Merge pull request #272246 from MikeRayMSFT/240321-arc-cli-ver

Update examples

Author: JamesJBarnett

articles/azure-arc/data/update-service-principal-credentials.md

@@ -7,16 +7,20 @@ ms.subservice: azure-arc-data
 author: AbdullahMSFT
 ms.author: amamun
 ms.reviewer: mikeray
-ms.date: 07/30/2021
+ms.date: 04/16/2024
 ms.topic: how-to
 ---
 
 # Update service principal credentials
 
-When the service principal credentials change, you need to update the secrets in the data controller.
+This article explains how to update the secrets in the data controller.
 
-For example, if you deployed the data controller using a specific set of values for service principal tenant ID, client ID, and client secret, and then change one or more of these values, you need to update the secrets in the data controller.  Following are the instructions to update Tenant ID, Client ID or the Client secret. 
+For example, if you:
 
+- Deployed the data controller using a specific set of values for service principal tenant ID, client ID, and client secret
+- Change one or more of these values
+
+You need to update the secrets in the data controller. 
 
 ## Background
 
@@ -36,7 +40,7 @@ The service principal was created at [Create service principal](upload-metrics-a
    kubectl edit secret/upload-service-principal-secret -n arc
    ```
 
-   The `kubecl edit` command opens the credentials .yml file in the default editor. 
+   The `kubectl edit` command opens the credentials .yml file in the default editor. 
 
 
 1. Edit the service principal secret. 
@@ -52,18 +56,18 @@ The service principal was created at [Create service principal](upload-metrics-a
    #
    apiVersion: v1
    data:
-     authority: aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29t
-     clientId: NDNiNDcwYrFTGWYzOC00ODhkLTk0ZDYtNTc0MTdkN2YxM2Uw
-     clientSecret: VFA2RH125XU2MF9+VVhXenZTZVdLdECXFlNKZi00Lm9NSw==
-     tenantId: NzJmOTg4YmYtODZmMRFVBGTJLSATkxYWItMmQ3Y2QwMTFkYjQ3
+     authority: <authority id>
+     clientId: <client id>
+     clientSecret: <client secret>==
+     tenantId: <tenant id>
    kind: Secret
    metadata:
      creationTimestamp: "2020-12-02T05:02:04Z"
      name: upload-service-principal-secret
      namespace: arc
      resourceVersion: "7235659"
      selfLink: /api/v1/namespaces/arc/secrets/upload-service-principal-secret
-     uid: 7fb693ff-6caa-4a31-b83e-9bf22be4c112
+     uid: <globally unique identifier>
    type: Opaque
    ```
 
@@ -73,14 +77,12 @@ The service principal was created at [Create service principal](upload-metrics-a
 >The values need to be base64 encoded. 
 Do not edit any other properties.
 
-If an incorrect value is provided for `clientId`, `clientSecret` or `tenantID` then you will see an error message as follows in the `control-xxxx` pod/controller container logs:
+If an incorrect value is provided for `clientId`, `clientSecret`, or `tenantID` the command returns an error message as follows in the `control-xxxx` pod/controller container logs:
 
 ```output
-YYYY-MM-DD HH:MM:SS.mmmm | ERROR | [AzureUpload] Upload task exception: A configuration issue is preventing authentication - check the error message from the server for details.You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details.  Original exception: AADSTS7000215: Invalid client secret is provided.
+YYYY-MM-DD HH:MM:SS.mmmm | ERROR | [AzureUpload] Upload task exception: A configuration issue is preventing authentication - check the error message from the server for details.You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS7000215: Invalid client secret is provided.
 ```
 
-
-
 ## Related content
 
-[Create service principal](upload-metrics-and-logs-to-azure-monitor.md#create-service-principal)
+- [Create service principal](upload-metrics-and-logs-to-azure-monitor.md#create-service-principal)

articles/azure-arc/data/upload-metrics-and-logs-to-azure-monitor.md

@@ -8,7 +8,7 @@ ms.custom: devx-track-azurecli
 author: twright-msft
 ms.author: twright
 ms.reviewer: mikeray
-ms.date: 11/03/2021
+ms.date: 04/16/2024
 ms.topic: how-to
 ---
 
@@ -72,20 +72,20 @@ az ad sp credential reset --name <ServicePrincipalName>
 For example, to create a service principal named `azure-arc-metrics`, run the following command
 
 ```azurecli
-az ad sp create-for-rbac --name azure-arc-metrics --role Contributor --scopes /subscriptions/a345c178a-845a-6a5g-56a9-ff1b456123z2/resourceGroups/myresourcegroup
+az ad sp create-for-rbac --name azure-arc-metrics --role Contributor --scopes /subscriptions/<SubscriptionId>/resourceGroups/myresourcegroup
 ```
 
 Example output:
 
 ```output
-"appId": "2e72adbf-de57-4c25-b90d-2f73f126e123",
+"appId": "<appId>",
 "displayName": "azure-arc-metrics",
 "name": "http://azure-arc-metrics",
-"password": "5039d676-23f9-416c-9534-3bd6afc78123",
-"tenant": "72f988bf-85f1-41af-91ab-2d7cd01ad1234"
+"password": "<password>",
+"tenant": "<tenant>"
 ```
 
-Save the `appId`, `password`, and `tenant` values in an environment variable for use later. 
+Save the `appId`, `password`, and `tenant` values in an environment variable for use later. These values are in the form of globally unique identifier (GUID).
 
 # [Windows](#tab/windows)
 
@@ -148,11 +148,11 @@ Example output:
 ```output
 {
   "canDelegate": null,
-  "id": "/subscriptions/<Subscription ID>/providers/Microsoft.Authorization/roleAssignments/f82b7dc6-17bd-4e78-93a1-3fb733b912d",
-  "name": "f82b7dc6-17bd-4e78-93a1-3fb733b9d123",
-  "principalId": "5901025f-0353-4e33-aeb1-d814dbc5d123",
+  "id": "/subscriptions/<Subscription ID>/providers/Microsoft.Authorization/roleAssignments/<globally unique identifier>",
+  "name": "<globally unique identifier>",
+  "principalId": "<principal id>",
   "principalType": "ServicePrincipal",
-  "roleDefinitionId": "/subscriptions/<Subscription ID>/providers/Microsoft.Authorization/roleDefinitions/3913510d-42f4-4e42-8a64-420c39005123",
+  "roleDefinitionId": "/subscriptions/<Subscription ID>/providers/Microsoft.Authorization/roleDefinitions/<globally unique identifier>",
   "scope": "/subscriptions/<Subscription ID>",
   "type": "Microsoft.Authorization/roleAssignments"
 }