You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment
Description
Azure AD authentication for mysql flex server has now gone GA:
It is a bit cumbersome as it requires a user-managed identity, which must be granted graph API permissions in order to enable this.
This request is to:
A. Allow linking the flex server to an existing user-managed identity.
B. Allow enabling the Azure AD signon feature in one of the three supported modes.
C. Define AAD administrator as a user/group (AAD principal)
New or Affected Resource(s)/Data Source(s)
azurerm_mysql_flexible_server
Potential Terraform Configuration
resource"azurerm_mysql_flexible_server""example" {
azuread_administrator {
login_username="AzureAD Admin"object_id="00000000-0000-0000-0000-000000000000"tenant_id="00000000-0000-0000-0000-000000000000"azuread_authentication_only=true# If set to true, disable MySQL authentication, otherwise set to allow MySQL and Azure AD authentication.
}
identity {
type="UserAssigned"identity_ids=[]
}
}
If azuread_administrator block is passed is enabled; give an error if these are passed in:
If azuread_administrator is passed in, but the identity configuration is missing, provide guidance as to how to configure the identity block and give an error.
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
Is there an existing issue for this?
Community Note
Description
Azure AD authentication for mysql flex server has now gone GA:
It is a bit cumbersome as it requires a user-managed identity, which must be granted graph API permissions in order to enable this.
This request is to:
A. Allow linking the flex server to an existing user-managed identity.
B. Allow enabling the Azure AD signon feature in one of the three supported modes.
C. Define AAD administrator as a user/group (AAD principal)
New or Affected Resource(s)/Data Source(s)
azurerm_mysql_flexible_server
Potential Terraform Configuration
If azuread_administrator block is passed is enabled; give an error if these are passed in:
If azuread_administrator is passed in, but the identity configuration is missing, provide guidance as to how to configure the identity block and give an error.
References
https://learn.microsoft.com/en-us/azure/mysql/flexible-server/how-to-azure-ad
https://learn.microsoft.com/en-us/azure/templates/microsoft.dbformysql/flexibleservers/administrators?pivots=deployment-language-terraform
The text was updated successfully, but these errors were encountered: