search

microsoft / terraform-provider-power-platform

Power Platform Terraform Provider
https://registry.terraform.io/providers/microsoft/power-platform/latest/docs
MIT License
35 stars 12 forks source link

powerplatform_user support environment without dataverse #488

Open jmservier opened 1 month ago

jmservier commented 1 month ago

Dear all, Firstly thanks for your works.

Description

We would like to declare administrator for non managed environnemnt with Terraform. With the web interface I can do it:

  1. Select the environment
  2. to the right they are panel "Access" (in french "Acceder") that allow to wiew current admin Capture d'écran 2024-10-07 114522
  3. once we click on "Afficher tout" -> "view all" , we can add admin user

What I try


resource "powerplatform_environment" "this" {
  display_name     = local.environment_name
  location         = var.location
  environment_type = var.environment_type == "PROD" ? "Production" : "Sandbox"

}

resource "powerplatform_user" "admin" {
  environment_id = powerplatform_environment.this.id
  security_roles = ["Environment Admin"]
  aad_id         = var.administrator_object_id
  disable_delete = false

}

And the current issue:

powerplatform_environment.this: Creating...
powerplatform_environment.this: Creation complete after 6s [id=xxxxxxxxxxxxxxxxxxxxxx]
powerplatform_user.admin: Creating...
╷
│ Error: Client error when creating _user
│ 
│   with powerplatform_user.admin,
│   on main.tf line 12, in resource "powerplatform_user" "admin":
│   12: resource "powerplatform_user" "admin" {
│ 
│ Unexpected HTTP status code. Expected: [200], received: [409] 409 Conflict
│ | {"error":{"code":"UnlinkedEnvironmentForbiddenOperation","message":"The
│ environment 'xxxxxxxxxxxxxxxxxxxx' is not linked to a new
│ CDS 2.0 instance. The following operation is forbidden for unlinked
│ environments:
│ 'POST/PROVIDERS/MICROSOFT.BUSINESSAPPPLATFORM/SCOPES/ADMIN/ENVIRONMENTS/ADDUSER'","detailUrlType":"NotSpecified"}}

Definition of Done

They are a terraform way (ressource ?) to declare an administrator for non managed environment

rpothin commented 1 month ago

Hi @jmservier,

Has the environment where you are trying to manage administrators Dataverse enabled? (to confirm this, you can look for the Dataverse version on your environment home page in PPAC like illustrated below)

image

I am not sure your error is related to the fact that your environment is not managed.

Thank you in advance for your answer. Have a great day. Raphael

jmservier commented 1 month ago

As I try to create an environment and after to assign an administrator. I can not see this web page.

If I create a Production environment with Dataverse enable this will imply to provides a premium licence isn't it ?

Manually (from the web), I am able to create a non managed environment without DataVerse and to assign an administrator. I would like to do the same with terraform.

rpothin commented 1 month ago

Thank you for the clarification @jmservier.

I will let the team maintaining this provider provide an answer then 😊 From my perspective they will need to decide if it is something they forgot to cover in the existing user resource or a brand-new requirement (potentially due to the fact that user security roles management in an environment without Dataverse is based on a different API).

jmservier commented 1 month ago

Thanks @rpothin They are this Microsoft documentation: https://learn.microsoft.com/en-us/power-platform/admin/database-security that describe how to assign an administrator without Dataverse.

mawasile commented 1 month ago

hi @jmservier, @rpothin is correct. To managed user and their security roles using powerplatform_user the environment has to have Dataverse where those information are stored and managed. We don't support this part with powerplatform_user at the moment