azurerm_batch_account: Batch now supports creation of managed identities, but SystemAssigned Identity block not available

[JSpenced]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Currently, Azure batch now supports creating batch accounts with a managed identity attached to it (https://docs.microsoft.com/en-us/azure/batch/batch-customer-managed-key). This makes accessing the keyvault much easier than a certificate solution. I was hoping this could be added to terraform with the principalId for the managed identity also returned so can be added in the access policy of the key vault.

New or Affected Resource(s)

azurerm_batch_account

Potential Terraform Configuration

# Initialize the Azure Resource Manager
provider "azurerm" {
  version = "2.25"
  features {}
  # https://www.terraform.io/docs/providers/azurerm/index.html#skip_provider_registration
  skip_provider_registration = true
}

# Make Terraform store the statefile in Azure Cloud instead of local storage
terraform {
  backend "azurerm" {
    resource_group_name  = "company-dev-ml-svy-etl"
    storage_account_name = "companydevmlusonly"
    container_name       = "tfstate-usonly"
    key                  = "dev.terraform.tfstateustest"
  }
}
variable "default-location" {
  type    = string
  default = "North Central US"
}

variable "default-storage" {
  type    = string
  default = "companydevmlsvystorage1"
}
variable "rg" {
  type        = string
  default     = "company-dev-ml-svy"
  description = "Name of the resource group."
}

variable "rg-us" {
  type        = string
  default     = "company-dev-ml-svy-etl"
  description = "Name of the etl resource group."
}

variable "etl-batch" {
  type        = string
  default     = "companydevmlsvybatchtest"
  description = "Name of the etl resource group."
}
variable "etl-storage" {
  type    = string
  default = "companydevmlsvyetlstoragetest"
}



data "azurerm_resource_group" "rg" {
  name = var.rg
}
data "azurerm_resource_group" "rg-us" {
  name = var.rg-us
}
data "azurerm_client_config" "current" {
}


resource "azurerm_storage_account" "etl-storage" {
  name                     = var.etl-storage
  resource_group_name      = var.rg-us
  location                 = var.default-location
  account_tier             = "Standard"
  account_replication_type = "LRS"
}

resource "azurerm_batch_account" "etl-batch" {
  name                 = var.etl-batch
  resource_group_name  = data.azurerm_resource_group.rg-us.name
  location             = var.default-location
  pool_allocation_mode = "BatchService"
  storage_account_id   = azurerm_storage_account.etl-storage.id

  identity {
    type = "SystemAssigned"
  }

  tags = {
    env = "company-ml-svy-dev"
  }
}

[haflidif]

I've posted feature request to Azure SDK For Go regarding this issue

Azure/azure-sdk-for-go#15274

[haflidif]

@magodo now it's supported in the SDK so it should now be possible to add the configuration into the Terraform Provider, using User Assigned Identity with Pool Creation :-)
Azure/azure-sdk-for-go#15274 (comment)

[github-actions]

This functionality has been released in v2.82.0 of the Terraform Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.