Hi
I am trying to use managed identities in cosmosdb, I am using azure dev ops pipeline using arm templates, which runs through successfully however it doesn't show up in the portal and the code
new DefaultAzureCredential(new DefaultAzureCredentialOptions{ManagedIdentityClientId = ManagedIdentityClientId});
also doesn't run when its live (and i can't get it to work locally both due to a readMetadatapermission not being assigned (which doesn't seem supportedin the built in roles either)
{
"type": "Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions",
"apiVersion": "2021-05-15",
"name": "[concat(variables('developmentSettingsDbName'),'/', variables('cosmosDbContributorRoleDefinitionId'))]",
"dependsOn": [
"[resourceId('Microsoft.DocumentDb/databaseAccounts', variables('developmentSettingsDbName'))]"
],
"properties": {
"roleName": "[variables('cosmosDbContributorRoleDefinitionName')]",
"type": "CustomRole",
"assignableScopes": [
"[resourceId('Microsoft.DocumentDb/databaseAccounts', variables('developmentSettingsDbName'))]"
],
"permissions": [
{
"dataActions": [
"Microsoft.DocumentDB/databaseAccounts/readMetadata",
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/",
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/"
],
"notDataActions": []
}
]
}
},
{
"type": "Microsoft.ManagedIdentity/userAssignedIdentities",
"name": "myContributor",
"apiVersion": "2018-11-30",
"location": "[resourceGroup().location]"
},
{
"type": "Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments",
"apiVersion": "2021-05-15",
"name": "[concat(variables('developmentSettingsDbName'),'/', variables('cosmosDbContributorRoleAssignmentId'))]",
"dependsOn": [
"[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', 'universeContributor')]",
"[resourceId('Microsoft.DocumentDb/databaseAccounts', variables('developmentSettingsDbName'))]",
"[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions', variables('developmentSettingsDbName'), variables('cosmosDbContributorRoleDefinitionId'))]"
],
"properties": {
"roleDefinitionId": "[resourceId('Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions', variables('developmentSettingsDbName'), variables('cosmosDbContributorRoleDefinitionId'))]",
"principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities/', 'myContributor'), '2018-11-30').principalId]",
"scope": "[resourceId('Microsoft.DocumentDb/databaseAccounts', variables('developmentSettingsDbName'))]"
}
}
any thoughts would be appriciated