1. Granting a service principal access to Kusto database

    TypeScript

    To grant a service principal access to a Kusto database in Azure, you would use the azure-native.kusto.DatabasePrincipalAssignment resource from Pulumi's Azure Native provider. This resource allows you to define a principal assignment, which grants permissions to the service principal to perform certain actions on the Kusto database, such as reading or writing data.

    The DatabasePrincipalAssignment resource requires several properties to be set:

    • resourceGroupName: The name of the resource group that the Kusto cluster resides in.
    • clusterName: The name of the Kusto cluster.
    • databaseName: The name of the Kusto database.
    • principalAssignmentName: The name of the principal assignment.
    • principalId: The ID of the service principal.
    • principalType: The type of principal, which can be "App", "Group", "User" or "ServicePrincipal".
    • role: The role to assign to the principal, e.g., "Admin", "Viewer", "User", "UnrestrictedViewers", etc.
    • tenantId: The ID of the tenant that the service principal belongs to. This is required for service principals.

    Below is a Pulumi program written in TypeScript that demonstrates how to create a principal assignment for a service principal on a Kusto database.

    import * as pulumi from "@pulumi/pulumi"; import * as azure_native from "@pulumi/azure-native"; // Create a Kusto Database Principal Assignment to grant a service principal access to a Kusto database. const principalAssignment = new azure_native.kusto.DatabasePrincipalAssignment("myPrincipalAssignment", { // Replace these values with the actual names and IDs of your resources and principal. resourceGroupName: "myResourceGroup", clusterName: "myCluster", databaseName: "myDatabase", principalAssignmentName: "myPrincipalAssignment", principalId: "00000000-0000-0000-0000-000000000000", // Service principal ID principalType: "App", // Specify the type of principal role: "Viewer", // Define the role of the principal in the Kusto database tenantId: "00000000-0000-0000-0000-000000000000" // Specify your tenant ID }); export const principalAssignmentId = principalAssignment.id;

    In this code snippet:

    • We import the required Pulumi and Azure Native modules.
    • We instantiate a DatabasePrincipalAssignment resource with the necessary properties. You need to replace the placeholder values with your actual resource group name, cluster name, database name, and the IDs of your service principal and tenant.
    • We export the principalAssignmentId which you can use to reference this principal assignment in further operations or outputs.

    This Pulumi program will grant the specified service principal viewer access to the named Kusto database. The viewer role typically allows the principal to read data from the database but not modify it. You will need to have the Azure CLI installed and be logged in for the Pulumi program to interact with your Azure subscription. You can use different roles as per your requirement.

    For more information about azure-native.kusto.DatabasePrincipalAssignment, you can visit the documentation.