Reputation: 121
Retrieve app id of Synapse service principal and add as administrator to AAS using Bicep
I'm deploying Azure services by using Bicep. The property 'identity type system assigned' creates an enterprise application/service principal with a name, object id and app id. This is required to be able to process Azure Analysis Services from a Synapse pipeline.
//Create Synapse Analytics
resource synapseAnalytics 'Microsoft.Synapse/workspaces@2021-06-01' = {
name: synapse_name
location: region
identity: {
type: 'SystemAssigned'
}
properties: {
defaultDataLakeStorage: {
filesystem: storage_account_fileshare_name
resourceId: storageAccount.id
accountUrl: storage_account_url
createManagedPrivateEndpoint: true
}
managedVirtualNetwork: 'default'
publicNetworkAccess: 'Enabled'
managedResourceGroupName: synapse_workspace_name
azureADOnlyAuthentication: false
cspWorkspaceAdminProperties: {
initialWorkspaceAdminObjectId: xxxx
}
}
dependsOn: [
storageAccountFileshare
]
}
I need to retrieve the app id of the created resource to add to Azure Analysis Service as an administrator.
resource analysisServices 'Microsoft.AnalysisServices/servers@2017-08-01' = {
name: anaylsis_services_name
location: region
sku: {
name: 'B1'
tier: 'Basic'
capacity: 1
}
properties: {
asAdministrators: {
members: [
'obj:xxxxxx-xxxxxx-xxxxx-xxxxx@xxxxx-xxx-xxxxx-xxxxx'
'app:{GET APP ID OF SYNAPSE}' <------------------
]
}
managedMode: 1
}
}
How can I access the app id in my Bicep code?
I'm able to retrieve the app id by using a powershell command. Unfortunately this command needs an object id which I'm not able to retrieve by using powershell commands.
az ad sp show --id {object-id} --query appId
Upvotes: 1
Views: 1028
Answers (1)
Reputation: 29736
Using a system-assigned identity, you can't get the appId directly from bicep.
But you could output the principalId
//Create Synapse Analytics
resource synapseAnalytics 'Microsoft.Synapse/workspaces@2021-06-01' = {
name: synapse_name
...
}
// return the principalId to query the appId
output principalId string = synapseAnalytics.identity.principalId
You can then use the principalId to get the appId
az ad sp show --id <principalId from bicep> --query appId
Using a user-assigned identity, you would be able to do it all in bicep:
// Create a user identity for synapse
resource userAssignedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
name: userAssignedIdentityName
location: region
}
//Create Synapse Analytics
resource synapseAnalytics 'Microsoft.Synapse/workspaces@2021-06-01' = {
name: synapse_name
identity: {
type: 'SystemAssigned,UserAssigned'
userAssignedIdentities: {
// assign the managed identity
'${userAssignedIdentity.id}': {}
}
}
...
}
// Create the analysis service
resource analysisServices 'Microsoft.AnalysisServices/servers@2017-08-01' = {
name: anaylsis_services_name
...
properties: {
asAdministrators: {
members: [
...
// Set app id and tenantid as per documentation
'app:${userAssignedIdentity.properties.clientId}@${userAssignedIdentity.properties.tenantId}'
]
}
...
}
}
Upvotes: 1
Related Questions
- Bicep - Get Service Principal ID from App ID
- Azure bicep get application id of service principal
- Accessing the App (client) ID from an Azure App Service in bicep
- There is a way to set up Synapse Administrators with a BICEP module?
- why devops service prinicple does not have synapse administrator role when created synapse workspace using bicep code
- how to add Identity provider to app service by bicep script?
- Access Azure AppConfiguration with System managed Identity using DefaultAzureCredential
- How to get Principal Id in app service using Arm template?
- What is the easiest way to get the AAD application ID of MSI enabled app service
- Programmatically get user identity from Azure ACS