Issue with AppConfig - Roles deployment

[johnwildes]

Hey Community!
I'm working through some .net Aspire training, and experimenting with additional resources. I've added an Azure AppConfiguration resource to my project. It deploys ok the first time, but every subsequent run of my application (build / local debug), I get an error "Failed to provision" -
{
"code": "UnmatchedPrincipalType",
"message": "The PrincipalId 'ef616f1....' has type 'ServicePrincipal' , which is different from specified PrinciaplType 'User'."
}

This is correct, my current user secrets.json file has a service principal and key that I use for deployment to this lab subscription. During the stand up aspire is trying to assign the role Azure App Configuration Data Owner to my service principal and it fails because it's a service principal and not a "user". I can't seem to find anywhere in the documentation how to fix this. I've manually assigned the role to this principal.

Aspire is a bit magical, and normally what I would do is look at the ARM template and see if I could adjust the parameter type that it is expecting. The ARM template has a single resource, "Microsoft.Authorization/roleAssignments"

        {
            "type": "Microsoft.Authorization/roleAssignments",
            "apiVersion": "2022-04-01",
            "name": "[guid(resourceId('Microsoft.AppConfiguration/configurationStores', parameters('chatappcfg_outputs_name')), parameters('principalId'), subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b'))]",
            "properties": {
                "principalId": "[parameters('principalId')]",
                "roleDefinitionId": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b')]",
                "principalType": "[parameters('principalType')]"
            },
            "scope": "[format('Microsoft.AppConfiguration/configurationStores/{0}', parameters('chatappcfg_outputs_name'))]"
        }
    

[johnwildes]

I've cleared everything out referencing the service principal, and this completes with my user account which is also an owner of the subscription in this case. It is all green now with the deployment.