azurerm_synapse_role_assignment: New parameter principal_type (#24089)

Co-authored-by: Bindewald, André (UIT) <Andre.Bindewald@union-investment.de>
hashicorp · Dec 7, 2023 · de97c68 · de97c68
1 parent f85f025
commit de97c68
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 0 deletions.
diff --git a/internal/services/synapse/synapse_role_assignment_resource.go b/internal/services/synapse/synapse_role_assignment_resource.go
@@ -70,6 +70,17 @@ func resourceSynapseRoleAssignment() *pluginsdk.Resource {
 				ValidateFunc: validation.IsUUID,
 			},
 
+			"principal_type": {
+				Type:     pluginsdk.TypeString,
+				Optional: true,
+				ForceNew: true,
+				ValidateFunc: validation.StringInSlice([]string{
+					"User",
+					"Group",
+					"ServicePrincipal",
+				}, false),
+			},
+
 			"role_name": {
 				Type:     pluginsdk.TypeString,
 				Required: true,
@@ -165,6 +176,12 @@ func resourceSynapseRoleAssignmentCreate(d *pluginsdk.ResourceData, meta interfa
 		PrincipalID: &principalID,
 		Scope:       utils.String(scope),
 	}
+
+	if v, ok := d.GetOk("principal_type"); ok {
+		principalType := v.(string)
+		roleAssignment.PrincipalType = &principalType
+	}
+
 	resp, err := client.CreateRoleAssignment(ctx, roleAssignment, uuid)
 	if err != nil {
 		return fmt.Errorf("creating Synapse RoleAssignment %q: %+v", roleName, err)
@@ -225,6 +242,12 @@ func resourceSynapseRoleAssignmentRead(d *pluginsdk.ResourceData, meta interface
 	}
 	d.Set("principal_id", principalID)
 
+	principalType := ""
+	if resp.PrincipalType != nil {
+		principalType = *resp.PrincipalType
+	}
+	d.Set("principal_type", principalType)
+
 	synapseWorkspaceId := ""
 	synapseSparkPoolId := ""
 	if _, err := parse.WorkspaceIDInsensitively(id.Scope); err == nil {

diff --git a/website/docs/r/synapse_role_assignment.html.markdown b/website/docs/r/synapse_role_assignment.html.markdown
@@ -82,6 +82,10 @@ The following arguments are supported:
 
 * `principal_id` - (Required) The ID of the Principal (User, Group or Service Principal) to assign the Synapse Role Definition to. Changing this forces a new resource to be created.
 
+* `principal_type` (Optional) The Type of the Principal. One of `User`, `Group` or `ServicePrincipal`. Changing this forces a new resource to be created.
+
+-> **NOTE:** While `principal_type` is optional, it's still recommended to set this value, as some Synapse use-cases may not work correctly if this is not specified. Service Principals for example can't run SQL statements using `Entra ID` authentication if `principal_type` is not set to `ServicePrincipal`.
+
 ## Attributes Reference
 
 In addition to the Arguments listed above - the following Attributes are exported: