Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

azure_rm_virtualmachine: Ability to modify/unset User Assigned and System Assigned identities on VMs #1173

Closed
cpiment opened this issue May 31, 2023 · 0 comments · Fixed by #1177
Closed

azure_rm_virtualmachine: Ability to modify/unset User Assigned and System Assigned identities on VMs #1173

cpiment opened this issue May 31, 2023 · 0 comments · Fixed by #1177
Labels
has_pr PR fixes have been made medium_priority Medium priority new_feature New feature requirments

Comments

@cpiment
Copy link
Contributor

cpiment commented May 31, 2023
edited
Loading

SUMMARY

Currently only System Assigned managed identities can be enabled in Virtual Machines and only while creating the VM (you can not assign the identity once the machine is provisioned). It would be great if both System Assigned and User Assigned identities could be configured using azure_rm_virtualmachine.

ISSUE TYPE
  • Feature Idea
COMPONENT NAME

azure_rm_virtualmachine

ADDITIONAL INFORMATION

I have forked the collection and made a first approach of this feature, but it would be great if we could discuss here if my approach is correct. Some samples that work in my fork:

- name: Set identities IDs to test. Identities ansible-test-vm-identity and ansible-test-vm-identity-2 have to be created previously
  set_fact:
    user_identity_1: "/subscriptions/{{ azure_subscription_id }}/resourcegroups/{{ resource_group }}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/ansible-test-vm-identity"
    user_identity_2: "/subscriptions/{{ azure_subscription_id }}/resourcegroups/{{ resource_group }}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/ansible-test-vm-identity-2"

- name: Append another UserAssigned
  azure_rm_virtualmachine:
    name: "{{ vm_name }}"
    resource_group: "{{ resource_group }}"
    vm_identity:
      type: "UserAssigned"
      user_assigned_identities:
        id: 
        - "{{ user_identity_2 }}"
        append: true
  register: vm_output

- name: Add SystemAssigned
  azure_rm_virtualmachine:
    name: "{{ vm_name }}"
    resource_group: "{{ resource_group }}"
    vm_identity:
      type: "SystemAssigned, UserAssigned"
      user_assigned_identities:
        append: true
  register: vm_output

- name: Force only one UserAssigned
  azure_rm_virtualmachine:
    name: "{{ vm_name }}"
    resource_group: "{{ resource_group }}"
    vm_identity:
      type: "SystemAssigned, UserAssigned"
      user_assigned_identities:
        id: 
        - "{{ user_identity_2 }}"
        append: false
  register: vm_output

- name: Remove UserAssigned
  azure_rm_virtualmachine:
    name: "{{ vm_name }}"
    resource_group: "{{ resource_group }}"
    vm_identity:
      type: "SystemAssigned"
  register: vm_output

- name: Disable SystemAssigned
  azure_rm_virtualmachine:
    name: "{{ vm_name }}"
    resource_group: "{{ resource_group }}"
    vm_identity:
      type: "None"
  register: vm_output
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
has_pr PR fixes have been made medium_priority Medium priority new_feature New feature requirments
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

azure_rm_virtualmachine: better support for User Assigned and System Assigned identities
2 participants
@cpiment @Fred-sun