stackoom
  简体   繁体   中英

Accessing the App (client) ID from an Azure App Service in bicep

 原文  2022-06-07 08:44:57       azure/ azure-api-management/ azure-appservice/ azure-bicep

Question

In bicep, I am configuring an Azure API Management policy that enables the managed service identity for a specific backend App Service.

This is typically done by setting an XML fragment like this:

<policies>
    <inbound>
        <authentication-managed-identity resource="4d192d04-XXXX-461f-a6ab-XXXXXXXXXXXX" />
        <base />
    </inbound>
</policies>

What I am now looking for, is how to retrieve that specific resource id from the existing App Service, in my bicep template.

Some fragments from my existing bicep template below:

// The App Service declaration
@description('API Website')
resource backendapi 'Microsoft.Web/sites@2021-03-01' = {
  name: 'backend-${environment}'
  kind: 'app,linux,container'
  location: location
  // left out properties, etc for brevity

// This is where I want to retrieve the client ID from that web app, but this fails:
var managed_identity_id = backendapi.identity.principalId

When deploying the above template, I get the following exception (although the identity.principalId was indicated to be valid by the Visual Studio Code intellisense.

The language expression property 'identity' doesn't exist, available properties are 'apiVersion, location, tags, kind, properties, condition, deploymentResourceLineInfo, existing, isConditionTrue, subscriptionId, resourceGroupName, scope, resourceId, referenceApiVersion, isTemplateResource, isAction, provisioningOperation'

So my question is, how can I access the property from an App Service, in a bicep file. The property of which the value is shown in the following screenshot:

截屏

1 answers

solution1
 1 ACCPTED  2022-06-13 10:07:40

As explained in the comment section, you are looking for the web app auth settings: Microsoft.Web sites/config 'authsettingsV2' 2020-12-01

You could retrieve the clientId for AzureAD Auth Like that:

param webAppName string

resource authsettings 'Microsoft.Web/sites/config@2020-12-01' existing = {
  name: '${webAppName}/authsettingsV2'
}

var clientId = authsettings.properties.identityProviders.azureActiveDirectory.registration.clientId

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Azure Bicep giving InvalidTemplateDeployment error for Azure App Service Plan deployment Accessing SQL Azure from client app How to deploy windows Azure App Service with .Net stack using Bicep? Azure bicep get application id of service principal Accessing service on a Virtual Machine from azure app service For an Azure App service with a managed identity, how to retrieve the Client ID I am trying to deploy a Logic-App with a Service-Bus Deploy to azure app using Bicep template Accessing Azure App Proxy service from SharePoint Online How to get the host url of a linux app service in azure bicep deployment templates Retrieve app id of Synapse service principal and add as administrator to AAS using Bicep
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM