From 41da7786b096d64f2635793d92e9811a24daf014 Mon Sep 17 00:00:00 2001 From: Zach Trocinski <30884663+oZakari@users.noreply.github.com> Date: Sat, 7 Sep 2024 01:38:08 -0500 Subject: [PATCH] feat: Kusto cluster system assigned managed identity (#3048) ## Description Add managed identity capability to cluster. ## Pipeline Reference | Pipeline | | -------- | | [![avm.res.kusto.cluster](https://github.com/oZakari/bicep-registry-modules/actions/workflows/avm.res.kusto.cluster.yml/badge.svg?branch=kusto-cluster-ssid)](https://github.com/oZakari/bicep-registry-modules/actions/workflows/avm.res.kusto.cluster.yml) | ## Type of Change - [x] Update to CI Environment or utilities (Non-module affecting changes) - [x] Azure Verified Module updates: - [ ] Bugfix containing backwards-compatible bug fixes, and I have NOT bumped the MAJOR or MINOR version in `version.json`: - [ ] Someone has opened a bug report issue, and I have included "Closes #{bug_report_issue_number}" in the PR description. - [ ] The bug was found by the module author, and no one has opened an issue to report it yet. - [x] Feature update backwards compatible feature updates, and I have bumped the MINOR version in `version.json`. - [ ] Breaking changes and I have bumped the MAJOR version in `version.json`. - [ ] Update to documentation ## Checklist - [x] I'm sure there are no other open Pull Requests for the same update/change - [x] I have run `Set-AVMModule` locally to generate the supporting module files. - [ ] My corresponding pipelines / checks run clean and green without any errors or warnings --------- Co-authored-by: Matt Hoffmeister --- avm/res/kusto/cluster/README.md | 10 ++++++++++ avm/res/kusto/cluster/main.bicep | 17 ++++++++++++++--- avm/res/kusto/cluster/main.json | 29 ++++++++++++++++++++++++++--- 3 files changed, 50 insertions(+), 6 deletions(-) diff --git a/avm/res/kusto/cluster/README.md b/avm/res/kusto/cluster/README.md index dacf69d409..dc7611acf7 100644 --- a/avm/res/kusto/cluster/README.md +++ b/avm/res/kusto/cluster/README.md @@ -1068,8 +1068,16 @@ The managed identity definition for this resource. | Parameter | Type | Description | | :-- | :-- | :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | | [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource id(s) to assign to the resource. | +### Parameter: `managedIdentities.systemAssigned` + +Enables system assigned managed identity on the resource. + +- Required: No +- Type: bool + ### Parameter: `managedIdentities.userAssignedResourceIds` The resource id(s) to assign to the resource. @@ -1691,11 +1699,13 @@ The resource ID of the subnet to which to deploy the Kusto Cluster. | Output | Type | Description | | :-- | :-- | :-- | +| `identity` | object | The identity of the cluster. | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the kusto cluster. | | `privateEndpoints` | array | The private endpoints of the kusto cluster. | | `resourceGroupName` | string | The resource group the kusto cluster was deployed into. | | `resourceId` | string | The resource id of the kusto cluster. | +| `systemAssignedMIPrincipalId` | string | The principal ID of the system assigned identity. | ## Cross-referenced modules diff --git a/avm/res/kusto/cluster/main.bicep b/avm/res/kusto/cluster/main.bicep index 2a9802eb5e..b7693cf104 100644 --- a/avm/res/kusto/cluster/main.bicep +++ b/avm/res/kusto/cluster/main.bicep @@ -129,7 +129,9 @@ var formattedUserAssignedIdentities = reduce( var identity = !empty(managedIdentities) ? { - type: !empty(managedIdentities.?userAssignedResourceIds ?? {}) ? 'UserAssigned' : 'None' + type: (managedIdentities.?systemAssigned ?? false) + ? (!empty(managedIdentities.?userAssignedResourceIds ?? {}) ? 'SystemAssigned,UserAssigned' : 'SystemAssigned') + : (!empty(managedIdentities.?userAssignedResourceIds ?? {}) ? 