az webapp identity assign wipes out access restrictions
See original GitHub issueRelated command
az webapp identity assign -g resourceGroupName -n resourceName --identities [system]
Describe the bug Enabling system managed identity for an Azure App Service wipes out access restrictions. This started happening recently, was fine 1-2 weeks ago.
To Reproduce
Add an access restriction to an azure app service.
Enable system managed identity for the app service by running the az webapp identity assign
command.
Expected behavior Access restrictions should remain.
Issue Analytics
- State:
- Created a year ago
- Reactions:2
- Comments:13 (6 by maintainers)
Top Results From Across the Web
az webapp config access-restriction - Microsoft Learn
Removes an Access Restriction from the webapp. az webapp config access-restriction set. Sets if SCM site is using the same restrictions as the...
Read more >azure-cli 2.23.0 - PyPI
Fixed az webapp webjob continuous start command when specifying a slot. az webapp up detects env folder and removes it from compressed file...
Read more >How to enable "system assigned" identity and update the key ...
Tried below command but it complaints that it cannot find RG for some reason or i'm missing something. az webapp identity assign --name...
Read more >OAuth 2.0 for Mobile & Desktop Apps - Google Developers
The user can then consent to grant access to one or more scopes requested by your application or refuse the request. Your application...
Read more >Using Managed Identity with Kubernetes in Azure
If your application is running on a Kubernetes cluster in Azure (AKS, ACS or ACS Engine), then it is likely that you will...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
This is a rather big issue for us as our deployments are now randomly removing the access restrictions and opening up what should be private services to the public internet.
I first found the issue setting the managed identity like this issue describes, but then found that some of our later scripts added a tag to the web app and that was also wiping the access restrictions. Both of these commands below appear to wipe the access restrictions.
I noticed this about a week ago, it didn’t seem to matter what cli version I used (had an old one and updated to the latest, both have the same problem)
@alin-devnet @ishepherd this issue should have been mitigated. Sorry for the inconvenience.