Assign App Service - Identity to KeyVault in Azure using Pulumi
I create an App Service using "classic" Pulumi.Azure:
var appservice=new AppService(appserviceName, new AppServiceArgs
{
Name = appserviceName,
Location = _resourceGroup.Location,
AppServicePlanId = _servicePlan.Id,
ResourceGroupName = _resourceGroup.Name,
SiteConfig = new Pulumi.Azure.AppService.Inputs.AppServiceSiteConfigArgs
{
DotnetFrameworkVersion = "v5.0",
ScmType = "None",
},
Tags = { { "environemnt", "dev" } },
Logs = new AppServiceLogsArgs
{
HttpLogs = new AppServiceLogsHttpLogsArgs
{
FileSystem = new AppServiceLogsHttpLogsFileSystemArgs { RetentionInDays = 14, RetentionInMb = 35 }
}
}
,
AppSettings = appSettings
});
I also create a keyvault:
var currentConfig=Output.Create(GetClientConfig.InvokeAsync());
var keyVault = new KeyVault(vaultname, new KeyVaultArgs
{
Name = vaultname,
Location = _resourceGroup.Location,
ResourceGroupName = _resourceGroup.Name,
TenantId = currentConfig.Apply(q => q.TenantId),
SkuName="standard"
, AccessPolicies=
{
new Pulumi.Azure.KeyVault.Inputs.KeyVaultAccessPolicyArgs
{
TenantId=currentConfig.Apply(q=>q.TenantId),
ObjectId=currentConfig.Apply(q=>q.ObjectId),
KeyPermissions={"get", "create", "list"},
SecretPermissions={"set","get","delete","purge","recover", "list"}
}
}
});
Both work as expected. KeyVault and App Service are being created and accessable by me. Now I need that the App Service also can access the KeyVault.
But when adding a new Access Policy I am stuck at the ObjectId. The App Service does not seem to have a valid object id I can assign to the vault. When checking the service on Azure Portal I also see the Identy is missing:
So what has to be done as pulumi code that would achieve the same thing as clicking onto "On" in Azure and retrieve the ObjectId afterwards?
You need to set the following property on AppService to enable the managed identity:
Identity = new AppServiceIdentityArgs {Type = "SystemAssigned"},
This example illustrates the end-to-end implementation: https://github.com/pulumi/examples/blob/327afe30ce820901f210ed2a01da408071598ed6/azure-cs-msi-keyvault-rbac/AppStack.cs#L128
- Is this declaration UB?
- Calling an external C function (in a shared lib) from Perl with Inline/C does not work
- Eclipse C/C++ how to find variable belongs to which struct quickly
- Is this truly best way to delete last element in C?
- Why do we need address virtualization in an operating system?
- Can a real floating-point type alias a complex floating-point type in C?
- Shadowing an iterator inside a for loop has undefined (?) behaviour in C
- Can a C program execute successfully if main() is defined as a macro?
- Ambiguity in scope of for loop declaration versus body
- Understanding the difference in timing of two functions that increment each element of an integer array
- Why MSVC generates warning C4127 when constant is used in "while" - C
- Executing a user-space function from the kernel space
- Why must the variable used to hold getchar's return value be declared as int?
- mpirun -np 4 ./a.out doesn't use all my cores (ubuntu 24.04LTS)
- Sleep for N seconds and wait for keypress
- Dereference twice in gdb
- Is it safe to cast a struct pointer to a different struct pointer having a prefix of elements?
- Can a C compiler legally reject a program if its call stack depth exceeds a fixed limit at compile time?
- return type defaults to 'int' [-Wimplicit-int]
- What is the scope of `fesetround()`?
- Which specific optimization flag causes libm functions to be treated as pure?
- How to render text in SDL2?
- Why would you use 'extern "C++"'?
- Strange Behavior Compiler Ignoring NULL Check Unless I Print Something in the if Statement
- Fast inverse square root using fixed point instead of floating point
- What is the const qualifier attached to in C: the memory area or the pointer?
- GCC options for strictest C code?
- How to do an explicit fall-through in C
- How do compilers treat CONST qualifier when the pointer points to a memory location obtained with malloc()?
- C: cmocka headers - how to unittest?