The module mssql_user can be used to add a Managed Identity into a database table, almost the same way you would add an AAD Service Principal to it.
However, it is confusing because when you want to use the object_id property, you have to pass the value of the client_id of the Managed Identity. BUT, the Managed Identity also have an object_id property.
resource "mssql_user" "this" {
server {
host = var.mssql_server.fqdn
azure_login {
}
}
database = azurerm_mssql_database.database.name
username = azurerm_user_assigned_identity.managed_identity.name
object_id = azurerm_user_assigned_identity.managed_identity.client_id ###This is the confusing part
roles = ["db_datareader"]
timeouts {
default = "2m"
}
}
I think adding the Managed Identity use case to the documentation and the repository examples would help.
The module mssql_user can be used to add a Managed Identity into a database table, almost the same way you would add an AAD Service Principal to it.
However, it is confusing because when you want to use the
object_idproperty, you have to pass the value of theclient_idof the Managed Identity. BUT, the Managed Identity also have anobject_idproperty.I think adding the Managed Identity use case to the documentation and the repository examples would help.
Thanks!