You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Please list the resources as a list, for example:
postgresql_role
Terraform Configuration Files
N/A
Debug Output
N/A
Panic Output
N/A
Expected Behavior
N/A
Actual Behavior
N/A
Steps to Reproduce
N/A
Important Factoids
N/A
References
N/A
Additional info
Hello! I have created an azure database for postgresql flexible server with password authentication disabled and entra id authentication enabled. I have also created an entra admin user which I can use to login to the server via terraform.
Azure docs indicate that to create another role which is associated with an Entra ID principal, we need to use pg_catalog.pgaadauth_create_principal() however I don't see a mechanism by which to do so in the provider, and the postgresql_role page doesn't indicate whether it does so by default when terraform has used entra id authentication to login to the server, or not.
The page detailing the steps is https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/how-to-manage-azure-ad-users and I can see that it is possible to additionally perform an association between an existing postgresql role and an entra ID principal by setting a security label on the role. Thus it appears to be possible to use postgresql_role and postgresql_security_label resources together to accomplish the task, but I wanted to confirm if there is any better way. If there is not currently a better way, I'd also ask if you would consider adding the logic in the postgresql_role resource itself to allow users to specify whether the role should be associated to an entra principal with the same name or not.
The text was updated successfully, but these errors were encountered:
Terraform Version
N/A - general question affecting all versions
Affected Resource(s)
Please list the resources as a list, for example:
postgresql_role
Terraform Configuration Files
N/A
Debug Output
N/A
Panic Output
N/A
Expected Behavior
N/A
Actual Behavior
N/A
Steps to Reproduce
N/A
Important Factoids
N/A
References
N/A
Additional info
Hello! I have created an azure database for postgresql flexible server with password authentication disabled and entra id authentication enabled. I have also created an entra admin user which I can use to login to the server via terraform.
Azure docs indicate that to create another role which is associated with an Entra ID principal, we need to use
pg_catalog.pgaadauth_create_principal()however I don't see a mechanism by which to do so in the provider, and thepostgresql_rolepage doesn't indicate whether it does so by default when terraform has used entra id authentication to login to the server, or not.The page detailing the steps is https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/how-to-manage-azure-ad-users and I can see that it is possible to additionally perform an association between an existing postgresql role and an entra ID principal by setting a security label on the role. Thus it appears to be possible to use
postgresql_roleandpostgresql_security_labelresources together to accomplish the task, but I wanted to confirm if there is any better way. If there is not currently a better way, I'd also ask if you would consider adding the logic in thepostgresql_roleresource itself to allow users to specify whether the role should be associated to an entra principal with the same name or not.The text was updated successfully, but these errors were encountered: