search

petoju / terraform-provider-mysql

Terraform MySQL provider – unofficial fork
https://registry.terraform.io/providers/petoju/mysql
Mozilla Public License 2.0
63 stars 40 forks source link

Add support for all Azure Clouds #130

Closed frey0814 closed 3 months ago

frey0814 commented 3 months ago

To support aad authentication in other Azure Clouds, the scope needs to be updated for the the destination Azure Cloud.

To support detection of which cloud is being used, the code references the Terraform azurerm provider environment variable ARM_ENVIRONMENT.

It is likely this URL could be grabbed from the Azure go SDK since it is available via the az CLI.

az cloud show --name AzureCloud |grep ossrdbms
    "ossrdbmsResourceId": "https://ossrdbms-aad.database.windows.net",
az cloud show --name AzureChinaCloud |grep ossrdbms
    "ossrdbmsResourceId": "https://ossrdbms-aad.database.chinacloudapi.cn",
az cloud show --name AzureUSGovernment |grep ossrdbms
    "ossrdbmsResourceId": "https://ossrdbms-aad.database.usgovcloudapi.net"
az cloud show --name AzureGermanCloud |grep ossrdbms
    "ossrdbmsResourceId": "https://ossrdbms-aad.database.cloudapi.de"

I have been able to test this successfully using AzureCloud and AzureChinaCLoud.

Without this fix when running against AzureChinaCloud terraform would generate the following error when it tries to refresh the resource.

│ Error: failed to get token from Azure AD DefaultAzureCredential: failed to acquire a token.
│ Attempted credentials:
│       EnvironmentCredential: missing environment variable AZURE_TENANT_ID
│       WorkloadIdentityCredential: no client ID specified. Check pod configuration or set ClientID in the options
│       ManagedIdentityCredential: managed identity timed out. See https://aka.ms/azsdk/go/identity/troubleshoot#dac for more information
│       AzureCLICredential: ERROR: AADSTS500011: The resource principal named https://ossrdbms-aad.database.windows.net/ was not found in the tenant named PVUECN. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant. Trace ID: 982556b8-904c-402e-b93e-935933478800 Correlation ID: ccd73ba7-a547-4a08-b614-8fddd1f41fce Timestamp: 2024-03-26 19:35:16Z
│ Interactive authentication is needed. Please run:
│ az login --scope https://ossrdbms-aad.database.windows.net/.default
│
│       AzureDeveloperCLICredential: Azure Developer CLI not found on path
│
│   with provider["registry.terraform.io/petoju/mysql"].aad,
petoju commented 3 months ago

I should have probably asked for updated doc, but I merged and already released it in 3.0.53.

frey0814 commented 3 months ago

Yeah, I saw you merged. Thanks. I have already tested the new version and all is good. As far as the documentation goes, it looks like we are good because the current docs just link you to Microsoft documentation for AAD authentication.

" See also: Azure Active Directory authentication for MySQL https://learn.microsoft.com/en-us/azure/mysql/flexible-server/how-to-azure-ad ."

Thanks!

On Thu, Mar 28, 2024 at 3:51 PM petoju @.***> wrote:

I should have probably asked for updated doc, but I merged and already released it in 3.0.53.

— Reply to this email directly, view it on GitHub https://github.com/petoju/terraform-provider-mysql/pull/130#issuecomment-2026092744, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACDHCREEFA36QXBS5GSXVXTY2RYE3AVCNFSM6AAAAABFLVRGZ6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMRWGA4TENZUGQ . You are receiving this because you authored the thread.Message ID: @.***>