User Assigned Identities - Create Or Update

Reference

Service:: Managed Identity

API Version:: 2023-01-31

Create or update an identity in the specified subscription and resource group.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{resourceName}?api-version=2023-01-31

URI Parameters

Name	In	Required	Type	Description
resourceGroupName	path	True	string	The name of the Resource Group to which the identity belongs.
resourceName	path	True	string	The name of the identity resource.
subscriptionId	path	True	string	The Id of the Subscription to which the identity belongs.
api-version	query	True	string	Version of API to invoke.

Request Body

Name	Required	Type	Description
location	True	string	The geo-location where the resource lives
tags		object	Resource tags.

Responses

Name	Type	Description
200 OK	Identity	Updated identity
201 Created	Identity	Created identity
Other Status Codes	CloudError	Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

IdentityCreate

Sample request

PUT https://management.azure.com/subscriptions/subid/resourceGroups/rgName/providers/Microsoft.ManagedIdentity/userAssignedIdentities/resourceName?api-version=2023-01-31

{
  "location": "eastus",
  "tags": {
    "key1": "value1",
    "key2": "value2"
  }
}


import com.azure.resourcemanager.msi.fluent.models.IdentityInner;
import java.util.HashMap;
import java.util.Map;

/**
 * Samples for UserAssignedIdentities CreateOrUpdate.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/msi/resource-manager/Microsoft.ManagedIdentity/stable/2023-01-31/examples/IdentityCreate.json
     */
    /**
     * Sample code: IdentityCreate.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void identityCreate(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.identities().manager().serviceClient().getUserAssignedIdentities().createOrUpdateWithResponse("rgName",
            "resourceName",
            new IdentityInner().withLocation("eastus")
                .withTags(mapOf("key1", "fakeTokenPlaceholder", "key2", "fakeTokenPlaceholder")),
            com.azure.core.util.Context.NONE);
    }

    // Use "Map.of" if available
    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

from azure.identity import DefaultAzureCredential
from azure.mgmt.msi import ManagedServiceIdentityClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-msi
# USAGE
    python identity_create.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = ManagedServiceIdentityClient(
        credential=DefaultAzureCredential(),
        subscription_id="subid",
    )

    response = client.user_assigned_identities.create_or_update(
        resource_group_name="rgName",
        resource_name="resourceName",
        parameters={"location": "eastus", "tags": {"key1": "value1", "key2": "value2"}},
    )
    print(response)


# x-ms-original-file: specification/msi/resource-manager/Microsoft.ManagedIdentity/stable/2023-01-31/examples/IdentityCreate.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armmsi_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/3d7a3848106b831a4a7f46976fe38aa605c4f44d/specification/msi/resource-manager/Microsoft.ManagedIdentity/stable/2023-01-31/examples/IdentityCreate.json
func ExampleUserAssignedIdentitiesClient_CreateOrUpdate() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armmsi.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewUserAssignedIdentitiesClient().CreateOrUpdate(ctx, "rgName", "resourceName", armmsi.Identity{
		Location: to.Ptr("eastus"),
		Tags: map[string]*string{
			"key1": to.Ptr("value1"),
			"key2": to.Ptr("value2"),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.Identity = armmsi.Identity{
	// 	Name: to.Ptr("identityName"),
	// 	Type: to.Ptr("Microsoft.ManagedIdentity/userAssignedIdentities"),
	// 	ID: to.Ptr("/subscriptions/subid/resourcegroups/rgName/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identityName"),
	// 	Location: to.Ptr("eastus"),
	// 	Tags: map[string]*string{
	// 		"key1": to.Ptr("value1"),
	// 		"key2": to.Ptr("value2"),
	// 	},
	// 	Properties: &armmsi.UserAssignedIdentityProperties{
	// 		ClientID: to.Ptr("4024ab25-56a8-4370-aea6-6389221caf29"),
	// 		PrincipalID: to.Ptr("25cc773c-7f05-40fc-a104-32d2300754ad"),
	// 		TenantID: to.Ptr("b6c948ef-f6b5-4384-8354-da3a15eca969"),
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { ManagedServiceIdentityClient } = require("@azure/arm-msi");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Create or update an identity in the specified subscription and resource group.
 *
 * @summary Create or update an identity in the specified subscription and resource group.
 * x-ms-original-file: specification/msi/resource-manager/Microsoft.ManagedIdentity/stable/2023-01-31/examples/IdentityCreate.json
 */
async function identityCreate() {
  const subscriptionId = process.env["MSI_SUBSCRIPTION_ID"] || "subid";
  const resourceGroupName = process.env["MSI_RESOURCE_GROUP"] || "rgName";
  const resourceName = "resourceName";
  const parameters = {
    location: "eastus",
    tags: { key1: "value1", key2: "value2" },
  };
  const credential = new DefaultAzureCredential();
  const client = new ManagedServiceIdentityClient(credential, subscriptionId);
  const result = await client.userAssignedIdentities.createOrUpdate(
    resourceGroupName,
    resourceName,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ManagedServiceIdentities;

