Support azuread style "federated" authentication

betr-io / terraform-provider-mssql

Terraform provider for Microsoft SQL Server

https://registry.terraform.io/providers/betr-io/mssql/latest

MIT License

35 stars 28 forks source link

Support azuread style "federated" authentication #42

Closed bittrance closed 1 year ago

bittrance commented 2 years ago

Fixes #30.

This PR implements two of the auth forms available through the new fedauth: ActiveDirectoryDefault and ActiveDirectoryManagedIdentity (because user-assigned identity) as these are the most useful variants.

Satyricon commented 2 years ago

any update on this one?

jnsvd commented 2 years ago

Also very interested in this feature, thanks a lot for providing it.

Ivan-L commented 2 years ago

Also very interested in this PR going in. I see that there is documentation and a series of tests. Tagging @magne :)

waltervos commented 2 years ago

@bittrance Is the azuread_default_chain_auth meant to work with these environment variables? https://docs.microsoft.com/en-us/dotnet/api/azure.identity.environmentcredential?view=azure-dotnet

bittrance commented 2 years ago

@waltervos I don't have an easy way of testing, but according to https://github.com/denisenkom/go-mssqldb#azure-active-directory-authentication it should start with trying "EnvironmentCredential" so I would expect so. (Indeed, a colleague warned me that there are situations where you may get envs injected that you want to ignore and this is why I implemented the MSI-specific variant.)