Skip to content

Bug: [AKS] Cant update the cluster using 'createorupdate', the 'UserAssignedIdentities' property cant be parsed #13501

New issue
New issue
Open
Open
Bug: [AKS] Cant update the cluster using 'createorupdate', the 'UserAssignedIdentities' property cant be parsed#13501
Labels
AKSService AttentionWorkflow: This issue is responsible by Azure service team.questionThe issue doesn't require a change to the product in order to be resolved. Most issues start as that
@martijn1279

Description

@martijn1279
martijn1279
opened on Mar 18, 2021

Hello,

We have a AKS cluster with a user assigned managed identity but we cant update the cluster using the REST API or the Portal

Reproduction steps

1. create a aks cluster using Terraform:

  1. make main.tf file with following config:
terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "=2.46.0"
    }
  }
}

provider "azurerm" {
  features {}
}

resource "azurerm_resource_group" "example" {
  name     = "example-resources"
  location = "West Europe"
}

resource "azurerm_user_assigned_identity" "example" {
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location
  name                = "example_user_assigned_identity"
}

resource "azurerm_kubernetes_cluster" "example" {
  name                = "example-aks1"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  dns_prefix          = "exampleaks1"

  default_node_pool {
    name       = "default"
    node_count = 1
    vm_size    = "Standard_D2_v2"
  }

  identity {
    type                      = "UserAssigned"
    user_assigned_identity_id = azurerm_user_assigned_identity.example.id
  }
}
  1. execute terraform init
  2. execute terraform apply -auto-approve

2.1 updating using the Terraform

  1. added following to the AKS resource in terraform:
api_server_authorized_ip_ranges = ["168.63.129.16"]
  1. execute terraform apply -auto-approve -> error:
Error: updating Managed Kubernetes Cluster "example-aks1" (Resource Group "example-resources"): containerservice.ManagedClustersClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="InvalidIdentityValues" Message="Invalid value for the identities '/subscriptions/***/resourceGroups/example-resources/providers/Microsoft.ManagedIdentity/userAssignedIdentities/example_user_assigned_identity'. The 'UserAssignedIdentities' property keys should only be empty json objects, null or the resource exisiting property."

  on main.tf line 25, in resource "azurerm_kubernetes_cluster" "example":
  25: resource "azurerm_kubernetes_cluster" "example" {

2.2 updating using the Rest API

If we want to update the aks cluster with 'createorupdate'(API version: 2021-02-01) rest call with the json obtained from the 'get'(API version: 2021-02-01) rest call we get the following error:

{
  "error": {
    "code": "InvalidIdentityValues",
    "message": "Invalid value for the identities '/subscriptions/***/resourceGroups/***/providers/Microsoft.ManagedIdentity/userAssignedIdentities/***'. The 'UserAssignedIdentities' property keys should only be empty json objects, null or the resource exisiting property."
  }
}

2.3 updating using the Azure Portal

if we want to set authorized IP ranges the aks cluster in portal we get the same error:
aks update error

Thanks!

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    AKSService AttentionWorkflow: This issue is responsible by Azure service team.questionThe issue doesn't require a change to the product in order to be resolved. Most issues start as that

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions