你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn

az spring app identity

Note

This reference is part of the spring extension for the Azure CLI (version 2.38.0 or higher). The extension will automatically install the first time you run an az spring app identity command. Learn more about extensions.

Manage an app's managed identities.

Commands

az spring app identity assign

Enable system-assigned managed identity or assign user-assigned managed identities to an app.

az spring app identity force-set

Force set managed identities on an app.

az spring app identity remove

Remove managed identity from an app.

az spring app identity show

Display app's managed identity info.

az spring app identity assign

Enable system-assigned managed identity or assign user-assigned managed identities to an app.

az spring app identity assign --name
                              --resource-group
                              --service
                              [--role]
                              [--scope]
                              [--system-assigned {false, true}]
                              [--user-assigned]

Examples

Enable the system assigned identity.

az spring app identity assign -n MyApp -s MyCluster -g MyResourceGroup --system-assigned

Enable the system assigned identity on an app with the 'Reader' role.

az spring app identity assign -n MyApp -s MyCluster -g MyResourceGroup --system-assigned --role Reader --scope /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/xxxxx/providers/Microsoft.KeyVault/vaults/xxxxx

Assign two user-assigned managed identities to an app.

az spring app identity assign -n MyApp -s MyCluster -g MyResourceGroup --user-assigned IdentityResourceId1 IdentityResourceId2

Required Parameters

--name -n

Name of app.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--service -s

Name of Azure Spring Apps, you can configure the default service using az configure --defaults spring=.

Optional Parameters

--role

Role name or id the managed identity will be assigned.

--scope

The scope the managed identity has access to.

--system-assigned

Enable system-assigned managed identity on an app.

accepted values: false, true
--user-assigned

Space-separated user-assigned managed identity resource IDs to assgin to an app.

az spring app identity force-set

Force set managed identities on an app.

az spring app identity force-set --name
                                 --resource-group
                                 --service
                                 --system-assigned
                                 --user-assigned

Examples

Force remove all managed identities on an app.

az spring app identity force-set -n MyApp -s MyCluster -g MyResourceGroup --system-assigned disable --user-assigned disable

Force remove all user-assigned managed identities on an app, and enable or keep system-assigned managed identity.

az spring app identity force-set -n MyApp -s MyCluster -g MyResourceGroup --system-assigned enable --user-assigned disable

Force remove system-assigned managed identity on an app, and assign or keep user-assigned managed identities.

az spring app identity force-set -n MyApp -s MyCluster -g MyResourceGroup --system-assigned disable --user-assigned IdentityResourceId1 IdentityResourceId2

Required Parameters

--name -n

Name of app.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--service -s

Name of Azure Spring Apps, you can configure the default service using az configure --defaults spring=.

--system-assigned

Allowed values: ["enable", "disable"]. Use "enable" to enable or keep system-assigned managed identity. Use "disable" to remove system-assigned managed identity.

--user-assigned

Allowed values: ["disable", space-separated user-assigned managed identity resource IDs]. Use "disable" to remove all user-assigned managed identities, use resource IDs to assign or keep user-assigned managed identities.

az spring app identity remove

Remove managed identity from an app.

az spring app identity remove --name
                              --resource-group
                              --service
                              [--system-assigned {false, true}]
                              [--user-assigned]

Examples

Remove the system-assigned managed identity from an app.

az spring app identity remove -n MyApp -s MyCluster -g MyResourceGroup --system-assigned

Remove the system-assigned and user-assigned managed identities from an app.

az spring app identity remove -n MyApp -s MyCluster -g MyResourceGroup --system-assigned --user-assigned IdentityResourceId1 IdentityResourceId2

Remove ALL user-assigned managed identities from an app.

az spring app identity remove -n MyApp -s MyCluster -g MyResourceGroup --user-assigned

Required Parameters

--name -n

Name of app.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--service -s

Name of Azure Spring Apps, you can configure the default service using az configure --defaults spring=.

Optional Parameters

--system-assigned

Remove system-assigned managed identity.

accepted values: false, true
--user-assigned

Space-separated user-assigned managed identity resource IDs to remove. If no ID is provided, remove ALL user-assigned managed identities.

az spring app identity show

Display app's managed identity info.

az spring app identity show --name
                            --resource-group
                            --service

Examples

Display an app's managed identity info.

az spring app identity show -n MyApp -s MyCluster -g MyResourceGroup

Required Parameters

--name -n

Name of app.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--service -s

Name of Azure Spring Apps, you can configure the default service using az configure --defaults spring=.