Hello,
I am trying to create an Azure Batch Pool using the Azure CLI by submitting a JSON file. The reason for using the Azure CLI rather than the portal, is a need for a specific version of the VM image which, to our knowledge, cannot be set through the portal. It can, however, be specified in the JSON. At the same time we need to use a user managed identity for authentication purposes.
The full JSON configuration is shown below.
{
"properties":{
"vmSize":"standard_d2s_v3",
"deploymentConfiguration":{
"virtualMachineConfiguration":{
"imageReference":{
"publisher":"microsoft-dsvm",
"offer":"dsvm-win-2019",
"sku":"winserver-2019",
"version":"22.09.06"
},
"nodeAgentSkuId":"batch.node.windows amd64",
"windowsConfiguration":{
"enableAutomaticUpdates":false
},
"licenseType":"Windows_Server",
"dataDisks":[
{
"lun":0,
"caching":"ReadWrite",
"diskSizeGB":30,
"storageAccountType":"Premium_LRS"
},
{
"lun":1,
"caching":"None",
"diskSizeGB":200,
"storageAccountType":"Standard_LRS"
}
],
"nodePlacementConfiguration":{
"policy":"Regional"
}
}
},
"networkConfiguration":{
"subnetId":"<MySubnet>",
"dynamicVNetAssignmentScope":"none",
"publicIPAddressConfiguration":{
"provision":"BatchManaged"
}
},
"startTask":{
"commandLine":"pip install azure-keyvault azure-identity azure-storage-file-datalake pandas",
"userIdentity":{
"autoUser":{
"scope":"pool",
"elevationLevel":"nonadmin"
}
},
"maxTaskRetryCount":0,
"waitForSuccess":true
},
"scaleSettings":{
"autoScale":{
"formula":"$TargetDedicatedNodes=1",
"evaluationInterval":"PT5M"
}
}
},
"identity":{
"type":"UserAssigned",
"userAssignedIdentities":[
{
"resourceId":"/subscriptions/<MySubscription>/resourceGroups/<MyResourceGroup>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<MyManagedIdentity>",
"clientId":"<MyClientID>",
"principalId":"<MyPrincipalID>"
}
]
}
}
The above is basically a copy-paste of the JSON that is POSTed when creating the pool through the portal. Looking at the MS documentation, it is stated that accepted input is one that conforms to the REST API body. However, according to this documentation, the identity block is not an accepted input for the JSON specifying the pool.
Indeed, when we try to submit the above JSON we get an "InvalidRequestBody: The Specified Request Body is not syntactically valid. Reason: Cannot deserialize the current JSON array (e.g. [1,2,3]) into type'System.Collections.Generic.Dictionary'2[System.String,...] because the type requires a JSON object (e.g. {"name":"value"}) to deserialize correctly."
We have attempted what has been proposed here but that still doesn't resolve the problem. We still cannot provide a user-managed identity through the JSON with Azure CLI.
How can we assign a managed identity to our batch pools using the Azure CLI?
It is essentially the same problem as is being described here