Open Marco10101 opened 6 months ago
@Marco10101 by any chance are you using a User Assigned Managed Identity (UAMI) on a VM in Azure for authentication with Entra Auth? We have the same issue with our Terraform agents and when we looked deeper it was related to the Azure Go SDK and how it handles trying to figure out the client_id. A VM can have multiple UAMIs but there is no property to set a default one so the SDK gives the error ManagedIdentityCredential: no default identity is assigned to this resource
since it doesn't know which one to use.
It would be good if the provider had an azure_msi_client_id
property added in the configuration so you could declare the UAMI that you want the provider to use. While you can set an environment variable AZURE_CLIENT_ID this then impacts all providers that could use the Azure Go SDK for authentication and we use different UAMIs for different access scopes on resources.
This is the function that would require the additional input and check to use NewManagedIdentityCredential
instead of NewDefaultAzureCredential
.
https://github.com/cyrilgdn/terraform-provider-postgresql/blob/master/postgresql/provider.go#L269-L283
Here are the SDK details on using NewManagedIdentityCredential
.
https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#NewManagedIdentityCredential
Can confirm @djr747 description and workaround when using a container, that has several UAMIs assigned, running in Azure Container App Environment. Using the env variables worked for us but adding a new provider parameter and some logic as suggested would be way more clean and less intrusive to other providers.
I'am trying to setup Azure AD authentication in terraform for postgresql flexible server but it keeps giving an error. I think that everything is configured correctly. Hope that someone can help me out with this.
The error:
TF versions:
The code: