search

Azure / azure-powershell

Microsoft Azure PowerShell
Other
4.21k stars 3.81k forks source link

Update-AzFunctionApp IdentityType does not support concurrent system and user managed identities #22791

Open thancyya opened 1 year ago

thancyya commented 1 year ago

Description

Attempting to add a system managed identity to a function app that already has a user managed identity causes the function app to lose the user managed identity

Prior to adding a system managed identity, the identity parameter of the function app was set to "userassigned"

Type                   : UserAssigned
TenantId               : 
PrincipalId            : 
UserAssignedIdentities : {[/subscriptions/ID/resourcegroups/ResourceGroupName/providers/Microsoft.ManagedIdentity/userAssignedIdentities/useridentityname, Microsoft.Azure.Management.WebSites.Models.UserAssignedIdentity]}

After running the following command Update-AzFunctionApp -Name Name -ResourceGroupName ResourceGroupName -IdentityType SystemAssigned, the output becomes this and it loses the user assignment:

Type                   : SystemAssigned
TenantId               : 12345xxtenantID
PrincipalId            : 12345xxprincipalID
UserAssignedIdentities :

However if this is attempted via the Azure Portal, the functionality works as expected, enabling the system managed identity and retaining the user managed identity. Querying the object in PowerShell shows this:

Type                   : SystemAssignedUserAssigned
TenantId               : 12345xxtenantID
PrincipalId            : 12345xxprincipalID
UserAssignedIdentities : {[/subscriptions/ID/resourcegroups/ResourceGroupName/providers/Microsoft.ManagedIdentity/userAssignedIdentities/useridentityname, Microsoft.Azure.Management.WebSites.Models.UserAssignedIdentity]}

Note that the type changes to "SystemAssignedUserAssigned"

This type is not a supported by the Update-AzFunctionApp cmdlet. The options are SystemAssigned, UserAssigned, None So it does not appear that there is any way to use this cmdlet to allow both a system managed identity and a user managed identity at the same time, as adding one will remove the other.

I would like to use PowerShell to set the system managed identity without removing the user managed identities so that both can be used concurrently

It looks like this affects the webapp cmdlet also as Set-AzWebApp -AssignIdentity $true -Name FunctionAppExample23 -ResourceGroupName Example-rg has the same behavior

Issue script & Debug output

#starting with a fresh function app and user managed identity
Get-AzFunctionApp -name FunctionAppExample23 -ResourceGroupName Example-RG
$umi = Get-AzUserAssignedIdentity -Name ExampleUserManaged -ResourceGroup Example-rg
Update-AzFunctionApp -name FunctionAppExample23 -ResourceGroupName Example-RG -IdentityType UserAssigned -IdentityID $umi.id -force
#show status of Identity - only user managed
(Get-azwebapp -name FunctionAppExample23 -ResourceGroupName Example-rg).Identity

#add system managed identity
#sorry my buffer was not large enough for all the debug info
$functionapp = Update-AzFunctionApp -name FunctionAppExample23 -ResourceGroupName Example-RG -IdentityType SystemAssigned
"daprConfig": null,
    "deploymentId": "FunctionAppExample23",
    "slotName": null,
    "trafficManagerHostNames": null,
    "sku": "Dynamic",
    "scmSiteAlsoStopped": false,
    "targetSwapSlot": null,
    "hostingEnvironment": null,
    "hostingEnvironmentProfile": null,
    "clientAffinityEnabled": false,
    "clientCertEnabled": false,
    "clientCertMode": "Required",
    "clientCertExclusionPaths": null,
    "hostNamesDisabled": false,
    "vnetBackupRestoreEnabled": false,
    "domainVerificationIdentifiers": null,
    "customDomainVerificationId": "728A299B0941472E9E254A37060F8FC7A9CD505FA2BC031BF1F907763476CE3E",
    "kind": "functionapp",
    "managedEnvironmentId": null,
    "inboundIpAddress": "20.119.0.25",
    "possibleInboundIpAddresses": "20.119.0.25",
    "ftpUsername": "FunctionAppExample23\\$FunctionAppExample23",
    "ftpsHostName": "ftps://waws-prod-blu-371.ftp.azurewebsites.windows.net/site/wwwroot",
    "outboundIpAddresses": "20.232.69.122,20.232.69.157,20.232.69.164,20.232.69.184,20.232.69.201,20.85.197.23,20.119.0.25",
    "possibleOutboundIpAddresses": "20.232.69.122,20.232.69.157,20.232.69.164,20.232.69.184,20.232.69.201,20.85.197.23,20.232.69.232,20.232.70.8,52.226.219.148,52.226.219.154,52.226.220.117,52.226.220.133,52.226.220.134,52.226.221.115,52.226.221.215,52.226.222.137,52.226.217.155,52.226.222.206,52.226.223.120,52.226.223.123,20.232.0.14,20.232.0.33,20.232.0.44,20.232.0.213,20.232.0.230,20.232.0.233,20.232.1.1,20.232.2.51,20.232.2.89,20.232.2.101,20.119.0.25",
    "containerSize": 1536,
    "dailyMemoryTimeQuota": 0,
    "suspendedTill": null,
    "siteDisabledReason": 0,
    "functionExecutionUnitsCache": null,
    "maxNumberOfWorkers": null,
    "homeStamp": "waws-prod-blu-371",
    "cloningInfo": null,
    "hostingEnvironmentId": null,
    "tags": null,
    "resourceGroup": "Example-rg",
    "defaultHostName": "functionappexample23.azurewebsites.net",
    "slotSwapStatus": null,
    "httpsOnly": true,
    "endToEndEncryptionEnabled": false,
    "redundancyMode": "None",
    "inProgressOperationId": null,
    "geoDistributions": null,
    "privateEndpointConnections": [],
    "publicNetworkAccess": null,
    "buildVersion": null,
    "targetBuildVersion": null,
    "migrationState": null,
    "eligibleLogCategories": "FunctionAppLogs",
    "inFlightFeatures": [],
    "storageAccountRequired": false,
    "virtualNetworkSubnetId": null,
    "keyVaultReferenceIdentity": "SystemAssigned",
    "defaultHostNameScope": "Global",
    "privateLinkIdentifiers": null
  },
  "identity": {
    "type": "UserAssigned",
    "userAssignedIdentities": {
      "/subscriptions/e9c370d9-92a5-48e6-9d40-7419751ab06b/resourcegroups/Example-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/exampleusermanaged": {
        "principalId": "1be728cd-ff8d-4fdc-b5a3-3e26309aff4e",
        "clientId": "ae7972ba-3d09-417d-ad9c-2539391c4144"
      }
    }
  }
}

