Using Terraform, I am trying to add a keyvault access policy to an application (that is also created in Terraform), which requires an object_it (which is GUID) of that application. In ARM template it looks like this:
"objectId": "[reference(variables('myAppResourceId'), '2015-08-31-PREVIEW').principalId]"
so Terraform needs the principal id there to be assigned to the object_id. If I use the value "object_id = ${azurerm_app_service.myApp.id}" like this:
resource "azurerm_key_vault_access_policy" "pol1" {
vault_name = "${azurerm_key_vault.kv1.name}"
resource_group_name = "${azurerm_key_vault.kv1.resource_group_name}"
tenant_id = "${data.azurerm_subscription.current.subscription_id}"
object_id = "${azurerm_app_service.myApp.id}"
key_permissions = "${var.app_keys_permissions}"
secret_permissions = "${var.app_secrets_permissions}"
}
then when I run apply command, I get the following error:
azurerm_key_vault_access_policy.pol1: "object_id" is an invalid UUUID: encoding/hex: invalid byte: U+002F '/'
this is probably the id that looks like an url with a slash,so this does not work, since I need the GUID only.
I tried also a suggestion from Terraform grant azure function app with msi access to azure keyvault, by using object_id = "${lookup(azurerm_app_service.app1.identity[0],"principal_id")}" for an app service instead of the function and I get an error:
azurerm_key_vault_access_policy.appPolicy1: At column 43, line 1: list "azurerm_app_service.app1.identity" does not have any elements so cannot determine type. in:
${lookup(azurerm_app_service.app1.identity[0],"principal_id")}
could someone help me with this object_id please?
thanks
