https://pulumi.com logo
Title
w

white-architect-1595

01/11/2023, 3:16 PM
Hello all - This is my first time using Managed ID for provision access to a resource and I am hoping someone can assist me. I create my managed ID by doing this
var createManagedIdentity = new Pulumi.AzureNative.ManagedIdentity.UserAssignedIdentity(name, new()
            {
                ResourceGroupName = rg.Name,
                Location = rg.Location,
            });
Then I create a AzureCliScript and send in the managed ID like this...
var AzureScript = new AzureCliScript("Script-AddWebAppAppSettings", new()
            {
                Location = rg.Location,
                ResourceGroupName = rg.Name,
                RetentionInterval = "PT1H",
                AzCliVersion = "2.41.0",
                Kind = "AzureCLI",
                Timeout = "PT30M",
                Identity = new Pulumi.AzureNative.Resources.Inputs.ManagedServiceIdentityArgs
                {
                    Type = Pulumi.AzureNative.Resources.ManagedServiceIdentityType.UserAssigned,
                    UserAssignedIdentities = MI.Id.Apply(x =>
                    {
                        var im = new Dictionary<string, object>
                        {
                            {x, new Dictionary<string, object>() }
                        };
                        return im;
                    })
                },
                EnvironmentVariables = new InputList<Pulumi.AzureNative.Resources.Inputs.EnvironmentVariableArgs>
                {
                    new Pulumi.AzureNative.Resources.Inputs.EnvironmentVariableArgs
                    {
                        Name = "AZURE_STORAGE_ACCOUNT",
                        Value = sa.Name,
                    },
                    new Pulumi.AzureNative.Resources.Inputs.EnvironmentVariableArgs
                    {
                        Name = "AZURE_STORAGE_KEY",
                        Value = GetPrimaryStorageAccountKey(sa, rg),
                    },
                    new Pulumi.AzureNative.Resources.Inputs.EnvironmentVariableArgs
                    {
                        Name = "SHARE_NAME",
                        Value = ShareName 
                    },
                },
                ForceUpdateTag = "1",
                ScriptContent = Output.Format($"az webapp config appsettings list --name {logicapp.Name} --resource-group {rg.Name} --setting {key}={value}"),
            });
When the script runs, it throws back an error saying: ERROR: (SubscriptionNotFound) The subscription '1b075f8c-XXXXX-42d5-9042-XXXXXXX' could not be found.. for more deployment script information." Details=[{"code":"DeploymentScriptError","message":"ERROR: (SubscriptionNotFound) The subscription '1b075f8c-XXXXX-42d5-9042-XXXXXXX' could not be found."},{"code":"DeploymentScriptError","message":"Code: SubscriptionNotFound"},{"code":"DeploymentScriptError","message":"Message: The subscription '1b075f8c-XXXXX-42d5-9042-XXXXXXX' could not be found."}] For testing I made my script content az account show to see what the user json is and its
[
   {
      "cloudName":"AzureCloud",
      "id":"1b075f8c-XXXXX-42d5-9042-XXXXXXX",
      "isDefault":true,
      "name":"N/A(tenant level account)",
      "state":"Enabled",
      "tenantId":"1b075f8c-XXXXX-42d5-9042-XXXXXXX",
      "user":{
         "assignedIdentityInfo":"MSI",
         "name":"systemAssignedIdentity",
         "type":"servicePrincipal"
      }
   }
]
I think the issue is the ID in the JSON is set to be the tenant ID, when I believe it should be the subscription ID. Anyone have any experience with this?
Currently looking at an earlier thread regarding... https://pulumi-community.slack.com/archives/CRVK66N5U/p1670350709119409