feat: Kusto cluster system assigned managed identity (Azure#3048)

## Description Add managed identity capability to cluster. ## Pipeline Reference  | Pipeline | | -------- | | [![avm.res.kusto.cluster](https://github.com/oZakari/bicep-registry-modules/actions/workflows/avm.res.kusto.cluster.yml/badge.svg?branch=kusto-cluster-ssid)](https://github.com/oZakari/bicep-registry-modules/actions/workflows/avm.res.kusto.cluster.yml) | ## Type of Change  - [x] Update to CI Environment or utilities (Non-module affecting changes) - [x] Azure Verified Module updates: - [ ] Bugfix containing backwards-compatible bug fixes, and I have NOT bumped the MAJOR or MINOR version in `version.json`: - [ ] Someone has opened a bug report issue, and I have included "Closes #{bug_report_issue_number}" in the PR description. - [ ] The bug was found by the module author, and no one has opened an issue to report it yet. - [x] Feature update backwards compatible feature updates, and I have bumped the MINOR version in `version.json`. - [ ] Breaking changes and I have bumped the MAJOR version in `version.json`. - [ ] Update to documentation ## Checklist - [x] I'm sure there are no other open Pull Requests for the same update/change - [x] I have run `Set-AVMModule` locally to generate the supporting module files. - [ ] My corresponding pipelines / checks run clean and green without any errors or warnings  --------- Co-authored-by: Matt Hoffmeister <[email protected]>
Agazoth · Sep 7, 2024 · 41da778 · 41da778
1 parent d03d954
commit 41da778
Show file tree

Hide file tree

Showing 3 changed files with 50 additions and 6 deletions.
diff --git a/avm/res/kusto/cluster/README.md b/avm/res/kusto/cluster/README.md
@@ -1068,8 +1068,16 @@ The managed identity definition for this resource.
 
 | Parameter | Type | Description |
 | :-- | :-- | :-- |
+| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. |
 | [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource id(s) to assign to the resource. |
 
+### Parameter: `managedIdentities.systemAssigned`
+
+Enables system assigned managed identity on the resource.
+
+- Required: No
+- Type: bool
+
 ### Parameter: `managedIdentities.userAssignedResourceIds`
 
 The resource id(s) to assign to the resource.
@@ -1691,11 +1699,13 @@ The resource ID of the subnet to which to deploy the Kusto Cluster.
 
 | Output | Type | Description |
 | :-- | :-- | :-- |
+| `identity` | object | The identity of the cluster. |
 | `location` | string | The location the resource was deployed into. |
 | `name` | string | The name of the kusto cluster. |
 | `privateEndpoints` | array | The private endpoints of the kusto cluster. |
 | `resourceGroupName` | string | The resource group the kusto cluster was deployed into. |
 | `resourceId` | string | The resource id of the kusto cluster. |
+| `systemAssignedMIPrincipalId` | string | The principal ID of the system assigned identity. |
 
 ## Cross-referenced modules
 

diff --git a/avm/res/kusto/cluster/main.bicep b/avm/res/kusto/cluster/main.bicep
@@ -129,7 +129,9 @@ var formattedUserAssignedIdentities = reduce(
 
 var identity = !empty(managedIdentities)
   ? {
-      type: !empty(managedIdentities.?userAssignedResourceIds ?? {}) ? 'UserAssigned' : 'None'
+      type: (managedIdentities.?systemAssigned ?? false)
+        ? (!empty(managedIdentities.?userAssignedResourceIds ?? {}) ? 'SystemAssigned,UserAssigned' : 'SystemAssigned')
+        : (!empty(managedIdentities.?userAssignedResourceIds ?? {}) ? 'UserAssigned' : 'None')
       userAssignedIdentities: !empty(formattedUserAssignedIdentities) ? formattedUserAssignedIdentities : null
     }
   : null
@@ -296,7 +298,7 @@ module kustoCluster_principalAssignments 'principal-assignment/main.bicep' = [
       principalId: principalAssignment.principalId
       principalType: principalAssignment.principalType
       role: principalAssignment.role
-      tenantId: contains(principalAssignment, 'tenantId') ? principalAssignment.tenantId : tenant().tenantId
+      tenantId: principalAssignment.?tenantId ?? tenant().tenantId
     }
   }
 ]
@@ -362,14 +364,20 @@ module kustoCluster_privateEndpoints 'br/public:avm/res/network/private-endpoint
 output resourceGroupName string = resourceGroup().name
 
