az spring-cloud app identity

Note

This reference is part of the spring-cloud extension for the Azure CLI (version 2.45.0 or higher). The extension will automatically install the first time you run an az spring-cloud app identity command. Learn more about extensions.

This command group is implicitly deprecated because command group 'spring-cloud app' is deprecated and will be removed in a future release. Use 'spring app' instead.

Manage an app's managed identities.

Commands

Name	Description	Type	Status
az spring-cloud app identity assign	Enable system-assigned managed identity or assign user-assigned managed identities to an app.	Extension	Deprecated
az spring-cloud app identity force-set	Force set managed identities on an app.	Extension	Preview and Deprecated
az spring-cloud app identity remove	Remove managed identity from an app.	Extension	Deprecated
az spring-cloud app identity show	Display app's managed identity info.	Extension	Deprecated

az spring-cloud app identity assign

Deprecated

This command is implicitly deprecated because command group 'spring-cloud app identity' is deprecated and will be removed in a future release. Use 'spring app identity' instead.

Enable system-assigned managed identity or assign user-assigned managed identities to an app.

az spring-cloud app identity assign --name
                                    --resource-group
                                    --service
                                    [--role]
                                    [--scope]
                                    [--system-assigned {false, true}]
                                    [--user-assigned]

Examples

Enable the system assigned identity.

az spring-cloud app identity assign -n MyApp -s MyCluster -g MyResourceGroup --system-assigned

Enable the system assigned identity on an app with the 'Reader' role.

az spring-cloud app identity assign -n MyApp -s MyCluster -g MyResourceGroup --system-assigned --role Reader --scope /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/xxxxx/providers/Microsoft.KeyVault/vaults/xxxxx

Assign two user-assigned managed identities to an app.

az spring-cloud app identity assign -n MyApp -s MyCluster -g MyResourceGroup --user-assigned IdentityResourceId1 IdentityResourceId2

Required Parameters

--name -n

Name of app.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--service -s

Name of Azure Spring Cloud, you can configure the default service using az configure --defaults spring-cloud=.

Optional Parameters

--role

Role name or id the managed identity will be assigned.

--scope

The scope the managed identity has access to.

--system-assigned

Enable system-assigned managed identity on an app.

Accepted values: false, true

--user-assigned

Preview

Space-separated user-assigned managed identity resource IDs to assgin to an app.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az spring-cloud app identity force-set

Preview Deprecated

This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

This command is implicitly deprecated because command group 'spring-cloud app identity' is deprecated and will be removed in a future release. Use 'spring app identity' instead.

Force set managed identities on an app.

az spring-cloud app identity force-set --name
                                       --resource-group
                                       --service
                                       --system-assigned
                                       --user-assigned

Examples

Force remove all managed identities on an app.

az spring-cloud app identity force-set -n MyApp -s MyCluster -g MyResourceGroup --system-assigned disable --user-assigned disable

Force remove all user-assigned managed identities on an app, and enable or keep system-assigned managed identity.

az spring-cloud app identity force-set -n MyApp -s MyCluster -g MyResourceGroup --system-assigned enable --user-assigned disable

Force remove system-assigned managed identity on an app, and assign or keep user-assigned managed identities.

az spring-cloud app identity force-set -n MyApp -s MyCluster -g MyResourceGroup --system-assigned disable --user-assigned IdentityResourceId1 IdentityResourceId2

Required Parameters

--name -n

Name of app.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--service -s

Name of Azure Spring Cloud, you can configure the default service using az configure --defaults spring-cloud=.

--system-assigned

Allowed values: ["enable", "disable"]. Use "enable" to enable or keep system-assigned managed identity. Use "disable" to remove system-assigned managed identity.

--user-assigned

Allowed values: ["disable", space-separated user-assigned managed identity resource IDs]. Use "disable" to remove all user-assigned managed identities, use resource IDs to assign or keep user-assigned managed identities.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az spring-cloud app identity remove

Deprecated

This command is implicitly deprecated because command group 'spring-cloud app identity' is deprecated and will be removed in a future release. Use 'spring app identity' instead.

Remove managed identity from an app.

az spring-cloud app identity remove --name
                                    --resource-group
                                    --service
                                    [--system-assigned {false, true}]
                                    [--user-assigned]

Examples

Remove the system-assigned managed identity from an app.

az spring-cloud app identity remove -n MyApp -s MyCluster -g MyResourceGroup --system-assigned

Remove the system-assigned and user-assigned managed identities from an app.

az spring-cloud app identity remove -n MyApp -s MyCluster -g MyResourceGroup --system-assigned --user-assigned IdentityResourceId1 IdentityResourceId2

Remove ALL user-assigned managed identities from an app.

az spring-cloud app identity remove -n MyApp -s MyCluster -g MyResourceGroup --user-assigned

Required Parameters

--name -n

Name of app.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--service -s

Name of Azure Spring Cloud, you can configure the default service using az configure --defaults spring-cloud=.

Optional Parameters

--system-assigned

Remove system-assigned managed identity.

Accepted values: false, true

--user-assigned

Preview

Space-separated user-assigned managed identity resource IDs to remove. If no ID is provided, remove ALL user-assigned managed identities.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az spring-cloud app identity show

Deprecated

This command is implicitly deprecated because command group 'spring-cloud app identity' is deprecated and will be removed in a future release. Use 'spring app identity' instead.

Display app's managed identity info.

az spring-cloud app identity show --name
                                  --resource-group
                                  --service

Examples

Display an app's managed identity info.

az spring-cloud app identity show -n MyApp -s MyCluster -g MyResourceGroup

Required Parameters

--name -n

Name of app.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--service -s

Name of Azure Spring Cloud, you can configure the default service using az configure --defaults spring-cloud=.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.