset-76585

01/22/2022, 12:50 AM
You’re welcome! Glad you got it working!
9 Views
#azureJoin Slack
Powered by