az spring app identity
Note
This reference is part of the spring extension for the Azure CLI (version 2.56.0 or higher). The extension will automatically install the first time you run an az spring app identity command. Learn more about extensions.
Manage an app's managed identities.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az spring app identity assign |
Enable system-assigned managed identity or assign user-assigned managed identities to an app. |
Extension | GA |
| az spring app identity force-set |
Force set managed identities on an app. |
Extension | GA |
| az spring app identity remove |
Remove managed identity from an app. |
Extension | GA |
| az spring app identity show |
Display app's managed identity info. |
Extension | GA |
az spring app identity assign
Enable system-assigned managed identity or assign user-assigned managed identities to an app.
az spring app identity assign --name
--resource-group
--service
[--role]
[--scope]
[--system-assigned {false, true}]
[--user-assigned]Examples
Enable the system assigned identity.
az spring app identity assign -n MyApp -s MyCluster -g MyResourceGroup --system-assignedEnable the system assigned identity on an app with the 'Reader' role.
az spring app identity assign -n MyApp -s MyCluster -g MyResourceGroup --system-assigned --role Reader --scope /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/xxxxx/providers/Microsoft.KeyVault/vaults/xxxxxAssign two user-assigned managed identities to an app.
az spring app identity assign -n MyApp -s MyCluster -g MyResourceGroup --user-assigned IdentityResourceId1 IdentityResourceId2Required Parameters
The name of app running in the specified Azure Spring Apps instance.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
The name of Azure Spring Apps instance, you can configure the default service using az configure --defaults spring=.
Optional Parameters
Role name or id the managed identity will be assigned.
The scope the managed identity has access to.
Enable system-assigned managed identity on an app.
Space-separated user-assigned managed identity resource IDs to assgin to an app.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az spring app identity force-set
Force set managed identities on an app.
az spring app identity force-set --name
--resource-group
--service
--system-assigned
--user-assignedExamples
Force remove all managed identities on an app.
az spring app identity force-set -n MyApp -s MyCluster -g MyResourceGroup --system-assigned disable --user-assigned disableForce remove all user-assigned managed identities on an app, and enable or keep system-assigned managed identity.
az spring app identity force-set -n MyApp -s MyCluster -g MyResourceGroup --system-assigned enable --user-assigned disableForce remove system-assigned managed identity on an app, and assign or keep user-assigned managed identities.
az spring app identity force-set -n MyApp -s MyCluster -g MyResourceGroup --system-assigned disable --user-assigned IdentityResourceId1 IdentityResourceId2Required Parameters
The name of app running in the specified Azure Spring Apps instance.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
The name of Azure Spring Apps instance, you can configure the default service using az configure --defaults spring=.
Allowed values: ["enable", "disable"]. Use "enable" to enable or keep system-assigned managed identity. Use "disable" to remove system-assigned managed identity.
Allowed values: ["disable", space-separated user-assigned managed identity resource IDs]. Use "disable" to remove all user-assigned managed identities, use resource IDs to assign or keep user-assigned managed identities.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az spring app identity remove
Remove managed identity from an app.
az spring app identity remove --name
--resource-group
--service
[--system-assigned {false, true}]
[--user-assigned]Examples
Remove the system-assigned managed identity from an app.
az spring app identity remove -n MyApp -s MyCluster -g MyResourceGroup --system-assignedRemove the system-assigned and user-assigned managed identities from an app.
az spring app identity remove -n MyApp -s MyCluster -g MyResourceGroup --system-assigned --user-assigned IdentityResourceId1 IdentityResourceId2Remove ALL user-assigned managed identities from an app.
az spring app identity remove -n MyApp -s MyCluster -g MyResourceGroup --user-assignedRequired Parameters
The name of app running in the specified Azure Spring Apps instance.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
The name of Azure Spring Apps instance, you can configure the default service using az configure --defaults spring=.
Optional Parameters
Remove system-assigned managed identity.
Space-separated user-assigned managed identity resource IDs to remove. If no ID is provided, remove ALL user-assigned managed identities.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az spring app identity show
Display app's managed identity info.
az spring app identity show --name
--resource-group
--serviceExamples
Display an app's managed identity info.
az spring app identity show -n MyApp -s MyCluster -g MyResourceGroupRequired Parameters
The name of app running in the specified Azure Spring Apps instance.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
The name of Azure Spring Apps instance, you can configure the default service using az configure --defaults spring=.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
