Open RaphHaddad opened 1 year ago
I can see that "use_managed_identity" has been implemented in a number of linked service resources ... but I am missing this in the linked service keyvault. Any thoughts/ETA on this?
We are also very interested in this!
hi Team - we are also looking forward to having the UAMI supported in "azurerm_data_factory_linked_service_key_vault"
Hi Guys - This would be of huge help to us as well, any info/thoughts if it will be implemented?
@rcskosir - Do we have any update on when this is going to be scheduled for?
Thanks.
:wave: Thanks for reaching out, unfortunately I do not have an ETA on this enhancement. Any future work via the team or the community should end up linked here via a PR.
This is really important in our environment as we create multiple Linked services using managed identity and we had use the arm templates just for this piece and unable to do this in terraform
I just created a similar thread here: https://github.com/hashicorp/terraform-provider-azurerm/issues/26155
We will have to resort to using system identity until this has support.
Edit:
I have made this temporary work around, maybe it can help someone else. You can use the custom linked service to provide any json definition that you want. This is how the key vault looks like with a user managed identity:
resource "azurerm_data_factory_credential_user_managed_identity" "test" {
name = "tf"
description = "Short description of this credential"
data_factory_id = azurerm_data_factory.this.id
identity_id = var.user_assigned_identity_id
}
# Ideally, azurerm_data_factory_linked_service_key_vault should have been used. Azurerm 3.104.2 and below does not support setting user managed identity so we use a custom linked service for now.
resource "azurerm_data_factory_linked_custom_service" "test" {
name = "test"
data_factory_id = azurerm_data_factory.this.id
type = "AzureKeyVault"
type_properties_json = <<JSON
{
"baseUrl": "https://myvault.vault.azure.net/",
"credential": {
"referenceName": "${azurerm_data_factory_credential_user_managed_identity.test.name}",
"type": "CredentialReference"
}
}
JSON
}
Is there an existing issue for this?
Community Note
Description
Linked Service are currently able to be created via Terraform using the resources: prefixed by
azurerm_data_factory_linked_service_
.However, the Terraform resources do not expose the ability to authenticate using a manually created user-assigned managed identity, as per this Microsoft documentation: https://learn.microsoft.com/en-us/azure/data-factory/credentials?tabs=data-factory#using-credentials
This can be achieved by using the Terraform resource
azapi_resource
, however, this is not ideal as there already exists linked services resources within the Terraform API.An example of how to achieve this is here: https://learn.microsoft.com/en-us/azure/templates/microsoft.datafactory/factories/linkedservices?pivots=deployment-language-terraform
New or Affected Resource(s)/Data Source(s)
azurerm_data_factory_linked_service_xxxx
Potential Terraform Configuration