问题
I am trying to do an ARM deployment in Azure Devops whereby I add a key vault access policy to an existing key vault in Azure.
I want to use the following ARM template which adds an access policy to an existing Key Vault: https://github.com/Azure/azure-quickstart-templates/tree/master/101-keyvault-add-access-policy
I have a separate template that deploys an App service and creates a system assigned managed identity.
What is the best way to link the two templates? how do i reference the System Assigned identity of the app service in the 'Add Key Vault Policy' ARM template if I dont know what the object ID of the service Principle is yet?
回答1:
here's a sample how you would retrieve the managed identity Id in your other template:
"[reference(concat(resourceId('Microsoft.Web/sites/', %wep_app_name%), '/providers/Microsoft.ManagedIdentity/Identities/default'), '2015-08-31-PREVIEW').principalId]"
https://github.com/Azure/azure-quickstart-templates/blob/master/101-functions-managed-identity/azuredeploy.json#L295
来源:https://stackoverflow.com/questions/59576743/adding-a-key-vault-access-policy-to-an-existing-key-vault-via-arm