bennage/example.deploy.json

## readme.md

      
    Raw
  

              readme.md
            
          
    context

I need to create a managed identity with the Storage Blob Data Contributor for a storage account.
This template fails with
Deployment failed. Correlation ID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx. {
  "error": {
    "code": "PrincipalNotFound",
    "message": "Principal xxxxxxxxxxx does not exist in the directory xxxxx-xxxx-xxxx-xxxx-xxxxxxxx."
  }
}

  
## example.deploy.json
{
    "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "guid": {
            "type": "string",
            "defaultValue": "[newGuid()]"
        }
    },
    "variables": {
        "storageAccountName": "[uniqueString(resourceGroup().id)]",
        "managedIdentityName": "[concat('test-identity-', parameters('guid'))]",
        "roleAssignmentName": "[guid(concat(resourceGroup().id),variables('managedIdentityName'), 'somerole')]",
        "roleDefinitionId": "[concat(resourceGroup().id, '/providers/Microsoft.Authorization/roleDefinitions/', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe')]"
    },
    "resources": [
        {
            "type": "Microsoft.ManagedIdentity/userAssignedIdentities",
            "name": "[variables('managedIdentityName')]",
            "apiVersion": "2015-08-31-preview",
            "location": "[resourceGroup().location]"
        },
        {
            "type": "Microsoft.Storage/storageAccounts",
            "apiVersion": "2019-04-01",
            "name": "[variables('storageAccountName')]",
            "location": "[resourceGroup().location]",
            "sku": {
                "name": "Standard_LRS"
            },
            "kind": "StorageV2",
            "properties": {
                "accessTier": "Hot"
            }
        },
        {
            "name": "[concat(variables('storageAccountName'), '/Microsoft.Authorization/', variables('roleAssignmentName'))]",
            "type": "Microsoft.Storage/storageAccounts/providers/roleAssignments",
            "apiVersion": "2021-04-01-preview",
            "dependsOn": [
                "[variables('managedIdentityName')]",
                "[variables('storageAccountName')]"
            ],
            "properties": {
                "roleDefinitionId": "[variables('roleDefinitionId')]",
                "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities',variables('managedIdentityName')), '2018-11-30').principalId]"
            }
        }
    ],
    "outputs": {
    }
}
	{
	"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
	"contentVersion": "1.0.0.0",
	"parameters": {
	"guid": {
	"type": "string",
	"defaultValue": "[newGuid()]"
	}
	},
	"variables": {
	"storageAccountName": "[uniqueString(resourceGroup().id)]",
	"managedIdentityName": "[concat('test-identity-', parameters('guid'))]",
	"roleAssignmentName": "[guid(concat(resourceGroup().id),variables('managedIdentityName'), 'somerole')]",
	"roleDefinitionId": "[concat(resourceGroup().id, '/providers/Microsoft.Authorization/roleDefinitions/', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe')]"
	},
	"resources": [
	{
	"type": "Microsoft.ManagedIdentity/userAssignedIdentities",
	"name": "[variables('managedIdentityName')]",
	"apiVersion": "2015-08-31-preview",
	"location": "[resourceGroup().location]"
	},
	{
	"type": "Microsoft.Storage/storageAccounts",
	"apiVersion": "2019-04-01",
	"name": "[variables('storageAccountName')]",
	"location": "[resourceGroup().location]",
	"sku": {
	"name": "Standard_LRS"
	},
	"kind": "StorageV2",
	"properties": {
	"accessTier": "Hot"
	}
	},
	{
	"name": "[concat(variables('storageAccountName'), '/Microsoft.Authorization/', variables('roleAssignmentName'))]",
	"type": "Microsoft.Storage/storageAccounts/providers/roleAssignments",
	"apiVersion": "2021-04-01-preview",
	"dependsOn": [
	"[variables('managedIdentityName')]",
	"[variables('storageAccountName')]"
	],
	"properties": {
	"roleDefinitionId": "[variables('roleDefinitionId')]",
	"principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities',variables('managedIdentityName')), '2018-11-30').principalId]"
	}
	}
	],
	"outputs": {
	}
	}