Open antgustech opened 1 month ago
I have made this temporary work around, maybe it can help someone else. You can use the custom linked service to provide any json definition that you want. This is how the key vault looks like with a user managed identity:
resource "azurerm_data_factory_credential_user_managed_identity" "test" {
name = "tf"
description = "Short description of this credential"
data_factory_id = azurerm_data_factory.this.id
identity_id = var.user_assigned_identity_id
}
# Ideally, azurerm_data_factory_linked_service_key_vault should have been used. Azurerm 3.104.2 and below does not support setting user managed identity so we use a custom linked service for now.
resource "azurerm_data_factory_linked_custom_service" "test" {
name = "test"
data_factory_id = azurerm_data_factory.this.id
type = "AzureKeyVault"
type_properties_json = <<JSON
{
"baseUrl": "https://myvault.vault.azure.net/",
"credential": {
"referenceName": "${azurerm_data_factory_credential_user_managed_identity.test.name}",
"type": "CredentialReference"
}
}
JSON
}
In my use case, i need to have multiple key vault linked services which has its own managed identity as corresponding access policy over the keyvault to have isolation over the secrets across multiple key vaults liked inside ADF.
Is there an existing issue for this?
Community Note
Description
I have the following terraform configuration:
Applying is fine. But there is no way as far as I can see to actually set the linked service to use User managed identity and use the tf credentials.
This is how it looks in azure. It seems to default to be set to "System Assigned Managed Identity":![wrong](https://github.com/hashicorp/terraform-provider-azurerm/assets/8721113/c2d89c4e-4419-4647-91fa-13185e2ad10d)
And this is what is needed, the dropdown should be set to "User managed identity" and the tf credentials should be selected as well.![correct](https://github.com/hashicorp/terraform-provider-azurerm/assets/8721113/87f0303a-cd32-49ae-9a31-4f9c4aa61351)
New or Affected Resource(s)/Data Source(s)
3.104.2
Potential Terraform Configuration
References
I think the issue is similar to: https://github.com/hashicorp/terraform-provider-azurerm/issues/24742