From fff096bacd780ddd648bea511cc3504b0b206770 Mon Sep 17 00:00:00 2001
From: yuc-Li <58678302+yuc-Li@users.noreply.github.com>
Date: Fri, 20 Sep 2024 10:53:14 +0800
Subject: [PATCH] [HDInsight] Fix a bug (#26135)

* Fix a bug

* Update changelog

* Update example

---------

Co-authored-by: v-yuchenli <v-yuchenli@microsoft.com>
---
 src/HDInsight/HDInsight/ChangeLog.md          |  1 +
 .../NewAzureHDInsightClusterCommand.cs        |  2 +-
 .../HDInsight/help/New-AzHDInsightCluster.md  | 49 ++++++++++++++++++-
 3 files changed, 49 insertions(+), 3 deletions(-)

diff --git a/src/HDInsight/HDInsight/ChangeLog.md b/src/HDInsight/HDInsight/ChangeLog.md
index c32f75efbc19..c71937f83e71 100644
--- a/src/HDInsight/HDInsight/ChangeLog.md
+++ b/src/HDInsight/HDInsight/ChangeLog.md
@@ -19,6 +19,7 @@
 -->
 
 ## Upcoming Release
+* Fixed a bug: Error occurs when setting the same assigned identity for storage and esp configurations.
 
 ## Version 6.2.0
 * Added new feature: Enable adding public IP tags to clusters. 
diff --git a/src/HDInsight/HDInsight/ManagementCommands/NewAzureHDInsightClusterCommand.cs b/src/HDInsight/HDInsight/ManagementCommands/NewAzureHDInsightClusterCommand.cs
index e1a6c7002ca3..b8506df2cf62 100644
--- a/src/HDInsight/HDInsight/ManagementCommands/NewAzureHDInsightClusterCommand.cs
+++ b/src/HDInsight/HDInsight/ManagementCommands/NewAzureHDInsightClusterCommand.cs
@@ -541,7 +541,7 @@ var storageAccount in
                 {
                     clusterIdentity.UserAssignedIdentities.Add(AssignedIdentity, new UserAssignedIdentity());
                 }
-                if (StorageAccountManagedIdentity != null)
+                if (StorageAccountManagedIdentity != null && !clusterIdentity.UserAssignedIdentities.ContainsKey(StorageAccountManagedIdentity))
                 {
                     clusterIdentity.UserAssignedIdentities.Add(StorageAccountManagedIdentity, new UserAssignedIdentity());
                 }
diff --git a/src/HDInsight/HDInsight/help/New-AzHDInsightCluster.md b/src/HDInsight/HDInsight/help/New-AzHDInsightCluster.md
index d35bfbf585ef..b5ae14a34cbc 100644
--- a/src/HDInsight/HDInsight/help/New-AzHDInsightCluster.md
+++ b/src/HDInsight/HDInsight/help/New-AzHDInsightCluster.md
@@ -382,7 +382,6 @@ New-AzHDInsightCluster `
 ### Example 8: Create an Azure HDInsight cluster with Azure Data Lake Gen2 storage.
 ```powershell
 # Primary storage account info
-$storageAccountResourceGroupName = "Group"
 $storageAccountResourceId = "yourstorageaccountresourceid"
 $storageManagedIdentity = "yourstorageusermanagedidentity"
 $storageFileSystem = "filesystem01"
@@ -412,7 +411,7 @@ New-AzHDInsightCluster `
     -SshCredential $clusterCreds
 ```
 
-### Example 9: Create an Azure HDInsight cluster with Enterprise Security Package(ESP) and Enable HDInsight ID Broker.
+### Example 9: Create an Azure HDInsight cluster with Enterprise Security Package(ESP), Enable HDInsight ID Broker and using WASB storage.
 ```powershell
 # Primary storage account info
 $storageAccountResourceGroupName = "Group"
@@ -623,6 +622,52 @@ New-AzHDInsightCluster `
     -AmbariDatabase $config.AmbariDatabase -HiveMetastore $config.HiveMetastore -OozieMetastore $config.OozieMetastore -Zone $zones
 ```
 
+### Example 13: Create an Azure HDInsight cluster with Enterprise Security Package(ESP) and using Azure Data Lake Gen2 storage.
+```powershell
+# Primary storage account info
+$storageAccountResourceId = "yourstorageaccountresourceid"
+$storageManagedIdentity = "yourstorageusermanagedidentity"
+$storageFileSystem = "filesystem01"
+$storageAccountType = "AzureDataLakeStorageGen2"
+# Cluster configuration info
+$location = "East US 2"
+$clusterResourceGroupName = "Group"
+$clusterName = "your-hadoop-002"
+$clusterCreds = Get-Credential
+# If the cluster's resource group doesn't exist yet, run:
+# New-AzResourceGroup -Name $clusterResourceGroupName -Location $location
+# ESP configuration
+$domainResourceId = "your Azure AD Domin Service resource id"
+$domainUser = "yourdomainuser"
+$domainPassword = ConvertTo-SecureString -String "****" -AsPlainText -Force
+$domainCredential = New-Object System.Management.Automation.PSCredential($domainUser, $domainPassword)
+$clusterUserGroupDns = "dominusergroup"
+$ldapUrls = "ldaps://{your domain name}:636"
+$clusterTier = "Premium"
+$vnetId = "yourvnetid"
+$subnetName = "yoursubnetname"
+$assignedIdentity = "your user managed assigned identity resourcee id"
+#Create security profile
+$config= New-AzHDInsightClusterConfig|Add-AzHDInsightSecurityProfile -DomainResourceId $domainResourceId -DomainUserCredential $domainCredential -LdapsUrls $ldapUrls -ClusterUsersGroupDNs $clusterUserGroupDns
+# Create the cluster
+New-AzHDInsightCluster `
+    -ClusterTier $clusterTier `
+    -ClusterType Hadoop `
+    -ClusterSizeInNodes 3 `
+    -ResourceGroupName $clusterResourceGroupName `
+    -ClusterName $clusterName `
+    -HttpCredential $clusterCreds `
+    -Location $location `
+    -StorageAccountResourceId $storageAccountResourceId `
+    -StorageAccountManagedIdentity $storageManagedIdentity `
+    -StorageFileSystem $storageFileSystem `
+    -StorageAccountType $storageAccountType `
+    -SshCredential $clusterCreds `
+    -VirtualNetworkId $vnetId -SubnetName $subnetName `
+    -AssignedIdentity $assignedIdentity `
+    -SecurityProfile $config.SecurityProfile
+```
+
 ## PARAMETERS
 
 ### -AadTenantId