Bicep模板,用户托管标识未添加到应用服务插槽,没有错误。

huangapple go评论128阅读模式
英文:

Bicep template, user managed identity not added to app service slot, no errors

问题

我已创建了一个Azure Bicep模板,用于将新的部署插槽到现有的应用服务。

还有一个现有的用户托管身份,我希望将其添加到新的应用服务插槽,以便它可以访问一些密钥库中的机密。

我已尝试使用这个模板的几种不同变化,但无法通过Bicep模板来分配用户托管身份。

我可以在Bicep部署完成后手动成功添加用户托管身份,没有生成部署错误。

以下是我的模板:

@description('要添加插槽的 API 名称。')
param apiName string

@description('插槽的名称。')
param slotName string

@description('现有 API 的位置名称。')
param locationName string = resourceGroup().location

@description('要分配给插槽的托管身份名称。')
param managedIdentityName string

resource apiParent 'Microsoft.Web/sites@2018-11-01' existing = {
  name: apiName
}

resource uami 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' existing = {
  name: managedIdentityName
}

output uamiId string = uami.id

resource apiDeploymentSlot 'Microsoft.Web/sites/slots@2022-03-01' = {
  name: slotName
  parent: apiParent
  location: locationName
  identity: {
    type: 'UserAssigned'
    userAssignedIdentities: {
      '${uami.id}': {}
    }
  }
  properties: {
    serverFarmId: apiParent.properties.serverFarmId
    cloningInfo: {
      sourceWebAppId: apiParent.id
    }
    keyVaultReferenceIdentity: uami.id
  }
}

还有一些部署的屏幕截图:

Bicep模板,用户托管标识未添加到应用服务插槽,没有错误。

以及来自Bicep模板的输出显示找到了现有的用户托管身份。

Bicep模板,用户托管标识未添加到应用服务插槽,没有错误。

但在部署完成后,没有用户托管身份。

Bicep模板,用户托管标识未添加到应用服务插槽,没有错误。

有什么想法吗?

英文:

I have created an Azure bicep template to deploy a new slot to an existing app service.

There is also an existing user managed identity I would like added to the new app service slot so it can access some key vault secrets.

I have tried a few different variations of this template with no luck on getting the user managed identity to be assigned via the bicep template.

I can successfully add the user managed identity, manually, after the bicep deployment has finished. There are no errors generated from the deployment.

Below is my template:

@description('Name of the api to add the slot.')
param apiName string

@description('Name of the slot.')
param slotName string

@description('Name of the location of the existing api.')
param locationName string = resourceGroup().location

@description('Name of the managed identity to assign to the slot.')
param managedIdentityName string

resource apiParent 'Microsoft.Web/sites@2018-11-01' existing = {
  name: apiName
}

resource uami 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' existing = {
  name: managedIdentityName
}

output uamiId string = uami.id

resource apiDeploymentSlot 'Microsoft.Web/sites/slots@2022-03-01' = {
  name: slotName
  parent: apiParent
  location: locationName
  identity: {
    type: 'UserAssigned'
    userAssignedIdentities: {
      '${uami.id}': {}
    }
  }
  properties: {
    serverFarmId: apiParent.properties.serverFarmId
    cloningInfo: {
      sourceWebAppId: apiParent.id
    }
    keyVaultReferenceIdentity: uami.id
  }
}

And some screenshots of the deployment:

Bicep模板,用户托管标识未添加到应用服务插槽,没有错误。

And the output from the bicep template shows the existing user managed identity was found.

Bicep模板,用户托管标识未添加到应用服务插槽,没有错误。

But there is no user managed identity after the deployment finishes.

Bicep模板,用户托管标识未添加到应用服务插槽,没有错误。

Any ideas?

答案1

得分: 1

我已在本地测试了上述共享的模板,如果我们删除克隆信息块,我们能够创建一个新的部署并附加用户分配的托管标识,没有任何问题。

如果模板中存在克隆信息块,它会忽略整个有效负载。请您删除克隆信息属性并重试部署。

请参考类似的这个帖子

英文:

I have tested the above shared template in my local if we remove the cloning info block, we are able to create a new deployment and attach the user assigned managed identity without any issues.

If cloning info block is present in the template, it is ignoring the entire payload. Request you to remove the cloning info property and retry the deployment.

Refer to this similar thread here.

huangapple
  • 本文由 发表于 2023年3月7日 22:01:41
  • 转载请务必保留本文链接:https://go.coder-hub.com/75662972.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定