DEBUG: ResponseCreated: 
DEBUG: BeforeResponseDispatch: 
DEBUG: Finally: 
DEBUG: CmdletAfterAPICall: 
DEBUG: [CmdletProcessRecordAsyncEnd]: Finish HTTP process
DEBUG: CmdletProcessRecordAsyncEnd: 
DEBUG: CmdletProcessRecordEnd: 
DEBUG: [CmdletBeginProcessing]: Starting command
DEBUG: CmdletBeginProcessing:                                                                                           
DEBUG: CmdletProcessRecordStart:                                                                                        
DEBUG: CmdletGetPipeline:                                                                                               
DEBUG: CmdletBeforeAPICall:                                                                                             
DEBUG: URLCreated: /subscriptions/e9c370d9-92a5-48e6-9d40-7419751ab06b/resourceGroups/Example-rg/providers/Microsoft.Web/sites/FunctionAppExample23/config/appsettings/list?api-version=2019-08-01
DEBUG: RequestCreated: /subscriptions/e9c370d9-92a5-48e6-9d40-7419751ab06b/resourceGroups/Example-rg/providers/Microsoft.Web/sites/FunctionAppExample23/config/appsettings/list?api-version=2019-08-01
DEBUG: HeaderParametersAdded:                                                                                           
DEBUG: ============================ HTTP REQUEST ============================                                           

HTTP Method:
POST

Absolute Uri:
https://management.azure.com/subscriptions/e9c370d9-92a5-48e6-9d40-7419751ab06b/resourceGroups/Example-rg/providers/Microsoft.Web/sites/FunctionAppExample23/config/appsettings/list?api-version=2019-08-01

Headers:
x-ms-unique-id                : 101
x-ms-client-request-id        : eff41e57-bbf2-436b-8459-fcdb124cca16
CommandName                   : Az.Functions.internal\Get-AzWebAppApplicationSetting
FullCommandName               : Get-AzWebAppApplicationSetting_List
ParameterSetName              : __AllParameterSets
User-Agent                    : AzurePowershell/v9.6.0,PSVersion/v7.3.6,Az.Functions/4.0.6

Body:

DEBUG: 3:34:39 PM - [ConfigManager] Got nothing from [EnableLoginByWam], Module = [], Cmdlet = []. Returning default value [False].
DEBUG: BeforeCall: ps [Complete: 1/1 function apps processed.                                                        ]                                                                     
DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
OK

Headers:
Cache-Control                 : no-cache
Pragma                        : no-cache
Strict-Transport-Security     : max-age=31536000; includeSubDomains
x-ms-request-id               : df9922d4-6c6f-49be-a35a-240b036efc4d
Server                        : Microsoft-IIS/10.0
X-AspNet-Version              : 4.0.30319
X-Powered-By                  : ASP.NET
x-ms-ratelimit-remaining-subscription-resource-requests: 11999
x-ms-correlation-request-id   : 36d22a6e-91d4-4b94-b300-0af3900e9294
x-ms-routing-request-id       : NORTHCENTRALUS:20230913T203439Z:36d22a6e-91d4-4b94-b300-0af3900e9294
X-Content-Type-Options        : nosniff
Date                          : Wed, 13 Sep 2023 20:34:39 GMT

Body:
{
  "id": "/subscriptions/e9c370d9-92a5-48e6-9d40-7419751ab06b/resourceGroups/Example-rg/providers/Microsoft.Web/sites/FunctionAppExample23/config/appsettings",
  "name": "appsettings",
  "type": "Microsoft.Web/sites/config",
  "location": "East US",
  "properties": {
    "WEBSITE_CONTENTAZUREFILECONNECTIONSTRING": "DefaultEndpointsProtocol=https;AccountName=***;AccountKey=***;EndpointSuffix=core.windows.net",
    "FUNCTIONS_WORKER_RUNTIME": "dotnet",
    "FUNCTIONS_EXTENSION_VERSION": "~4",
    "AzureWebJobsStorage": "DefaultEndpointsProtocol=https;AccountName=***;AccountKey=***;EndpointSuffix=core.windows.net",
    "WEBSITE_CONTENTSHARE": "functionappexample2390d2"
  }
}

DEBUG: ResponseCreated:                                                                                                 
DEBUG: BeforeResponseDispatch:                                                                                          
DEBUG: Finally:                                                                                                         
DEBUG: CmdletAfterAPICall:                                                                                              
DEBUG: [CmdletProcessRecordAsyncEnd]: Finish HTTP process                                                               
DEBUG: CmdletProcessRecordAsyncEnd:                                                                                     
DEBUG: CmdletProcessRecordEnd:                                                                                          
DEBUG: [CmdletBeginProcessing]: Starting command                                                                        
DEBUG: CmdletBeginProcessing:                                                                                           
DEBUG: CmdletProcessRecordStart:                                                                                        
DEBUG: CmdletGetPipeline:                                                                                               
DEBUG: CmdletBeforeAPICall:                                                                                             
DEBUG: URLCreated: /subscriptions/e9c370d9-92a5-48e6-9d40-7419751ab06b/resourceGroups/Example-rg/providers/Microsoft.Web/sites/FunctionAppExample23/config/web?api-version=2019-08-01
DEBUG: RequestCreated: /subscriptions/e9c370d9-92a5-48e6-9d40-7419751ab06b/resourceGroups/Example-rg/providers/Microsoft.Web/sites/FunctionAppExample23/config/web?api-version=2019-08-01
DEBUG: HeaderParametersAdded:                                                                                           
DEBUG: ============================ HTTP REQUEST ============================                                           

