In a previous post I was lamenting not having a way to obtained the managed service identity generated for an Azure resource, such as a Azure SQL logical server or a Web App from the Azure Resource Manager (ARM) template itself.
The issue was that the reference() function in an ARM template only returns the properties part of the
resource definition, and the identity property is defined outside of that (at the same level as the
resource id or the location).
It is now possible to do this thanks to a new parameter
introduced in the reference() function in ARM. The new definition is:
reference(resourceName | resourceIdentifier, [apiVersion], ['Full'])
Notice the new, optional 'Full' parameter. When this is specified, the reference() function returns the
complete resource definition, and not just the properties section. So we can obtain the generated
identity easily using something like this:
{
"outputs": {
"sqlIdentity": {
"type":"string",
"value": "[reference(concat('Microsoft.Sql/servers/', parameters('sqlServerName')), '2015-05-01-preview', 'Full').identity.principalId]"
}
}
}
