You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.
Description
I have the following terraform configuration:
resource"azurerm_data_factory""this" {
name="adf"resource_group_name=var.resource_grouplocation=var.location# Managed Identity which is alllowed to access keyvault.identity {
type="UserAssigned"identity_ids=[var.user_assigned_identity_id]
}
}
resource"azurerm_data_factory_linked_service_key_vault""this" {
name="keyvault"data_factory_id=azurerm_data_factory.this.idkey_vault_id=var.keyvaultid
}
resource"azurerm_data_factory_credential_user_managed_identity""test" {
name="tf"description="Short description of this credential"data_factory_id=azurerm_data_factory.this.ididentity_id=var.user_assigned_identity_id
}
Applying is fine. But there is no way as far as I can see to actually set the linked service to use User managed identity and use the tf credentials.
This is how it looks in azure. It seems to default to be set to "System Assigned Managed Identity":
And this is what is needed, the dropdown should be set to "User managed identity" and the tf credentials should be selected as well.
I have made this temporary work around, maybe it can help someone else. You can use the custom linked service to provide any json definition that you want. This is how the key vault looks like with a user managed identity:
resource"azurerm_data_factory_credential_user_managed_identity""test" {
name="tf"description="Short description of this credential"data_factory_id=azurerm_data_factory.this.ididentity_id=var.user_assigned_identity_id
}
# Ideally, azurerm_data_factory_linked_service_key_vault should have been used. Azurerm 3.104.2 and below does not support setting user managed identity so we use a custom linked service for now.resource"azurerm_data_factory_linked_custom_service""test" {
name="test"data_factory_id=azurerm_data_factory.this.idtype="AzureKeyVault"type_properties_json=<<JSON{ "baseUrl": "https://myvault.vault.azure.net/", "credential": { "referenceName": "${azurerm_data_factory_credential_user_managed_identity.test.name}", "type": "CredentialReference" } }JSON
}
In my use case, i need to have multiple key vault linked services which has its own managed identity as corresponding access policy over the keyvault to have isolation over the secrets across multiple key vaults liked inside ADF.
Is there an existing issue for this?
Community Note
Description
I have the following terraform configuration:
Applying is fine. But there is no way as far as I can see to actually set the linked service to use User managed identity and use the tf credentials.
This is how it looks in azure. It seems to default to be set to "System Assigned Managed Identity":
And this is what is needed, the dropdown should be set to "User managed identity" and the tf credentials should be selected as well.
New or Affected Resource(s)/Data Source(s)
3.104.2
Potential Terraform Configuration
References
I think the issue is similar to: #24742
The text was updated successfully, but these errors were encountered: