I try to create a linked_service using this terraform command: azurerm_data_factory_linked_service_azure_sql_database.
The documentation says that we can use use_managed_identity (I use it as a boolean). I try to cobine it with credential_name which uses the outcome of this command azurerm_data_factory_credential_user_managed_identity
Imho documentation is quite poor and I couldn't find proper resources online.
In the same block i try to specify the connection string but I believe that I misconfigured it:
it looks like this:
resource "azurerm_data_factory_linked_service_azure_sql_database" "linked_service_for_xxxxx_database" {
name = "linked_service_for_xxxxxx_database"
data_factory_id = var.azure_data_factory_id (I created an adf instance and it depends on it)
use_managed_identity = true (should be boolean?)
credential_name = var.user_assigned_managed_identity_id (output of: azurerm_data_factory_credential_user_managed_identity)
integration_runtime_name = var.integration_runtime_name (outpout of: azurerm_data_factory_integration_runtime_azure)
connection_string = "data source=${var.xxxxx_sql_server_name (fully qualified domain name??)};Initial Catalog=${var.xxxx_sql_db_name};encrypt=True;connection timeout=30;"
}
I want the linked service to be of Authentication type: User-assigned managed Identity and use the credentials that I created above.
Fun fact:
I have this configuration which does not give me errors during init & plan (I haven't run apply yet)
resource "azurerm_data_factory_linked_service_data_lake_storage_gen2" "linked_service_for_azure_data_lake_storage" {
name = "linked_service_for_azure_data_lake_storage"
data_factory_id = var.azure_data_factory_id
url = "https://${var.adls_account_name}.dfs.core.windows"
use_managed_identity = var.user_assigned_managed_identity_id (I was expecting it to be bool but ....)
integration_runtime_name = var.integration_runtime_name
}
I try to create a linked_service using this terraform command: azurerm_data_factory_linked_service_azure_sql_database.
The documentation says that we can use use_managed_identity (I use it as a boolean). I try to cobine it with credential_name which uses the outcome of this command azurerm_data_factory_credential_user_managed_identity
Imho documentation is quite poor and I couldn't find proper resources online.
In the same block i try to specify the connection string but I believe that I misconfigured it:
it looks like this:
resource "azurerm_data_factory_linked_service_azure_sql_database" "linked_service_for_xxxxx_database" {
name = "linked_service_for_xxxxxx_database"
data_factory_id = var.azure_data_factory_id (I created an adf instance and it depends on it)
use_managed_identity = true (should be boolean?)
credential_name = var.user_assigned_managed_identity_id (output of: azurerm_data_factory_credential_user_managed_identity)
integration_runtime_name = var.integration_runtime_name (outpout of: azurerm_data_factory_integration_runtime_azure)
connection_string = "data source=${var.xxxxx_sql_server_name (fully qualified domain name??)};Initial Catalog=${var.xxxx_sql_db_name};encrypt=True;connection timeout=30;"
}
I want the linked service to be of Authentication type: User-assigned managed Identity and use the credentials that I created above.
Fun fact:
I have this configuration which does not give me errors during init & plan (I haven't run apply yet)
resource "azurerm_data_factory_linked_service_data_lake_storage_gen2" "linked_service_for_azure_data_lake_storage" {
name = "linked_service_for_azure_data_lake_storage"
data_factory_id = var.azure_data_factory_id
url = "https://${var.adls_account_name}.dfs.core.windows"
use_managed_identity = var.user_assigned_managed_identity_id (I was expecting it to be bool but ....)
integration_runtime_name = var.integration_runtime_name
}
1 Answer
Reset to default 1I configure use_managed_identity and credential_name while provisioning azurerm_data_factory_linked_service_azure_sql_database using terraform
I can see two main issues in the configuration you shared, i.e., The credential_name attribute expects a credential name, but you are passing the ID of a user-assigned managed identity.
Secondly, The use_managed_identity field is a boolean, but you are passing a managed identity ID.
These are two fixes need to make in the configuration you shared. I tried a demo configuration with necessary changes as expected so that you will be able to reproduce this requirement you're looking for.
Demo configuration:
resource "azurerm_data_factory" "adf" {
name = "adf-demo-vksb"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
identity {
type = "UserAssigned"
identity_ids = [azurerm_user_assigned_identity.umi.id]
}
}
resource "azurerm_user_assigned_identity" "umi" {
name = "umi-adf"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
}
resource "azurerm_role_assignment" "sql_role" {
scope = azurerm_mssql_server.sql.id
role_definition_name = "Contributor"
principal_id = azurerm_user_assigned_identity.umi.principal_id
}
resource "azurerm_mssql_server" "sql" {
name = "sqlserver-demo-dev"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
administrator_login = "adminuser"
administrator_login_password = "SecurePassword123!"
version = "12.0"
}
resource "azurerm_mssql_database" "db" {
name = "sqldb-demo"
server_id = azurerm_mssql_server.sql.id
collation = "SQL_Latin1_General_CP1_CI_AS"
license_type = "LicenseIncluded"
max_size_gb = 2
sku_name = "Basic"
}
resource "azurerm_data_factory_integration_runtime_azure" "runtime" {
name = "integration-runtime-demo"
data_factory_id = azurerm_data_factory.adf.id
location = azurerm_resource_group.rg.location
}
resource "azurerm_data_factory_credential_user_managed_identity" "adf_credential" {
name = "adf-credential-mi"
data_factory_id = azurerm_data_factory.adf.id
identity_id = azurerm_user_assigned_identity.umi.id
}
resource "azurerm_data_factory_linked_service_azure_sql_database" "linked_service" {
name = "linked-service-sql"
data_factory_id = azurerm_data_factory.adf.id
use_managed_identity = true
credential_name = azurerm_data_factory_credential_user_managed_identity.adf_credential.name
integration_runtime_name = azurerm_data_factory_integration_runtime_azure.runtime.name
connection_string = "Data Source=${azurerm_mssql_server.sql.fully_qualified_domain_name};Initial Catalog=${azurerm_mssql_database.db.name};Encrypt=True;Connection Timeout=30;"
}
resource "azurerm_data_factory_linked_service_data_lake_storage_gen2" "linked_service_adls" {
name = "linked-service-adls"
data_factory_id = azurerm_data_factory.adf.id
url = "https://${var.adls_account_name}.dfs.core.windows"
use_managed_identity = true
integration_runtime_name = azurerm_data_factory_integration_runtime_azure.runtime.name
}
Deployment:
Refer:
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/data_factory_linked_service_azure_sql_database
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/data_factory_credential_user_assigned_managed_identity