如何使用Arm模板在应用程序服务中获取主体ID? [英] How to get Principal Id in app service using Arm template?

问题描述

我正在编写ARM模板以部署我的应用程序服务.我想在我的手臂模板中创建系统身份.在应用程序服务臂模板部分中，我有以下代码.

Hi I am writing ARM templates to deploy my app service. I want to create system identity in my arm template. In app service arm template section I have below code.

"identity": {
                "principalId": "[reference(variables('identity_resource_id'), '2017-12-01', 'Full').identity.principalId]",
                "tenantId": "[parameters('tenantId')]",
                "type": "SystemAssigned"
            }

然后在我添加的变量部分

Then in variable section I added

"appServiceNameFrontEnd": "[concat(variables('defaultConvention'),'03-','FrontEnd')]"
"identity_resource_id": "[concat(resourceId('Microsoft.Web/sites', variables('appServiceNameFrontEnd')), '/providers/Microsoft.ManagedIdentity/Identities/default')]"

每当我尝试运行此命令时，我都会得到以下错误提示

Whenever I tried to run this I get below error

## [错误]部署模板验证失败:"1"行和"10436"列的模板资源"FrontEnd"无效:模板在此位置不应使用功能参考".请参阅 https://aka.ms/arm-template-expressions 了解使用详细信息.

##[error]Deployment template validation failed: 'The template resource 'FrontEnd' at line '1' and column '10436' is not valid: The template function 'reference' is not expected at this location. Please see https://aka.ms/arm-template-expressions for usage details..

有人可以帮助我如何获取系统分配的身份吗?任何帮助将不胜感激.谢谢

Can someone help me how can I get system assigned identity? Any help would be greatly appreciated. Thank you

推荐答案

您不能为系统分配的标识指定ID.有效模板为:

You can't specify the id for the system-assigned identity. The valid template is:

"identity": {
    "type": "SystemAssigned"
}

tenantId将始终是链接到订阅的租户.如果需要其他地方，可以使用 [subscription().tenantId] .要在其他位置访问系统分配的身份的objectId，您可以使用例如:

The tenantId will be the tenant linked to the subscription always. If you need that elsewhere, you can use [subscription().tenantId]. To access the objectId of the system-assigned identity elsewhere, you can use e.g.:

"objectId": "[reference(resourceId('Microsoft.Web/sites', variables('appServiceNameFrontEnd')), '2016-08-01', 'Full').identity.principalId]",

(请记住将App Service指定为对资源的依赖关系，以便仅在部署App Service后才对其进行部署)

(do remember to specify the App Service as a dependency on the resource so that it is only deployed once the App Service has been deployed)

这篇关于如何使用Arm模板在应用程序服务中获取主体ID?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！