Open waylew50 opened 1 year ago
I'm having a similar issue, wondering if support for System Managed Identities isn't supported? Basically just trying to cover the first line of the below coding scenario with this provider:
create user [az-resource-name] from external provider
ALTER role db_owner add member [az-resource-name]
The resource property is client_id (aka application id) but you are referencing the principal_id (object id). Could this be the problem?
I think @tiwood is right:
You need to do:
data "azuread_service_principal" "your_identity" {
object_id = data.azurerm_virtual_machine_scale_set.WriterBuildAgent.identity[0].principal_id
}
And then:
resource "mssql_azuread_service_principal" "principal" {
name = data.azurerm_virtual_machine_scale_set.WriterBuildAgent.name
client_id = data.azuread_service_principal.your_identity.application_id
database_id = var.azure_sql_database_id
}
application_id -> client_id with latest AzureAd TF provider
I am trying to figure out what I am doing wrong when I try to create a user from an azure resource system managed identity, I tried using the
mssql_azuread_service_principal
which says it supports managed identity. It will create the user, but when I test that resources access I get a login failed for principal.here is the terraform I am using:
I noticed when I compare the outputs from the azurerm principal_id and the mssql_azuread_service_principal.client_id they do not match. the client_id produces a value that I cannot find on the resource. I also tried the
mssql_azuread_user
resource, but it produced the same error.other then that, I love the provider!
please advise. Thanks.