How to create entra id associated role? #494
Comments
|
Hi @tspearconquest , Stumbled upon the same issue as you but somehow skipped the part were we can use a security label in combination with an already existing role. Would our use case then not be solved by first provisioning a role with role and then using security_label ? |
|
Hello
I'm afraid not. The very end sentence of my original post on this issue
describes what I'm looking to get out of this issue.
…On Fri, Jan 17, 2025, 4:50 AM ruben-janssens ***@***.***> wrote:
Hi @tspearconquest <https://github.com/tspearconquest> ,
Stumbled upon the same issue as you but somehow skipped the part were we
can use a security label in combination with an already existing role.
Would our use case then not be solved by first provisioning a role with
Role <https://www.pulumi.com/registry/packages/postgresql/api-docs/role/>
and then using SecurityLabel
<https://www.pulumi.com/registry/packages/postgresql/api-docs/securitylabel/>
?
—
Reply to this email directly, view it on GitHub
<#494 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ATRTFZYWO6XGV323F2PITRL2LDOA7AVCNFSM6AAAAABTFBMQXSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKOJYGAZDQOBZHA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Terraform Version
N/A - general question affecting all versions
Affected Resource(s)
Please list the resources as a list, for example:
postgresql_role
Terraform Configuration Files
N/A
Debug Output
N/A
Panic Output
N/A
Expected Behavior
N/A
Actual Behavior
N/A
Steps to Reproduce
N/A
Important Factoids
N/A
References
N/A
Additional info
Hello! I have created an azure database for postgresql flexible server with password authentication disabled and entra id authentication enabled. I have also created an entra admin user which I can use to login to the server via terraform.
Azure docs indicate that to create another role which is associated with an Entra ID principal, we need to use
pg_catalog.pgaadauth_create_principal()however I don't see a mechanism by which to do so in the provider, and thepostgresql_rolepage doesn't indicate whether it does so by default when terraform has used entra id authentication to login to the server, or not.The page detailing the steps is https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/how-to-manage-azure-ad-users and I can see that it is possible to additionally perform an association between an existing postgresql role and an entra ID principal by setting a security label on the role. Thus it appears to be possible to use
postgresql_roleandpostgresql_security_labelresources together to accomplish the task, but I wanted to confirm if there is any better way. If there is not currently a better way, I'd also ask if you would consider adding the logic in thepostgresql_roleresource itself to allow users to specify whether the role should be associated to an entra principal with the same name or not.The text was updated successfully, but these errors were encountered: