I have a resource defined in my bicep file like this below, these are two of the resources in my file, i deploy an azure function with the test_resource below, this works fine.

resource test_resource 'Microsoft.Web/sites@2021-03-01' = {
  name: resourceName
  location: location
  kind: 'functionapp'
  identity: {
    type: 'SystemAssigned'
  }
  properties: {
    httpsOnly: true
    serverFarmId: appServicePlan_ResourceId
  }
}

and i am attempting to create an access policy as shown below, however i get an error regard the objectId, is there a way to configure the access policy for the above resource, perharps i am passing the wrong id in

"Invalid value found at accessPolicies[0].ObjectId: 

but i am passing the test_resource.id as shown in the keyvault_access_policy resource definition.

resource devops_keyvault 'Microsoft.KeyVault/vaults@2021-10-01' existing = {
  name: keyVaultName
}

resource keyvault_access_policy 'Microsoft.KeyVault/vaults/accessPolicies@2021-10-01' = {
  name: 'add'
  parent: devops_keyvault
  properties: {
    accessPolicies: [
      {
        objectId: test_resource.id 
        permissions: {
          'keys': []
          'secrets': [
            'list'
            'get'
          ]
          'certificates': [
            'list'
            'get'
          ]
        }
        tenantId: subscription().tenantId
      }
    ]
  }
}

CodePudding user response：

Looking at the documentation:

objectId: The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.

In your case it should be the the principal ID of the managed identity:

objectId: test_resource.identity.principalId