Please add Wait condition capabilities in ARM templates.
This ability would be a great addition as it is already there in AWS CFT.
The wait conditions will play a vital role in signalling between the Azure VM and the ARM template. This helps to prioritize and control the deployment flow in certain ways. "dependsOn" is not much useful in certain occurrences.
Attached the case summary of a support case that I have raised for my project related concern.
Praveen Kumar R commented
as more and more we use Managed identity and role assignment this is becoming blocker for us. Without this capability (either support Delay in ARM Templates or support way to idenity role assignments are fully propagated (?)) we are blocked from using Managed identity in our product via ARM templates. Can we add a ETA or approx time when this will be looked into?
To all of these complaining about the managed identities and items like that. Instead of complaining like this use the output section of the deployment task to grab the managed identity principalId. This works every single time for me with SQL Managed Instance (which is heavily dependant for the key vault when using Customer Managed Key). I've done the same thing with other things (web apps). In my opinion this is a useless function request.
1. Create deployment. Output the managed identity in the output task.
2. Reference that output and use it in the template. Worst case is you can use a deployment script with PowerShell or AZ CLI to grab the managed identity through scripting if required, but first part should be sufficient enough.
When a resource is deployed with a system-assigned managed identity, the managed identity can take a couple of minutes to be provisioned. If role assignments in the template depend on that managed identity, the role assignments will fail, as they will be executed before the managed identities are provisioned in the directory.
Being able to add a wait(someNumberOfSeconds) to the resource with the system-assigned managed identity, to allow for identity provisioning, would be enormously helpful.
Nirnay Bansal commented
We need to add identity of Webapp to accesspolicy of Keyvault. By the time our webapp deploy and the managedidentity resource executes, the webapp is not available. Dependency is not helping in this case.
Raphael Ferreira commented
Indeed! Adding VMs as replication protected items via templates is a pain as of now. It very often fails because the target VM (that has just been deployed) has its provisioning state set to "update" or "unavailable" at the time the template gets to the replication job. Adding the VM resource as a dependency does nothing to avoid that.