'UserAssigned' : 'None') userAssignedIdentities: !empty(formattedUserAssignedIdentities) ? formattedUserAssignedIdentities : null } : null @@ -296,7 +298,7 @@ module kustoCluster_principalAssignments 'principal-assignment/main.bicep' = [ principalId: principalAssignment.principalId principalType: principalAssignment.principalType role: principalAssignment.role - tenantId: contains(principalAssignment, 'tenantId') ? principalAssignment.tenantId : tenant().tenantId + tenantId: principalAssignment.?tenantId ?? tenant().tenantId } } ] @@ -362,7 +364,10 @@ module kustoCluster_privateEndpoints 'br/public:avm/res/network/private-endpoint output resourceGroupName string = resourceGroup().name @description('The resource id of the kusto cluster.') -output resourceId string = kustoCluster.id +output resourceId string = kustoCluster.?id + +@description('The principal ID of the system assigned identity.') +output systemAssignedMIPrincipalId string = kustoCluster.?identity.?principalId ?? '' @description('The name of the kusto cluster.') output name string = kustoCluster.name @@ -370,6 +375,9 @@ output name string = kustoCluster.name @description('The location the resource was deployed into.') output location string = kustoCluster.location +@description('The identity of the cluster.') +output identity object = kustoCluster.identity + @description('The private endpoints of the kusto cluster.') output privateEndpoints array = [ for (pe, i) in (!empty(privateEndpoints) ? array(privateEndpoints) : []): { @@ -479,6 +487,9 @@ type lockType = { }? type managedIdentitiesType = { + @description('Optional. Enables system assigned managed identity on the resource.') + systemAssigned: bool? + @description('Optional. The resource id(s) to assign to the resource.') userAssignedResourceIds: string[] }? diff --git a/avm/res/kusto/cluster/main.json b/avm/res/kusto/cluster/main.json index 8135431606..99f4dd208c 100644 --- a/avm/res/kusto/cluster/main.json +++ b/avm/res/kusto/cluster/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "4366309935211132094" + "templateHash": "9987903523872780142" }, "name": "Kusto Cluster", "description": "This module deploys a Kusto Cluster.", @@ -252,6 +252,13 @@ "managedIdentitiesType": { "type": "object", "properties": { + "systemAssigned": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Enables system assigned managed identity on the resource." + } + }, "userAssignedResourceIds": { "type": "array", "items": { @@ -869,7 +876,7 @@ } ], "formattedUserAssignedIdentities": "[reduce(map(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createArray()), lambda('id', createObject(format('{0}', lambdaVariables('id')), createObject()))), createObject(), lambda('cur', 'next', union(lambdaVariables('cur'), lambdaVariables('next'))))]", - "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'UserAssigned', 'None'), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]", + "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'UserAssigned', 'None')), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]", "builtInRoleNames": { "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", @@ -1062,7 +1069,9 @@ "role": { "value": "[parameters('principalAssignments')[copyIndex()].role]" }, - "tenantId": "[if(contains(parameters('principalAssignments')[copyIndex()], 'tenantId'), createObject('value', parameters('principalAssignments')[copyIndex()].tenantId), createObject('value', tenant().tenantId))]" + "tenantId": { + "value": "[coalesce(tryGet(parameters('principalAssignments')[copyIndex()], 'tenantId'), tenant().tenantId)]" + } }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", @@ -1947,6 +1956,13 @@ }, "value": "[resourceId('Microsoft.Kusto/clusters', parameters('name'))]" }, + "systemAssignedMIPrincipalId": { + "type": "string", + "metadata": { + "description": "The principal ID of the system assigned identity." + }, + "value": "[coalesce(tryGet(tryGet(reference('kustoCluster', '2023-08-15', 'full'), 'identity'), 'principalId'), '')]" + }, "name": { "type": "string", "metadata": { @@ -1961,6 +1977,13 @@ }, "value": "[reference('kustoCluster', '2023-08-15', 'full').location]" }, + "identity": { + "type": "object", + "metadata": { + "description": "The identity of the cluster." + }, + "value": "[reference('kustoCluster', '2023-08-15', 'full').identity]" + }, "privateEndpoints": { "type": "array", "metadata": {