Reputation: 1882
Adding cloninginfo property to arm template deployment slot resource breaks setting user defined managed identity on deployment slot
I discovered something, and I think it's a bug in ARM templates.
I have a template that creates an app service, and creates a deployment slot. Now I wanted to make sure that the deployment slot cloned the appsettings from the parent app service, so I used the cloningInfo node to set the source app service for the clone. But once I did that, setting the user defined managed identity on the deployment slot stopped working, while it is present in the template. My (simplified) template:
resources: [
{
"apiVersion": "2018-11-01",
"name": "MyAppservice",
"type": "Microsoft.Web/sites",
"location": "[resourceGroup().location]",
"kind": "app",
"identity": {
"type": "userAssigned",
"userAssignedIdentities": {
"<some id>": {}
}
}
},
{
"type": "Microsoft.Web/sites/slots",
"apiVersion": "2018-11-01",
"name": "['MyAppservice','/secondslot')]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', 'MyAppservice')]"
],
"kind": "app",
"identity": {
"type": "userAssigned",
"userAssignedIdentities": {
"<some id>": {}
},
"properties": {
"cloningInfo": {
"sourceWebAppId": "[resourceId('Microsoft.Web/sites', 'MyAppservice')]"
}
}
}
]
So when I deploy a template using the above basis, the user defined managed identity is not set on the deployment slot. When I remove the cloningInfo property, the user defined managed identity IS set, but the app settings of the parent app service are not copied.
Am I doing someting wrong here or is this a bug? I know that (for some reason) it is by design that use defined managed identities are not copied to deployment slots, so I would assume that when setting it manually while cloning from an existing app service, the cloning setting would not overwrite the user defined managed identity.
Upvotes: 0
Views: 846
Answers (1)
Reputation: 6508
It's acknowledged that this is an issue currently where if cloning Info set, it's ignoring rest of the payload. Until it's fixed, workaround is to have 2 separate updates (one for cloning and one for MSI).
Upvotes: 1
Related Questions
- how can I create user assigned identity and system assign identity with arm template on a app service
- How to reference both System managed identity and user managed identity in ARM templates?
- Azure ARM template resourceId problem with nested deployments on subscription level
- ARM Template Web App Authentication Settings not working
- Azure ARM role assignment for System Assigned Managed Identity fails the first run
- Referencing a Managed Service Identity in ARM-template deploy
- Azure ARM template ResourceNotFound error when referencing managed identity in key vault access policy
- Sometimes ARM template will throw PrincipalNotFound Error when Working with User-assigned Managed Identity
- Azure Managed Service Identity option disabled on Linux Web app service
- Create Azure web app slot from ARM template without copying original web app configuration