0

In Bicep I have a main bicep which calls

  1. module that deploys app service
  2. module that deploys managed identity

App service module looks like below, it uses output from user assigned managed id and is assigned in identity for app service:

main bicep

module userAssignedManagedIdModule 'uam.bicep' = {
  name: uamanagedid
  params: {
    location: rgLocation
    name: name
  }
}

module asModule 'appservicetemplate.bicep' = {
  name: 'name'
  params: {    
    appServiceName: asName
    userassignedmanagedid: userAssignedManagedIdModule.outputs.managedIdentityId 
  }
  dependsOn: [ userAssignedMID ]
}

App service template

param UserAssignedIdentity string

resource appService 'Microsoft.Web/sites@2021-02-01' = {
  name: appServiceName
  location: rgLocation
  identity: {
    type: 'UserAssigned'
    userAssignedIdentities: {
      '${UserAssignedIdentity}':{}
    }
  }
  properties:{
    serverFarmId: appServicePlanId
    siteConfig:{
      alwaysOn: true
      ftpsState: 'Disabled'
    }
    httpsOnly: true    
  }
}

Bicep for managed identity - user assigned

param name string
param location string = resourceGroup().location

resource UserAssignedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
  name: name
  location: location
}

output managedIdentityId string = UserAssignedIdentity.id

If I need an app service to be deployed without managed id I want to use the same bicep as module so I do not want this userassignedmanagedid to be a mandatory parameter. How do I make it happen?

Lucky
  • 81
  • 6

1 Answers1

1

Optional parameters are defined using a default value.

Then you can build the identity block dynamically:

param UserAssignedIdentity string = ''

resource appService 'Microsoft.Web/sites@2021-02-01' = {
  name: appServiceName
  location: rgLocation
  identity: empty(UserAssignedIdentity) ? {} : {
    type: 'UserAssigned'
    userAssignedIdentities: {
      '${UserAssignedIdentity}': {}
    }
  }
  properties: {
    serverFarmId: appServicePlanId
    siteConfig: {
      alwaysOn: true
      ftpsState: 'Disabled'
    }
    httpsOnly: true
  }
}
Thomas
  • 24,234
  • 6
  • 81
  • 125
  • Hello Thomas, Thanks for your response. May be I did not understand it clearly. Let us say I have a default value in app service template set with blank/empty like you suggested. How will my module call change to adjust to it? If I need a managed identity then I will have userassignedmanagedid and assign the value to it, if not I will not keep this parameter at all in module call? Is this a fair understanding? – Lucky Apr 06 '23 at 04:54
  • So I tried what I mentioned before and it failed with LinkInvalidPropertyId, property id '' at path '' is invalid. If I understood your comment wrong, please correct me – Lucky Apr 06 '23 at 05:21
  • you can use condition as well to pass parameter to the module. Would you be able to share the managed identity module + how you invoke both from your main/parent bicep file please ? – Thomas Apr 06 '23 at 06:32
  • I will edit my question to add other templates – Lucky Apr 06 '23 at 07:59
  • Please ignore if any mix up in param names, I confirm they are all correct – Lucky Apr 06 '23 at 08:16