terraform-provider-azurerm
terraform-provider-azurerm copied to clipboard
hashicorp
Move identity block from azurerm_windows|linux_virtual_machine into its own resource
Is there an existing issue for this?
- [X] I have searched the existing issues
Community Note
- Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Description
Currently when configuring a Virtual Machine, there is a block for configuring the User Assigned Identities on a Virtual Machine, however, sometimes it is a requirement to manage assigned identities outside of the lifecycle of the Virtual Machine, for instance, if the virtual machine is managed by a different deployment.
Current example of creating Virtual Machine with User Assigned Identity :
resource "azurerm_windows_virtual_machine" "example_vm" {
name = "example"
resource_group = "example-rg"
# ...
identity {
type = "UserAssigned"
identity_ids = var.user_managed_ids
}
# ...
}
I believe it would support more use cases if the identity block for UserAssigned were moved to it's own resource entirely, which could have multiple instances:
resource "azurerm_windows_virtual_machine" "example_vm" {
name = "example-vm"
resource_group = "example-rg"
# ...
}
resource "azurerm_windows_virtual_machine_identity_assignment" "example_vm_idassign" {
virtual_machine = "example-vm"
user_assigned_identity = "${azurerm_user_assigned_identity.example1.id}"
}
resource "azurerm_windows_virtual_machine_identity_assignment" "example_vm_idassign2" {
virtual_machine = "example-vm"
user_assigned_identity = "${azurerm_user_assigned_identity.example2.id}"
}
I have seen previous issues that explain the difficulties of making user assigned identities a completely generic resource : #12151 , but this issue is for having virtual machine specific resources - one each for azurerm_windows_virtual_machine, and azurerm_linux_virtual_machine. Possibly this may be followed by other resources for other places that user assigned identities can be assigned - automation accounts come to mind.
New or Affected Resource(s)/Data Source(s)
azurerm_windows_virtual_machine, azurerm_windows_virtual_machine_assigned_identity, azurerm_linux_virtual_machine, azurerm_windows_virtual_machine_assigned_identity
Potential Terraform Configuration
resource "azurerm_windows_virtual_machine" "example_vm" {
name = "example-vm"
resource_group = "example-rg"
# ...
}
resource "azurerm_windows_virtual_machine_identity_assignment" "example_vm_idassign" {
virtual_machine_name = "example-vm"
user_assigned_identity = "${azurerm_user_assigned_identity.example.id}"
}
References
#12047 #12151 #16893
