-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for Azure Active Directory for Azure Database for MySQL – Flexible Server #19272
Comments
This comment was marked as duplicate.
This comment was marked as duplicate.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as duplicate.
This comment was marked as duplicate.
This comment was marked as duplicate.
This comment was marked as duplicate.
It could be good to add the AAD support for flexible server quickly given that Azure Database for MySQL single server is on the retirement path and people will start to use flexible as a preferred solution |
+1 |
Has there been any update on this as I find myself now needing to start the migration process over from single server to flexible server and this does need to be set |
Any update? |
Taking a look at the ARM template, Microsoft.DBforMySQL flexibleServers/administrators, it looks like a reasonable request for implementation in AzureRM provider. |
@sigv IIRC, AzureRM provider depends on Azure GO SDK, which depends on Microsoft extending API, which is sthg Microsoft does when planning go from preview to GA with feature. There is AzAPI terraform provider, which can utilize given resource template. As configuring AAD auth is separate resource from server itself, it is very easy to mix AzAPI with AzureRM providers in this case. My approach for example:
Used identity (in example Creating this resource would enable mixed auth (password and AAD). You can disable password users access by setting configuration |
It looks like AD support was added for mysql flex back in v3.58.0 with this MR: #21786 However I am not seeing support for AD only, can support be added to mysql flex server so I can enable only AD login and completely disable local auth? |
If you want AD only, you should set aad_only server parameter using azurerm_mysql_flexible_server_configuration. IIRC, Azure Portal does exactly same thing when you select “AD only”. There is still admin with standard password, but just disabled by this parameter. |
Ok thanks for that information, will try out that parameter. Is that really what azure portal does when selecting "Azure Active Directory authentication only" for the Auth method? |
As stated in documentation:
|
Can this issue be closed with the existence of the |
yes
…On Wed, 27 Dec 2023 at 8:23 PM, Oliver Wiebeck ***@***.***> wrote:
Can this issue be closed with the existence of the
azurerm_mysql_flexible_server_active_directory_administrator
<https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mysql_flexible_server_aad_administrator>
resource?
—
Reply to this email directly, view it on GitHub
<#19272 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AFZGW5RT2HSKK2VIS2VHD6TYLQY5ZAVCNFSM6AAAAAAR7S354SVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNZQGM3TONBYGU>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
Is there an existing issue for this?
Community Note
Description
Azure Active Directory authentication for Azure Database for MySQL - Flexible Server allows to improve database security by delegating credential management and authentication to a centralized identity provider. Azure Active Directory supports advanced security features such as second factor authentication options, password lifecycle management, applications and managed identities and conditional access. Azure Active Directory for Azure Database for MySQL – Flexible Server now provides full support for managed identities, improved group roles and support for invited users and Azure Active Directory-only authentication mode with ability to disable local user support.
New or Affected Resource(s)/Data Source(s)
azurerm_mysql_flexible_server_active_directory_administrator
Potential Terraform Configuration
References
https://learn.microsoft.com/en-us/azure/mysql/flexible-server/concepts-azure-ad-authentication
The text was updated successfully, but these errors were encountered: