Geting identity from an Azure function app in Terrraform

Question

I am trying to retrieve the Managed identity from an Azure funtion app and set an access policy in Azure Keyvault for the identity. The script looks like this (part of a larger script).

data "azurerm_function_app" "funcidmngmtapp" {
  name = "func-adpidentitymngmt-${var.location}-${local.env}"
  resource_group_name = azurerm_resource_group.azurefunctions.name
}
resource "azurerm_key_vault_access_policy" "funcidmngmt" {
    key_vault_id = azurerm_key_vault.general.id 
    tenant_id = data.azurerm_function_app.funcidmngmtapp.identity.tenant_id
    object_id = data.azurerm_function_app.funcidmngmtapp.identity.principal_id

    secret_permissions = [
      "Get",
      "List"
    ]
}

When doing a terraform plan it returns with the following error

Error: Unsupported attribute

  on resources.tf line 283, in resource "azurerm_key_vault_access_policy" "funcidmngmt":
 283:     tenant_id = data.azurerm_function_app.funcidmngmtapp.identity.tenant_id

This value does not have any attributes.


Error: Unsupported attribute

  on resources.tf line 284, in resource "azurerm_key_vault_access_policy" "funcidmngmt":
 284:     object_id = data.azurerm_function_app.funcidmngmtapp.identity.principal_id

This value does not have any attributes.

As far as I understand the syntax is correct https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/function_app, but have problem understanding the error message.

Thanks for any feedback

Answer 1

The identity attribute is a list, so use this (important piece is the .0.):

data.azurerm_function_app.funcidmngmtapp.identity.0.principal_id