This message was deleted Pulumi Community #azure

Join Slack

This message was deleted.

# azure

sparse-intern-71089

01/20/2022, 2:31 PM

This message was deleted.

abundant-potato-97520

01/20/2022, 2:36 PM

as a note the service connection principle is in the owner role for the subscription that the the keyvault belongs to

abundant-potato-97520

01/20/2022, 2:43 PM

here's the code that's creating the keyvault access policy:

private void CreateKeyVaultAccessPolicies(string resourceNamePrefix, WebApp webApp, string vaultResourceGroupName, string vaultName, Pulumi.AzureNative.Provider provider)

var webAppId = webApp.Identity.Apply(id => id?.PrincipalId ?? "11111111-1111-1111-1111-111111111111");

var getVaultInvokeArgs = new Pulumi.AzureNative.KeyVault.GetVaultInvokeArgs

VaultName = vaultName,

ResourceGroupName = vaultResourceGroupName,

};

var keyVault = Pulumi.AzureNative.KeyVault.GetVault.Invoke(getVaultInvokeArgs, new InvokeOptions { Provider = provider });

var vaultId = keyVault.Apply(v => v.Id);

var clientConfigResult = Output.Create(Pulumi.AzureNative.Authorization.GetClientConfig.InvokeAsync());

var accessPolicyArgs = new Pulumi.Azure.KeyVault.AccessPolicyArgs

KeyVaultId = vaultId,

TenantId = clientConfigResult.Apply(c=>c.TenantId),

ObjectId = webAppId,

SecretPermissions =

"Get",

"List"

};

var accessPolicy = new Pulumi.Azure.KeyVault.AccessPolicy($"{resourceNamePrefix}keyVaultAccessPolicies",accessPolicyArgs);

👀 1

10 Views

Open in Slack

Previous Next