Add cluster principals for Azure Data Explorer by using C#
Azure Data Explorer is a fast and highly scalable data exploration service for log and telemetry data. In this article, you add cluster principals for Azure Data Explorer by using C#.
Prerequisites
- Visual Studio 2019, download and use the free Visual Studio 2019 Community Edition. Enable Azure development during the Visual Studio setup.
- An Azure subscription. Create a free Azure account.
- Create a cluster and database.
Install C# NuGet
- Install Microsoft.Azure.Management.kusto.
- Install Microsoft.Rest.ClientRuntime.Azure.Authentication for authentication.
Authentication
To run the following example, you need an Azure Active Directory (Azure AD) application and service principal that can access resources. To create a free Azure AD application and add role assignment at the subscription level, see Create an Azure AD application. You also need the directory (tenant) ID, application ID, and client secret.
Add a cluster principal
The following example shows you how to add a cluster principal programmatically.
var tenantId = "xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxx";//Directory (tenant) ID
var clientId = "xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxx";//Application ID
var clientSecret = "xxxxxxxxxxxxxx";//Client Secret
var subscriptionId = "xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxx";
var serviceCreds = await ApplicationTokenProvider.LoginSilentAsync(tenantId, clientId, clientSecret);
var kustoManagementClient = new KustoManagementClient(serviceCreds)
{
SubscriptionId = subscriptionId
};
var resourceGroupName = "testrg";
//The cluster that is created as part of the Prerequisites
var clusterName = "mykustocluster";
string principalAssignmentName = "clusterPrincipalAssignment1";
string principalId = "xxxxxxxx";//User email, application ID, or security group name
string role = "AllDatabasesAdmin";//AllDatabasesAdmin, AllDatabasesMonitor or AllDatabasesViewer
string tenantIdForPrincipal = tenantId;
string principalType = "App";//User, App, or Group
var clusterPrincipalAssignment = new ClusterPrincipalAssignment(principalId, role, principalType, tenantId: tenantIdForPrincipal);
await kustoManagementClient.ClusterPrincipalAssignments.CreateOrUpdateAsync(resourceGroupName, clusterName, principalAssignmentName, clusterPrincipalAssignment);
| Setting | Suggested value | Field description |
|---|---|---|
| tenantId | xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxx | Your tenant ID. Also known as directory ID. |
| subscriptionId | xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxx | The subscription ID that you use for resource creation. |
| clientId | xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxx | The client ID of the application that can access resources in your tenant. |
| clientSecret | xxxxxxxxxxxxxx | The client secret of the application that can access resources in your tenant. |
| resourceGroupName | testrg | The name of the resource group containing your cluster. |
| clusterName | mykustocluster | The name of your cluster. |
| principalAssignmentName | clusterPrincipalAssignment1 | The name of your cluster principal resource. |
| principalId | xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxx | The principal ID, which can be user email, application ID, or security group name. |
| role | AllDatabasesAdmin | The role of your cluster principal, which can be 'AllDatabasesAdmin', 'AllDatabasesMonitor', or 'AllDatabasesViewer'. |
| tenantIdForPrincipal | xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxx | The tenant ID of the principal. |
| principalType | App | The type of the principal, which can be 'User', 'App', or 'Group' |