You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
│ Error: web.AppsClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="BadRequest" Message="The parameter 'KeyVaultReferenceIdentity' has an invalid value. Details: KeyVaultReferenceIdentity must either be null, 'SystemAssigned', or a UserAssigned Identity Resource Id assigned to this site." Details=[{"Message":"The parameter 'KeyVaultReferenceIdentity' has an invalid value. Details: KeyVaultReferenceIdentity must either be null, 'SystemAssigned', or a UserAssigned Identity Resource Id assigned to this site."},{"Code":"BadRequest"},{"ErrorEntity":{"Code":"BadRequest","ExtendedCode":"01033","Message":"The parameter 'KeyVaultReferenceIdentity' has an invalid value. Details: KeyVaultReferenceIdentity must either be null, 'SystemAssigned', or a UserAssigned Identity Resource Id assigned to this site.","MessageTemplate":"The parameter '{0}' has an invalid value. Details: {1}.","Parameters":["KeyVaultReferenceIdentity","KeyVaultReferenceIdentity must either be null, 'SystemAssigned', or a UserAssigned Identity Resource Id assigned to this site"]}}]
Expected Behaviour
Identity should be added into User Assigned identity list in Azure WebApp as defined in identity block
App should be configured to use following identity for Key Vault reference operations by setting the key_vault_reference_identity_id property to the resource ID of the user-assigned identity.
when both identity and key_vault_reference_identity_id references the identity in the same apply
It works when
First add the identity into identity block and apply
Second add the key_vault_reference_identity_id with the identity added previously and apply
Steps to Reproduce
Add identity and key_vault_reference_identity_id and apply
Important Factoids
in referenced function_app in Affected Resource(s) however i didn't tested it. Assume it will be the same issue as this option has been added recently to both resources
The text was updated successfully, but these errors were encountered:
petr-stupka
changed the title
azurerm_app_service - KeyVaultReferenceIdentity must either be Resource Id assigned to this site
azurerm_app_service - identity and KeyVaultReferenceIdentity is not set sequentially
Nov 17, 2021
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
Community Note
Terraform (and AzureRM Provider) Version
Terraform v1.0.10
on linux_arm64
Affected Resource(s)
azurerm_app_service
azurerm_function_app
Terraform Configuration Files
Debug Output
│ Error: web.AppsClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="BadRequest" Message="The parameter 'KeyVaultReferenceIdentity' has an invalid value. Details: KeyVaultReferenceIdentity must either be null, 'SystemAssigned', or a UserAssigned Identity Resource Id assigned to this site." Details=[{"Message":"The parameter 'KeyVaultReferenceIdentity' has an invalid value. Details: KeyVaultReferenceIdentity must either be null, 'SystemAssigned', or a UserAssigned Identity Resource Id assigned to this site."},{"Code":"BadRequest"},{"ErrorEntity":{"Code":"BadRequest","ExtendedCode":"01033","Message":"The parameter 'KeyVaultReferenceIdentity' has an invalid value. Details: KeyVaultReferenceIdentity must either be null, 'SystemAssigned', or a UserAssigned Identity Resource Id assigned to this site.","MessageTemplate":"The parameter '{0}' has an invalid value. Details: {1}.","Parameters":["KeyVaultReferenceIdentity","KeyVaultReferenceIdentity must either be null, 'SystemAssigned', or a UserAssigned Identity Resource Id assigned to this site"]}}]
Expected Behaviour
Identity should be added into
User Assigned
identity list in Azure WebApp as defined inidentity
blockApp should be configured to use following identity for Key Vault reference operations by setting the key_vault_reference_identity_id property to the resource ID of the user-assigned identity.
Actual Behaviour
It doesn't work
when both
identity
andkey_vault_reference_identity_id
references the identity in the same applyIt works when
identity
block and applykey_vault_reference_identity_id
with the identity added previously and applySteps to Reproduce
Add
identity
andkey_vault_reference_identity_id
and applyImportant Factoids
in referenced function_app in
Affected Resource(s)
however i didn't tested it. Assume it will be the same issue as this option has been added recently to both resourcesReferences
The text was updated successfully, but these errors were encountered: