英文:
Bicep template, user managed identity not added to app service slot, no errors
问题
我已创建了一个Azure Bicep模板,用于将新的部署插槽到现有的应用服务。
还有一个现有的用户托管身份,我希望将其添加到新的应用服务插槽,以便它可以访问一些密钥库中的机密。
我已尝试使用这个模板的几种不同变化,但无法通过Bicep模板来分配用户托管身份。
我可以在Bicep部署完成后手动成功添加用户托管身份,没有生成部署错误。
以下是我的模板:
@description('要添加插槽的 API 名称。')
param apiName string
@description('插槽的名称。')
param slotName string
@description('现有 API 的位置名称。')
param locationName string = resourceGroup().location
@description('要分配给插槽的托管身份名称。')
param managedIdentityName string
resource apiParent 'Microsoft.Web/sites@2018-11-01' existing = {
name: apiName
}
resource uami 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' existing = {
name: managedIdentityName
}
output uamiId string = uami.id
resource apiDeploymentSlot 'Microsoft.Web/sites/slots@2022-03-01' = {
name: slotName
parent: apiParent
location: locationName
identity: {
type: 'UserAssigned'
userAssignedIdentities: {
'${uami.id}': {}
}
}
properties: {
serverFarmId: apiParent.properties.serverFarmId
cloningInfo: {
sourceWebAppId: apiParent.id
}
keyVaultReferenceIdentity: uami.id
}
}
还有一些部署的屏幕截图:
以及来自Bicep模板的输出显示找到了现有的用户托管身份。
但在部署完成后,没有用户托管身份。
有什么想法吗?
英文:
I have created an Azure bicep template to deploy a new slot to an existing app service.
There is also an existing user managed identity I would like added to the new app service slot so it can access some key vault secrets.
I have tried a few different variations of this template with no luck on getting the user managed identity to be assigned via the bicep template.
I can successfully add the user managed identity, manually, after the bicep deployment has finished. There are no errors generated from the deployment.
Below is my template:
@description('Name of the api to add the slot.')
param apiName string
@description('Name of the slot.')
param slotName string
@description('Name of the location of the existing api.')
param locationName string = resourceGroup().location
@description('Name of the managed identity to assign to the slot.')
param managedIdentityName string
resource apiParent 'Microsoft.Web/sites@2018-11-01' existing = {
name: apiName
}
resource uami 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' existing = {
name: managedIdentityName
}
output uamiId string = uami.id
resource apiDeploymentSlot 'Microsoft.Web/sites/slots@2022-03-01' = {
name: slotName
parent: apiParent
location: locationName
identity: {
type: 'UserAssigned'
userAssignedIdentities: {
'${uami.id}': {}
}
}
properties: {
serverFarmId: apiParent.properties.serverFarmId
cloningInfo: {
sourceWebAppId: apiParent.id
}
keyVaultReferenceIdentity: uami.id
}
}
And some screenshots of the deployment:
And the output from the bicep template shows the existing user managed identity was found.
But there is no user managed identity after the deployment finishes.
Any ideas?
答案1
得分: 1
我已在本地测试了上述共享的模板,如果我们删除克隆信息块,我们能够创建一个新的部署并附加用户分配的托管标识,没有任何问题。
如果模板中存在克隆信息块,它会忽略整个有效负载。请您删除克隆信息属性并重试部署。
请参考类似的这个帖子。
英文:
I have tested the above shared template in my local if we remove the cloning info block, we are able to create a new deployment and attach the user assigned managed identity without any issues.
If cloning info block is present in the template, it is ignoring the entire payload. Request you to remove the cloning info property and retry the deployment.
Refer to this similar thread here.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论