Hi,
I've been there.
It turned out Microsoft's example code is a bit wrong (may be they have changed something )
Instead of pulling
"https://management.azure.com/subscriptions/xxxxxxxxx/resourceGroups/xx-preview-20201124221221/providers/Microsoft.Solutions/applications/xxx\?api-version=2019-07-01"
you need to query :
"https://management.azure.com/subscriptions/xxxxxxxxx/resourceGroups/(the resource group in which the Managed App is located. And it differs from where the resources are deployed)/providers/Microsoft.Solutions/applications/xxx\?api-version=2019-07-01"
It worked for me. Though, you need to set a system managed identity and give read access of the VM to the Managed App.
If you are trying to deploy a marketplace offer, it gets even worse. The deployment is executed in the seller's tenant context and when your deployment script tries to set the Managed Identity, it can not. Cross tenant Managed identities are not supported.
So I'm stuck there.
Here is a script that sets Managed Identity, but it fails because it does not have rights.
{
"type": "Microsoft.Resources/deployments",
"name": "DeployRBACroleToVM",
"apiVersion": "2020-06-01",
"resourceGroup": "[parameters('RG_name')]",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
},
"variables": {},
"resources": [
{
"type": "Microsoft.Solutions/applications/providers/roleAssignments",
"apiVersion": "2019-04-01-preview",
"name": "[concat(parameters('ManagedAppName'),'/Microsoft.Authorization/',guid(resourceGroup().id))]",
"properties": {
"roleDefinitionId": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]",
"delegatedManagedIdentityResourceId": "[concat(subscription().id, '/providers/Microsoft.Compute/virtualMachines/', parameters('vmName'))]",
"principalId": "[reference(resourceId('Microsoft.Compute/virtualMachines', parameters('vmName')), '2020-12-01','full').identity.principalId]"
}
}
]
},
"parameters": {}
}
}