Update

Azure · Jan 24, 2025 · 7f915b3 · 7f915b3
1 parent eb345e4
commit 7f915b3
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 19 deletions.
diff --git a/deploy/scripts/deploy.ps1 b/deploy/scripts/deploy.ps1
@@ -1082,24 +1082,28 @@ Write-Warning "Standard_D4s_v4 VM with Nested virtualization for IoT Edge Eflow
 
     # Register current aad user to access keyvault
     $userPrincipalId = $script:aadConfig.UserPrincipalId
-    if ([string]::IsNullOrWhiteSpace($userPrincipalId)) {
+    if (![string]::IsNullOrWhiteSpace($userPrincipalId)) {
+        Write-Warning "Deployment will add access to keyvault for user $userPrincipalId..."
+    }
+    else {
         $ctx = Get-AzContext
         if ($ctx.Account.Type -eq "User") {
             $userPrincipalId = (Get-AzADUser -UserPrincipalName $ctx.Account.Id).Id
-            Write-Host "Adding user principal id $userPrincipalId..."
+            Write-Warning "Deployment will add access to keyvault for current user..."
         }
         else {
             $userPrincipalId = (Get-AzADServicePrincipal -ApplicationId $ctx.Account.Id).Id
-            Write-Host "Adding service principal id $userPrincipalId..."
+            Write-Warning "Deployment will add access to keyvault for service principal id $userPrincipalId..."
         }
     }
     if ([string]::IsNullOrWhiteSpace($userPrincipalId)) {
         $userPrincipalId = $script:aadConfig.FallBackPrincipalId
         if ([string]::IsNullOrWhiteSpace($userPrincipalId)) {
-            Write-Host "Not adding user principal id..."
+            Write-Host "User principal could not be determined."
+            Write-Host "Access to deployed key vault must be configured manually..."
         }
         else {
-            Write-Host "Using fallback principal id $userPrincipalId..."
+            Write-Warning "Deployment will add access to keyvault for user $userPrincipalId (Fallback)..."
         }
     }
     $templateParameters.Add("userPrincipalId", $userPrincipalId)

diff --git a/deploy/templates/azuredeploy.json b/deploy/templates/azuredeploy.json
@@ -51,18 +51,6 @@
                 "description": "Specifies the object ID of a principal in your Azure Active Directory tenant to access the deployed services."
             }
         },
-        "userPrincipalType": {
-            "type": "string",
-            "defaultValue": "User",
-            "allowedValues": [
-                "User",
-                "ServicePrincipal",
-                "Group"
-            ],
-            "metadata": {
-                "description": "The user principal type."
-            }
-        }
         "authorityUri": {
             "type": "string",
             "defaultValue": "https://login.microsoftonline.com",
@@ -503,8 +491,7 @@
             "scope": "[variables('keyVaultResourceId')]",
             "properties": {
                 "roleDefinitionId": "[variables('keyVaultSecretOfficerRoleId')]",
-                "principalId": "[parameters('userPrincipalId')]",
-                "principalType": "[parameters('userPrincipalType')]"
+                "principalId": "[parameters('userPrincipalId')]"
             },
             "dependsOn": [
                 "[variables('keyVaultResourceId')]"