sparse-intern-71089
01/20/2022, 2:31 PMabundant-potato-97520
01/20/2022, 2:36 PMabundant-potato-97520
01/20/2022, 2:43 PMprivate void CreateKeyVaultAccessPolicies(string resourceNamePrefix, WebApp webApp, string vaultResourceGroupName, string vaultName, Pulumi.AzureNative.Provider provider)
{
var webAppId = webApp.Identity.Apply(id => id?.PrincipalId ?? "11111111-1111-1111-1111-111111111111");
var getVaultInvokeArgs = new Pulumi.AzureNative.KeyVault.GetVaultInvokeArgs
{
VaultName = vaultName,
ResourceGroupName = vaultResourceGroupName,
};
var keyVault = Pulumi.AzureNative.KeyVault.GetVault.Invoke(getVaultInvokeArgs, new InvokeOptions { Provider = provider });
var vaultId = keyVault.Apply(v => v.Id);
var clientConfigResult = Output.Create(Pulumi.AzureNative.Authorization.GetClientConfig.InvokeAsync());
var accessPolicyArgs = new Pulumi.Azure.KeyVault.AccessPolicyArgs
{
KeyVaultId = vaultId,
TenantId = clientConfigResult.Apply(c=>c.TenantId),
ObjectId = webAppId,
SecretPermissions =
{
"Get",
"List"
}
};
var accessPolicy = new Pulumi.Azure.KeyVault.AccessPolicy($"{resourceNamePrefix}keyVaultAccessPolicies",accessPolicyArgs);
}