From 48e2bb09d9c35823db5315f60a38ffb918459ae6 Mon Sep 17 00:00:00 2001
From: ebronson68 <111298136+ebronson68@users.noreply.github.com>
Date: Tue, 20 Aug 2024 17:14:06 -0500
Subject: [PATCH] Don't look up AD SP ID

---
 .github/workflows/azfunction-deploy.yaml | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/.github/workflows/azfunction-deploy.yaml b/.github/workflows/azfunction-deploy.yaml
index 307e9c5a..b04eb8fb 100644
--- a/.github/workflows/azfunction-deploy.yaml
+++ b/.github/workflows/azfunction-deploy.yaml
@@ -222,14 +222,11 @@ jobs:
         with:
           inlineScript: |
             set -eu
-            # Retrieve the object ID of the managed identity
-            objectId=$(az ad sp show --id ${{ env.functionAppIdentity }} --query objectId --output tsv)
-
             # Retrieve the Key Vault ID
             keyVaultId=$(az keyvault show --name ${{ env.keyVaultName }} --query id --output tsv)
             
             # Assign the Key Vault Secrets User role to the managed identity using object ID and principal type
-            az role assignment create --role "Key Vault Secrets User" --assignee-object-id $objectId --assignee-principal-type ServicePrincipal --scope $keyVaultId
+            az role assignment create --role "Key Vault Secrets User" --assignee-object-id --assignee-principal-type ServicePrincipal ${{ env.functionAppIdentity }} --scope $keyVaultId
       
       - name: Retrieve environment variables
         if: ${{ env.AZURE_CREDENTIALS_SET != 'false' }}