Issues with Managed Identity users

[waylew50]

I am trying to figure out what I am doing wrong when I try to create a user from an azure resource system managed identity, I tried using the mssql_azuread_service_principal which says it supports managed identity. It will create the user, but when I test that resources access I get a login failed for principal.

here is the terraform I am using:

resource "mssql_azuread_service_principal" "principal" {
        name        = data.azurerm_virtual_machine_scale_set.WriterBuildAgent.name
       client_id   = data.azurerm_virtual_machine_scale_set.WriterBuildAgent.identity[0].principal_id
       database_id = var.azure_sql_database_id
}

I noticed when I compare the outputs from the azurerm principal_id and the mssql_azuread_service_principal.client_id they do not match. the client_id produces a value that I cannot find on the resource. I also tried the mssql_azuread_user resource, but it produced the same error.

other then that, I love the provider!

please advise.
Thanks.

[devicenul1]

I'm having a similar issue, wondering if support for System Managed Identities isn't supported? Basically just trying to cover the first line of the below coding scenario with this provider:

create user [az-resource-name] from external provider
ALTER role db_owner add member [az-resource-name]

[tiwood]

The resource property is client_id (aka application id) but you are referencing the principal_id (object id). Could this be the problem?

[l33tCod-er]

I think @tiwood is right:

You need to do:

data "azuread_service_principal" "your_identity" {
  object_id = data.azurerm_virtual_machine_scale_set.WriterBuildAgent.identity[0].principal_id
}

And then:

resource "mssql_azuread_service_principal" "principal" {
       name       = data.azurerm_virtual_machine_scale_set.WriterBuildAgent.name
       client_id   = data.azuread_service_principal.your_identity.application_id
       database_id = var.azure_sql_database_id
}

application_id -> client_id with latest AzureAd TF provider