Is it possible to add a managed identity user?

betr-io / terraform-provider-mssql

Terraform provider for Microsoft SQL Server

https://registry.terraform.io/providers/betr-io/mssql/latest

MIT License

35 stars 28 forks source link

Is it possible to add a managed identity user? #18

Closed dsfrederic closed 2 years ago

dsfrederic commented 2 years ago

Hello,

I was wondering if it was possible to ad an Managed Identity using this terraform provider?

This is the SQL script I would use to add the user

CREATE USER [your application name] FROM EXTERNAL PROVIDER;
ALTER ROLE [role name] ADD MEMBER [your application name];

aman-subscriptions commented 2 years ago

I was trying to do the same :( But keep getting this error: unable to create user [master].[]: mssql: Cannot add the principal '', because it does not exist or you do not have permission.

magne commented 2 years ago

Yes, it is possible. You can add an external user with username application name, and it will work. The trick is that the SQL server needs to be assigned to be a member of an Azure AD group assigned the role Dictionary Readers. This is a requirement to be able to add any Azure AD entity (user, application) as an external user.

alexdresko commented 1 year ago

@aman-subscriptions I was getting the "Cannot add the principal" error before I realized that I needed to use the depends_on thing inside mssql_user because mssql_user wasn't aware that my SQL database wasn't finished being created.