HTTP Method:
GET

Absolute Uri:
https://management.azure.com/subscriptions/e9c370d9-92a5-48e6-9d40-7419751ab06b/resourceGroups/Example-rg/providers/Microsoft.Web/sites/FunctionAppExample23/config/web?api-version=2019-08-01

Headers:
x-ms-unique-id                : 102
x-ms-client-request-id        : 33a4a870-c3dd-4bf4-a0cd-d7338241afce
CommandName                   : Az.Functions.internal\Get-AzWebAppConfiguration
FullCommandName               : Get-AzWebAppConfiguration_Get
ParameterSetName              : __AllParameterSets
User-Agent                    : AzurePowershell/v9.6.0,PSVersion/v7.3.6,Az.Functions/4.0.6

Body:

DEBUG: BeforeCall:                                                                                                      
DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
OK

Headers:
Cache-Control                 : no-cache
Pragma                        : no-cache
Strict-Transport-Security     : max-age=31536000; includeSubDomains
x-ms-request-id               : 31aca9b8-03bf-48f6-8509-10572a58df0a
Server                        : Microsoft-IIS/10.0
X-AspNet-Version              : 4.0.30319
X-Powered-By                  : ASP.NET
x-ms-ratelimit-remaining-subscription-reads: 11998
x-ms-correlation-request-id   : b73717a5-776e-4707-9495-c0349a329294
x-ms-routing-request-id       : NORTHCENTRALUS:20230913T203439Z:b73717a5-776e-4707-9495-c0349a329294
X-Content-Type-Options        : nosniff
Date                          : Wed, 13 Sep 2023 20:34:39 GMT

Body:
{
  "id": "/subscriptions/e9c370d9-92a5-48e6-9d40-7419751ab06b/resourceGroups/Example-rg/providers/Microsoft.Web/sites/FunctionAppExample23/config/web",
  "name": "FunctionAppExample23",
  "type": "Microsoft.Web/sites/config",
  "location": "East US",
  "properties": {
    "numberOfWorkers": 1,
    "defaultDocuments": [
      "Default.htm",
      "Default.html",
      "Default.asp",
      "index.htm",
      "index.html",
      "iisstart.htm",
      "default.aspx",
      "index.php"
    ],
    "netFrameworkVersion": "v6.0",
    "phpVersion": "",
    "pythonVersion": "",
    "nodeVersion": "",
    "powerShellVersion": "",
    "linuxFxVersion": "",
    "windowsFxVersion": null,
    "windowsConfiguredStacks": [],
    "requestTracingEnabled": false,
    "remoteDebuggingEnabled": false,
    "remoteDebuggingVersion": null,
    "httpLoggingEnabled": false,
    "azureMonitorLogCategories": null,
    "acrUseManagedIdentityCreds": false,
    "acrUserManagedIdentityID": null,
    "logsDirectorySizeLimit": 35,
    "detailedErrorLoggingEnabled": false,
    "publishingUsername": "$FunctionAppExample23",
    "publishingPassword": null,
    "appSettings": null,
    "metadata": null,
    "connectionStrings": null,
    "machineKey": null,
    "handlerMappings": null,
    "documentRoot": null,
    "scmType": "None",
    "use32BitWorkerProcess": true,
    "webSocketsEnabled": false,
    "alwaysOn": false,
    "javaVersion": null,
    "javaContainer": null,
    "javaContainerVersion": null,
    "appCommandLine": "",
    "managedPipelineMode": "Integrated",
    "virtualApplications": [
      {
        "virtualPath": "/",
        "physicalPath": "site\\wwwroot",
        "preloadEnabled": false,
        "virtualDirectories": null
      }
    ],
    "winAuthAdminState": 0,
    "winAuthTenantState": 0,
    "customAppPoolIdentityAdminState": false,
    "customAppPoolIdentityTenantState": false,
    "runtimeADUser": null,
    "runtimeADUserPassword": null,
    "loadBalancing": "LeastRequests",
    "routingRules": [],
    "experiments": {
      "rampUpRules": []
    },
    "limits": null,
    "autoHealEnabled": false,
    "autoHealRules": null,
    "tracingOptions": null,
    "vnetName": "",
    "vnetRouteAllEnabled": false,
    "vnetPrivatePortsCount": 0,
    "publicNetworkAccess": null,
    "siteAuthEnabled": false,
    "siteAuthSettings": {
      "enabled": null,
      "unauthenticatedClientAction": null,
      "tokenStoreEnabled": null,
      "allowedExternalRedirectUrls": null,
      "defaultProvider": null,
      "clientId": null,
      "clientSecret": null,
      "clientSecretSettingName": null,
      "clientSecretCertificateThumbprint": null,
      "issuer": null,
      "allowedAudiences": null,
      "additionalLoginParams": null,
      "isAadAutoProvisioned": false,
      "aadClaimsAuthorization": null,
      "googleClientId": null,
      "googleClientSecret": null,
      "googleClientSecretSettingName": null,
      "googleOAuthScopes": null,
      "facebookAppId": null,
      "facebookAppSecret": null,
      "facebookAppSecretSettingName": null,
      "facebookOAuthScopes": null,
      "gitHubClientId": null,
      "gitHubClientSecret": null,
      "gitHubClientSecretSettingName": null,
      "gitHubOAuthScopes": null,
      "twitterConsumerKey": null,
      "twitterConsumerSecret": null,
      "twitterConsumerSecretSettingName": null,
      "microsoftAccountClientId": null,
      "microsoftAccountClientSecret": null,
      "microsoftAccountClientSecretSettingName": null,
      "microsoftAccountOAuthScopes": null,
      "configVersion": null
    },
    "cors": {
      "allowedOrigins": [
        "https://portal.azure.com"
      ],
      "supportCredentials": false
    },
    "push": null,
    "apiDefinition": null,
    "apiManagementConfig": null,
    "autoSwapSlotName": null,
    "localMySqlEnabled": false,
    "managedServiceIdentityId": null,
    "xManagedServiceIdentityId": 10992,
    "keyVaultReferenceIdentity": null,
    "ipSecurityRestrictions": [
      {
        "ipAddress": "Any",
        "action": "Allow",
        "priority": 2147483647,
        "name": "Allow all",
        "description": "Allow all access"
      }
    ],
    "ipSecurityRestrictionsDefaultAction": null,
    "scmIpSecurityRestrictions": [
      {
        "ipAddress": "Any",
        "action": "Allow",
        "priority": 2147483647,
        "name": "Allow all",
        "description": "Allow all access"
      }
    ],
    "scmIpSecurityRestrictionsDefaultAction": null,
    "scmIpSecurityRestrictionsUseMain": false,
    "http20Enabled": false,
    "minTlsVersion": "1.2",
    "minTlsCipherSuite": null,
    "supportedTlsCipherSuites": null,
    "scmMinTlsVersion": "1.2",
    "ftpsState": "FtpsOnly",
    "preWarmedInstanceCount": 0,
    "functionAppScaleLimit": 200,
    "elasticWebAppScaleLimit": null,
    "healthCheckPath": null,
    "fileChangeAuditEnabled": false,
    "functionsRuntimeScaleMonitoringEnabled": false,
    "websiteTimeZone": null,
    "minimumElasticInstanceCount": 0,
    "azureStorageAccounts": {},
    "http20ProxyFlag": 0,
    "sitePort": null,
    "antivirusScanEnabled": false,
    "storageType": "StorageVolume"
  }
}

