terraform-provider-azurerm icon indicating copy to clipboard operation
terraform-provider-azurerm copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

Support for azurerm_mssql_managed_instance identity

Open SPSamL opened this issue 3 years ago • 6 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

Community Note

  • Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

I'm making the switch to the 3.x version and changing resources to the new types. The azurerm_sql_managed_instance resource supported the identity attribute, but it seems the new azurerm_mssql_managed_instance resource does not. The data source does, but that's not an option in this case. I need to create a Key Vault Access Policy for keys. Is there a current workaround to this?

New or Affected Resource(s)/Data Source(s)

azurerm_mssql_managed_instance

Potential Terraform Configuration

resource "azurerm_key_vault_access_policy" "smi" {
  key_vault_id = azurerm_key_vault.app.id
  object_id = azurerm_mssql_managed_instance.smi.identity[0].principal_id
  tenant_id = azurerm_mssql_managed_instance.smi.identity[0].tenant_id
}

References

No response

SPSamL avatar Aug 08 '22 21:08 SPSamL

@SPSamL thanks for opening this issue here. After checking terraform documentation, both azurerm_sql_managed_instance and azurerm_mssql_managed_instance support identity in the latest version of terraform provider. Could you upgrade to the latest terraform provider and try again?

sinbai avatar Aug 09 '22 09:08 sinbai

@sinbai , I'm on 3.17, but I receive this error below when running plan. No resources have been deployed, but I thought the command would as TBD or whatever the status in the plan usually uses for placeholders.

The SMI is using System Assigned identity.

Error: Invalid index

on key-vault.tf line 25, in resource "azurerm_key_vault_access_policy" "smi": 25: object_id = azurerm_mssql_managed_instance.smi.identity[0].principal_id

    azurerm_mssql_managed_instance.smi.identity is empty list of object

The given key does not identify an element in this collection value: the collection has no elements.

SPSamL avatar Aug 09 '22 16:08 SPSamL

The tenant_id is throwing the same error.

SPSamL avatar Aug 09 '22 16:08 SPSamL

@SPSamL Could you provide the full terraform configuration and reproduce steps to help reproduce/troubleshooting? Also, could you verify that the Identity of sql server is indeed set up successfully in Azure Portal after creating the azurerm_mssql_managed_instance ?

sinbai avatar Aug 10 '22 01:08 sinbai

@sinbai, well, I'm embarrassed to say, but I hadn't put the Identity block in the SMI to begin with. Once I added that, it works. Swore I had it in there.

SPSamL avatar Aug 10 '22 17:08 SPSamL

@SPSamL Does this mean this issue has been resolved? if so, are you okey if we close this issue?

sinbai avatar Aug 11 '22 01:08 sinbai

@sinbai, yes, it's all good.

SPSamL avatar Aug 12 '22 13:08 SPSamL

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

github-actions[bot] avatar Sep 12 '22 02:09 github-actions[bot]