I'm looking for away to determine if there are any access policies set for a given key vault and use that as a conditional in the template. If there are none I want to create the access policies otherwise creation should be skipped. How can i achieve this? Below is what I got right now with no conditional expression.
{
"comments": "Create an Azure Key Vault and add an access policy in the key vault for the webb app.",
"type": "Microsoft.KeyVault/vaults",
"name": "[parameters('KeyVaultName')]",
"apiVersion": "2018-02-14",
"location": "[resourceGroup().location]",
"properties": {
"enabledForDeployment": false,
"enabledForTemplateDeployment": false,
"enabledForVolumeEncryption": false,
"tenantId": "[reference(variables('identity_resource_id'), '2018-11-01', 'Full').identity.tenantId]",
"accessPolicies": [
{
"tenantId": "[reference(variables('identity_resource_id'), '2018-11-01', 'Full').identity.tenantId]",
"objectId": "[reference(variables('identity_resource_id'), '2018-11-01', 'Full').identity.principalId]",
"permissions": {
"secrets": [ "get", "list" ]
}
}
],
"sku": {
"name": "standard",
"family": "A"
}
},
"dependsOn": [
"[resourceId('Microsoft.Web/Sites', variables('webSiteName'))]"
]
},
you cannot check anything with arm templates really, you need to either externalize this check or just always apply them. the downside would be - it would overwrite existing ones if you do it like this. alternatively you can add policies one by one in the template, that would workaround both things, kinda.