DEBUG: ResponseCreated:                                                                                                 
DEBUG: BeforeResponseDispatch:                                                                                          
DEBUG: Finally:                                                                                                         
DEBUG: CmdletAfterAPICall:                                                                                              
DEBUG: [CmdletProcessRecordAsyncEnd]: Finish HTTP process
DEBUG: CmdletProcessRecordAsyncEnd:                                                                                     
DEBUG: CmdletProcessRecordEnd:                                                                                          

Updating function app
Update function app 'FunctionAppExample23'?
[Y] Yes  [N] No  [S] Suspend  [?] Help (default is "Y"): y
DEBUG: [CmdletBeginProcessing]: Starting command
DEBUG: CmdletBeginProcessing: 
DEBUG: CmdletProcessRecordStart: 
DEBUG: CmdletGetPipeline: 
DEBUG: CmdletBeforeAPICall: 
DEBUG: URLCreated: /subscriptions/e9c370d9-92a5-48e6-9d40-7419751ab06b/resourceGroups/Example-RG/providers/Microsoft.Web/sites/FunctionAppExample23?api-version=2019-08-01
DEBUG: RequestCreated: /subscriptions/e9c370d9-92a5-48e6-9d40-7419751ab06b/resourceGroups/Example-RG/providers/Microsoft.Web/sites/FunctionAppExample23?api-version=2019-08-01
DEBUG: HeaderParametersAdded: 
DEBUG: BodyContentSet: 
DEBUG: 3:34:43 PM - [ConfigManager] Got nothing from [EnableLoginByWam], Module = [], Cmdlet = []. Returning default value [False].
DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
PUT

Absolute Uri:
https://management.azure.com/subscriptions/e9c370d9-92a5-48e6-9d40-7419751ab06b/resourceGroups/Example-RG/providers/Microsoft.Web/sites/FunctionAppExample23?api-version=2019-08-01        

Headers:
x-ms-unique-id                : 103
x-ms-client-request-id        : c9a84f96-3fe9-40d6-9327-035518d0ef0e
CommandName                   : Az.Functions.internal\Set-AzFunctionApp
FullCommandName               : Set-AzFunctionApp_Update
ParameterSetName              : __AllParameterSets
User-Agent                    : AzurePowershell/v9.6.0,PSVersion/v7.3.6,Az.Functions/4.0.6

Body:
{
  "kind": "functionapp",
  "location": "East US",
  "properties": {
    "serverFarmId": "/subscriptions/e9c370d9-92a5-48e6-9d40-7419751ab06b/resourceGroups/Example-rg/providers/Microsoft.Web/serverfarms/ASP-Examplerg-ba32",
    "reserved": false,
    "siteConfig": {
      "powerShellVersion": "",
      "linuxFxVersion": "",
      "appSettings": [
        {
          "name": "WEBSITE_CONTENTAZUREFILECONNECTIONSTRING",
          "value": "DefaultEndpointsProtocol=https;AccountName=***;AccountKey=***;EndpointSuffix=core.windows.net"
        },
        {
          "name": "FUNCTIONS_WORKER_RUNTIME",
          "value": "dotnet"
        },
        {
          "name": "FUNCTIONS_EXTENSION_VERSION",
          "value": "~4"
        },
        {
          "name": "AzureWebJobsStorage",
          "value": "DefaultEndpointsProtocol=https;AccountName=***;AccountKey=***;EndpointSuffix=core.windows.net"
        },
        {
          "name": "WEBSITE_CONTENTSHARE",
          "value": "functionappexample2390d2"
        }
      ],
      "alwaysOn": false,
      "javaVersion": ""
    }
  },
  "identity": {
    "type": "SystemAssigned"
  }
}

DEBUG: BeforeCall: 
DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
OK

Headers:
Cache-Control                 : no-cache
Pragma                        : no-cache
ETag                          : "1D9E680DF675335"
Strict-Transport-Security     : max-age=31536000; includeSubDomains
x-ms-request-id               : 45fda293-5188-40ce-ba16-24a2d77cb88f
Server                        : Microsoft-IIS/10.0
X-AspNet-Version              : 4.0.30319
X-Powered-By                  : ASP.NET
x-ms-ratelimit-remaining-subscription-resource-requests: 499
x-ms-correlation-request-id   : ea29d0da-7378-4a11-a429-fb44d8f6e5f7
x-ms-routing-request-id       : NORTHCENTRALUS:20230913T203448Z:ea29d0da-7378-4a11-a429-fb44d8f6e5f7
X-Content-Type-Options        : nosniff
Date                          : Wed, 13 Sep 2023 20:34:48 GMT

