Trying to assign permissions for the app service deployment slot to keyvault and having a hell of a time getting it
{
"tenantId": "[subscription().tenantId]",
"objectId": "[resourceId('Microsoft.Web/sites/slots', parameters('azureAppService').webSiteName, 'DEV').identity.principalId]",
"permissions": {
"secrets": [
"Get"
]
}
}
Not sure what I’m doing wrong here, the template validation goes through, but upon deployment but I get an error. How do I specify the resource ID for the deployment slot?
Here is the error
{
"status": "Failed",
"error": {
"code": "InvalidTemplate",
"message": "Unable to process template language expressions for resource '/subscriptions/---/resourceGroups/Test/providers/Microsoft.KeyVault/vaults/KEYVAULT-TEST' at line '447' and column '9'. 'The language expression property 'identity' can't be evaluated.'",
"additionalInfo": [
{
"type": "TemplateViolation",
"info": {
"lineNumber": 447,
"linePosition": 9,
"path": ""
}
}
]
}
}
2
Answers
So it seems that even tho I added this to the deployment slots
It wasn't creating the systemassigned identity. Once I manually created it and then redeployed the ARM template, it worked.
You would need to use the
referencefunction (see documentation):