how can i get an azure.msi.UserAssignedIdentity cl...
# generals
sparse-insurance-40223
10/11/2018, 12:57 PMhow can i get an azure.msi.UserAssignedIdentity clientId please - it doesn't seem to exist in the pulumi source at all but it's an essential part of using them
b
brave-angle-33257
10/11/2018, 3:20 PMare you sure it's not the principalId you want? I just used some UAI in my app, and I didn't need the clientId
s
sparse-insurance-40223
10/11/2018, 3:21 PMyeah i use principalId and resourceId elsewhere
b
brave-angle-33257
10/11/2018, 3:21 PMok yea those are the 2 i needed
s
sparse-insurance-40223
10/11/2018, 3:21 PMbut i'm using aad-pod-identity to assign MSI to pods
sparse-insurance-40223
10/11/2018, 3:21 PMand it needs clientId
sparse-insurance-40223
10/11/2018, 3:22 PMi had a look through terraform and it only seems to be mentioned with servicePrincipals there... not really sure why
b
brave-angle-33257
10/11/2018, 3:24 PMi know this probably isnt exactly what you're using, but if you find the code for your SDK and object, you might be able to simply add it as an output as shown here: https://github.com/pulumi/pulumi-azure/blob/master/sdk/python/pulumi_azure/msi/user_assigned_identity.py#L58
brave-angle-33257
10/11/2018, 3:24 PMcan give that a shot, and if it works add it as a PR
brave-angle-33257
10/11/2018, 3:25 PMalthough that is generated by tfgen.. still, might be worth a shot just to see if it's available at that point
brave-angle-33257
10/11/2018, 3:26 PMor maybe it would be a TF PR.. since all this stuff is based off terraform
s
sparse-insurance-40223
10/11/2018, 3:26 PMah nice one
sparse-insurance-40223
10/11/2018, 3:26 PMyeah i suspect it would be - terraform doesnt mention it anywhere inside the msi bits
b
brave-angle-33257
10/11/2018, 3:26 PMyea according to TF docs it's not listed as an attribute that's exported: https://www.terraform.io/docs/providers/azurerm/r/user_assigned_identity.html
s
sparse-insurance-40223
10/11/2018, 3:41 PMhm yeah
sparse-insurance-40223
10/11/2018, 3:42 PMb
brave-angle-33257
10/11/2018, 3:46 PMyea i wouldnt expect you could get it until TF adds it
s
sparse-insurance-40223
10/11/2018, 3:47 PMwhat a nightmare!
sparse-insurance-40223
10/11/2018, 3:47 PMthanks for your help
b
brave-angle-33257
10/11/2018, 3:47 PMyou can probably use the regular azure SDK to query the UAI in your code and set it as a config var or something
brave-angle-33257
10/11/2018, 3:47 PMthat's the nice thing about infra as code 🙂 lots of tricks
s
sparse-insurance-40223
10/11/2018, 3:47 PMyeah i've just hardcoded it at the mo
sparse-insurance-40223
10/11/2018, 3:48 PMi was hoping to make a new identity per app and have it all full auto sad
b
brave-angle-33257
10/11/2018, 3:49 PMyou prob still can tho, after you create it, write a loop that queries via the SDK for the UAI.clientId, then move on to the usage of it
s
sparse-insurance-40223
10/11/2018, 3:50 PMoh I see what you mean, yeah I'll give that a go cheers
b
brave-angle-33257
10/11/2018, 3:51 PMbrave-angle-33257
10/11/2018, 4:38 PMnice that worked?
s
sparse-insurance-40223
10/11/2018, 4:59 PMnot got the auto-client-id-getting-bit working yet but its the final link in the chain
sparse-insurance-40223
10/11/2018, 5:35 PM Copy code
const testApplicationClientId = testApplicationIdentity.id.apply(resourceId => {
let cmd = `az identity show --output tsv --query "clientId" --ids ${resourceId}`;
var result = child.execSync(cmd);
return result.toString();
})
testApplicationClientId.apply(x => console.log(x));sparse-insurance-40223
10/11/2018, 5:35 PMnice one all working
sparse-insurance-40223
10/11/2018, 5:35 PMcheers danno
b
brave-angle-33257
10/11/2018, 5:41 PMawesome! nice work