Azure ARM templates - Stream Analytics identity.principalId as output

1
votes

I have a working ARM Template for a Stream Analytics job which creates it's own 'managed identity' which can be queried using AZ CLI, e.g.:

'az stream-analytics job show -g <resource_group> -n <stream_analytics_job_name> -o json --query 'identity.principalId'

(Deployment is via Terraform 'azurerm_template_deployment' module).

Added an ARM template output to return this key using 'listkeys':

    "outputs": {
        "principalId": {
        "type": "string",
        "value": "[listkeys(resourceId('Microsoft.StreamAnalytics/streamingjobs', parameters('StreamAnalyticsJobName')), parameters('ASAApiVersion')).identity.principalId]"
        }
    }
}

Now the ARM deployment fails as seen in the resource group deployments list with:

{
  "code": "DeploymentFailed",
  "message": "At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.",
  "details": [
    {
      "code": "NotFound",
      "message": "{\r\n  \"code\": \"NotFound\",\r\n  \"message\": \"The webpage cannot be found.\",\r\n  \"details\": {\r\n    \"code\": \"404\",\r\n    \"message\": \"The webpage cannot be found.\",\r\n    \"correlationId\": \"<redacted>\",\r\n    \"requestId\": \"<redacted>\"\r\n  }\r\n}"
    }
  ]
}

From the resource group Activity Log, under the 'Write Steam Analytics Job', there are failed operations for listkeys - none of which give any further clues.

'identity.principalId' found for this Stream Analytics job via https://resources.azure.com:

...etc...
  "identity": {
    "principalId": "<redacted>",
    "tenantId": "<redacted>",
    "type": "SystemAssigned"
  },

Have also tried the following ARM template output with the same result:

    "outputs": {
        "principalId": {
        "type": "string",
        "value": "[listkeys(resourceId('Microsoft.StreamAnalytics/streamingjobs', parameters('StreamAnalyticsJobName')), parameters('ASAApiVersion')).principalId]"
        }
    }

Similar issues found but none for Stream Analytics:

Research:

Any help much appreciated, thanks.

1
azureazure-resource-managerarm-templateazure-stream-analytics
Please be more careful with tags. The "arm" tag is for the ARM microcontroller, not for Azure resource manager.Codo

1 Answers

1
votes

Came across the answer elsewhere (How to get Principal Id in app service using Arm template?) as I was trying to obtain a principal ID not a key (my bad).

Using the following ARM Template output worked:

    "outputs": {
        "principalId": {
        "type": "string",
        "value": "[reference(resourceId('Microsoft.StreamAnalytics/streamingjobs', parameters('StreamAnalyticsJobName')), parameters('ASAApiVersion'), 'Full').identity.principalId]"
        }
    }