Body:
{
  "id": "/subscriptions/e9c370d9-92a5-48e6-9d40-7419751ab06b/resourceGroups/Example-RG/providers/Microsoft.Web/sites/FunctionAppExample23",
  "name": "FunctionAppExample23",
  "type": "Microsoft.Web/sites",
  "kind": "functionapp",
  "location": "East US",
  "properties": {
    "name": "FunctionAppExample23",
    "state": "Running",
    "hostNames": [
      "functionappexample23.azurewebsites.net"
    ],
    "webSpace": "Example-rg-EastUSwebspace",
    "selfLink": "https://waws-prod-blu-371.api.azurewebsites.windows.net:454/subscriptions/e9c370d9-92a5-48e6-9d40-7419751ab06b/webspaces/Example-rg-EastUSwebspace/sites/FunctionAppExample23",
    "repositorySiteName": "FunctionAppExample23",
    "owner": null,
    "usageState": "Normal",
    "enabled": true,
    "adminEnabled": true,
    "enabledHostNames": [
      "functionappexample23.azurewebsites.net",
      "functionappexample23.scm.azurewebsites.net"
    ],
    "siteProperties": {
      "metadata": null,
      "properties": [
        {
          "name": "LinuxFxVersion",
          "value": ""
        },
        {
          "name": "WindowsFxVersion",
          "value": null
        }
      ],
      "appSettings": null
    },
    "availabilityState": "Normal",
    "sslCertificates": null,
    "csrs": [],
    "cers": null,
    "siteMode": null,
    "hostNameSslStates": [
      {
        "name": "functionappexample23.azurewebsites.net",
        "sslState": "Disabled",
        "ipBasedSslResult": null,
        "virtualIP": null,
        "thumbprint": null,
        "certificateResourceId": null,
        "toUpdate": null,
        "toUpdateIpBasedSsl": null,
        "ipBasedSslState": "NotConfigured",
        "hostType": "Standard"
      },
      {
        "name": "functionappexample23.scm.azurewebsites.net",
        "sslState": "Disabled",
        "ipBasedSslResult": null,
        "virtualIP": null,
        "thumbprint": null,
        "certificateResourceId": null,
        "toUpdate": null,
        "toUpdateIpBasedSsl": null,
        "ipBasedSslState": "NotConfigured",
        "hostType": "Repository"
      }
    ],
    "computeMode": null,
    "serverFarm": null,
    "serverFarmId": "/subscriptions/e9c370d9-92a5-48e6-9d40-7419751ab06b/resourceGroups/Example-rg/providers/Microsoft.Web/serverfarms/ASP-Examplerg-ba32",
    "reserved": false,
    "isXenon": false,
    "hyperV": false,
    "lastModifiedTimeUtc": "2023-09-13T20:34:47.07",
    "storageRecoveryDefaultState": "Running",
    "contentAvailabilityState": "Normal",
    "runtimeAvailabilityState": "Normal",
    "dnsConfiguration": {},
    "vnetRouteAllEnabled": false,
    "containerAllocationSubnet": null,
    "useContainerLocalhostBindings": null,
    "vnetImagePullEnabled": false,
    "vnetContentShareEnabled": false,
    "siteConfig": {
      "numberOfWorkers": 1,
      "defaultDocuments": null,
      "netFrameworkVersion": null,
      "phpVersion": null,
      "pythonVersion": null,
      "nodeVersion": null,
      "powerShellVersion": null,
      "linuxFxVersion": "",
      "windowsFxVersion": null,
      "windowsConfiguredStacks": null,
      "requestTracingEnabled": null,
      "remoteDebuggingEnabled": null,
      "remoteDebuggingVersion": null,
      "httpLoggingEnabled": null,
      "azureMonitorLogCategories": null,
      "acrUseManagedIdentityCreds": false,
      "acrUserManagedIdentityID": null,
      "logsDirectorySizeLimit": null,
      "detailedErrorLoggingEnabled": null,
      "publishingUsername": null,
      "publishingPassword": null,
      "appSettings": null,
      "metadata": null,
      "connectionStrings": null,
      "machineKey": null,
      "handlerMappings": null,
      "documentRoot": null,
      "scmType": null,
      "use32BitWorkerProcess": null,
      "webSocketsEnabled": null,
      "alwaysOn": false,
      "javaVersion": null,
      "javaContainer": null,
      "javaContainerVersion": null,
      "appCommandLine": null,
      "managedPipelineMode": null,
      "virtualApplications": null,
      "winAuthAdminState": null,
      "winAuthTenantState": null,
      "customAppPoolIdentityAdminState": null,
      "customAppPoolIdentityTenantState": null,
      "runtimeADUser": null,
      "runtimeADUserPassword": null,
      "loadBalancing": null,
      "routingRules": null,
      "experiments": null,
      "limits": null,
      "autoHealEnabled": null,
      "autoHealRules": null,
      "tracingOptions": null,
      "vnetName": null,
      "vnetRouteAllEnabled": null,
      "vnetPrivatePortsCount": null,
      "publicNetworkAccess": null,
      "cors": null,
      "push": null,
      "apiDefinition": null,
      "apiManagementConfig": null,
      "autoSwapSlotName": null,
      "localMySqlEnabled": null,
      "managedServiceIdentityId": null,
      "xManagedServiceIdentityId": null,
      "keyVaultReferenceIdentity": null,
      "ipSecurityRestrictions": [
        {
          "ipAddress": "Any",
          "action": "Allow",
          "priority": 2147483647,
          "name": "Allow all",
          "description": "Allow all access"
        }
      ],
      "ipSecurityRestrictionsDefaultAction": null,
      "scmIpSecurityRestrictions": [
        {
          "ipAddress": "Any",
          "action": "Allow",
          "priority": 2147483647,
          "name": "Allow all",
          "description": "Allow all access"
        }
      ],
      "scmIpSecurityRestrictionsDefaultAction": null,
      "scmIpSecurityRestrictionsUseMain": null,
      "http20Enabled": false,
      "minTlsVersion": null,
      "minTlsCipherSuite": null,
      "supportedTlsCipherSuites": null,
      "scmMinTlsVersion": null,
      "ftpsState": null,
      "preWarmedInstanceCount": null,
      "functionAppScaleLimit": 200,
      "elasticWebAppScaleLimit": null,
      "healthCheckPath": null,
      "fileChangeAuditEnabled": null,
      "functionsRuntimeScaleMonitoringEnabled": null,
      "websiteTimeZone": null,
      "minimumElasticInstanceCount": 0,
      "azureStorageAccounts": null,
      "http20ProxyFlag": null,
      "sitePort": null,
      "antivirusScanEnabled": null,
      "storageType": null
    },
    "daprConfig": null,
    "deploymentId": "FunctionAppExample23",
    "slotName": null,
    "trafficManagerHostNames": null,
    "sku": "Dynamic",
    "scmSiteAlsoStopped": false,
    "targetSwapSlot": null,
    "hostingEnvironment": null,
    "hostingEnvironmentProfile": null,
    "clientAffinityEnabled": false,
    "clientCertEnabled": false,
    "clientCertMode": "Required",
    "clientCertExclusionPaths": null,
    "hostNamesDisabled": false,
    "vnetBackupRestoreEnabled": false,
    "domainVerificationIdentifiers": null,
    "customDomainVerificationId": "728A299B0941472E9E254A37060F8FC7A9CD505FA2BC031BF1F907763476CE3E",
    "kind": "functionapp",
    "managedEnvironmentId": null,
    "inboundIpAddress": "20.119.0.25",
    "possibleInboundIpAddresses": "20.119.0.25",
    "ftpUsername": "FunctionAppExample23\\$FunctionAppExample23",
    "ftpsHostName": "ftps://waws-prod-blu-371.ftp.azurewebsites.windows.net/site/wwwroot",
    "outboundIpAddresses": "20.232.69.122,20.232.69.157,20.232.69.164,20.232.69.184,20.232.69.201,20.85.197.23,20.119.0.25",
    "possibleOutboundIpAddresses": "20.232.69.122,20.232.69.157,20.232.69.164,20.232.69.184,20.232.69.201,20.85.197.23,20.232.69.232,20.232.70.8,52.226.219.148,52.226.219.154,52.226.220.117,52.226.220.133,52.226.220.134,52.226.221.115,52.226.221.215,52.226.222.137,52.226.217.155,52.226.222.206,52.226.223.120,52.226.223.123,20.232.0.14,20.232.0.33,20.232.0.44,20.232.0.213,20.232.0.230,20.232.0.233,20.232.1.1,20.232.2.51,20.232.2.89,20.232.2.101,20.119.0.25",
    "containerSize": 1536,
    "dailyMemoryTimeQuota": 0,
    "suspendedTill": null,
    "siteDisabledReason": 0,
    "functionExecutionUnitsCache": null,
    "maxNumberOfWorkers": null,
    "homeStamp": "waws-prod-blu-371",
    "cloningInfo": null,
    "hostingEnvironmentId": null,
    "tags": null,
    "resourceGroup": "Example-rg",
    "defaultHostName": "functionappexample23.azurewebsites.net",
    "slotSwapStatus": null,
    "httpsOnly": true,
    "endToEndEncryptionEnabled": false,
    "redundancyMode": "None",
    "inProgressOperationId": null,
    "geoDistributions": null,
    "privateEndpointConnections": null,
    "publicNetworkAccess": null,
    "buildVersion": null,
    "targetBuildVersion": null,
    "migrationState": null,
    "eligibleLogCategories": "FunctionAppLogs",
    "inFlightFeatures": null,
    "storageAccountRequired": false,
    "virtualNetworkSubnetId": null,
    "keyVaultReferenceIdentity": "SystemAssigned",
    "defaultHostNameScope": "Global",
    "privateLinkIdentifiers": null
  },
  "identity": {
    "type": "SystemAssigned",
    "tenantId": "f67f15a1-cb44-441a-9964-6289917ff595",
    "principalId": "cf7e7c56-6ee4-4dc0-978e-ccad78bcb732"
  }
}