// Generated from example definition: specification/msi/resource-manager/Microsoft.ManagedIdentity/stable/2023-01-31/examples/IdentityCreate.json
// this example is just showing the usage of "UserAssignedIdentities_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "subid";
string resourceGroupName = "rgName";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);

// get the collection of this UserAssignedIdentityResource
UserAssignedIdentityCollection collection = resourceGroupResource.GetUserAssignedIdentities();

// invoke the operation
string resourceName = "resourceName";
UserAssignedIdentityData data = new UserAssignedIdentityData(new AzureLocation("eastus"))
{
    Tags =
    {
    ["key1"] = "value1",
    ["key2"] = "value2",
    },
};
ArmOperation<UserAssignedIdentityResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
UserAssignedIdentityResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
UserAssignedIdentityData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample response

Status code:: 201

{
  "id": "/subscriptions/subid/resourcegroups/rgName/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identityName",
  "location": "eastus",
  "name": "identityName",
  "properties": {
    "clientId": "4024ab25-56a8-4370-aea6-6389221caf29",
    "principalId": "25cc773c-7f05-40fc-a104-32d2300754ad",
    "tenantId": "b6c948ef-f6b5-4384-8354-da3a15eca969"
  },
  "tags": {
    "key1": "value1",
    "key2": "value2"
  },
  "type": "Microsoft.ManagedIdentity/userAssignedIdentities"
}

Status code:: 200

{
  "id": "/subscriptions/subid/resourcegroups/rgName/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identityName",
  "location": "eastus",
  "name": "identityName",
  "properties": {
    "clientId": "4024ab25-56a8-4370-aea6-6389221caf29",
    "principalId": "25cc773c-7f05-40fc-a104-32d2300754ad",
    "tenantId": "b6c948ef-f6b5-4384-8354-da3a15eca969"
  },
  "tags": {
    "key1": "value1",
    "key2": "value2"
  },
  "type": "Microsoft.ManagedIdentity/userAssignedIdentities"
}

Definitions

Name	Description
CloudError	An error response from the ManagedServiceIdentity service.
CloudErrorBody	An error response from the ManagedServiceIdentity service.
createdByType	The type of identity that created the resource.
Identity	Describes an identity resource.
systemData	Metadata pertaining to creation and last modification of the resource.

CloudError

An error response from the ManagedServiceIdentity service.

Name	Type	Description
error	CloudErrorBody	A list of additional details about the error.

CloudErrorBody

An error response from the ManagedServiceIdentity service.

Name	Type	Description
code	string	An identifier for the error.
details	CloudErrorBody[]	A list of additional details about the error.
message	string	A message describing the error, intended to be suitable for display in a user interface.
target	string	The target of the particular error. For example, the name of the property in error.

createdByType

The type of identity that created the resource.

Name	Type	Description
Application	string
Key	string
ManagedIdentity	string
User	string

Identity

Describes an identity resource.

Name	Type	Description
id	string	Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
location	string	The geo-location where the resource lives
name	string	The name of the resource
properties.clientId	string	The id of the app associated with the identity. This is a random generated UUID by MSI.
properties.principalId	string	The id of the service principal object associated with the created identity.
properties.tenantId	string	The id of the tenant which the identity belongs to.
systemData	systemData	Azure Resource Manager metadata containing createdBy and modifiedBy information.
tags	object	Resource tags.
type	string	The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

systemData

Metadata pertaining to creation and last modification of the resource.

Name	Type	Description
createdAt	string	The timestamp of resource creation (UTC).
createdBy	string	The identity that created the resource.
createdByType	createdByType	The type of identity that created the resource.
lastModifiedAt	string	The timestamp of resource last modification (UTC)
lastModifiedBy	string	The identity that last modified the resource.
lastModifiedByType	createdByType	The type of identity that last modified the resource.