This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hey there!
I have a managed application which deploys some VMs in the customer subscription. I want from those VMs to send custom billing events to the metering API.
I've read this link https://learn.microsoft.com/en-us/azure/marketplace/partner-center-portal/marketplace-metering-service-authentication, and
if I understood correctly, the goal is to find resourceUsageId before emitting usage.
As I followed Using the Azure-managed identities token section of the link above, all steps worked except forth step (the last one).
---------
$ curl -H 'Authorization: Bearer xxxxxxx’ 'https://management.azure.com/subscriptions/xx-xx-xx-xx-xx/resourceGroups/xx-preview-20201124221221/providers/Microsoft.Solutions/applications/subscriptions/xx-xx-xx-xx-xx/resourceGroups/xx/providers/Microsoft.Solutions/applications/xxx?api-version=2019-07-01
{'error':{'code';'ResourceNotFound','message':'The Resource Microsoft.Solutions/applications/subscriptions under resource group 'xx--preview-20201124221221'; was not found. For more details please go to https://aka.ms/ARMResourceNotFoundFix'}}
---------
By the way, the managed app id (managedBy property) in my case has this format: /subscriptions/xx-xx-xx-xx-xx/resourceGroups/xx/providers/Microsoft.Solutions/applications/xxx
Could I get some guidance on this ?
Cordially,
@Anis Elleuch Thanks for your query. Community SME's on this topic or our team will review your scenario and circle back at the possible earliest time.
Hi,
I've been there.
It turned out Microsoft's example code is a bit wrong (may be they have changed something )
Instead of pulling
"https://management.azure.com/subscriptions/xxxxxxxxx/resourceGroups/xx-preview-20201124221221/providers/Microsoft.Solutions/applications/xxx\?api-version=2019-07-01"
you need to query :
"https://management.azure.com/subscriptions/xxxxxxxxx/resourceGroups/(the resource group in which the Managed App is located. And it differs from where the resources are deployed)/providers/Microsoft.Solutions/applications/xxx\?api-version=2019-07-01"
It worked for me. Though, you need to set a system managed identity and give read access of the VM to the Managed App.
If you are trying to deploy a marketplace offer, it gets even worse. The deployment is executed in the seller's tenant context and when your deployment script tries to set the Managed Identity, it can not. Cross tenant Managed identities are not supported.
So I'm stuck there.
Here is a script that sets Managed Identity, but it fails because it does not have rights.
{
"type": "Microsoft.Resources/deployments",
"name": "DeployRBACroleToVM",
"apiVersion": "2020-06-01",
"resourceGroup": "[parameters('RG_name')]",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
},
"variables": {},
"resources": [
{
"type": "Microsoft.Solutions/applications/providers/roleAssignments",
"apiVersion": "2019-04-01-preview",
"name": "[concat(parameters('ManagedAppName'),'/Microsoft.Authorization/',guid(resourceGroup().id))]",
"properties": {
"roleDefinitionId": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]",
"delegatedManagedIdentityResourceId": "[concat(subscription().id, '/providers/Microsoft.Compute/virtualMachines/', parameters('vmName'))]",
"principalId": "[reference(resourceId('Microsoft.Compute/virtualMachines', parameters('vmName')), '2020-12-01','full').identity.principalId]"
}
}
]
},
"parameters": {}
}
}
@Anis Elleuch It looks like an issue which needs troubleshooting to find out the cause. As this is beyond the purview of the Forums Support, we would request you to create a Technical Ticket by following these steps so that our engineers can help you appropriately.