[AppService Microsoft.Web/sites 2023-12-01]: Cannot apply ManagedServiceIdentityUserAssignedIdentities from object[] array.

[KrispyX]

Resource Type

Microsoft.Web/sites

Api Version

2023-12-01

Issue Type

Type is unavailable

Other Notes

I'm working on a Bicep module to create an App Service with a flexible number of user-assigned managed identities. I'm passing in an array of identity IDs, but I’m running into trouble when trying to loop through the array to link each identity. The only workaround I've found is to reference each array element individually, which doesn’t scale well.

The script below shows the script we are using to assign two managed identities.

Could someone let me know if this is a limitation or if there's something I'm missing? Thanks

Bicep Repro

// calling script

resource userAssignedIdentity1 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' existing = {
name: userAssignedIdentityName1
scope: resourceGroup(userAssignedIdentityRG1)
}

resource userAssignedIdentity2 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' existing = {
name: userAssignedIdentityName2
scope: resourceGroup(userAssignedIdentityRG2)
}

module AppService '../../../../templates/modules/appservice/appService.bicep' = {
name: 'deploy-app-service-${appServiceName}'
params: {
location: location
tags: tags
appServicePlanId: appServicePlan.outputs.appServicePlanId
serviceName: appServiceName
virtualNetworkSubnetId: virtualNetworkSubnet.id
userAssignedIdentities: [
userAssignedIdentity1.id // passing an array of string id
userAssignedIdentity2.id
]
env: env
kind: 'app'
appSettingsObj: appSettingsParams
}
dependsOn: [
userAssignedIdentity1
userAssignedIdentity2
]
}

// script for creating the app service with n identities

param location string = resourceGroup().location
param tags object
param serviceName string
@Allowed([ 'app' ])
param kind string
param appServicePlanId string
param enableAppService bool = true
param userAssignedIdentities array
param virtualNetworkSubnetId string
param appSettingsObj object

resource appService 'Microsoft.Web/sites@2023-12-01' = {
name: serviceName
location: location
tags: tags
kind: kind
properties: {
serverFarmId: appServicePlanId
siteConfig: {
ftpsState: 'Disabled'
http20Enabled: true
netFrameworkVersion: 'v6.0'
}
httpsOnly: true
virtualNetworkSubnetId: virtualNetworkSubnetId
keyVaultReferenceIdentity: userAssignedIdentities[0]
enabled: enableAppService
}

// version 1: The property "userAssignedIdentities" expected a value of type "ManagedServiceIdentityUserAssignedIdentities | null" but the provided value is of type "object[]".
// identity: {
// type: 'UserAssigned'
// userAssignedIdentities: [for identity in userAssignedIdentities: {
// '${identity}': {}
// }]
// }

// version 2: Expected a property name at this location / The name "identity" does not exist in the current context
// identity: {
// type: 'UserAssigned'
// userAssignedIdentities: {
// [for identity in userAssignedIdentities: {
// '${identity}': {}
// }]
// }
// }

// version 3: individually referenced - works, but is not scalable
identity: {
type: 'UserAssigned'
userAssignedIdentities: {
'${userAssignedIdentities[0]}': {}
'${userAssignedIdentities[1]}': {} // two uami's
}
}
}

output appServiceId string = appService.id
output defaultHostName string = appService.properties.defaultHostName

Confirm

• I have read the troubleshooting guide and looked for duplicates.