azureweb-applicationsidentityazure-cliazure-managed-identity

"az webapp identity assign" command throws LinkedInvalidPropertyId

I am trying to assign user assigned managed identity to WebApp using Azure CLI. The command follows below syntax

#This command fetches the resource id of my existing managed identity with name 'myIdentity'
identityResourceId=$(az identity show --name 'myIdentity' \
  --resource-group 'myResourceGroup' --query id -o tsv)

When I try to print the value of variable $identityResourceId, it shows following output

echo "ResourceId: $identityResourceId"

ResourceId: /subscriptions/mySubscriptionId/resourceGroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myIdentity

As soon as I try to use this variable in the below command, it throws Code:LinkedInvalidPropertyId

az webapp identity assign --resource-group myResourceGroup --name myWebApp --identities $identityResourceId

Error message:

(LinkedInvalidPropertyId) Property id 'C:/Program Files/Git/subscriptions/mySubscription/resourceGroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myIdentity' at path '' is invalid. Expect fully qualified resource Id that start with '/subscriptions/{subscriptionId}' or '/providers/{resourceProviderNamespace}/'.
Code: LinkedInvalidPropertyId
Message: Property id 'C:/Program Files/Git/subscriptions/mySubscription/resourceGroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myIdentity' at path '' is invalid. Expect fully qualified resource Id that start with '/subscriptions/{subscriptionId}' or '/providers/{resourceProviderNamespace}/'.

Not sure why resource id getting prefixed with C:/Program Files/Git/

Solution

  • It seems that AzureCLI is misinterpreting the value in $identityResourceId as a relative path, and is thus prepending "C:/Program Files/Git".

    To avoid this, you might want to try surrounding your variable with double quotes like this:

    az webapp identity assign --resource-group myResourceGroup --name myWebApp --identities "$identityResourceId"

    This way, AzureCLI will still use variable expansion correctly, but will not interpret the value as a relative path.

    EDIT: If you're using GitBash, you're going to want to add export MSYS_NO_PATCHCONV=1 at the very beginning of the script in order to stop Git Bash's default behaviour of automatic path conversions.