Configure deployment mi (#4494)

nturinski · web-flow · commit 75196907c60e · 2025-05-01T16:17:35.000-07:00
diff --git a/src/commands/createFunctionApp/FunctionAppCreateStep.ts b/src/commands/createFunctionApp/FunctionAppCreateStep.ts
@@ -3,7 +3,7 @@
  *  Licensed under the MIT License. See License.txt in the project root for license information.
  *--------------------------------------------------------------------------------------------*/
 
-import { type NameValuePair, type Site, type SiteConfig, type WebSiteManagementClient } from '@azure/arm-appservice';
+import { type FunctionsDeploymentStorageAuthentication, type NameValuePair, type Site, type SiteConfig, type WebSiteManagementClient } from '@azure/arm-appservice';
 import { type Identity } from '@azure/arm-resources';
 import { BlobServiceClient } from '@azure/storage-blob';
 import { ParsedSite, WebsiteOS, type CustomLocation, type IAppServiceWizardContext } from '@microsoft/vscode-azext-azureappservice';
@@ -98,11 +98,7 @@ export class FunctionAppCreateStep extends AzureWizardExecuteStep<IFunctionAppWi
                 storage: {
                     type: 'blobContainer',
                     value: `${context.storageAccount?.primaryEndpoints?.blob}app-package-${context.newSiteName?.substring(0, 32)}-${randomUtils.getRandomHexString(7)}`,
-                    authentication: {
-                        userAssignedIdentityResourceId: undefined,
-                        type: 'StorageAccountConnectionString',
-                        storageAccountConnectionStringName: 'DEPLOYMENT_STORAGE_CONNECTION_STRING'
-                    }
+                    authentication: createDeploymentStorageAuthentication(context)
                 }
             },
             runtime: {
@@ -118,6 +114,15 @@ export class FunctionAppCreateStep extends AzureWizardExecuteStep<IFunctionAppWi
         }
 
         return site;
+
+        function createDeploymentStorageAuthentication(context: IFlexFunctionAppWizardContext): FunctionsDeploymentStorageAuthentication {
+            const hasManagedIdentity: boolean = !!context.managedIdentity;
+            return {
+                userAssignedIdentityResourceId: hasManagedIdentity ? context.managedIdentity?.id : undefined,
+                type: hasManagedIdentity ? 'UserAssignedIdentity' : 'StorageAccountConnectionString',
+                storageAccountConnectionStringName: hasManagedIdentity ? undefined : 'DEPLOYMENT_STORAGE_CONNECTION_STRING',
+            };
+        }
     }
 
     private async createNewSite(context: IFunctionAppWizardContext, stack?: FullFunctionAppStack): Promise<Site> {
@@ -192,7 +197,8 @@ export class FunctionAppCreateStep extends AzureWizardExecuteStep<IFunctionAppWi
                 name: contentShareKey,
                 value: getNewFileShareName(nonNullProp(context, 'newSiteName'))
             });
-        } else if (isFlex) {
+            // only add this setting for flex apps, if we're not using managed identity
+        } else if (isFlex && !context.managedIdentity) {
             appSettings.push({
                 name: 'DEPLOYMENT_STORAGE_CONNECTION_STRING',
                 value: storageConnectionString
