azure-cli
azure-cli copied to clipboard
Azure
Use managed identity to command creates an event subscription for an event grid system topic
Related command This is possible to use Managed Identity for custom topics like this
storageid=$(az storage account show --name demoStorage --resource-group gridResourceGroup --query id --output tsv)
deadletterendpoint="$storageid/blobServices/default/containers/<BLOB CONTAINER NAME>"
az eventgrid event-subscription create
--source-resource-id /subscriptions/$subid/resourceGroups/$rg/providers/Microsoft.EventGrid/topics/$topicname
--delivery-identity-endpoint-type servicebusqueue
--delivery-identity systemassigned
--delivery-identity-endpoint $queueid
--deadletter-identity-endpoint $deadletterendpoint
--deadletter-identity systemassigned
-n $sb_esnameq
But based on the documentation this is not possible for system topics.
az eventgrid system-topic event-subscription create --name
--resource-group
--system-topic-name
[--aad-tenant-id]
[--advanced-filter]
[--azure-active-directory-application-id-or-uri]
[--deadletter-endpoint]
[--delivery-attribute-mapping]
[--enable-advanced-filtering-on-arrays {false, true}]
[--endpoint]
[--endpoint-type {azurefunction, eventhub, hybridconnection, servicebusqueue, servicebustopic, storagequeue, webhook}]
[--event-delivery-schema {cloudeventschemav1_0, custominputschema, eventgridschema}]
[--event-ttl]
[--expiration-date]
[--included-event-types]
[--labels]
[--max-delivery-attempts]
[--max-events-per-batch]
[--preferred-batch-size-in-kilobytes]
[--qttl]
[--subject-begins-with]
[--subject-case-sensitive {false, true}]
[--subject-ends-with]
Is your feature request related to a problem? Please describe. This is not possible to use managed identity for system topics.
Describe the solution you'd like I would like to have parameters like
--delivery-identity-endpoint-type servicebusqueue
--delivery-identity systemassigned
--delivery-identity-endpoint $queueid
--deadletter-identity-endpoint $deadletterendpoint
--deadletter-identity systemassigned
for system topics.
Describe alternatives you've considered NA
Additional context NA
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @jfggdl.
Issue Details
Related command This is possible to use Managed Identity for custom topics like this
storageid=$(az storage account show --name demoStorage --resource-group gridResourceGroup --query id --output tsv)
deadletterendpoint="$storageid/blobServices/default/containers/<BLOB CONTAINER NAME>"
az eventgrid event-subscription create
--source-resource-id /subscriptions/$subid/resourceGroups/$rg/providers/Microsoft.EventGrid/topics/$topicname
--delivery-identity-endpoint-type servicebusqueue
--delivery-identity systemassigned
--delivery-identity-endpoint $queueid
--deadletter-identity-endpoint $deadletterendpoint
--deadletter-identity systemassigned
-n $sb_esnameq
But based on the documentation this is not possible for system topics.
az eventgrid system-topic event-subscription create --name
--resource-group
--system-topic-name
[--aad-tenant-id]
[--advanced-filter]
[--azure-active-directory-application-id-or-uri]
[--deadletter-endpoint]
[--delivery-attribute-mapping]
[--enable-advanced-filtering-on-arrays {false, true}]
[--endpoint]
[--endpoint-type {azurefunction, eventhub, hybridconnection, servicebusqueue, servicebustopic, storagequeue, webhook}]
[--event-delivery-schema {cloudeventschemav1_0, custominputschema, eventgridschema}]
[--event-ttl]
[--expiration-date]
[--included-event-types]
[--labels]
[--max-delivery-attempts]
[--max-events-per-batch]
[--preferred-batch-size-in-kilobytes]
[--qttl]
[--subject-begins-with]
[--subject-case-sensitive {false, true}]
[--subject-ends-with]
Is your feature request related to a problem? Please describe. This is not possible to use managed identity for system topics.
Describe the solution you'd like I would like to have parameters like
--delivery-identity-endpoint-type servicebusqueue
--delivery-identity systemassigned
--delivery-identity-endpoint $queueid
--deadletter-identity-endpoint $deadletterendpoint
--deadletter-identity systemassigned
for system topics.
Describe alternatives you've considered NA
Additional context NA
| Author: | kmadof |
|---|---|
| Assignees: | - |
| Labels: |
|
| Milestone: | Backlog |
Any update? Facing the same issue, unable to create Event Subscriptions with System Assigned Identity for Delivery with cli version 2.49
unrecognized arguments: --delivery-identity-endpoint-type servicebusqueue --delivery-identity systemassigned
Examples from AI knowledge base:
az eventgrid system-topic event-subscription create --endpoint /subscriptions/{SubID}/resourceGroups/{RG}/providers/Microsoft.Web/sites/{functionappname}/functions/{functionname} --endpoint-type webhook --included-event-types Microsoft.Storage.BlobCreated Microsoft.Storage.BlobDeleted --name es1 --resource-group rg1 --system-topic-name systemtopic1
Create a new event subscription for a system topic (autogenerated)
az eventgrid system-topic event-subscription create --endpoint /subscriptions/{SubID}/resourceGroups/{RG}/providers/Microsoft.Web/sites/{functionappname}/functions/{functionname} --endpoint-type webhook --event-delivery-schema eventgridschema --included-event-types Microsoft.Storage.BlobCreated Microsoft.Storage.BlobDeleted --name es1 --resource-group rg1 --system-topic-name systemtopic1
Is there any update to this? It seems to be impossible to use New-AzEventGridSystemTopicEventSubscription if you plan to use Microsoft's recommended security model (managed identity).
These properties are exposed in bicep and arm, so why isn't this fundamentally critical parameter not available in Az?
I have the same issue - we're going for User Assigned Managed Identity across our solutions. The support for managed identity for eventgrid using Azure CLI is really scarse at the moment CLI Version: 2.61.0
Even when creating a topic specifying user assigned identity, the topic get created without errors but no identity is set
az eventgrid topic create --name $topicName --resource-group $resourcegroup --mi-user-assigned $uaiIdentityId $uaiClientID $uaiPrincipalId --input-schema CloudEventSchemaV1_0
{
"dataResidencyBoundary": "WithinGeopair",
"disableLocalAuth": false,
"endpoint": "https://mytopic.northeurope-1.eventgrid.azure.net/api/events",
"extendedLocation": null,
"id": "/subscriptions/***********/resourceGroups/***********/providers/Microsoft.EventGrid/topics/mytopic",
"identity": {
"principalId": null,
"tenantId": null,
"type": "None",
"userAssignedIdentities": null // <---- NULL!!
},
"inboundIpRules": null,
"inputSchema": "CloudEventSchemaV1_0",
"inputSchemaMapping": null,
"kind": "Azure",
"location": "northeurope",
"metricResourceId": "a04ebd36-1d58-4c5c-ba92-07f3a67681cc",
"name": "mytopic",
"privateEndpointConnections": null,
"provisioningState": "Succeeded",
"publicNetworkAccess": "Enabled",
"resourceGroup": "***********",
"sku": {
"name": "Basic"
},
"systemData": null,
"tags": {
"DateCreated": "2024-06-04"
},
"type": "Microsoft.EventGrid/topics"
}