 @description('The resource id of the kusto cluster.')
-output resourceId string = kustoCluster.id
+output resourceId string = kustoCluster.?id
+
+@description('The principal ID of the system assigned identity.')
+output systemAssignedMIPrincipalId string = kustoCluster.?identity.?principalId ?? ''
 
 @description('The name of the kusto cluster.')
 output name string = kustoCluster.name
 
 @description('The location the resource was deployed into.')
 output location string = kustoCluster.location
 
+@description('The identity of the cluster.')
+output identity object = kustoCluster.identity
+
 @description('The private endpoints of the kusto cluster.')
 output privateEndpoints array = [
   for (pe, i) in (!empty(privateEndpoints) ? array(privateEndpoints) : []): {
@@ -479,6 +487,9 @@ type lockType = {
 }?
 
 type managedIdentitiesType = {
+  @description('Optional. Enables system assigned managed identity on the resource.')
+  systemAssigned: bool?
+
   @description('Optional. The resource id(s) to assign to the resource.')
   userAssignedResourceIds: string[]
 }?

diff --git a/avm/res/kusto/cluster/main.json b/avm/res/kusto/cluster/main.json
@@ -6,7 +6,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.29.47.4906",
-      "templateHash": "4366309935211132094"
+      "templateHash": "9987903523872780142"
     },
     "name": "Kusto Cluster",
     "description": "This module deploys a Kusto Cluster.",
@@ -252,6 +252,13 @@
     "managedIdentitiesType": {
       "type": "object",
       "properties": {
+        "systemAssigned": {
+          "type": "bool",
+          "nullable": true,
+          "metadata": {
+            "description": "Optional. Enables system assigned managed identity on the resource."
+          }
+        },
         "userAssignedResourceIds": {
           "type": "array",
           "items": {
@@ -869,7 +876,7 @@
       }
     ],
     "formattedUserAssignedIdentities": "[reduce(map(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createArray()), lambda('id', createObject(format('{0}', lambdaVariables('id')), createObject()))), createObject(), lambda('cur', 'next', union(lambdaVariables('cur'), lambdaVariables('next'))))]",
-    "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'UserAssigned', 'None'), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]",
+    "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'UserAssigned', 'None')), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]",
     "builtInRoleNames": {
       "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",
       "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]",
@@ -1062,7 +1069,9 @@
           "role": {
             "value": "[parameters('principalAssignments')[copyIndex()].role]"
           },
-          "tenantId": "[if(contains(parameters('principalAssignments')[copyIndex()], 'tenantId'), createObject('value', parameters('principalAssignments')[copyIndex()].tenantId), createObject('value', tenant().tenantId))]"
+          "tenantId": {
+            "value": "[coalesce(tryGet(parameters('principalAssignments')[copyIndex()], 'tenantId'), tenant().tenantId)]"
+          }
         },
         "template": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
@@ -1947,6 +1956,13 @@
       },
       "value": "[resourceId('Microsoft.Kusto/clusters', parameters('name'))]"
     },
+    "systemAssignedMIPrincipalId": {
+      "type": "string",
+      "metadata": {
+        "description": "The principal ID of the system assigned identity."
+      },
+      "value": "[coalesce(tryGet(tryGet(reference('kustoCluster', '2023-08-15', 'full'), 'identity'), 'principalId'), '')]"
+    },
     "name": {
       "type": "string",
       "metadata": {
@@ -1961,6 +1977,13 @@
       },
       "value": "[reference('kustoCluster', '2023-08-15', 'full').location]"
     },
+    "identity": {
+      "type": "object",
+      "metadata": {
+        "description": "The identity of the cluster."
+      },
+      "value": "[reference('kustoCluster', '2023-08-15', 'full').identity]"
+    },
     "privateEndpoints": {
       "type": "array",
       "metadata": {