DEBUG: ResponseCreated: 
DEBUG: DelayBeforePolling: Delaying 30 seconds before polling.
DEBUG: 3:35:19 PM - [ConfigManager] Got nothing from [EnableLoginByWam], Module = [], Cmdlet = []. Returning default value [False].
DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
GET

Absolute Uri:
https://management.azure.com/subscriptions/e9c370d9-92a5-48e6-9d40-7419751ab06b/resourceGroups/Example-RG/providers/Microsoft.Web/sites/FunctionAppExample23?api-version=2019-08-01        

Headers:
x-ms-unique-id                : 104
x-ms-client-request-id        : c9a84f96-3fe9-40d6-9327-035518d0ef0e
CommandName                   : Az.Functions.internal\Set-AzFunctionApp
FullCommandName               : Set-AzFunctionApp_Update
ParameterSetName              : __AllParameterSets
User-Agent                    : AzurePowershell/v9.6.0,PSVersion/v7.3.6,Az.Functions/4.0.6

Body:

DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
OK

Headers:
Cache-Control                 : no-cache
Pragma                        : no-cache
ETag                          : "1D9E681BC6EFBE0"
Strict-Transport-Security     : max-age=31536000; includeSubDomains
x-ms-request-id               : 1612cd11-e559-49d0-a996-c0acfd756b03
Server                        : Microsoft-IIS/10.0
X-AspNet-Version              : 4.0.30319
X-Powered-By                  : ASP.NET
x-ms-ratelimit-remaining-subscription-reads: 11997
x-ms-correlation-request-id   : 407ff411-ac82-4304-b7f5-3cfd84811f8a
x-ms-routing-request-id       : NORTHCENTRALUS:20230913T203520Z:407ff411-ac82-4304-b7f5-3cfd84811f8a
X-Content-Type-Options        : nosniff
Date                          : Wed, 13 Sep 2023 20:35:19 GMT

