question

AnisElleuch-0897 avatar image
0 Votes"
AnisElleuch-0897 asked ·

Unable to get resourceUsageId in a VM running in a managed application offer

Hey there!

I have a managed application which deploys some VMs in the customer subscription. I want from those VMs to send custom billing events to the metering API.

I've read this link https://docs.microsoft.com/en-us/azure/marketplace/partner-center-portal/marketplace-metering-service-authentication, and
if I understood correctly, the goal is to find resourceUsageId before emitting usage.

As I followed Using the Azure-managed identities token section of the link above, all steps worked except forth step (the last one).




$ curl -H 'Authorization: Bearer xxxxxxx’ 'https://management.azure.com/subscriptions/xx-xx-xx-xx-xx/resourceGroups/xx-preview-20201124221221/providers/Microsoft.Solutions/applications/subscriptions/xx-xx-xx-xx-xx/resourceGroups/xx/providers/Microsoft.Solutions/applications/xxx?api-version=2019-07-01

{'error':{'code';'ResourceNotFound','message':'The Resource Microsoft.Solutions/applications/subscriptions under resource group 'xx--preview-20201124221221'; was not found. For more details please go to https://aka.ms/ARMResourceNotFoundFix'}}




By the way, the managed app id (managedBy property) in my case has this format: /subscriptions/xx-xx-xx-xx-xx/resourceGroups/xx/providers/Microsoft.Solutions/applications/xxx

Could I get some guidance on this ?

Cordially,

azure-managed-applications
· 2
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@AnisElleuch-0897 Thanks for your query. Community SME's on this topic or our team will review your scenario and circle back at the possible earliest time.

0 Votes 0 ·

@AnisElleuch-0897 It looks like an issue which needs troubleshooting to find out the cause. As this is beyond the purview of the Forums Support, we would request you to create a Technical Ticket by following these steps so that our engineers can help you appropriately.


0 Votes 0 ·

1 Answer

DanielLeteyski-0750 avatar image
0 Votes"
DanielLeteyski-0750 answered ·

Hi,
I've been there.
It turned out Microsoft's example code is a bit wrong (may be they have changed something )
Instead of pulling
"https://management.azure.com/subscriptions/xxxxxxxxx/resourceGroups/xx-preview-20201124221221/providers/Microsoft.Solutions/applications/xxx?api-version=2019-07-01"

you need to query :

"https://management.azure.com/subscriptions/xxxxxxxxx/resourceGroups/(the resource group in which the Managed App is located. And it differs from where the resources are deployed)/providers/Microsoft.Solutions/applications/xxx\?api-version=2019-07-01"
It worked for me. Though, you need to set a system managed identity and give read access of the VM to the Managed App.
If you are trying to deploy a marketplace offer, it gets even worse. The deployment is executed in the seller's tenant context and when your deployment script tries to set the Managed Identity, it can not. Cross tenant Managed identities are not supported.
So I'm stuck there.

Here is a script that sets Managed Identity, but it fails because it does not have rights.
{
"type": "Microsoft.Resources/deployments",
"name": "DeployRBACroleToVM",
"apiVersion": "2020-06-01",
"resourceGroup": "[parameters('RG_name')]",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
},
"variables": {},
"resources": [
{
"type": "Microsoft.Solutions/applications/providers/roleAssignments",
"apiVersion": "2019-04-01-preview",
"name": "[concat(parameters('ManagedAppName'),'/Microsoft.Authorization/',guid(resourceGroup().id))]",
"properties": {
"roleDefinitionId": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]",
"delegatedManagedIdentityResourceId": "[concat(subscription().id, '/providers/Microsoft.Compute/virtualMachines/', parameters('vmName'))]",
"principalId": "[reference(resourceId('Microsoft.Compute/virtualMachines', parameters('vmName')), '2020-12-01','full').identity.principalId]"
}
}
]
},
"parameters": {}
}
}

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.