bicep to support managed identity roles

Azure-Samples · Sep 30, 2024 · 359ef90 · 359ef90
1 parent 60ad54f
commit 359ef90
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/infra/main.bicep b/infra/main.bicep
@@ -250,6 +250,10 @@ resource functionApp 'Microsoft.Web/sites@2021-03-01' = {
         {
           name: 'AzureWebJobsStorage__accountName'
           value: storageAccount.name   }
+        {
+            name: 'WEBSITE_CONTENTAZUREFILECONNECTIONSTRING'
+            value: 'DefaultEndpointsProtocol=https;AccountName=${functionAppStorage.name};AccountKey=${listKeys(functionAppStorage.id, functionAppStorage.apiVersion).keys[0].value};EndpointSuffix=core.windows.net'
+        }
         {
           name: 'WEBSITES_ENABLE_APP_SERVICE_STORAGE'
           value: 'false'
@@ -336,6 +340,16 @@ resource functionAppStorageBlobDataOwnerRole 'Microsoft.Authorization/roleAssign
   }
 }
 
+resource functionAppStorageQueueDataContributorRole 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
+  name: guid(functionApp.id, storageAccount.id, 'StorageQueueDataContributor')
+  scope: storageAccount
+  properties: {
+    roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '974c5e8b-45b9-4653-ba55-5f855dd0fb88') // Storage Queue Data Contributor
+    principalId: functionApp.identity.principalId
+    principalType: 'ServicePrincipal'
+  }
+}
+
 // Cosmos DB role assignment
 resource cosmosDBDataContributorRoleDefinition 'Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions@2021-04-15' existing = {
   parent: cosmosDbAccount