Skip to content

CLI Steps Not working | For enabling CMK on your existing Azure Cosmos DB account with Continuous backup or Analytical store account #28511

Open
Open
CLI Steps Not working | For enabling CMK on your existing Azure Cosmos DB account with Continuous backup or Analytical store account#28511
Labels
Auto-AssignAuto assign by botCosmosDBaz cosmosdbService AttentionThis issue is responsible by Azure service team.act-codegen-extensibility-squadbugThis issue requires a change to an existing behavior in the product in order to be resolved.customer-reportedIssues that are reported by GitHub users external to the Azure organization.
@archanchoudhury-uptycs

Description

@archanchoudhury-uptycs
archanchoudhury-uptycs
opened on Mar 6, 2024

Describe the bug

Following the document, https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-setup-customer-managed-keys-existing-accounts#steps-to-enable-cmk-on-your-existing-azure-cosmos-db-account-with-continuous-backup-or-analytical-store-account I am trying to update the CMK to a system managed identify which is not working.

Also, in System Managed Identity, how to get the full resource ID? I am expecting the subscription and resource group would be same of the cosmos db account? If anything else, please route me to that process.

Related command

az cosmosdb update --name "archan-cassandra" --default-identity "SystemAssignedIdentity=subscriptions/XXXXXXX/resourcegroups/archan-RG/providers/Microsoft.ManagedIdentity/systemAssignedIdentities/Object-ID" --resource-group "archan-RG"

Errors

(BadRequest) The given default identity for archan-cassandra is not valid. The format for the default identity is not valid, please use 'FirstPartyIdentity'/'SystemAssignedIdentity'/'UserAssignedIdentity=<UA_resource_id>'
ActivityId: 74501aea-db9c-11ee-8991-00155d7e02ec, Microsoft.Azure.Documents.Common/2.14.0
Code: BadRequest
Message: The given default identity for archan-mongo is not valid. The format for the default identity is not valid, please use 'FirstPartyIdentity'/'SystemAssignedIdentity'/'UserAssignedIdentity=<UA_resource_id>'
ActivityId: 74501aea-db9c-11ee-8991-00155d7e02ec, Microsoft.Azure.Documents.Common/2.14.0

Issue script & Debug output

debug output has account specific information, which can't be shared openly.

Expected behavior

The CMK should be updated with azure system managed identify.

Environment Summary

azure-cli                         2.58.0

core                              2.58.0
telemetry                          1.1.0

Extensions:
ai-examples                        0.2.5
cosmosdb-preview                  0.26.0
ml                                2.23.0
ssh                                2.0.2

Dependencies:
msal                              1.26.0
azure-mgmt-resource             23.1.0b2

Python location '/usr/bin/python3.9'
Extensions directory '/home/archan/.azure/cliextensions'
Extensions system directory '/usr/lib/python3.9/site-packages/azure-cli-extensions'

Python (Linux) 3.9.14 (main, Oct 12 2023, 19:48:32) 
[GCC 11.2.0]

Legal docs and information: aka.ms/AzureCliLegal


Your CLI is up-to-date.

Additional context

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    Auto-AssignAuto assign by botCosmosDBaz cosmosdbService AttentionThis issue is responsible by Azure service team.act-codegen-extensibility-squadbugThis issue requires a change to an existing behavior in the product in order to be resolved.customer-reportedIssues that are reported by GitHub users external to the Azure organization.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions