I'm using Azure AD app registration principles to deploy resources via Azure Resource Manager to deploy via Pipelines. During the deployment I need to set some permissions to the deployment user to ensure it has enough permission to - for example - upload files. As I'm using different principles, and I'm not managing those in the code, I would like to know if there is a way to reference the "current user-principals - ID" during the deployment.
Something like:
deployment().properties.xx
or
environment()
https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/template-functions-deployment https://learn.microsoft.com/en-us/azure/templates/microsoft.authorization/roleassignments?tabs=bicep
Otherwise, I would need to inject this information via parameter, I think. I could get that information by script - or there is a variable even present from azure dev ops. Any ideas, help appreciated. Thanks.
Starting with Bicep v0.32.4, this is now supported:
New
deployer()function to retrieve ObjectId of the principal that is deploying the Bicep file (#15340)resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' >= { // can be used to help make GUID unique name: guid(deployer().objectId, readerRoleDefinitionId, resourceGroup().id) properties: { principalId: deployer().objectId // easily retrieve objectId roleDefinitionId: readerRoleDefinitionId } }
So deployer().objectId is what you are after.