How do I add managed identity to azure batch pool via python?

Question

I'm currently creating batch pools using azure.batch.models.PoolAddParameter()

I'm wondering how to assign a managed identity to the pool using this class. I found azure.batch.models.BatchPoolIdentity(), but cannot figure out how to assign it to the pool.

Any help would be greatly appreciated.

Answer 1

@Brian Bertrand Apologies for the delay in response and all the inconvenience caused because of the issue.

To assign managed identities to pools you need to use the management client instead of the normal batch service client, this is so that requests are routed through ARM which supported managed identity. Here is some untested sample code in Python but should work with minimal tweaks:

from azure.identity import DefaultAzureCredential
import azure.mgmt.batch
import azure.mgmt.batch.models

client = azure.mgmt.batch.BatchManagement(credential=DefaultAzureCredential(), subscription_id="test")

sample_identity = azure.mgmt.batch.models.BatchPoolIdentity(
type=azure.mgmt.batch.models.PoolIdentityType.USER_ASSIGNED,
user_assigned_identities={
"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identientityName": None
}
)
params = azure.mgmt.batch.models.Pool(identity=sample_identity)

client.pool.create("resource", "account", "poolName", params)

Hope it helps!!!

Please "Accept as Answer" if it helped so it can help others in community looking for help on similar topics.

Answer 2

@Brian Bertrand @Neharika Singh
I have used above code to add managed identity however I am unable to create pool..It gives me Authorization error 403. I have added contributor, owner and reader role to managed identity since facing error while creating pool. I cannot create pool from port as well when I select managed Identity as option it doesnt list the managed identity
sharing screenshot of same.