https://pulumi.com logo
s

sparse-insurance-40223

10/11/2018, 12:57 PM
how can i get an azure.msi.UserAssignedIdentity clientId please - it doesn't seem to exist in the pulumi source at all but it's an essential part of using them
b

brave-angle-33257

10/11/2018, 3:20 PM
are you sure it's not the principalId you want? I just used some UAI in my app, and I didn't need the clientId
s

sparse-insurance-40223

10/11/2018, 3:21 PM
yeah i use principalId and resourceId elsewhere
b

brave-angle-33257

10/11/2018, 3:21 PM
ok yea those are the 2 i needed
s

sparse-insurance-40223

10/11/2018, 3:21 PM
but i'm using aad-pod-identity to assign MSI to pods
and it needs clientId
i had a look through terraform and it only seems to be mentioned with servicePrincipals there... not really sure why
b

brave-angle-33257

10/11/2018, 3:24 PM
i know this probably isnt exactly what you're using, but if you find the code for your SDK and object, you might be able to simply add it as an output as shown here: https://github.com/pulumi/pulumi-azure/blob/master/sdk/python/pulumi_azure/msi/user_assigned_identity.py#L58
can give that a shot, and if it works add it as a PR
although that is generated by tfgen.. still, might be worth a shot just to see if it's available at that point
or maybe it would be a TF PR.. since all this stuff is based off terraform
s

sparse-insurance-40223

10/11/2018, 3:26 PM
ah nice one
yeah i suspect it would be - terraform doesnt mention it anywhere inside the msi bits
b

brave-angle-33257

10/11/2018, 3:26 PM
yea according to TF docs it's not listed as an attribute that's exported: https://www.terraform.io/docs/providers/azurerm/r/user_assigned_identity.html
s

sparse-insurance-40223

10/11/2018, 3:41 PM
hm yeah
b

brave-angle-33257

10/11/2018, 3:46 PM
yea i wouldnt expect you could get it until TF adds it
s

sparse-insurance-40223

10/11/2018, 3:47 PM
what a nightmare!
thanks for your help
b

brave-angle-33257

10/11/2018, 3:47 PM
you can probably use the regular azure SDK to query the UAI in your code and set it as a config var or something
that's the nice thing about infra as code 🙂 lots of tricks
s

sparse-insurance-40223

10/11/2018, 3:47 PM
yeah i've just hardcoded it at the mo
i was hoping to make a new identity per app and have it all full auto sad
b

brave-angle-33257

10/11/2018, 3:49 PM
you prob still can tho, after you create it, write a loop that queries via the SDK for the UAI.clientId, then move on to the usage of it
s

sparse-insurance-40223

10/11/2018, 3:50 PM
oh I see what you mean, yeah I'll give that a go cheers
nice that worked?
s

sparse-insurance-40223

10/11/2018, 4:59 PM
not got the auto-client-id-getting-bit working yet but its the final link in the chain
Copy code
const testApplicationClientId = testApplicationIdentity.id.apply(resourceId => {
    let cmd = `az identity show --output tsv --query "clientId" --ids ${resourceId}`;
    var result = child.execSync(cmd);
    return result.toString();
})
testApplicationClientId.apply(x => console.log(x));
nice one all working
cheers danno
b

brave-angle-33257

10/11/2018, 5:41 PM
awesome! nice work