Open brucema-cloud opened 2 years ago
aristosvo
commented
2 years ago Hi @brucema-cloud! Thanks for raising this issue.
I believe it is possible to assign a user assigned identity to both azurerm_hdinsight_spark_cluster and azurerm_hdinsight_hbase_cluster by using storage_account_gen2.managed_identity_resource_id. This assignes the user assigned identity to both the underlying storage and the cluster.
Does this solve your problem?
brucema-cloud
commented
2 years ago Hi @aristosvo! Thanks for answering this question. I think you are right, but if I want to use storage_account rather than storage_account_gen2, there is no way to assign a user-assigned identity to the cluster. If I use portal or ARM templates, I can do it.
aristosvo
commented
2 years ago @brucema-cloud Would that help your use-case? I can look into implementing it, but I'd be sure it is used :)
brucema-cloud
commented
2 years ago @aristosvo yes, it is very helpful for my use case. Due to cost and organizational policy constraints, I can only use storage_account, because I can assign an identity to the cluster using the portal or ARM templates and does not need to depend on storage_account_gen2, If terraform can have consistent functionality, it makes a lot of sense.:)
brucema-cloud
commented
2 years ago Hi @aristosvo is there any update?😊
brucema-cloud
commented
2 years ago Hi @aristosvo It is necessary to support User Assigned Identities outside the storage_account_gen2 block. Another use case of mine is to access KeyVault in HDInsight to obtain Secret, I need to give the User Assigned Identities required access policy in my Key vault.
MartinKosicky
commented
1 month ago ble to assign a user assigned identity to both
azurerm_hdinsight_spark_clusterandazurerm_hdinsight_hbase_clusterby usingstorage_account_gen2.managed_identity_resource_id. This assignes the user assigned identity to both the underlying storage and the cluster.Does this solve your problem?
I wonder if this also gives me ability to access diferent azure services from the HDInsight cluster. Because it seems that I cannot connect to kafka, but im not sure if it's this
Hi team. I saw there is an independent identity block in the ARM API for
And I can also set the identity in the portal independently like below.
But there is no independent identity block in terraform
Microsoft.HDInsight clusters 2021-06-01, https://docs.microsoft.com/en-us/azure/templates/microsoft.hdinsight/2021-06-01/clusters?tabs=jsonazurerm_hdinsight_spark_clusterandazurerm_hdinsight_hbase_cluster, I only set theuser assigned Identityin the blocksecurity_profile, but thesecurity_profileblock is not needed for me. Is it possible to add an independent identity block?Thank you.