Body:
{
  "id": "/subscriptions/e9c370d9-92a5-48e6-9d40-7419751ab06b/resourceGroups/Example-RG/providers/Microsoft.Web/sites/FunctionAppExample23",
  "name": "FunctionAppExample23",
  "type": "Microsoft.Web/sites",
  "kind": "functionapp",
  "location": "East US",
  "properties": {
    "name": "FunctionAppExample23",
    "state": "Running",
    "hostNames": [
      "functionappexample23.azurewebsites.net"
    ],
    "webSpace": "Example-rg-EastUSwebspace",
    "selfLink": "https://waws-prod-blu-371.api.azurewebsites.windows.net:454/subscriptions/e9c370d9-92a5-48e6-9d40-7419751ab06b/webspaces/Example-rg-EastUSwebspace/sites/FunctionAppExample23",
    "repositorySiteName": "FunctionAppExample23",
    "owner": null,
    "usageState": "Normal",
    "enabled": true,
    "adminEnabled": true,
    "enabledHostNames": [
      "functionappexample23.azurewebsites.net",
      "functionappexample23.scm.azurewebsites.net"
    ],
    "siteProperties": {
      "metadata": null,
      "properties": [
        {
          "name": "LinuxFxVersion",
          "value": ""
        },
        {
          "name": "WindowsFxVersion",
          "value": null
        }
      ],
      "appSettings": null
    },
    "availabilityState": "Normal",
    "sslCertificates": null,
    "csrs": [],
    "cers": null,
    "siteMode": null,
    "hostNameSslStates": [
      {
        "name": "functionappexample23.azurewebsites.net",
        "sslState": "Disabled",
        "ipBasedSslResult": null,
        "virtualIP": null,
        "thumbprint": null,
        "certificateResourceId": null,
        "toUpdate": null,
        "toUpdateIpBasedSsl": null,
        "ipBasedSslState": "NotConfigured",
        "hostType": "Standard"
      },
      {
        "name": "functionappexample23.scm.azurewebsites.net",
        "sslState": "Disabled",
        "ipBasedSslResult": null,
        "virtualIP": null,
        "thumbprint": null,
        "certificateResourceId": null,
        "toUpdate": null,
        "toUpdateIpBasedSsl": null,
        "ipBasedSslState": "NotConfigured",
        "hostType": "Repository"
      }
    ],
    "computeMode": null,
    "serverFarm": null,
    "serverFarmId": "/subscriptions/e9c370d9-92a5-48e6-9d40-7419751ab06b/resourceGroups/Example-rg/providers/Microsoft.Web/serverfarms/ASP-Examplerg-ba32",
    "reserved": false,
    "isXenon": false,
    "hyperV": false,
    "lastModifiedTimeUtc": "2023-09-13T20:34:47.07",
    "storageRecoveryDefaultState": "Running",
    "contentAvailabilityState": "Normal",
    "runtimeAvailabilityState": "Normal",
    "dnsConfiguration": {},
    "vnetRouteAllEnabled": false,
    "containerAllocationSubnet": null,
    "useContainerLocalhostBindings": null,
    "vnetImagePullEnabled": false,
    "vnetContentShareEnabled": false,
    "siteConfig": {
      "numberOfWorkers": 1,
      "defaultDocuments": null,
      "netFrameworkVersion": null,
      "phpVersion": null,
      "pythonVersion": null,
      "nodeVersion": null,
      "powerShellVersion": null,
      "linuxFxVersion": "",
      "windowsFxVersion": null,
      "windowsConfiguredStacks": null,
      "requestTracingEnabled": null,
      "remoteDebuggingEnabled": null,
      "remoteDebuggingVersion": null,
      "httpLoggingEnabled": null,
      "azureMonitorLogCategories": null,
      "acrUseManagedIdentityCreds": false,
      "acrUserManagedIdentityID": null,
      "logsDirectorySizeLimit": null,
      "detailedErrorLoggingEnabled": null,
      "publishingUsername": null,
      "publishingPassword": null,
      "appSettings": null,
      "metadata": null,
      "connectionStrings": null,
      "machineKey": null,
      "handlerMappings": null,
      "documentRoot": null,
      "scmType": null,
      "use32BitWorkerProcess": null,
      "webSocketsEnabled": null,
      "alwaysOn": false,
      "javaVersion": null,
      "javaContainer": null,
      "javaContainerVersion": null,
      "appCommandLine": null,
      "managedPipelineMode": null,
      "virtualApplications": null,
      "winAuthAdminState": null,
      "winAuthTenantState": null,
      "customAppPoolIdentityAdminState": null,
      "customAppPoolIdentityTenantState": null,
      "runtimeADUser": null,
      "runtimeADUserPassword": null,
      "loadBalancing": null,
      "routingRules": null,
      "experiments": null,
      "limits": null,
      "autoHealEnabled": null,
      "autoHealRules": null,
      "tracingOptions": null,
      "vnetName": null,
      "vnetRouteAllEnabled": null,
      "vnetPrivatePortsCount": null,
      "publicNetworkAccess": null,
      "cors": null,
      "push": null,
      "apiDefinition": null,
      "apiManagementConfig": null,
      "autoSwapSlotName": null,
      "localMySqlEnabled": null,
      "managedServiceIdentityId": null,
      "xManagedServiceIdentityId": null,
      "keyVaultReferenceIdentity": null,
      "ipSecurityRestrictions": null,
      "ipSecurityRestrictionsDefaultAction": null,
      "scmIpSecurityRestrictions": null,
      "scmIpSecurityRestrictionsDefaultAction": null,
      "scmIpSecurityRestrictionsUseMain": null,
      "http20Enabled": false,
      "minTlsVersion": null,
      "minTlsCipherSuite": null,
      "supportedTlsCipherSuites": null,
      "scmMinTlsVersion": null,
      "ftpsState": null,
      "preWarmedInstanceCount": null,
      "functionAppScaleLimit": 200,
      "elasticWebAppScaleLimit": null,
      "healthCheckPath": null,
      "fileChangeAuditEnabled": null,
      "functionsRuntimeScaleMonitoringEnabled": null,
      "websiteTimeZone": null,
      "minimumElasticInstanceCount": 0,
      "azureStorageAccounts": null,
      "http20ProxyFlag": null,
      "sitePort": null,
      "antivirusScanEnabled": null,
      "storageType": null
    },
    "daprConfig": null,
    "deploymentId": "FunctionAppExample23",
    "slotName": null,
    "trafficManagerHostNames": null,
    "sku": "Dynamic",
    "scmSiteAlsoStopped": false,
    "targetSwapSlot": null,
    "hostingEnvironment": null,
    "hostingEnvironmentProfile": null,
    "clientAffinityEnabled": false,
    "clientCertEnabled": false,
    "clientCertMode": "Required",
    "clientCertExclusionPaths": null,
    "hostNamesDisabled": false,
    "vnetBackupRestoreEnabled": false,
    "domainVerificationIdentifiers": null,
    "customDomainVerificationId": "728A299B0941472E9E254A37060F8FC7A9CD505FA2BC031BF1F907763476CE3E",
    "kind": "functionapp",
    "managedEnvironmentId": null,
    "inboundIpAddress": "20.119.0.25",
    "possibleInboundIpAddresses": "20.119.0.25",
    "ftpUsername": "FunctionAppExample23\\$FunctionAppExample23",
    "ftpsHostName": "ftps://waws-prod-blu-371.ftp.azurewebsites.windows.net/site/wwwroot",
    "outboundIpAddresses": "20.232.69.122,20.232.69.157,20.232.69.164,20.232.69.184,20.232.69.201,20.85.197.23,20.119.0.25",
    "possibleOutboundIpAddresses": "20.232.69.122,20.232.69.157,20.232.69.164,20.232.69.184,20.232.69.201,20.85.197.23,20.232.69.232,20.232.70.8,52.226.219.148,52.226.219.154,52.226.220.117,52.226.220.133,52.226.220.134,52.226.221.115,52.226.221.215,52.226.222.137,52.226.217.155,52.226.222.206,52.226.223.120,52.226.223.123,20.232.0.14,20.232.0.33,20.232.0.44,20.232.0.213,20.232.0.230,20.232.0.233,20.232.1.1,20.232.2.51,20.232.2.89,20.232.2.101,20.119.0.25",
    "containerSize": 1536,
    "dailyMemoryTimeQuota": 0,
    "suspendedTill": null,
    "siteDisabledReason": 0,
    "functionExecutionUnitsCache": null,
    "maxNumberOfWorkers": null,
    "homeStamp": "waws-prod-blu-371",
    "cloningInfo": null,
    "hostingEnvironmentId": null,
    "tags": null,
    "resourceGroup": "Example-rg",
    "defaultHostName": "functionappexample23.azurewebsites.net",
    "slotSwapStatus": null,
    "httpsOnly": true,
    "endToEndEncryptionEnabled": false,
    "redundancyMode": "None",
    "inProgressOperationId": null,
    "geoDistributions": null,
    "privateEndpointConnections": [],
    "publicNetworkAccess": null,
    "buildVersion": null,
    "targetBuildVersion": null,
    "migrationState": null,
    "eligibleLogCategories": "FunctionAppLogs",
    "inFlightFeatures": [],
    "storageAccountRequired": false,
    "virtualNetworkSubnetId": null,
    "keyVaultReferenceIdentity": "SystemAssigned",
    "defaultHostNameScope": "Global",
    "privateLinkIdentifiers": null
  },
  "identity": {
    "type": "SystemAssigned",
    "tenantId": "f67f15a1-cb44-441a-9964-6289917ff595",
    "principalId": "cf7e7c56-6ee4-4dc0-978e-ccad78bcb732"
  }
}

DEBUG: Polling: 
DEBUG: BeforeResponseDispatch: 
DEBUG: Finally: 
DEBUG: CmdletAfterAPICall: 
DEBUG: [CmdletProcessRecordAsyncEnd]: Finish HTTP process
DEBUG: CmdletProcessRecordAsyncEnd: 
DEBUG: CmdletProcessRecordEnd: 
DEBUG: AzureQoSEvent:  Module: Az.Functions:4.0.6; CommandName: Update-AzFunctionApp; PSVersion: 7.3.6; IsSuccess: True; Duration: 00:00:41.4519075

#the system managed identity is now in place but the user managed id has been dropped
$functionapp = Update-AzFunctionApp -name FunctionAppExample23 -ResourceGroupName Example-RG -IdentityType SystemAssigned

Environment data

Name                           Value
----                           -----
PSVersion                      7.3.6
PSEdition                      Core
GitCommitId                    7.3.6
OS                             Microsoft Windows 10.0.22621
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

Module versions

ModuleType Version    PreRelease Name                                ExportedCommands
---------- -------    ---------- ----                                ----------------
Script     2.12.1                Az.Accounts                         {Add-AzEnvironment, Clear-AzConfig, Clear-AzContext, Clear-AzDefault…}
Script     4.0.6                 Az.Functions                        {Get-AzFunctionApp, Get-AzFunctionAppAvailableLocation, Get-AzFunctionAppPlan, Get-AzFunctionAppSetting…}
Script     1.1.1                 Az.ManagedServiceIdentity           {Get-AzFederatedIdentityCredentials, Get-AzSystemAssignedIdentity, Get-AzUserAssignedIdentity, Get-AzUserAssignedIde… 
Script     6.6.0                 Az.Resources                        {Export-AzResourceGroup, Export-AzTemplateSpec, Get-AzDenyAssignment, Get-AzDeployment…}
Script     2.2.1                 Az.ServiceBus                       {Add-AzServiceBusIPRule, Add-AzServiceBusVirtualNetworkRule, Get-AzServiceBusNamespace, Get-AzServiceBusOperation…}   
Script     2.14.0                Az.Websites                         {Add-AzWebAppAccessRestrictionRule, Add-AzWebAppTrafficRouting, Edit-AzWebAppBackupConfiguration, Enter-AzWebAppCont…

Error output

No response

microsoft-github-policy-service[bot] commented 1 year ago

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @AnatoliB, @Francisco-Gamino, @shreyabatra4.

microsoft-github-policy-service[bot] commented 1 year ago

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @AnatoliB, @Francisco-Gamino, @shreyabatra4.