无法在同一手臂模板中为密钥库引用用户分配的身份的principalId

I'm having trouble referencing a user assigned identity that I create alongside a KeyVault instance within the same template. I've searched through documentation on how to reference managed identities in general and I believe it looks like the following:

reference(resourceId('resource-type', 'resource-name'), 'api-version', 'Full)).identity.principalId

However, this doesn't work for me and I'm not sure if it has something to do with deploying my templates at the subscription scope. I'm currently using linkedTemplates so that I can organize my code better and have a main template like the following:

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.1",
  "parameters": {},
  "resources": [
    {
      "apiVersion": "2020-06-01",
      "location": "[variables('location')]", 
      "name": "key-vault-test”,
      "properties": {
        "mode": "Incremental",
         "parameters": { },
         "templateLink": {
           "relativePath": “vault.json"
         }
      },
      "type": "Microsoft.Resources/deployments"
    }
  ],
}

Next, vault.json is as follows:

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.1",
  "parameters": {
    …
  },
  "resources": [
    {
      "apiVersion": "2018-05-01",
      "location": “[…..]”,
      "name": "key-vault",
      "type": "Microsoft.Resources/resourceGroups"
    },
    {
      "apiVersion": "2020-06-01",
      "dependsOn": [
        "[resourceId('Microsoft.Resources/resourceGroups', 'key-vault')]"
      ],
      "name": “user-assigned-identity-dep”,
      "properties": {
        "expressionEvaluationOptions": {
          "scope": "outer"
        },
        "mode": "Incremental",
        "template": {
          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
          "contentVersion": "1.0.0.0",
          "resources": [
            {
              "apiVersion": "2018-11-30",
              "location": “[…]”,
              "name": “myIdentity”,
              "type": "Microsoft.ManagedIdentity/userAssignedIdentities"
            }
          ]
        }
      },
      "resourceGroup": "key-vault",
      "type": "Microsoft.Resources/deployments"
    },
    {
      "apiVersion": "2020-06-01",
      "name": "key-vault-dep”,
      "properties": {
        "expressionEvaluationOptions": {
          "scope": "outer"
        },
        "mode": "Incremental",
        "template": {
          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
          "contentVersion": "1.0.0.0",
          "resources": [
            {
              "apiVersion": "2018-02-14",
              "location": “[…]”,
              "name": "[concat('key-vault-', uniqueString(subscription().id))]",
              "properties": {
                "accessPolicies": [
                    {
                        "objectId": "[reference(variables('keyVaultIdentityId'), '2018-11-30', 'Full').identity.principalId]",
                        "permissions": {
                            "secrets": [
                            "get",
                            "list"
                            ]
                        },
                        "tenantId": "[subscription().tenantId]"
                    }
                ],
                "enableSoftDelete": true,
                "sku": {
                  "family": "A",
                  "name": "Standard"
                },
                "tenantId": "[subscription().tenantId]"
              },
              "type": "Microsoft.KeyVault/vaults"
            }
          ]
        }
      },
      "resourceGroup": "key-vault",
      "type": "Microsoft.Resources/deployments"
    }
  ],
  "variables": {
    "keyVaultIdentityId": "/subscriptions/…/resourceGroups/key-vault/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myIdentity”
  }
}

When I deploy the main template, the reference function that I've crafted returns me the deployment of the keyVault and not the managed identity at all.

语言表达属性'identity'不存在,可用属性为'apiVersion,位置,标签,属性,deploymentResourceLineInfo,subscriptionId,resourceGroupName,范围,resourceId,referenceApiVersion,condition,isConditionTrue,isTemplateResource,isAction,provisioningOperation

我不确定自己是在做错什么,还是有更好的方法来做到这一点。总而言之,我正在尝试创建一个用户分配的身份,并在同一模板中创建具有该身份访问策略的密钥库。